Security

Our AppSec team breaks down what makes a great bug bounty report. That advice comes just in time, as we're having another bug bounty contest.

Keep your DAST job within timeout limits and fine-tune job configurations for better results

Our next release, 13.4, will include narrow breaking changes for our Secure scanning features. Find out how this could affect you and what you need to do.

Our AppSec team built and ran a CTF, and now it's available for you to play at home.

When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.

We walk you through how to configure WhiteSource in your GitLab instance to enhance your application security.

Containers are increasingly popular – and increasingly vulnerable. Using four threat scenarios, we step through how GitLab's built-in security features will make containers safer.

Learn how to call Jenkins jobs from GitLab and configure deterministic security jobs.

Our GPG key will now expire on July 1, 2021. Here's what you need to know.

Learn about GitLab's commitment to security and compliance, our security program maturity and accreditations.

Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.

We’re transparent by default, and just completed our first SOC 2 Type 1 audit! How does our public-first stance affect our compliance efforts and impact an audit?

Open source software presents unique security challenges. Here’s what you need to know.

Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.

Your guide to abusing 'language barriers' between web components.