Follow Us

Featured Post
Jan 14, 2020

Celebrating a million dollars in bounties paid

Our bug bounty program has grown, expanded and matured in the past 5 years. A lot can happen in a million dollars’ time. Read on

Recent Posts

Post Image

Introducing Token-Hunter

Dec 20, 2019

Our red team has created a new tool to find sensitive data in the vast, wide-open.

Post Image

Bugs, bounties, and cherry browns

Dec 12, 2019

Cheers, our bug bounty program is celebrating one year!

Post Image

Shopping for an admin account via path traversal

Nov 29, 2019

How to exploit a path traversal issue to gain an admin account

Post Image

How to overcome toolchain security challenges with GitLab

Nov 20, 2019

Use GitLab to control your toolchain sprawl, improve team communication and productivity, and secure your DevOps lifecycle.

Post Image

We are increasing bounties in our bug bounty program

Nov 18, 2019

We're now offering higher bounties for critical and high severity reports.

Post Image

Zero Trust at GitLab: Where do we go from here?

Oct 15, 2019

We take a look back at how far we've come in our ZTN implementation, and at the progress we still need to make.

Post Image

Zero Trust at GitLab: Implementation challenges (and a few solutions)

Oct 2, 2019

Implementing change in an already working environment always brings its fair share of growing pains. What happens when that change is Zero Trust?

Post Image

Why we're reducing the time to payout and launching a bug bounty anniversary contest

Sep 24, 2019

You talked. We listened. Quicker bug bounty payouts and we're holding a contest for our hackers!

Post Image

Zero Trust at GitLab: Mitigating challenges with data zones and authentication scoring

Sep 6, 2019

How we’re defining and aligning data zones in our Zero Trust implementation.

Post Image

Zero Trust at GitLab: The data classification and infrastructure challenge

Aug 21, 2019

The classification of data is a huge step in the right direction when it comes to handling Zero Trust, but it comes with its own set of challenges.

Post Image

American Fuzzy Lop on GitLab: Automating instrumented fuzzing using pipelines

Aug 14, 2019

An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.

Post Image

Zero Trust at GitLab: Problems, goals, and coming challenges

Aug 9, 2019

We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.

Post Image

What we learned by taking our bug bounty program public

Jul 19, 2019

Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.

Post Image

Turning the Adobe CCF into the GitLab Control Framework (it’s all open source!)

Jul 10, 2019

We’ve implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.

Post Image

Ask GitLab Security: Alexander Dietrich

Jun 26, 2019

What are the challenges and rewards of working security for a growing, cloud native company? We grill one of our senior security engineers.

Open in Web IDE View source