GitLab Professional Services
Accelerate your software lifecycle with help from GitLab experts
Popular GitLab use cases
Enterprise Small Business Continuous Integration (CI/CD) Source Code Management (SCM) Out-of-the-box Pipelines (Auto DevOps) Security (DevSecOps) Agile Development Value Stream Management GitOpsGitLab Professional Services
Accelerate your software lifecycle with help from GitLab experts
Popular GitLab use cases
Enterprise Small Business Continuous Integration (CI/CD) Source Code Management (SCM) Out-of-the-box Pipelines (Auto DevOps) Security (DevSecOps) Agile Development Value Stream Management GitOpsAs part of the Security Engineering & Research sub-department, the application security team's mission is to support the business and ensure that all GitLab products securely manage customer data. We do this by working closely with both engineering and product teams.
Please see the Security Engineering and Research Program Strategy document.
Please see the Application Security Job Family page.
Please see the Application Security Stable Counterparts page.
Please see the Application Security Reviews page.
Please see the Appsec project owners page
Please see the Application Security Engineer Runbooks page index
The following recordings are available internally only:
When necessary a backlog review can be initiated, please see the Vulnerability Management Page for more details.
As part of our dogfooding effort, the Secure Tools are set up on the following GitLab projects:
Project | SAST | Dependency Scanning | Container Scanning | DAST | Secrets Detection |
---|---|---|---|---|---|
GitLab | ✅ | ✅ | N/A |
✅1 | |
Customers | ✅ | ✅ | N/A |
||
version | ✅ | ✅ | ✅ | ✅ | |
License | ✅ | ✅ | ✅ | ✅ | |
Gitaly | ✅2 | ✅ | N/A 11 |
N/A |
|
Pages | ✅ | ✅ | N/A |
N/A |
|
Workhorse | ✅ | ✅ | N/A |
N/A |
|
Gitlab Shell | ✅ | ✅ | N/A |
N/A |
|
Gitlab Runner | ✅ | ✅ | N/A |
✅ | |
Gitlab Markup | ✅8 | N/A 3 |
N/A |
N/A |
|
gitlab-ui | ✅ | ✅ | ✅9 | N/A 10 |
|
gitlab-exporter | ✅7 | ✅6 | ✅6 | ✅6 | |
GitLab Omnibus | N/A |
||||
GitLab ElasticSearch Indexer | ✅ | ✅ | N/A |
N/A |
|
release-cli | ✅ | ✅ | ✅9 | N/A |
|
VS Code Extension | ✅ | ✅ | N/A |
N/A |
|
figma plugin | ✅ | ✅ | N/A |
N/A |
|
sketch plugin | ✅ | ✅ | N/A |
N/A |
|
GitLab Agent | |||||
labkit | ✅ | ||||
labkit-ruby | |||||
gitlab-build-images | N/A |
N/A |
N/A |
||
gitlab-agent | ✅ | ✅ | ✅ | N/A |
✅ |
gitlab-terminal | ✅ | ✅ | N/A |
N/A |
✅ |
gitlab-markup
is a dependency of gitlab
. If DS is turned on for gitlab
, gitlab-markup
will also be checked for outdated deps.The results of these scans populate our Security Dashboards, which are reviewed by our team.