[{"data":1,"prerenderedAt":937},["ShallowReactive",2],{"/en-us/blog/tags/security-research":3,"navigation-en-us":19,"banner-en-us":440,"footer-en-us":451,"security research-tag-posts-en-us":693},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":12,"meta":13,"navigation":14,"path":15,"seo":16,"slug":6,"stem":17,"testContent":6,"type":6,"__hash__":18},"blogTags/en-us/blog/tags/security-research.yml","Security Research",null,{"template":8},"BlogTag",{"tag":10,"tagSlug":11},"security research","security-research","yml",{},true,"/en-us/blog/tags/security-research",{},"en-us/blog/tags/security-research","25-JL1VMHy0dPpvBMKsjt40RQ13Lnds_84Qn90BTAuo",{"logo":20,"freeTrial":25,"sales":30,"login":35,"items":40,"search":360,"minimal":391,"duo":410,"switchNav":419,"pricingDeployment":430},{"config":21},{"href":22,"dataGaName":23,"dataGaLocation":24},"/","gitlab logo","header",{"text":26,"config":27},"Get free trial",{"href":28,"dataGaName":29,"dataGaLocation":24},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":31,"config":32},"Talk to sales",{"href":33,"dataGaName":34,"dataGaLocation":24},"/sales/","sales",{"text":36,"config":37},"Sign in",{"href":38,"dataGaName":39,"dataGaLocation":24},"https://gitlab.com/users/sign_in/","sign in",[41,70,170,175,279,340],{"text":42,"config":43,"menu":45},"Platform",{"dataNavLevelOne":44},"platform",{"type":46,"columns":47},"cards",[48,54,62],{"title":42,"description":49,"link":50},"The intelligent orchestration platform for DevSecOps",{"text":51,"config":52},"Explore our Platform",{"href":53,"dataGaName":44,"dataGaLocation":24},"/platform/",{"title":55,"description":56,"link":57},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":58,"config":59},"Meet GitLab Duo",{"href":60,"dataGaName":61,"dataGaLocation":24},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":63,"description":64,"link":65},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":66,"config":67},"Learn more",{"href":68,"dataGaName":69,"dataGaLocation":24},"/why-gitlab/","why gitlab",{"text":71,"left":14,"config":72,"menu":74},"Product",{"dataNavLevelOne":73},"solutions",{"type":75,"link":76,"columns":80,"feature":149},"lists",{"text":77,"config":78},"View all Solutions",{"href":79,"dataGaName":73,"dataGaLocation":24},"/solutions/",[81,105,128],{"title":82,"description":83,"link":84,"items":89},"Automation","CI/CD and automation to accelerate deployment",{"config":85},{"icon":86,"href":87,"dataGaName":88,"dataGaLocation":24},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[90,94,97,101],{"text":91,"config":92},"CI/CD",{"href":93,"dataGaLocation":24,"dataGaName":91},"/solutions/continuous-integration/",{"text":55,"config":95},{"href":60,"dataGaLocation":24,"dataGaName":96},"gitlab duo agent platform - product menu",{"text":98,"config":99},"Source Code Management",{"href":100,"dataGaLocation":24,"dataGaName":98},"/solutions/source-code-management/",{"text":102,"config":103},"Automated Software Delivery",{"href":87,"dataGaLocation":24,"dataGaName":104},"Automated software delivery",{"title":106,"description":107,"link":108,"items":113},"Security","Deliver code faster without compromising security",{"config":109},{"href":110,"dataGaName":111,"dataGaLocation":24,"icon":112},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[114,118,123],{"text":115,"config":116},"Application Security Testing",{"href":110,"dataGaName":117,"dataGaLocation":24},"Application security testing",{"text":119,"config":120},"Software Supply Chain Security",{"href":121,"dataGaLocation":24,"dataGaName":122},"/solutions/supply-chain/","Software supply chain security",{"text":124,"config":125},"Software Compliance",{"href":126,"dataGaName":127,"dataGaLocation":24},"/solutions/software-compliance/","software