is now in public beta!
Browse articles that include the security research tag
Recent posts
Security
Git security audit: Inside the hunt for - and discovery of - CVEs
Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.
Security
Meet Package Hunter: A tool for detecting malicious code in your dependencies
We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.
Security
How we’re creating a threat model framework that works for GitLab
As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.
Security
A brief look at Gitpod, two bugs, and a quick fix
Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.
Unfiltered
You asked, and our Red Team answered
We held a public, ask me anything with our Red Team. Here’s what people asked.
Unfiltered
Switching “sides” in security
How does product security work differ from pen testing and hacking all the things?
Security
Why you need a security champions program
Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.
Find out which plan works best for your team
Learn about pricingLearn about what GitLab can do for your team
Talk to an expert