Security

An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.

We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.

Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.

We’ve implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.

What are the challenges and rewards of working security for a growing, cloud native company? We grill one of our senior security engineers.

What’s it like working day and night to kill spam, Bitcoin mining, malware and more? Meet our security team.

Where does today's tech transformation leave tomorrow's security compliance? A senior security analyst tackles the question.

What’s it like working to secure one of the most transparent organizations in the world? Meet our security team.

Independent vs aggregate? Determining the most effective security controls approach for any organization has many considerations.

Four months since going public with our bug bounty program, we dive into where we’re at, what success looks like, and what to expect down the road.

How I learned to iterate quickly during my first week at GitLab.

How we responded to a vulnerability in group runner registration tokens.

A closer look at GitLab’s security scanning tools and the HIPAA risk analysis.

Zero Trust may be one of the hottest topics in security today, but it's not exactly new. Here's a history.

How we responded to a vulnerability in quick actions for issues that can expose project runner registration tokens to unauthorized users.