Follow Us

Featured Post

A deep dive into how we investigate and secure GitLab packages

Supply chain attacks aren't new, but that doesn't mean extra vigilance and protection aren't needed. We take a look at how we secure our packages and registries. Read on

Recent Posts

Post Image

How we used GitLab values to develop a successful Security Awards Program

May 14, 2021

We built a program that encourages, recognizes, and awards a shared responsibility for security.

Post Image

How the Security Culture Committee is strengthening GitLab values

Dominic Couture, Mark Loveless, Joern Schneeweisz, Heather Simpson and Steve Truong
May 7, 2021

Learn how this group of team members works to preserve and reinforce GitLab values in the Security department and beyond.

Post Image

Inside the Bug Bounty Council at GitLab

Mar 16, 2021

We improve consistency across severity ratings and payouts in our bug bounty program with collaboration, iteration, and async communication.

Post Image

Masked variable vulnerability in Runner version 13.9.0-rc1

Feb 18, 2021

How we responded to a masked variable vulnerability in GitLab Runner version 13.9.0-rc1 and actions users should take.

Post Image

Android App Security Testing with SAST

Dec 16, 2020

Learn how to secure your Android application with Static Application Security Testing.

Post Image

2020 through a bug bounty lens

Dec 14, 2020

We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.

Post Image

Tired of afterthought security? Take a fresh look at GitLab Ultimate

Dec 8, 2020

Security may not be the first thing that comes to mind when thinking of our DevOps platform, but we’re going to make the case it should be. Here’s a look at some of the too-often-overlooked security features in GitLab Ultimate.

Post Image

How to secure your Kubernetes pods using GitLab Container Network Security

Oct 23, 2020

We help you get started with securing your Kubernetes cluster using Cilium, a GitLab-managed application.

Post Image

Why you need a security champions program

Oct 14, 2020

Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.

Post Image

GitLab's security trends report – our latest look at what's most vulnerable

Oct 6, 2020

From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on Here's what you need to know.

Post Image

Our top tips for better bug bounty reports, plus a hacker contest!

Sep 28, 2020

Our AppSec team breaks down what makes a great bug bounty report. That advice comes just in time, as we're having another bug bounty contest.

Post Image

How to configure DAST full scans for complex web applications

Aug 31, 2020

Keep your DAST job within timeout limits and fine-tune job configurations for better results

Post Image

Upcoming narrow breaking changes to Secure Analyzers in GitLab 13.4

Aug 19, 2020

Our next release, 13.4, will include narrow breaking changes for our Secure scanning features. Find out how this could affect you and what you need to do.

Post Image

How to play GitLab's Capture the Flag at home

Aug 12, 2020

Our AppSec team built and ran a CTF, and now it's available for you to play at home.

Post Image

How to benchmark security tools: a case study using WebGoat

Aug 11, 2020

When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.

Edit this page View source