is now in public beta!
Browse articles from Security
Recent posts
Security
Stealth operations: The evolution of GitLab's Red Team
We discuss how GitLab's Red Team has matured over the years, evolving from opportunistic hacking to stealth adversary emulation.
Security
Tips to configure browser-based DAST scans
Learn how to use the browser-based analyzer with common dynamic application security testing settings, based on web application attributes, to ensure successful scans.
Security
GitLab’s response to a high severity vulnerability impacting curl and libcurl
Learn about CVE-2023-38545, which leverages a heap buffer overflow through the SOCKS5 protocol, and what it means for GitLab customers.
Security
Introducing GitLab browser-based active checks in DAST
As of GitLab 16.4, or DAST 4.0.9, browser-based DAST active scans will search for path traversal vulnerabilities using the GitLab check 22.1 instead of the ZAP alert 6.
Security
Ask a hacker - 0xn3va
Vladislav Nechakhin or @0xn3va, one of our top 10 hacker contributors, joined us for an AMA and details his approach and strategy for bug bounty hunting.
Security
Unmasking password attacks at GitLab
Our security team has identified an increased volume of password attacks against GitLab.com on the OAuth API endpoint since September 22, 2023. Learn more.
Security
How GitLab supports NSA and CISA CI/CD security guidance
GitLab can support your alignment with NSA and CISA CI/CD recommendations and best practices for cloud-based DevSecOps environments.
Find out which plan works best for your team
Learn about pricingLearn about what GitLab can do for your team
Talk to an expert