Follow Us

Featured Post
Pedro Fortuna
Aug 18, 2021

How DevSecOps can protect businesses from future supply chain attacks

Learn how GitLab's all-in-one DevSecOps solution can help businesses keep their supply chains secure. Read on

Recent Posts

Post Image

Meet Package Hunter: A tool for detecting malicious code in your dependencies

Jul 23, 2021

We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.

Post Image

How we’re creating a threat model framework that works for GitLab

Jul 9, 2021

As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.

Post Image

A brief look at Gitpod, two bugs, and a quick fix

Jul 8, 2021

Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.

Post Image

How do bug bounty hunters use GitLab to help their hack?

Jun 11, 2021

We know GitLab is a complete open source DevOps platform, but can it improve your hack? We chat with three bug bounty hunters to find out.

Post Image

A deep dive into how we investigate and secure GitLab packages

Supply chain attacks aren't new, but that doesn't mean extra vigilance and protection aren't needed. We take a look at how we secure our packages and registries.

Post Image

How we used GitLab values to develop a successful Security Awards Program

May 14, 2021

We built a program that encourages, recognizes, and awards a shared responsibility for security.

Post Image

How the Security Culture Committee is strengthening GitLab values

Dominic Couture, Mark Loveless, Joern Schneeweisz, Heather Simpson and Steve Truong
May 7, 2021

Learn how this group of team members works to preserve and reinforce GitLab values in the Security department and beyond.

Post Image

Inside the Bug Bounty Council at GitLab

Mar 16, 2021

We improve consistency across severity ratings and payouts in our bug bounty program with collaboration, iteration, and async communication.

Post Image

Masked variable vulnerability in Runner version 13.9.0-rc1

Feb 18, 2021

How we responded to a masked variable vulnerability in GitLab Runner version 13.9.0-rc1 and actions users should take.

Post Image

Android App Security Testing with SAST

Dec 16, 2020

Learn how to secure your Android application with Static Application Security Testing.

Post Image

2020 through a bug bounty lens

Dec 14, 2020

We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.

Post Image

Tired of afterthought security? Take a fresh look at GitLab Ultimate

Dec 8, 2020

Security may not be the first thing that comes to mind when thinking of our DevOps platform, but we’re going to make the case it should be. Here’s a look at some of the too-often-overlooked security features in GitLab Ultimate.

Post Image

How to secure your Kubernetes pods using GitLab Container Network Security

Oct 23, 2020

We help you get started with securing your Kubernetes cluster using Cilium, a GitLab-managed application.

Post Image

Why you need a security champions program

Oct 14, 2020

Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.

Post Image

GitLab's security trends report – our latest look at what's most vulnerable

Oct 6, 2020

From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on Here's what you need to know.

Open in Web IDE View source