Security

Subscribe

Follow Us

Featured Post
Aug 21, 2019

Zero Trust at GitLab: The data classification and infrastructure challenge

The classification of data is a huge step in the right direction when it comes to handling Zero Trust, but it comes with its own set of challenges. Read on

Recent Posts

Post Image

American Fuzzy Lop on GitLab: Automating instrumented fuzzing using pipelines

Aug 14, 2019

An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.

Post Image

Zero Trust at GitLab: Problems, goals, and coming challenges

Aug 9, 2019

We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.

Post Image

What we learned by taking our bug bounty program public

Jul 19, 2019

Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.

Post Image

Turning the Adobe CCF into the GitLab Control Framework (it’s all open source!)

Jul 10, 2019

We’ve implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.

Post Image

Ask GitLab Security: Alexander Dietrich

Jun 26, 2019

What are the challenges and rewards of working security for a growing, cloud native company? We grill one of our senior security engineers.

Post Image

Ask GitLab Security: Roger Ostrander

Jun 14, 2019

What’s it like working day and night to kill spam, Bitcoin mining, malware and more? Meet our security team.

Post Image

When technology outpaces security compliance

Jun 10, 2019

Where does today's tech transformation leave tomorrow's security compliance? A senior security analyst tackles the question.

Post Image

Ask GitLab Security: Paul Harrison

May 31, 2019

What’s it like working to secure one of the most transparent organizations in the world? Meet our security team.

Post Image

How GitLab went about choosing the right compliance framework

May 7, 2019

Independent vs aggregate? Determining the most effective security controls approach for any organization has many considerations.

Post Image

Inside the GitLab public bug bounty program

Apr 29, 2019

Four months since going public with our bug bounty program, we dive into where we’re at, what success looks like, and what to expect down the road.

Post Image

Agile iteration: My unique onboarding experience at GitLab

Apr 26, 2019

How I learned to iterate quickly during my first week at GitLab.

Post Image

Group Runner Registration Token Vulnerability

Apr 10, 2019

How we responded to a vulnerability in group runner registration tokens.

Post Image

GitLab's security tools and the HIPAA risk analysis

Apr 10, 2019

A closer look at GitLab’s security scanning tools and the HIPAA risk analysis.

Post Image

The evolution of Zero Trust

Apr 1, 2019

Zero Trust may be one of the hottest topics in security today, but it's not exactly new. Here's a history.

Post Image

An update on project runner registration token exposed through issues quick actions vulnerability

Mar 25, 2019

How we responded to a vulnerability in quick actions for issues that can expose project runner registration tokens to unauthorized users.

Edit this page View source