The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
GitLab integrates access to proprietary and open-source application security scanning tools. In order to maintain the efficacy of those scans, we strive to keep their underlying vulnerability databases up-to-date.
GitLab was recently named as a Challenger in the 2022 Magic Quadrant for Application Security Testing.
GitLab's contribution to vulnerability databases coincides with improving the standard scanners that ship as part of the default GitLab software. The scanners used are compiled by scan type:
Our advisory database team strives to update the above references scanning tools (both the open-sourced and proprietary ones) to ensure they can identify the latest vulnerabilities.
The goal of the GitLab Advisory Database category is to maintain a rapidly updated corpus of vulnerability information that our own scanners and customers can reference.
Rapid updates will ensure that our users are always able to test and mitigate the latest vulnerabilities that have been identified.
The roadmap for GitLab Advisory Database will focus on keeping our signatures up-to-date, improving on how we communicate that to users, and meeting our obligations as a CVE Numbering Authority.
Our upcoming work focuses on several types of automation:
As a non-marketing category, GitLab Advisory Database does not have a maturity plan.
As this is a non-marketing category, GitLab Advisory Database generally will not have directly customer-facing issues but rather be involved indirectly as part of other categories.
As this is a non-marketing category, GitLab Advisory Database generally will not have directly user-facing issues but rather be involved indirectly as part of other categories.