compliance",{"title":129,"link":130,"items":135},"Measurement",{"config":131},{"icon":132,"href":133,"dataGaName":134,"dataGaLocation":24},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[136,140,144],{"text":137,"config":138},"Visibility & Measurement",{"href":133,"dataGaLocation":24,"dataGaName":139},"Visibility and Measurement",{"text":141,"config":142},"Value Stream Management",{"href":143,"dataGaLocation":24,"dataGaName":141},"/solutions/value-stream-management/",{"text":145,"config":146},"Analytics & Insights",{"href":147,"dataGaLocation":24,"dataGaName":148},"/solutions/analytics-and-insights/","Analytics and insights",{"title":150,"type":75,"items":151},"GitLab for",[152,158,164],{"text":153,"config":154},"Enterprise",{"icon":155,"href":156,"dataGaLocation":24,"dataGaName":157},"Building","/enterprise/","enterprise",{"text":159,"config":160},"Small Business",{"icon":161,"href":162,"dataGaLocation":24,"dataGaName":163},"Work","/small-business/","small business",{"text":165,"config":166},"Public Sector",{"icon":167,"href":168,"dataGaLocation":24,"dataGaName":169},"Organization","/solutions/public-sector/","public sector",{"text":171,"config":172},"Pricing",{"href":173,"dataGaName":174,"dataGaLocation":24,"dataNavLevelOne":174},"/pricing/","pricing",{"text":176,"config":177,"menu":179},"Resources",{"dataNavLevelOne":178},"resources",{"type":75,"link":180,"columns":184,"feature":268},{"text":181,"config":182},"View all resources",{"href":183,"dataGaName":178,"dataGaLocation":24},"/resources/",[185,218,240],{"title":186,"items":187},"Getting started",[188,193,198,203,208,213],{"text":189,"config":190},"Install",{"href":191,"dataGaName":192,"dataGaLocation":24},"/install/","install",{"text":194,"config":195},"Quick start guides",{"href":196,"dataGaName":197,"dataGaLocation":24},"/get-started/","quick setup checklists",{"text":199,"config":200},"Learn",{"href":201,"dataGaLocation":24,"dataGaName":202},"https://university.gitlab.com/","learn",{"text":204,"config":205},"Product documentation",{"href":206,"dataGaName":207,"dataGaLocation":24},"https://docs.gitlab.com/","product documentation",{"text":209,"config":210},"Best practice videos",{"href":211,"dataGaName":212,"dataGaLocation":24},"/getting-started-videos/","best practice videos",{"text":214,"config":215},"Integrations",{"href":216,"dataGaName":217,"dataGaLocation":24},"/integrations/","integrations",{"title":219,"items":220},"Discover",[221,226,231,235],{"text":222,"config":223},"Customer success stories",{"href":224,"dataGaName":225,"dataGaLocation":24},"/customers/","customer success stories",{"text":227,"config":228},"Blog",{"href":229,"dataGaName":230,"dataGaLocation":24},"/blog/","blog",{"text":232,"config":233},"The Source",{"href":234,"dataGaName":230,"dataGaLocation":24},"/the-source/",{"text":236,"config":237},"Remote",{"href":238,"dataGaName":239,"dataGaLocation":24},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":241,"items":242},"Connect",[243,248,253,258,263],{"text":244,"config":245},"GitLab Services",{"href":246,"dataGaName":247,"dataGaLocation":24},"/services/","services",{"text":249,"config":250},"Community",{"href":251,"dataGaName":252,"dataGaLocation":24},"/community/","community",{"text":254,"config":255},"Forum",{"href":256,"dataGaName":257,"dataGaLocation":24},"https://forum.gitlab.com/","forum",{"text":259,"config":260},"Events",{"href":261,"dataGaName":262,"dataGaLocation":24},"/events/","events",{"text":264,"config":265},"Partners",{"href":266,"dataGaName":267,"dataGaLocation":24},"/partners/","partners",{"config":269,"title":272,"text":273,"link":274},{"background":270,"textColor":271},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":275,"config":276},"Read the latest",{"href":277,"dataGaName":278,"dataGaLocation":24},"/releases/whats-new/","whats