[{"data":1,"prerenderedAt":884},["ShallowReactive",2],{"/en-us/blog/tags/security-research":3,"navigation-en-us":19,"banner-en-us":419,"footer-en-us":429,"security research-tag-posts-en-us":671},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":12,"meta":13,"navigation":14,"path":15,"seo":16,"slug":6,"stem":17,"testContent":6,"type":6,"__hash__":18},"blogTags/en-us/blog/tags/security-research.yml","Security Research",null,{"template":8},"BlogTag",{"tag":10,"tagSlug":11},"security research","security-research","yml",{},true,"/en-us/blog/tags/security-research",{},"en-us/blog/tags/security-research","25-JL1VMHy0dPpvBMKsjt40RQ13Lnds_84Qn90BTAuo",{"data":20},{"logo":21,"freeTrial":26,"sales":31,"login":36,"items":41,"search":349,"minimal":380,"duo":399,"pricingDeployment":409},{"config":22},{"href":23,"dataGaName":24,"dataGaLocation":25},"/","gitlab logo","header",{"text":27,"config":28},"Get free trial",{"href":29,"dataGaName":30,"dataGaLocation":25},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":32,"config":33},"Talk to sales",{"href":34,"dataGaName":35,"dataGaLocation":25},"/sales/","sales",{"text":37,"config":38},"Sign in",{"href":39,"dataGaName":40,"dataGaLocation":25},"https://gitlab.com/users/sign_in/","sign in",[42,69,164,169,270,330],{"text":43,"config":44,"cards":46},"Platform",{"dataNavLevelOne":45},"platform",[47,53,61],{"title":43,"description":48,"link":49},"The intelligent orchestration platform for DevSecOps",{"text":50,"config":51},"Explore our Platform",{"href":52,"dataGaName":45,"dataGaLocation":25},"/platform/",{"title":54,"description":55,"link":56},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":57,"config":58},"Meet GitLab Duo",{"href":59,"dataGaName":60,"dataGaLocation":25},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":62,"description":63,"link":64},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":65,"config":66},"Learn more",{"href":67,"dataGaName":68,"dataGaLocation":25},"/why-gitlab/","why gitlab",{"text":70,"left":14,"config":71,"link":73,"lists":77,"footer":146},"Product",{"dataNavLevelOne":72},"solutions",{"text":74,"config":75},"View all Solutions",{"href":76,"dataGaName":72,"dataGaLocation":25},"/solutions/",[78,102,125],{"title":79,"description":80,"link":81,"items":86},"Automation","CI/CD and automation to accelerate deployment",{"config":82},{"icon":83,"href":84,"dataGaName":85,"dataGaLocation":25},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[87,91,94,98],{"text":88,"config":89},"CI/CD",{"href":90,"dataGaLocation":25,"dataGaName":88},"/solutions/continuous-integration/",{"text":54,"config":92},{"href":59,"dataGaLocation":25,"dataGaName":93},"gitlab duo agent platform - product menu",{"text":95,"config":96},"Source Code Management",{"href":97,"dataGaLocation":25,"dataGaName":95},"/solutions/source-code-management/",{"text":99,"config":100},"Automated Software Delivery",{"href":84,"dataGaLocation":25,"dataGaName":101},"Automated software delivery",{"title":103,"description":104,"link":105,"items":110},"Security","Deliver code faster without compromising security",{"config":106},{"href":107,"dataGaName":108,"dataGaLocation":25,"icon":109},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[111,115,120],{"text":112,"config":113},"Application Security Testing",{"href":107,"dataGaName":114,"dataGaLocation":25},"Application security testing",{"text":116,"config":117},"Software Supply Chain Security",{"href":118,"dataGaLocation":25,"dataGaName":119},"/solutions/supply-chain/","Software supply chain security",{"text":121,"config":122},"Software Compliance",{"href":123,"dataGaName":124,"dataGaLocation":25},"/solutions/software-compliance/","software compliance",{"title":126,"link":127,"items":132},"Measurement",{"config":128},{"icon":129,"href":130,"dataGaName":131,"dataGaLocation":25},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[133,137,141],{"text":134,"config":135},"Visibility & Measurement",{"href":130,"dataGaLocation":25,"dataGaName":136},"Visibility and Measurement",{"text":138,"config":139},"Value Stream Management",{"href":140,"dataGaLocation":25,"dataGaName":138},"/solutions/value-stream-management/",{"text":142,"config":143},"Analytics & Insights",{"href":144,"dataGaLocation":25,"dataGaName":145},"/solutions/analytics-and-insights/","Analytics and insights",{"title":147,"items":148},"GitLab for",[149,154,159],{"text":150,"config":151},"Enterprise",{"href":152,"dataGaLocation":25,"dataGaName":153},"/enterprise/","enterprise",{"text":155,"config":156},"Small Business",{"href":157,"dataGaLocation":25,"dataGaName":158},"/small-business/","small business",{"text":160,"config":161},"Public Sector",{"href":162,"dataGaLocation":25,"dataGaName":163},"/solutions/public-sector/","public sector",{"text":165,"config":166},"Pricing",{"href":167,"dataGaName":168,"dataGaLocation":25,"dataNavLevelOne":168},"/pricing/","pricing",{"text":170,"config":171,"link":173,"lists":177,"feature":257},"Resources",{"dataNavLevelOne":172},"resources",{"text":174,"config":175},"View all resources",{"href":176,"dataGaName":172,"dataGaLocation":25},"/resources/",[178,211,229],{"title":179,"items":180},"Getting started",[181,186,191,196,201,206],{"text":182,"config":183},"Install",{"href":184,"dataGaName":185,"dataGaLocation":25},"/install/","install",{"text":187,"config":188},"Quick start guides",{"href":189,"dataGaName":190,"dataGaLocation":25},"/get-started/","quick setup checklists",{"text":192,"config":193},"Learn",{"href":194,"dataGaLocation":25,"dataGaName":195},"https://university.gitlab.com/","learn",{"text":197,"config":198},"Product documentation",{"href":199,"dataGaName":200,"dataGaLocation":25},"https://docs.gitlab.com/","product documentation",{"text":202,"config":203},"Best practice videos",{"href":204,"dataGaName":205,"dataGaLocation":25},"/getting-started-videos/","best practice videos",{"text":207,"config":208},"Integrations",{"href":209,"dataGaName":210,"dataGaLocation":25},"/integrations/","integrations",{"title":212,"items":213},"Discover",[214,219,224],{"text":215,"config":216},"Customer success stories",{"href":217,"dataGaName":218,"dataGaLocation":25},"/customers/","customer success stories",{"text":220,"config":221},"Blog",{"href":222,"dataGaName":223,"dataGaLocation":25},"/blog/","blog",{"text":225,"config":226},"Remote",{"href":227,"dataGaName":228,"dataGaLocation":25},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":230,"items":231},"Connect",[232,237,242,247,252],{"text":233,"config":234},"GitLab Services",{"href":235,"dataGaName":236,"dataGaLocation":25},"/services/","services",{"text":238,"config":239},"Community",{"href":240,"dataGaName":241,"dataGaLocation":25},"/community/","community",{"text":243,"config":244},"Forum",{"href":245,"dataGaName":246,"dataGaLocation":25},"https://forum.gitlab.com/","forum",{"text":248,"config":249},"Events",{"href":250,"dataGaName":251,"dataGaLocation":25},"/events/","events",{"text":253,"config":254},"Partners",{"href":255,"dataGaName":256,"dataGaLocation":25},"/partners/","partners",{"backgroundColor":258,"textColor":259,"text":260,"image":261,"link":265},"#2f2a6b","#fff","Insights for the future of software development",{"altText":262,"config":263},"the source promo card",{"src":264},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":266,"config":267},"Read the latest",{"href":268,"dataGaName":269,"dataGaLocation":25},"/the-source/","the source",{"text":271,"config":272,"lists":274},"Company",{"dataNavLevelOne":273},"company",[275],{"items":276},[277,282,288,290,295,300,305,310,315,320,325],{"text":278,"config":279},"About",{"href":280,"dataGaName":281,"dataGaLocation":25},"/company/","about",{"text":283,"config":284,"footerGa":287},"Jobs",{"href":285,"dataGaName":286,"dataGaLocation":25},"/jobs/","jobs",{"dataGaName":286},{"text":248,"config":289},{"href":250,"dataGaName":251,"dataGaLocation":25},{"text":291,"config":292},"Leadership",{"href":293,"dataGaName":294,"dataGaLocation":25},"/company/team/e-group/","leadership",{"text":296,"config":297},"Team",{"href":298,"dataGaName":299,"dataGaLocation":25},"/company/team/","team",{"text":301,"config":302},"Handbook",{"href":303,"dataGaName":304,"dataGaLocation":25},"https://handbook.gitlab.com/","handbook",{"text":306,"config":307},"Investor