2020 through a bug bounty lens
We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure. Read on
Tired of afterthought security? Take a fresh look at GitLab Ultimate
Security may not be the first thing that comes to mind when thinking of our DevOps platform, but we’re going to make the case it should be. Here’s a look at some of the too-often-overlooked security features in GitLab Ultimate.
How to secure your Kubernetes pods using GitLab Container Network Security
We help you get started with securing your Kubernetes cluster using Cilium, a GitLab-managed application.
Why you need a security champions program
Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.
GitLab's security trends report – our latest look at what's most vulnerable
From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.
Our top tips for better bug bounty reports, plus a hacker contest!
Our AppSec team breaks down what makes a great bug bounty report. That advice comes just in time, as we're having another bug bounty contest.
How to configure DAST full scans for complex web applications
Keep your DAST job within timeout limits and fine-tune job configurations for better results
Upcoming GitLab.com narrow breaking changes to Secure Analyzers in GitLab 13.4
Our next release, 13.4, will include narrow breaking changes for our Secure scanning features. Find out how this could affect you and what you need to do.
How to play GitLab's Capture the Flag at home
Our AppSec team built and ran a CTF, and now it's available for you to play at home.
How to benchmark security tools: a case study using WebGoat
When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.
How to secure your dependencies with GitLab and WhiteSource
We walk you through how to configure WhiteSource in your GitLab instance to enhance your application security.
Get better container security with GitLab: 4 real-world examples
Containers are increasingly popular – and increasingly vulnerable. Using four threat scenarios, we step through how GitLab's built-in security features will make containers safer.
How to capitalize on GitLab Security tools with external CI
Learn how to call Jenkins jobs from GitLab and configure deterministic security jobs.
GitLab will extend package signing key expiration by one year
Our GPG key will now expire on July 1, 2021. Here's what you need to know.
How secure is GitLab?
Learn about GitLab's commitment to security and compliance, our security program maturity and accreditations.
GitLab instance: security best practices
Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.