new",{"text":280,"config":281,"menu":283},"Company",{"dataNavLevelOne":282},"company",{"type":75,"columns":284},[285],{"items":286},[287,292,298,300,305,310,315,320,325,330,335],{"text":288,"config":289},"About",{"href":290,"dataGaName":291,"dataGaLocation":24},"/company/","about",{"text":293,"config":294,"footerGa":297},"Jobs",{"href":295,"dataGaName":296,"dataGaLocation":24},"/jobs/","jobs",{"dataGaName":296},{"text":259,"config":299},{"href":261,"dataGaName":262,"dataGaLocation":24},{"text":301,"config":302},"Leadership",{"href":303,"dataGaName":304,"dataGaLocation":24},"/company/team/e-group/","leadership",{"text":306,"config":307},"Team",{"href":308,"dataGaName":309,"dataGaLocation":24},"/company/team/","team",{"text":311,"config":312},"Handbook",{"href":313,"dataGaName":314,"dataGaLocation":24},"https://handbook.gitlab.com/","handbook",{"text":316,"config":317},"Investor relations",{"href":318,"dataGaName":319,"dataGaLocation":24},"https://ir.gitlab.com/","investor relations",{"text":321,"config":322},"Trust Center",{"href":323,"dataGaName":324,"dataGaLocation":24},"/security/","trust center",{"text":326,"config":327},"AI Transparency Center",{"href":328,"dataGaName":329,"dataGaLocation":24},"/ai-transparency-center/","ai transparency center",{"text":331,"config":332},"Newsletter",{"href":333,"dataGaName":334,"dataGaLocation":24},"/company/contact/#contact-forms","newsletter",{"text":336,"config":337},"Press",{"href":338,"dataGaName":339,"dataGaLocation":24},"/press/","press",{"text":341,"config":342,"menu":343},"Contact us",{"dataNavLevelOne":282},{"type":75,"columns":344},[345],{"items":346},[347,350,355],{"text":31,"config":348},{"href":33,"dataGaName":349,"dataGaLocation":24},"talk to sales",{"text":351,"config":352},"Support portal",{"href":353,"dataGaName":354,"dataGaLocation":24},"https://support.gitlab.com","support portal",{"text":356,"config":357},"Customer portal",{"href":358,"dataGaName":359,"dataGaLocation":24},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":361,"login":362,"suggestions":369},"Close",{"text":363,"link":364},"To search repositories and projects, login to",{"text":365,"config":366},"gitlab.com",{"href":38,"dataGaName":367,"dataGaLocation":368},"search login","search",{"text":370,"default":371},"Suggestions",[372,374,378,380,384,388],{"text":55,"config":373},{"href":60,"dataGaName":55,"dataGaLocation":368},{"text":375,"config":376},"Code Suggestions (AI)",{"href":377,"dataGaName":375,"dataGaLocation":368},"/solutions/code-suggestions/",{"text":91,"config":379},{"href":93,"dataGaName":91,"dataGaLocation":368},{"text":381,"config":382},"GitLab on AWS",{"href":383,"dataGaName":381,"dataGaLocation":368},"/partners/technology-partners/aws/",{"text":385,"config":386},"GitLab on Google Cloud",{"href":387,"dataGaName":385,"dataGaLocation":368},"/partners/technology-partners/google-cloud-platform/",{"text":389,"config":390},"Why GitLab?",{"href":68,"dataGaName":389,"dataGaLocation":368},{"freeTrial":392,"mobileIcon":397,"desktopIcon":402,"secondaryButton":405},{"text":393,"config":394},"Start free trial",{"href":395,"dataGaName":29,"dataGaLocation":396},"https://gitlab.com/-/trials/new/","nav",{"altText":398,"config":399},"Gitlab Icon",{"src":400,"dataGaName":401,"dataGaLocation":396},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":398,"config":403},{"src":404,"dataGaName":401,"dataGaLocation":396},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":406,"config":407},"Get Started",{"href":408,"dataGaName":409,"dataGaLocation":396},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":411,"mobileIcon":415,"desktopIcon":417},{"text":412,"config":413},"Learn more about GitLab Duo",{"href":60,"dataGaName":414,"dataGaLocation":396},"gitlab duo",{"altText":398,"config":416},{"src":400,"dataGaName":401,"dataGaLocation":396},{"altText":398,"config":418},{"src":404,"dataGaName":401,"dataGaLocation":396},{"button":420,"mobileIcon":425,"desktopIcon":427},{"text":421,"config":422},"/switch",{"href":423,"dataGaName":424,"dataGaLocation":396},"#contact","switch",{"altText":398,"config":426},{"src":400,"dataGaName":401,"dataGaLocation":396},{"altText":398,"config":428},{"src":429,"dataGaName":401,"dataGaLocation":396},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":431,"mobileIcon":436,"desktopIcon":438},{"text":432,"config":433},"Back to pricing",{"href":173,"dataGaName":434,"dataGaLocation":396,"icon":435},"back to pricing","GoBack",{"altText":398,"config":437},{"src":400,"dataGaName":401,"dataGaLocation":396},{"altText":398,"config":439},{"src":404,"dataGaName":401,"dataGaLocation":396},{"title":441,"button":442,"config":447},"See how agentic AI transforms software delivery",{"text":443,"config":444},"Sign up for GitLab Transcend on June 10",{"href":445,"dataGaName":446,"dataGaLocation":24},"/releases/whats-new/#sign-up","transcend event",{"layout":448,"icon":449,"disabled":450},"release","AiStar",false,{"data":452},{"text":453,"source":454,"edit":460,"contribute":465,"config":470,"items":475,"minimal":682},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":455,"config":456},"View page source",{"href":457,"dataGaName":458,"dataGaLocation":459},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":461,"config":462},"Edit this page",{"href":463,"dataGaName":464,"dataGaLocation":459},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":466,"config":467},"Please contribute",{"href":468,"dataGaName":469,"dataGaLocation":459},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":471,"facebook":472,"youtube":473,"linkedin":474},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[476,523,577,621,648],{"title":171,"links":477,"subMenu":492},[478,482,487],{"text":479,"config":480},"View plans",{"href":173,"dataGaName":481,"dataGaLocation":459},"view plans",{"text":483,"config":484},"Why Premium?",{"href":485,"dataGaName":486,"dataGaLocation":459},"/pricing/premium/","why premium",{"text":488,"config":489},"Why Ultimate?",{"href":490,"dataGaName":491,"dataGaLocation":459},"/pricing/ultimate/","why ultimate",[493],{"title":494,"links":495},"Contact Us",[496,499,501,503,508,513,518],{"text":497,"config":498},"Contact sales",{"href":33,"dataGaName":34,"dataGaLocation":459},{"text":351,"config":500},{"href":353,"dataGaName":354,"dataGaLocation":459},{"text":356,"config":502},{"href":358,"dataGaName":359,"dataGaLocation":459},{"text":504,"config":505},"Status",{"href":506,"dataGaName":507,"dataGaLocation":459},"https://status.gitlab.com/","status",{"text":509,"config":510},"Terms of use",{"href":511,"dataGaName":512,"dataGaLocation":459},"/terms/","terms of use",{"text":514,"config":515},"Privacy statement",{"href":516,"dataGaName":517,"dataGaLocation":459},"/privacy/","privacy statement",{"text":519,"config":520},"Cookie preferences",{"dataGaName":521,"dataGaLocation":459,"id":522,"isOneTrustButton":14},"cookie preferences","ot-sdk-btn",{"title":71,"links":524,"subMenu":533},[525,529],{"text":526,"config":527},"DevSecOps platform",{"href":53,"dataGaName":528,"dataGaLocation":459},"devsecops platform",{"text":530,"config":531},"AI-Assisted Development",{"href":60,"dataGaName":532,"dataGaLocation":459},"ai-assisted development",[534],{"title":535,"links":536},"Topics",[537,542,547,552,557,562,567,572],{"text":538,"config":539},"CICD",{"href":540,"dataGaName":541,"dataGaLocation":459},"/topics/ci-cd/","cicd",{"text":543,"config":544},"GitOps",{"href":545,"dataGaName":546,"dataGaLocation":459},"/topics/gitops/","gitops",{"text":548,"config":549},"DevOps",{"href":550,"dataGaName":551,"dataGaLocation":459},"/topics/devops/","devops",{"text":553,"config":554},"Version Control",{"href":555,"dataGaName":556,"dataGaLocation":459},"/topics/version-control/","version control",{"text":558,"config":559},"DevSecOps",{"href":560,"dataGaName":561,"dataGaLocation":459},"/topics/devsecops/","devsecops",{"text":563,"config":564},"Cloud