Browse articles that include the security research tag

Git security audit: Inside the hunt for - and discovery of - CVEs Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903. Author: Joern Schneeweisz Read Post

Security

Meet Package Hunter: A tool for detecting malicious code in your dependencies

We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.

Security

How we’re creating a threat model framework that works for GitLab

As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.

Security

A brief look at Gitpod, two bugs, and a quick fix

Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.

You asked, and our Red Team answered

We held a public, ask me anything with our Red Team. Here’s what people asked.

Switching “sides” in security

How does product security work differ from pen testing and hacking all the things?

Security

Why you need a security champions program

Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.

Security

GitLab's security trends report – our latest look at what's most vulnerable

From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.

Security