Security

Subscribe

Follow Us

Featured Post
Sam Morris, Noah Ing
Mar 13, 2023

How to action security vulnerabilities in GitLab Premium

Learn step-by-step how to process detected vulnerabilities and spawn merge request approval rules from critical vulnerabilities. Read on

Recent Posts

Post Image

Is the National Cybersecurity Strategy a wake-up call for software developers?

Joel Krooswyk
Mar 7, 2023

The new White House policy puts liability for poor security on software makers. Learn how DevSecOps can protect your organization.

Post Image

Software supply chain security practices seeing only modest adoption

Feb 21, 2023

DORA Accelerate State of DevOps report shows opportunity lies within better security practices, including a focus on culture.

Post Image

Git security audit: Inside the hunt for - and discovery of - CVEs

Jan 24, 2023

Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.

Post Image

Monitor your web attack surface with GitLab CI/CD and GitLab Pages

Jan 11, 2023

Use this tutorial to build an automated web application screenshot report.

Post Image

Why 2022 was a record-breaking year in bug bounty awards

Dec 19, 2022

Find out about the researchers who together earned more than $1 million USD in prizes and their bug hunting contributions.

Post Image

Achieve SLSA Level 2 compliance with GitLab

Nov 30, 2022

Compliance mandates call for controls to prevent software tampering, improve integrity of builds and artifacts, and support attestation. Here's how GitLab can help.

Post Image

How we boosted WebAuthn adoption from 20 percent to 93 percent in two days

Nov 9, 2022

With phishing campaigns on the rise across the industry, we accelerated rollout of a program to further enhance our security hygiene program. This is how we did it.

Post Image

Top challenges to securing the software supply chain

Nov 7, 2022

Learn what organizations should keep in mind while incorporating software supply chain security into their software development lifecycle.

Post Image

New OpenSSL 3.0 vulnerabilities: What you need to know to find and fix them

GitLab Security Team
Nov 1, 2022

Learn how to identify your risk for CVE-2022-3786 and CVE-2022-3602.

Post Image

The ultimate guide to SBOMs

Oct 25, 2022

Learn what a software bill of materials is and why it has become an integral part of modern software development.

Post Image

Meet the demand for SBOMs and supply chain security with GitLab and Rezilion

Oct 17, 2022

Learn the role of SBOMs in helping to secure your software supply chain and how to generate them with the GitLab + Rezilion integration.

Post Image

GitLab and Let's Encrypt partner to improve website security

Learn how to add a Let's Encrypt TLS certificate to a website hosted and managed via GitLab Pages.

Post Image

Introducing the infrastructure bill of materials

Cindy Blake
Sep 22, 2022

Pair IBoMs and SBOMs for a more secure software supply chain.

Post Image

Give it a go: Capture the flag for $20K USD in our bug bounty program

Aug 24, 2022

We created a private project containing a file with a flag. Use a permission-related vulnerability to bypass access control (without user interaction) and read the flag for a $20K USD bonus.

Post Image

GitLab adds further measures to combat credential stuffing and other types of platform abuse

Aug 19, 2022

Integration of fraud detection and prevention tool into authentication flow increases risk reduction.

Edit this page View source