relations",{"href":308,"dataGaName":309,"dataGaLocation":25},"https://ir.gitlab.com/","investor relations",{"text":311,"config":312},"Trust Center",{"href":313,"dataGaName":314,"dataGaLocation":25},"/security/","trust center",{"text":316,"config":317},"AI Transparency Center",{"href":318,"dataGaName":319,"dataGaLocation":25},"/ai-transparency-center/","ai transparency center",{"text":321,"config":322},"Newsletter",{"href":323,"dataGaName":324,"dataGaLocation":25},"/company/contact/#contact-forms","newsletter",{"text":326,"config":327},"Press",{"href":328,"dataGaName":329,"dataGaLocation":25},"/press/","press",{"text":331,"config":332,"lists":333},"Contact us",{"dataNavLevelOne":273},[334],{"items":335},[336,339,344],{"text":32,"config":337},{"href":34,"dataGaName":338,"dataGaLocation":25},"talk to sales",{"text":340,"config":341},"Support portal",{"href":342,"dataGaName":343,"dataGaLocation":25},"https://support.gitlab.com","support portal",{"text":345,"config":346},"Customer portal",{"href":347,"dataGaName":348,"dataGaLocation":25},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":350,"login":351,"suggestions":358},"Close",{"text":352,"link":353},"To search repositories and projects, login to",{"text":354,"config":355},"gitlab.com",{"href":39,"dataGaName":356,"dataGaLocation":357},"search login","search",{"text":359,"default":360},"Suggestions",[361,363,367,369,373,377],{"text":54,"config":362},{"href":59,"dataGaName":54,"dataGaLocation":357},{"text":364,"config":365},"Code Suggestions (AI)",{"href":366,"dataGaName":364,"dataGaLocation":357},"/solutions/code-suggestions/",{"text":88,"config":368},{"href":90,"dataGaName":88,"dataGaLocation":357},{"text":370,"config":371},"GitLab on AWS",{"href":372,"dataGaName":370,"dataGaLocation":357},"/partners/technology-partners/aws/",{"text":374,"config":375},"GitLab on Google Cloud",{"href":376,"dataGaName":374,"dataGaLocation":357},"/partners/technology-partners/google-cloud-platform/",{"text":378,"config":379},"Why GitLab?",{"href":67,"dataGaName":378,"dataGaLocation":357},{"freeTrial":381,"mobileIcon":386,"desktopIcon":391,"secondaryButton":394},{"text":382,"config":383},"Start free trial",{"href":384,"dataGaName":30,"dataGaLocation":385},"https://gitlab.com/-/trials/new/","nav",{"altText":387,"config":388},"Gitlab Icon",{"src":389,"dataGaName":390,"dataGaLocation":385},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":387,"config":392},{"src":393,"dataGaName":390,"dataGaLocation":385},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":395,"config":396},"Get Started",{"href":397,"dataGaName":398,"dataGaLocation":385},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":400,"mobileIcon":405,"desktopIcon":407},{"text":401,"config":402},"Learn more about GitLab Duo",{"href":403,"dataGaName":404,"dataGaLocation":385},"/gitlab-duo/","gitlab duo",{"altText":387,"config":406},{"src":389,"dataGaName":390,"dataGaLocation":385},{"altText":387,"config":408},{"src":393,"dataGaName":390,"dataGaLocation":385},{"freeTrial":410,"mobileIcon":415,"desktopIcon":417},{"text":411,"config":412},"Back to pricing",{"href":167,"dataGaName":413,"dataGaLocation":385,"icon":414},"back to pricing","GoBack",{"altText":387,"config":416},{"src":389,"dataGaName":390,"dataGaLocation":385},{"altText":387,"config":418},{"src":393,"dataGaName":390,"dataGaLocation":385},{"title":420,"button":421,"config":426},"See how agentic AI transforms software delivery",{"text":422,"config":423},"Watch GitLab Transcend now",{"href":424,"dataGaName":425,"dataGaLocation":25},"/events/transcend/virtual/","transcend event",{"layout":427,"icon":428},"release","AiStar",{"data":430},{"text":431,"source":432,"edit":438,"contribute":443,"config":448,"items":453,"minimal":660},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":433,"config":434},"View page source",{"href":435,"dataGaName":436,"dataGaLocation":437},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":439,"config":440},"Edit this