Native",{"href":565,"dataGaName":566,"dataGaLocation":459},"/topics/cloud-native/","cloud native",{"text":568,"config":569},"AI for Coding",{"href":570,"dataGaName":571,"dataGaLocation":459},"/topics/devops/ai-for-coding/","ai for coding",{"text":573,"config":574},"Agentic AI",{"href":575,"dataGaName":576,"dataGaLocation":459},"/topics/agentic-ai/","agentic ai",{"title":578,"links":579},"Solutions",[580,582,584,589,593,596,600,603,605,608,611,616],{"text":115,"config":581},{"href":110,"dataGaName":115,"dataGaLocation":459},{"text":104,"config":583},{"href":87,"dataGaName":88,"dataGaLocation":459},{"text":585,"config":586},"Agile development",{"href":587,"dataGaName":588,"dataGaLocation":459},"/solutions/agile-delivery/","agile delivery",{"text":590,"config":591},"SCM",{"href":100,"dataGaName":592,"dataGaLocation":459},"source code management",{"text":538,"config":594},{"href":93,"dataGaName":595,"dataGaLocation":459},"continuous integration & delivery",{"text":597,"config":598},"Value stream management",{"href":143,"dataGaName":599,"dataGaLocation":459},"value stream management",{"text":543,"config":601},{"href":602,"dataGaName":546,"dataGaLocation":459},"/solutions/gitops/",{"text":153,"config":604},{"href":156,"dataGaName":157,"dataGaLocation":459},{"text":606,"config":607},"Small business",{"href":162,"dataGaName":163,"dataGaLocation":459},{"text":609,"config":610},"Public sector",{"href":168,"dataGaName":169,"dataGaLocation":459},{"text":612,"config":613},"Education",{"href":614,"dataGaName":615,"dataGaLocation":459},"/solutions/education/","education",{"text":617,"config":618},"Financial services",{"href":619,"dataGaName":620,"dataGaLocation":459},"/solutions/finance/","financial services",{"title":176,"links":622},[623,625,627,629,632,634,636,638,640,642,644,646],{"text":189,"config":624},{"href":191,"dataGaName":192,"dataGaLocation":459},{"text":194,"config":626},{"href":196,"dataGaName":197,"dataGaLocation":459},{"text":199,"config":628},{"href":201,"dataGaName":202,"dataGaLocation":459},{"text":204,"config":630},{"href":206,"dataGaName":631,"dataGaLocation":459},"docs",{"text":227,"config":633},{"href":229,"dataGaName":230,"dataGaLocation":459},{"text":222,"config":635},{"href":224,"dataGaName":225,"dataGaLocation":459},{"text":236,"config":637},{"href":238,"dataGaName":239,"dataGaLocation":459},{"text":244,"config":639},{"href":246,"dataGaName":247,"dataGaLocation":459},{"text":249,"config":641},{"href":251,"dataGaName":252,"dataGaLocation":459},{"text":254,"config":643},{"href":256,"dataGaName":257,"dataGaLocation":459},{"text":259,"config":645},{"href":261,"dataGaName":262,"dataGaLocation":459},{"text":264,"config":647},{"href":266,"dataGaName":267,"dataGaLocation":459},{"title":280,"links":649},[650,652,654,656,658,660,662,666,671,673,675,677],{"text":288,"config":651},{"href":290,"dataGaName":282,"dataGaLocation":459},{"text":293,"config":653},{"href":295,"dataGaName":296,"dataGaLocation":459},{"text":301,"config":655},{"href":303,"dataGaName":304,"dataGaLocation":459},{"text":306,"config":657},{"href":308,"dataGaName":309,"dataGaLocation":459},{"text":311,"config":659},{"href":313,"dataGaName":314,"dataGaLocation":459},{"text":316,"config":661},{"href":318,"dataGaName":319,"dataGaLocation":459},{"text":663,"config":664},"Sustainability",{"href":665,"dataGaName":663,"dataGaLocation":459},"/sustainability/",{"text":667,"config":668},"Diversity, inclusion and belonging (DIB)",{"href":669,"dataGaName":670,"dataGaLocation":459},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":321,"config":672},{"href":323,"dataGaName":324,"dataGaLocation":459},{"text":331,"config":674},{"href":333,"dataGaName":334,"dataGaLocation":459},{"text":336,"config":676},{"href":338,"dataGaName":339,"dataGaLocation":459},{"text":678,"config":679},"Modern Slavery Transparency Statement",{"href":680,"dataGaName":681,"dataGaLocation":459},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":683},[684,687,690],{"text":685,"config":686},"Terms",{"href":511,"dataGaName":512,"dataGaLocation":459},{"text":688,"config":689},"Cookies",{"dataGaName":521,"dataGaLocation":459,"id":522,"isOneTrustButton":14},{"text":691,"config":692},"Privacy",{"href":516,"dataGaName":517,"dataGaLocation":459},[694,705,715,725,735,746,757,768,778,788,798,806,817,826,836,846,855,864,874,883,892,901,909,919,929],{"content":695,"config":703},{"title":696,"heroImage":697,"category":698,"description":699,"authors":700,"date":702},"How to detect and prevent Contagious Interview IDE attacks","https://res.cloudinary.com/about-gitlab-com/image/upload/v1774375772/kpaaaiqhokevxxeoxvu0.png","security-labs","Learn how we built custom controls that detect and prevent malware campaigns like those used for Contagious Interview and how to deploy them in your environment.",[701],"Josh Feehs","2026-05-04",{"slug":704,"externalUrl":-1},"how-to-detect-and-prevent-contagious-interview-ide-attacks",{"content":706,"config":713},{"title":707,"heroImage":708,"category":698,"description":709,"authors":710,"date":712},"Build an automated detection testing framework with GitLab CI/CD and Duo","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772195014/ooezwusxjl1f7ijfmbvj.png","Learn how GitLab's Signals Engineering team built the WATCH framework to continuously validate our security monitoring pipeline.",[711],"Evan Baltman","2026-04-30",{"slug":714,"externalUrl":-1},"automated-detection-testing-framework",{"content":716,"config":723},{"title":717,"heroImage":718,"category":698,"description":719,"authors":720,"date":722},"Automating detection gap analysis with GitLab Duo Agent Platform","https://res.cloudinary.com/about-gitlab-com/image/upload/v1773147991/op5xyroonltdwqix0x3u.png","Learn how GitLab's Signals Engineering team uses our AI platform to automatically surface detection gaps from security incidents — no manual review required.",[721],"Matt Coons","2026-03-10",{"slug":724,"externalUrl":-1},"automating-detection-gap-analysis-with-gitlab-duo-agent-platform",{"content":726,"config":733},{"title":727,"heroImage":728,"category":698,"description":729,"authors":730,"date":732},"GitLab Threat Intelligence Team reveals North Korean tradecraft","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464282/r2ovpvmizpkcngy9kzqu.png","Gain threat intelligence about North Korea’s Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.",[731],"Oliver Smith","2026-02-19",{"slug":734,"externalUrl":-1},"gitlab-threat-intelligence-reveals-north-korean-tradecraft",{"content":736,"config":744},{"title":737,"heroImage":738,"category":698,"description":739,"authors":740,"date":743},"GitLab discovers widespread npm supply chain attack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665667/Blog/Hero%20Images/built-in-security.jpg","Malware driving attack includes \"dead man's switch\" that can harm user data.",[741,742],"Michael Henriksen","Daniel Abeles","2025-11-24",{"slug":745,"externalUrl":-1},"gitlab-discovers-widespread-npm-supply-chain-attack",{"content":747,"config":754},{"title":748,"heroImage":749,"category":750,"description":751,"authors":752,"date":753},"GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","product","Learn more about this patch release for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2025-11-12",{"slug":755,"externalUrl":756},"","https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-5-2-released/",{"content":758,"config":766},{"title":759,"heroImage":760,"category":761,"description":762,"authors":763,"date":765},"Introducing GitLab Advanced Vulnerability Tracking","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664844/Blog/Hero%20Images/AdobeStock_941867776.jpg","security","Learn how this security feature improves the efficiency of vulnerability management by reducing futile auditing time (includes data from a new study).",[764],"Julian Thome","2025-01-21",{"slug":767,"externalUrl":-1},"introducing-gitlab-advanced-vulnerability-tracking",{"content":769,"config":776},{"title":770,"heroImage":771,"category":698,"description":772,"authors":773,"date":775},"Git security audit: Inside the hunt for - and discovery of - CVEs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668524/Blog/Hero%20Images/closeup-photo-of-black-and-blue-keyboard-1194713.jpg","Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.",[774],"Joern Schneeweisz","2023-01-24",{"slug":777,"externalUrl":-1},"git-security-audit",{"content":779,"config":786},{"title":780,"heroImage":781,"category":761,"description":782,"authors":783,"date":785},"Meet Package Hunter: A tool for detecting malicious code in your dependencies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682075/Blog/Hero%20Images/package-hunter.png","We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.",[784],"Dennis Appelt","2021-07-23",{"slug":787,"externalUrl":-1},"announcing-package-hunter",{"content":789,"config":796},{"title":790,"heroImage":791,"category":761,"description":792,"authors":793,"date":795},"How we’re creating a threat model framework that works for GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682058/Blog/Hero%20Images/pexels-nathan-j-hilton.jpg","As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.",[794],"Mark Loveless","2021-07-09",{"slug":797,"externalUrl":-1},"creating-a-threat-model-that-works-for-gitlab",{"content":799,"config":804},{"title":800,"heroImage":771,"category":761,"description":801,"authors":802,"date":803},"A brief look at Gitpod, two bugs, and a quick fix","Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.",[774],"2021-07-08",{"slug":805,"externalUrl":-1},"two-bugs-and-a-quick-fix-in-gitpod",{"content":807,"config":815},{"title":808,"heroImage":809,"category":810,"description":811,"authors":812,"date":814},"You asked, and our Red Team answered","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670889/Blog/Hero%20Images/security-ama-blog-header.png","unfiltered","We held a public, ask me anything with our Red Team. Here’s what people asked.",[813],"Heather Simpson","2021-01-29",{"slug":816,"externalUrl":-1},"you-asked-and-our-red-team-answered",{"content":818,"config":824},{"title":819,"heroImage":820,"category":810,"description":821,"authors":822,"date":823},"Switching “sides” in security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679594/Blog/Hero%20Images/jason-polychronopulos-unsplash.jpg","How does product security work differ from pen testing and hacking all the things?",[774],"2020-10-23",{"slug":825,"externalUrl":-1},"switching-sides-in-security",{"content":827,"config":834},{"title":828,"heroImage":829,"category":761,"description":830,"authors":831,"date":833},"Why you need a security champions program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664002/Blog/Hero%20Images/securitychampions.jpg","Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.",[832],"Valerie Silverthorne","2020-10-14",{"slug":835,"externalUrl":-1},"why-security-champions",{"content":837,"config":844},{"title":838,"heroImage":839,"category":761,"description":840,"authors":841,"date":843},"GitLab's security trends report – our latest look at what's most vulnerable","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678152/Blog/Hero%20Images/data.jpg","From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.",[842],"Wayne Haber","2020-10-06",{"slug":845,"externalUrl":-1},"gitlab-latest-security-trends",{"content":847,"config":853},{"title":848,"heroImage":849,"category":761,"description":850,"authors":851,"date":852},"How to configure DAST full scans for complex web applications","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679617/Blog/Hero%20Images/tuning-237454.jpg","Keep