Security

GitLab is thrilled to announce our membership in the OWASP Foundation.

Our bug bounty program has grown, expanded and matured in the past 5 years. A lot can happen in a million dollars’ time.

Our red team has created a new tool to find sensitive data in the vast, wide-open.

Cheers, our bug bounty program is celebrating one year!

How to exploit a path traversal issue to gain an admin account

Use GitLab to control your toolchain sprawl, improve team communication and productivity, and secure your DevOps lifecycle.

We're now offering higher bounties for critical and high severity reports.

We take a look back at how far we've come in our ZTN implementation, and at the progress we still need to make.

Implementing change in an already working environment always brings its fair share of growing pains. What happens when that change is Zero Trust?

You talked. We listened. Quicker bug bounty payouts and we're holding a contest for our hackers!

How we’re defining and aligning data zones in our Zero Trust implementation.

The classification of data is a huge step in the right direction when it comes to handling Zero Trust, but it comes with its own set of challenges.

An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.

We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.

Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.