page",{"href":441,"dataGaName":442,"dataGaLocation":437},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":444,"config":445},"Please contribute",{"href":446,"dataGaName":447,"dataGaLocation":437},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":449,"facebook":450,"youtube":451,"linkedin":452},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[454,501,555,599,626],{"title":165,"links":455,"subMenu":470},[456,460,465],{"text":457,"config":458},"View plans",{"href":167,"dataGaName":459,"dataGaLocation":437},"view plans",{"text":461,"config":462},"Why Premium?",{"href":463,"dataGaName":464,"dataGaLocation":437},"/pricing/premium/","why premium",{"text":466,"config":467},"Why Ultimate?",{"href":468,"dataGaName":469,"dataGaLocation":437},"/pricing/ultimate/","why ultimate",[471],{"title":472,"links":473},"Contact Us",[474,477,479,481,486,491,496],{"text":475,"config":476},"Contact sales",{"href":34,"dataGaName":35,"dataGaLocation":437},{"text":340,"config":478},{"href":342,"dataGaName":343,"dataGaLocation":437},{"text":345,"config":480},{"href":347,"dataGaName":348,"dataGaLocation":437},{"text":482,"config":483},"Status",{"href":484,"dataGaName":485,"dataGaLocation":437},"https://status.gitlab.com/","status",{"text":487,"config":488},"Terms of use",{"href":489,"dataGaName":490,"dataGaLocation":437},"/terms/","terms of use",{"text":492,"config":493},"Privacy statement",{"href":494,"dataGaName":495,"dataGaLocation":437},"/privacy/","privacy statement",{"text":497,"config":498},"Cookie preferences",{"dataGaName":499,"dataGaLocation":437,"id":500,"isOneTrustButton":14},"cookie preferences","ot-sdk-btn",{"title":70,"links":502,"subMenu":511},[503,507],{"text":504,"config":505},"DevSecOps platform",{"href":52,"dataGaName":506,"dataGaLocation":437},"devsecops platform",{"text":508,"config":509},"AI-Assisted Development",{"href":403,"dataGaName":510,"dataGaLocation":437},"ai-assisted development",[512],{"title":513,"links":514},"Topics",[515,520,525,530,535,540,545,550],{"text":516,"config":517},"CICD",{"href":518,"dataGaName":519,"dataGaLocation":437},"/topics/ci-cd/","cicd",{"text":521,"config":522},"GitOps",{"href":523,"dataGaName":524,"dataGaLocation":437},"/topics/gitops/","gitops",{"text":526,"config":527},"DevOps",{"href":528,"dataGaName":529,"dataGaLocation":437},"/topics/devops/","devops",{"text":531,"config":532},"Version Control",{"href":533,"dataGaName":534,"dataGaLocation":437},"/topics/version-control/","version control",{"text":536,"config":537},"DevSecOps",{"href":538,"dataGaName":539,"dataGaLocation":437},"/topics/devsecops/","devsecops",{"text":541,"config":542},"Cloud Native",{"href":543,"dataGaName":544,"dataGaLocation":437},"/topics/cloud-native/","cloud native",{"text":546,"config":547},"AI for Coding",{"href":548,"dataGaName":549,"dataGaLocation":437},"/topics/devops/ai-for-coding/","ai for coding",{"text":551,"config":552},"Agentic AI",{"href":553,"dataGaName":554,"dataGaLocation":437},"/topics/agentic-ai/","agentic ai",{"title":556,"links":557},"Solutions",[558,560,562,567,571,574,578,581,583,586,589,594],{"text":112,"config":559},{"href":107,"dataGaName":112,"dataGaLocation":437},{"text":101,"config":561},{"href":84,"dataGaName":85,"dataGaLocation":437},{"text":563,"config":564},"Agile development",{"href":565,"dataGaName":566,"dataGaLocation":437},"/solutions/agile-delivery/","agile delivery",{"text":568,"config":569},"SCM",{"href":97,"dataGaName":570,"dataGaLocation":437},"source code management",{"text":516,"config":572},{"href":90,"dataGaName":573,"dataGaLocation":437},"continuous integration & delivery",{"text":575,"config":576},"Value stream management",{"href":140,"dataGaName":577,"dataGaLocation":437},"value stream management",{"text":521,"config":579},{"href":580,"dataGaName":524,"dataGaLocation":437},"/solutions/gitops/",{"text":150,"config":582},{"href":152,"dataGaName":153,"dataGaLocation":437},{"text":584,"config":585},"Small business",{"href":157,"dataGaName":158,"dataGaLocation":437},{"text":587,"config":588},"Public sector",{"href":162,"dataGaName":163,"dataGaLocation":437},{"text":590,"config":591},"Education",{"href":592,"dataGaName":593,"dataGaLocation":437},"/solutions/education/","education",{"text":595,"config":596},"Financial services",{"href":597,"dataGaName":598,"dataGaLocation":437},"/solutions/finance/","financial services",{"title":170,"links":600},[601,603,605,607,610,612,614,616,618,620,622,624],{"text":182,"config":602},{"href":184,"dataGaName":185,"dataGaLocation":437},{"text":187,"config":604},{"href":189,"dataGaName":190,"dataGaLocation":437},{"text":192,"config":606},{"href":194,"dataGaName":195,"dataGaLocation":437},{"text":197,"config":608},{"href":199,"dataGaName":609,"dataGaLocation":437},"docs",{"text":220,"config":611},{"href":222,"dataGaName":223,"dataGaLocation":437},{"text":215,"config":613},{"href":217,"dataGaName":218,"dataGaLocation":437},{"text":225,"config":615},{"href":227,"dataGaName":228,"dataGaLocation":437},{"text":233,"config":617},{"href":235,"dataGaName":236,"dataGaLocation":437},{"text":238,"config":619},{"href":240,"dataGaName":241,"dataGaLocation":437},{"text":243,"config":621},{"href":245,"dataGaName":246,"dataGaLocation":437},{"text":248,"config":623},{"href":250,"dataGaName":251,"dataGaLocation":437},{"text":253,"config":625},{"href":255,"dataGaName":256,"dataGaLocation":437},{"title":271,"links":627},[628,630,632,634,636,638,640,644,649,651,653,655],{"text":278,"config":629},{"href":280,"dataGaName":273,"dataGaLocation":437},{"text":283,"config":631},{"href":285,"dataGaName":286,"dataGaLocation":437},{"text":291,"config":633},{"href":293,"dataGaName":294,"dataGaLocation":437},{"text":296,"config":635},{"href":298,"dataGaName":299,"dataGaLocation":437},{"text":301,"config":637},{"href":303,"dataGaName":304,"dataGaLocation":437},{"text":306,"config":639},{"href":308,"dataGaName":309,"dataGaLocation":437},{"text":641,"config":642},"Sustainability",{"href":643,"dataGaName":641,"dataGaLocation":437},"/sustainability/",{"text":645,"config":646},"Diversity, inclusion and belonging (DIB)",{"href":647,"dataGaName":648,"dataGaLocation":437},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":311,"config":650},{"href":313,"dataGaName":314,"dataGaLocation":437},{"text":321,"config":652},{"href":323,"dataGaName":324,"dataGaLocation":437},{"text":326,"config":654},{"href":328,"dataGaName":329,"dataGaLocation":437},{"text":656,"config":657},"Modern Slavery Transparency Statement",{"href":658,"dataGaName":659,"dataGaLocation":437},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":661},[662,665,668],{"text":663,"config":664},"Terms",{"href":489,"dataGaName":490,"dataGaLocation":437},{"text":666,"config":667},"Cookies",{"dataGaName":499,"dataGaLocation":437,"id":500,"isOneTrustButton":14},{"text":669,"config":670},"Privacy",{"href":494,"dataGaName":495,"dataGaLocation":437},[672,683,694,705,715,725,735,745,753,764,773,783,793,802,811,821,830,839,848,856,866,876],{"content":673,"config":681},{"title":674,"heroImage":675,"category":676,"description":677,"authors":678,"date":680},"GitLab Threat Intelligence Team reveals North Korean tradecraft","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464282/r2ovpvmizpkcngy9kzqu.png","security","Gain threat intelligence about North Korea’s Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.",[679],"Oliver Smith","2026-02-19",{"slug":682,"externalUrl":-1},"gitlab-threat-intelligence-reveals-north-korean-tradecraft",{"content":684,"config":692},{"title":685,"heroImage":686,"category":676,"description":687,"authors":688,"date":691},"GitLab discovers widespread npm supply chain attack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665667/Blog/Hero%20Images/built-in-security.jpg","Malware driving attack includes \"dead man's switch\" that can harm user data.",[689,690],"Michael Henriksen","Daniel Abeles","2025-11-24",{"slug":693,"externalUrl":-1},"gitlab-discovers-widespread-npm-supply-chain-attack",{"content":695,"config":702},{"title":696,"heroImage":697,"category":698,"description":699,"authors":700,"date":701},"GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","product","Learn more about this patch release