Blogsecurity27

Browse articles that include the security tag

Recent posts

Engineering

How to secure your container images with GitLab and Grype

Learn how to start detecting vulnerabilities in your container images in just a few steps.

Security

Meet Package Hunter: A tool for detecting malicious code in your dependencies

We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.

Insights

Are you ready for the newest era of DevSecOps?

DevSecOps is about more than shifting security testing to developers. Can you secure your software development end-to-end?

Security

How we’re creating a threat model framework that works for GitLab

As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.

Security

A brief look at Gitpod, two bugs, and a quick fix

Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.

News

Usage Ping configuration bug for self-managed instances

Patch was released in 13.12.4

News

The GPG key used to sign GitLab Runner packages has been rotated

Out of an abundance of caution we’ve rotated the impacted keys and tokens.

Security

How do bug bounty hunters use GitLab to help their hack?

We know GitLab is a complete open source DevOps platform, but can it improve your hack? We chat with three bug bounty hunters to find out.

Engineering

How to get GitOps right with infrastructure as code security

Learn how the GitLab and Indeni integration makes security a core component of your GitOps workflow.

Ready to get started?

See what your team could do with a unified DevSecOps Platform

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert