Securing the software supply chain through automated attestation
Standards bodies want to know how orgs are protecting against software tampering. Learn how automating compliance attestation can help. Read on
Want to start hacking? Here's how to quickly dive in
We asked one of our top 10 hacker contributors, Johan Carlsson, to share his novel approach to bug bounty hunting.
Top 5 compliance features to leverage in GitLab
Highlighting features we use daily, our security team outlines 5 ways to configure your GitLab instance for increased security and compliance.
Tackle a Plan of Actions and Milestones with GitLab’s risk management features
The One DevOps Platform helps identify interdependencies and vulnerabilities as required by government compliance frameworks.
Use Streaming Audit Events to connect your technology stack with GitLab and Pipedream
Automation lets your DevSecOps teams have logic in place for how to handle events as they come in.
GitLab's commitment to enhanced application security in the modern DevOps world
Security abounds in our latest DevOps platform release, GitLab 15.
Terraform as part of the software supply chain, Part 1 - Modules and Providers
We examine the supply chain aspects of Terraform, starting with a closer look at malicious Terraform modules and providers and how you can better secure them.
How we run Red Team operations remotely
Our team shares the process and templates that drive our successful red team ops in our all-remote environment.
Updates regarding Rubygems ‘Unauthorized gem takeover for some gems’ vulnerability CVE-2022-29176
Actions we've taken to investigate the Rubygems takeover vulnerability.
One DevOps platform can help you achieve DevSecOps
GitLab drives innovation in the AST market to secure cloud-native applications.
Updates regarding Spring remote code execution vulnerabilities CVE-2022-22965 and CVE-2022-22963
Actions we've taken to investigate the Spring RCE vulnerabilities.
How to ensure separation of duties and enforce compliance with GitLab
Use your DevOps platform to help maintain compliance without compromising on development speed.
Comply with NIST's secure software supply chain framework with GitLab
The U.S. government's Secure Software Development Framework has four key practices. GitLab's DevOps platform has features to address them all.
How GitLab's integration with Rezilion reduces vulnerability backlog and identifies exploitable risks
The native integration helps developers detect and remediate vulnerabilities that are exploitable early on in the development process.
Action we've taken in response to a potential Okta breach
Actions we've taken to investigate a potential Okta breach.
Security hygiene best practices for GitLab users
Security hygiene measures that GitLab.com and Self-managed users should consider implementing.