Security

Learn about CVE-2023-38545, which leverages a heap buffer overflow through the SOCKS5 protocol, and what it means for GitLab customers.

As of GitLab 16.4, or DAST 4.0.9, browser-based DAST active scans will search for path traversal vulnerabilities using the GitLab check 22.1 instead of the ZAP alert 6.

Vladislav Nechakhin or @0xn3va, one of our top 10 hacker contributors, joined us for an AMA and details his approach and strategy for bug bounty hunting.

Our security team has identified an increased volume of password attacks against GitLab.com on the OAuth API endpoint since September 22, 2023. Learn more.

GitLab can support your alignment with NSA and CISA CI/CD recommendations and best practices for cloud-based DevSecOps environments.

Learn how to make full use of SAML and SSO security features on the GitLab DevSecOps platform.

Our partnership with Sigstore means that with just a few lines in a yml file, GitLab customers can make their development environment more secure.

As a strategic partner, GitLab's software security features can help support your ISO 27001 compliance.

Compliance is more than one-off audits; it's a continuous process of efficiently managing risk by implementing guardrails and monitoring specific metrics.

This tutorial helps build and deploy a customized version of MITRE's ATT&CK Navigator using GitLab CI/CD and GitLab Pages.

GitLab has detailed documentation about how to harden your instance, now as a part of GitLab itself. Here's how it came to be.

Learn about features in the DevSecOps platform geared toward a SOC2 audit.

Empower developers with hands-on security training within the DevSecOps platform.

OpenID Connect can sometimes be complex, but it's the safer and recommended way to authenticate your GitLab pipeline with Google Cloud. This tutorial shows you how.

This tutorial shows how to set up and manage three different environments in one project using GitLab CI and Terraform.