Learn how GitLab's all-in-one DevSecOps solution can help businesses keep their supply chains secure. Read on
We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.
As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.
Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.
We know GitLab is a complete open source DevOps platform, but can it improve your hack? We chat with three bug bounty hunters to find out.
Supply chain attacks aren't new, but that doesn't mean extra vigilance and protection aren't needed. We take a look at how we secure our packages and registries.
We built a program that encourages, recognizes, and awards a shared responsibility for security.
Learn how this group of team members works to preserve and reinforce GitLab values in the Security department and beyond.
We improve consistency across severity ratings and payouts in our bug bounty program with collaboration, iteration, and async communication.
How we responded to a masked variable vulnerability in GitLab Runner version 13.9.0-rc1 and actions users should take.
Learn how to secure your Android application with Static Application Security Testing.
We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.
Security may not be the first thing that comes to mind when thinking of our DevOps platform, but we’re going to make the case it should be. Here’s a look at some of the too-often-overlooked security features in GitLab Ultimate.
We help you get started with securing your Kubernetes cluster using Cilium, a GitLab-managed application.
Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.
From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.