How to benchmark security tools: a case study using WebGoat
When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results. Read on
How to secure your dependencies with GitLab and WhiteSource
We walk you through how to configure WhiteSource in your GitLab instance to enhance your application security.
Get better container security with GitLab: 4 real-world examples
Containers are increasingly popular – and increasingly vulnerable. Using four threat scenarios, we step through how GitLab's built-in security features will make containers safer.
How to capitalize on GitLab Security tools with external CI
Learn how to call Jenkins jobs from GitLab and configure deterministic security jobs.
GitLab will extend package signing key expiration by one year
Our GPG key will now expire on July 1, 2021. Here's what you need to know.
How secure is GitLab?
Learn about GitLab's commitment to security and compliance, our security program maturity and accreditations.
GitLab instance: security best practices
Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.
The benefits of transparency in a compliance audit
We’re transparent by default, and just completed our first SOC 2 Type 1 audit! How does our public-first stance affect our compliance efforts and impact an audit?
How we manage open source security software
Open source software presents unique security challenges. Here’s what you need to know.
Top 6 security trends in GitLab-hosted projects
Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.
How to exploit parser differentials
Your guide to abusing 'language barriers' between web components.
We answer your most popular questions about our Zero Trust journey
From why we chose Okta to issues around data fluidity, here are answers to your most-asked ZT questions.
Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments
A Red Team exercise on exploiting design decisions on GCP.
GitLab is now a member of the OWASP Foundation
GitLab is thrilled to announce our membership in the OWASP Foundation.
Celebrating a million dollars in bounties paid
Our bug bounty program has grown, expanded and matured in the past 5 years. A lot can happen in a million dollars’ time.
Introducing Token-Hunter
Our red team has created a new tool to find sensitive data in the vast, wide-open.