One vulnerability view: From scanner coverage to AI governance
As AI writes more code, security must keep pace. GitLab is one platform for all scanner coverage, detection, and remediation, with AI governance over agents.
Read Post
As AI writes more code, security must keep pace. GitLab is one platform for all scanner coverage, detection, and remediation, with AI governance over agents.
Author: Alisa HoRead Post
GitLab’s Vulnerability Research team has uncovered a new Python supply chain attack targeting PyPI, deploying the Shai-Hulud worm to steal credentials from CI/CD systems.

Detect transitive dependencies, trace how they entered your project, and prioritize them by real-world exposure.

Security configuration profiles lead to faster scanner rollouts. Learn how this new capability in GitLab 19.0 covers thousands of projects in minutes, no gaps.

Each secret is scoped to its environment or branch and governed by the same controls you use for code. Join the public beta in GitLab 19.0.

The pipeline is now where humans, agents, and third-party code converge. Companies need a control plane that sees, enforces, and fixes every change.

Default CVSS scores don't reflect your actual risk. Use GitLab severity override policies to automate adjustments based on CVE, CWE, file path, and directory.

Explore tokens that carry only the permissions they need, and nothing more. Then join the beta program.
All fields required
Find out which plan works best for your team
Learn about pricingLearn about what GitLab can do for your team
Talk to an expert