Browse articles that include the security research tag

Recent posts

Security

A brief look at Gitpod, two bugs, and a quick fix

Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.

Unfiltered

You asked, and our Red Team answered

We held a public, ask me anything with our Red Team. Here’s what people asked.

Unfiltered

Switching “sides” in security

How does product security work differ from pen testing and hacking all the things?

Security

Why you need a security champions program

Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.

Security

GitLab's security trends report – our latest look at what's most vulnerable

From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.

Security

How to configure DAST full scans for complex web applications

Keep your DAST job within timeout limits and fine-tune job configurations for better results

Security

How to play GitLab's Capture the Flag at home

Our AppSec team built and ran a CTF, and now it's available for you to play at home.

Security

How to benchmark security tools: a case study using WebGoat

When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.

Security

GitLab instance: security best practices

Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.

Ready to get started?

See what your team could do with a unified DevSecOps Platform

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert