Security

The complexity of developer working environments make them more likely to be vulnerable to a drive-by attack. We talk about why and walk you through a real-life example from a recent disclosure here at GitLab, and provide tips to reduce the risk and impact of drive-by attacks.

The Venafi plugin for GitLab enables single sign-on and digital signatures to better secure your app.

How we built, tested and deployed a new tool on GitLab that fights spam and abuse.

Learn how GitLab's all-in-one DevSecOps solution can help businesses keep their supply chains secure.

We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.

As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.

Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.

We know GitLab is a complete open source DevOps platform, but can it improve your hack? We chat with three bug bounty hunters to find out.

Supply chain attacks aren't new, but that doesn't mean extra vigilance and protection aren't needed. We take a look at how we secure our packages and registries.

We built a program that encourages, recognizes, and awards a shared responsibility for security.

Learn how this group of team members works to preserve and reinforce GitLab values in the Security department and beyond.

We improve consistency across severity ratings and payouts in our bug bounty program with collaboration, iteration, and async communication.

How we responded to a masked variable vulnerability in GitLab Runner version 13.9.0-rc1 and actions users should take.

Learn how to secure your Android application with Static Application Security Testing.

We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.