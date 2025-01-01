Open Source Security at GitLab

Empowering the Security Community

At GitLab, we believe in the power of open source to drive innovation and strengthen the security ecosystem.

Our Open Source Security Priorities

By sharing tools, templates, and frameworks developed by our security teams, we aim to empower developers, security practitioners, and organizations to build safer, more secure software.

Our commitment to an open-source-first approach aligns with GitLab's core values of transparency and collaboration. We're dedicated to providing the security community with resources that are easy to access, adopt, and integrate, helping teams everywhere stay ahead of evolving threats.

Featured Open Source Security Projects

StORM Templates

Enhance your security risk program

Security Risk Quarterly (SRQ) and Risk Register templates. These templates help structure the risk tracking and reporting processes, ensuring all information is tracked and relevant information is reported to appropriate stakeholders.

GUARD Framework

Automate response and detection

The GitLab Universal Automated Response and Detection (GUARD) framework simplifies detection creation, maintenance, alert routing, and metrics collection through a detections-as-code approach. Learn more about the open source framework.

GitLab CIS Benchmark Scanner

Improve your project's security posture

The GitLab CIS Benchmark Scanner is a Python CLI tool that audits a GitLab project against the Center for Internet Security (CIS) GitLab Benchmark.

GitLab Assistant

Streamline resource management and workflows

A Python module that extends the python-gitlab API wrapper with a business layer for easier management of groups, projects, issues, and workflows. Available as both a CLI tool and Python package for automation and customization. Explore GitLab Assistant.

TLDR Framework

Contextualize threat detection

The Threat, Log, Detect, Response (TLDR) framework standardizes threat detection with comprehensive context on threats and how to respond effectively. Explore the open-source framework.