for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2025-11-12",{"slug":703,"externalUrl":704},"","https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/",{"content":706,"config":713},{"title":707,"heroImage":708,"category":676,"description":709,"authors":710,"date":712},"Introducing GitLab Advanced Vulnerability Tracking","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664844/Blog/Hero%20Images/AdobeStock_941867776.jpg","Learn how this security feature improves the efficiency of vulnerability management by reducing futile auditing time (includes data from a new study).",[711],"Julian Thome","2025-01-21",{"slug":714,"externalUrl":-1},"introducing-gitlab-advanced-vulnerability-tracking",{"content":716,"config":723},{"title":717,"heroImage":718,"category":676,"description":719,"authors":720,"date":722},"Git security audit: Inside the hunt for - and discovery of - CVEs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668524/Blog/Hero%20Images/closeup-photo-of-black-and-blue-keyboard-1194713.jpg","Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.",[721],"Joern Schneeweisz","2023-01-24",{"slug":724,"externalUrl":-1},"git-security-audit",{"content":726,"config":733},{"title":727,"heroImage":728,"category":676,"description":729,"authors":730,"date":732},"Meet Package Hunter: A tool for detecting malicious code in your dependencies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682075/Blog/Hero%20Images/package-hunter.png","We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.",[731],"Dennis Appelt","2021-07-23",{"slug":734,"externalUrl":-1},"announcing-package-hunter",{"content":736,"config":743},{"title":737,"heroImage":738,"category":676,"description":739,"authors":740,"date":742},"How we’re creating a threat model framework that works for GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682058/Blog/Hero%20Images/pexels-nathan-j-hilton.jpg","As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.",[741],"Mark Loveless","2021-07-09",{"slug":744,"externalUrl":-1},"creating-a-threat-model-that-works-for-gitlab",{"content":746,"config":751},{"title":747,"heroImage":718,"category":676,"description":748,"authors":749,"date":750},"A brief look at Gitpod, two bugs, and a quick fix","Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.",[721],"2021-07-08",{"slug":752,"externalUrl":-1},"two-bugs-and-a-quick-fix-in-gitpod",{"content":754,"config":762},{"title":755,"heroImage":756,"category":757,"description":758,"authors":759,"date":761},"You asked, and our Red Team answered","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670889/Blog/Hero%20Images/security-ama-blog-header.png","unfiltered","We held a public, ask me anything with our Red Team. Here’s what people asked.",[760],"Heather Simpson","2021-01-29",{"slug":763,"externalUrl":-1},"you-asked-and-our-red-team-answered",{"content":765,"config":771},{"title":766,"heroImage":767,"category":757,"description":768,"authors":769,"date":770},"Switching “sides” in security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679594/Blog/Hero%20Images/jason-polychronopulos-unsplash.jpg","How does product security work differ from pen testing and hacking all the things?",[721],"2020-10-23",{"slug":772,"externalUrl":-1},"switching-sides-in-security",{"content":774,"config":781},{"title":775,"heroImage":776,"category":676,"description":777,"authors":778,"date":780},"Why you need a security champions program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664002/Blog/Hero%20Images/securitychampions.jpg","Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.",[779],"Valerie Silverthorne","2020-10-14",{"slug":782,"externalUrl":-1},"why-security-champions",{"content":784,"config":791},{"title":785,"heroImage":786,"category":676,"description":787,"authors":788,"date":790},"GitLab's security trends report – our latest look at what's most vulnerable","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678152/Blog/Hero%20Images/data.jpg","From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.",[789],"Wayne