your DAST job within timeout limits and fine-tune job configurations for better results",[784],"2020-08-31",{"slug":854,"externalUrl":-1},"how-to-configure-dast-full-scans-for-complex-web-applications",{"content":856,"config":862},{"title":857,"heroImage":858,"category":761,"description":859,"authors":860,"date":861},"How to play GitLab's Capture the Flag at home","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681485/Blog/Hero%20Images/gitlab_ctf.png","Our AppSec team built and ran a CTF, and now it's available for you to play at home.",[774],"2020-08-12",{"slug":863,"externalUrl":-1},"how-to-play-gitlab-ctf-at-home",{"content":865,"config":872},{"title":866,"heroImage":867,"category":761,"description":868,"authors":869,"date":871},"How to benchmark security tools: a case study using WebGoat","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678166/Blog/Hero%20Images/benchmarking.jpg","When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.",[870],"Isaac Dawson","2020-08-11",{"slug":873,"externalUrl":-1},"how-to-benchmark-security-tools",{"content":875,"config":881},{"title":876,"heroImage":877,"category":761,"description":878,"authors":879,"date":880},"GitLab instance: security best practices","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667057/Blog/Hero%20Images/configs_unsplash.jpg","Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.",[794],"2020-05-20",{"slug":882,"externalUrl":-1},"gitlab-instance-security-best-practices",{"content":884,"config":890},{"title":885,"heroImage":886,"category":761,"description":887,"authors":888,"date":889},"How we manage open source security software","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681227/Blog/Hero%20Images/opensourcesecurity.jpg","Open source software presents unique security challenges. Here’s what you need to know.",[794],"2020-04-10",{"slug":891,"externalUrl":-1},"open-source-security",{"content":893,"config":899},{"title":894,"heroImage":895,"category":761,"description":896,"authors":897,"date":898},"Top 6 security trends in GitLab-hosted projects","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663502/Blog/Hero%20Images/paperclips.jpg","Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.",[842],"2020-04-02",{"slug":900,"externalUrl":-1},"security-trends-in-gitlab-hosted-projects",{"content":902,"config":907},{"title":903,"heroImage":771,"category":761,"description":904,"authors":905,"date":906},"How to exploit parser differentials","Your guide to abusing 'language barriers' between web components.",[774],"2020-03-30",{"slug":908,"externalUrl":-1},"how-to-exploit-parser-differentials",{"content":910,"config":917},{"title":911,"heroImage":912,"category":761,"description":913,"authors":914,"date":916},"Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672755/Blog/Hero%20Images/white-lightning-heating-mountain.jpg","A Red Team exercise on exploiting design decisions on GCP.",[915],"Chris Moberly","2020-02-12",{"slug":918,"externalUrl":-1},"plundering-gcp-escalating-privileges-in-google-cloud-platform",{"content":920,"config":927},{"title":921,"heroImage":922,"category":761,"description":923,"authors":924,"date":926},"Introducing Token-Hunter","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679669/Blog/Hero%20Images/lightscape-Bsw6l6e01Rw-unsplash.jpg","Our red team has created a new tool to find sensitive data in the vast, wide-open.",[925],"Greg Johnson","2019-12-20",{"slug":928,"externalUrl":-1},"introducing-token-hunter",{"content":930,"config":935},{"title":931,"heroImage":771,"category":761,"description":932,"authors":933,"date":934},"Shopping for an admin account via path traversal","How to exploit a path traversal issue to gain an admin account",[774],"2019-11-29",{"slug":936,"externalUrl":-1},"shopping-for-an-admin-account",1777934918960]