Browse articles that include the security research tag

GitLab discovers widespread npm supply chain attack

Malware driving attack includes "dead man's switch" that can harm user data.

Authors: Michael Henriksen, Daniel AbelesRead Post

Recent posts

Product

GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6

Learn more about this patch release for GitLab Community Edition (CE) and Enterprise Edition (EE).

Security

Introducing GitLab Advanced Vulnerability Tracking

Learn how this security feature improves the efficiency of vulnerability management by reducing futile auditing time (includes data from a new study).

Security

Git security audit: Inside the hunt for - and discovery of - CVEs

Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.

Security

Meet Package Hunter: A tool for detecting malicious code in your dependencies

We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.

Security

How we’re creating a threat model framework that works for GitLab

As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.

Security

A brief look at Gitpod, two bugs, and a quick fix

Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.

Unfiltered

You asked, and our Red Team answered

We held a public, ask me anything with our Red Team. Here’s what people asked.

Unfiltered

Switching “sides” in security

How does product security work differ from pen testing and hacking all the things?

Security

Why you need a security champions program

Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.

Pagination

Ready to get started?

See what your team could do with a unified DevSecOps Platform

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert

Browse articles that include the security research tag

GitLab discovers widespread npm supply chain attack

Malware driving attack includes "dead man's switch" that can harm user data.

Recent posts

GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6

Introducing GitLab Advanced Vulnerability Tracking

Git security audit: Inside the hunt for - and discovery of - CVEs

Meet Package Hunter: A tool for detecting malicious code in your dependencies

How we’re creating a threat model framework that works for GitLab

A brief look at Gitpod, two bugs, and a quick fix

You asked, and our Red Team answered

Switching “sides” in security

Why you need a security champions program

Ready to get started?

Pricing

Contact Us

Product

Topics

Solutions

Resources

Company

Browse articles that include the security research tag

GitLab discovers widespread npm supply chain attack

Malware driving attack includes "dead man's switch" that can harm user data.

Recent posts

GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6

Introducing GitLab Advanced Vulnerability Tracking

Git security audit: Inside the hunt for - and discovery of - CVEs

Meet Package Hunter: A tool for detecting malicious code in your dependencies

How we’re creating a threat model framework that works for GitLab

A brief look at Gitpod, two bugs, and a quick fix

You asked, and our Red Team answered

Switching “sides” in security

Why you need a security champions program

Pagination

Stay in the know with GitLab's monthly newsletter

Ready to get started?