Haber","2020-10-06",{"slug":792,"externalUrl":-1},"gitlab-latest-security-trends",{"content":794,"config":800},{"title":795,"heroImage":796,"category":676,"description":797,"authors":798,"date":799},"How to configure DAST full scans for complex web applications","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679617/Blog/Hero%20Images/tuning-237454.jpg","Keep your DAST job within timeout limits and fine-tune job configurations for better results",[731],"2020-08-31",{"slug":801,"externalUrl":-1},"how-to-configure-dast-full-scans-for-complex-web-applications",{"content":803,"config":809},{"title":804,"heroImage":805,"category":676,"description":806,"authors":807,"date":808},"How to play GitLab's Capture the Flag at home","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681485/Blog/Hero%20Images/gitlab_ctf.png","Our AppSec team built and ran a CTF, and now it's available for you to play at home.",[721],"2020-08-12",{"slug":810,"externalUrl":-1},"how-to-play-gitlab-ctf-at-home",{"content":812,"config":819},{"title":813,"heroImage":814,"category":676,"description":815,"authors":816,"date":818},"How to benchmark security tools: a case study using WebGoat","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678166/Blog/Hero%20Images/benchmarking.jpg","When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.",[817],"Isaac Dawson","2020-08-11",{"slug":820,"externalUrl":-1},"how-to-benchmark-security-tools",{"content":822,"config":828},{"title":823,"heroImage":824,"category":676,"description":825,"authors":826,"date":827},"GitLab instance: security best practices","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667057/Blog/Hero%20Images/configs_unsplash.jpg","Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.",[741],"2020-05-20",{"slug":829,"externalUrl":-1},"gitlab-instance-security-best-practices",{"content":831,"config":837},{"title":832,"heroImage":833,"category":676,"description":834,"authors":835,"date":836},"How we manage open source security software","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681227/Blog/Hero%20Images/opensourcesecurity.jpg","Open source software presents unique security challenges. Here’s what you need to know.",[741],"2020-04-10",{"slug":838,"externalUrl":-1},"open-source-security",{"content":840,"config":846},{"title":841,"heroImage":842,"category":676,"description":843,"authors":844,"date":845},"Top 6 security trends in GitLab-hosted projects","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663502/Blog/Hero%20Images/paperclips.jpg","Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.",[789],"2020-04-02",{"slug":847,"externalUrl":-1},"security-trends-in-gitlab-hosted-projects",{"content":849,"config":854},{"title":850,"heroImage":718,"category":676,"description":851,"authors":852,"date":853},"How to exploit parser differentials","Your guide to abusing 'language barriers' between web components.",[721],"2020-03-30",{"slug":855,"externalUrl":-1},"how-to-exploit-parser-differentials",{"content":857,"config":864},{"title":858,"heroImage":859,"category":676,"description":860,"authors":861,"date":863},"Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672755/Blog/Hero%20Images/white-lightning-heating-mountain.jpg","A Red Team exercise on exploiting design decisions on GCP.",[862],"Chris Moberly","2020-02-12",{"slug":865,"externalUrl":-1},"plundering-gcp-escalating-privileges-in-google-cloud-platform",{"content":867,"config":874},{"title":868,"heroImage":869,"category":676,"description":870,"authors":871,"date":873},"Introducing Token-Hunter","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679669/Blog/Hero%20Images/lightscape-Bsw6l6e01Rw-unsplash.jpg","Our red team has created a new tool to find sensitive data in the vast, wide-open.",[872],"Greg Johnson","2019-12-20",{"slug":875,"externalUrl":-1},"introducing-token-hunter",{"content":877,"config":882},{"title":878,"heroImage":718,"category":676,"description":879,"authors":880,"date":881},"Shopping for an admin account via path traversal","How to exploit a path traversal issue to gain an admin account",[721],"2019-11-29",{"slug":883,"externalUrl":-1},"shopping-for-an-admin-account",1772652085403]