[{"data":1,"prerenderedAt":4562},["ShallowReactive",2],{"/en-us/blog/tags/security":3,"navigation-en-us":18,"banner-en-us":417,"footer-en-us":427,"security-tag-posts-en-us":669},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":11,"meta":12,"navigation":13,"path":14,"seo":15,"slug":6,"stem":16,"testContent":6,"type":6,"__hash__":17},"blogTags/en-us/blog/tags/security.yml","Security",null,{"template":8},"BlogTag",{"tag":10,"tagSlug":10},"security","yml",{},true,"/en-us/blog/tags/security",{},"en-us/blog/tags/security","srIxfbWda5gSbk8d4iJ7JFhzybqI_nv6VxWkV59SqPs",{"data":19},{"logo":20,"freeTrial":25,"sales":30,"login":35,"items":40,"search":347,"minimal":378,"duo":397,"pricingDeployment":407},{"config":21},{"href":22,"dataGaName":23,"dataGaLocation":24},"/","gitlab logo","header",{"text":26,"config":27},"Get free trial",{"href":28,"dataGaName":29,"dataGaLocation":24},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":31,"config":32},"Talk to sales",{"href":33,"dataGaName":34,"dataGaLocation":24},"/sales/","sales",{"text":36,"config":37},"Sign in",{"href":38,"dataGaName":39,"dataGaLocation":24},"https://gitlab.com/users/sign_in/","sign in",[41,68,162,167,268,328],{"text":42,"config":43,"cards":45},"Platform",{"dataNavLevelOne":44},"platform",[46,52,60],{"title":42,"description":47,"link":48},"The intelligent orchestration platform for DevSecOps",{"text":49,"config":50},"Explore our Platform",{"href":51,"dataGaName":44,"dataGaLocation":24},"/platform/",{"title":53,"description":54,"link":55},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":56,"config":57},"Meet GitLab Duo",{"href":58,"dataGaName":59,"dataGaLocation":24},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":61,"description":62,"link":63},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":64,"config":65},"Learn more",{"href":66,"dataGaName":67,"dataGaLocation":24},"/why-gitlab/","why gitlab",{"text":69,"left":13,"config":70,"link":72,"lists":76,"footer":144},"Product",{"dataNavLevelOne":71},"solutions",{"text":73,"config":74},"View all Solutions",{"href":75,"dataGaName":71,"dataGaLocation":24},"/solutions/",[77,101,123],{"title":78,"description":79,"link":80,"items":85},"Automation","CI/CD and automation to accelerate deployment",{"config":81},{"icon":82,"href":83,"dataGaName":84,"dataGaLocation":24},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[86,90,93,97],{"text":87,"config":88},"CI/CD",{"href":89,"dataGaLocation":24,"dataGaName":87},"/solutions/continuous-integration/",{"text":53,"config":91},{"href":58,"dataGaLocation":24,"dataGaName":92},"gitlab duo agent platform - product menu",{"text":94,"config":95},"Source Code Management",{"href":96,"dataGaLocation":24,"dataGaName":94},"/solutions/source-code-management/",{"text":98,"config":99},"Automated Software Delivery",{"href":83,"dataGaLocation":24,"dataGaName":100},"Automated software delivery",{"title":5,"description":102,"link":103,"items":108},"Deliver code faster without compromising security",{"config":104},{"href":105,"dataGaName":106,"dataGaLocation":24,"icon":107},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[109,113,118],{"text":110,"config":111},"Application Security Testing",{"href":105,"dataGaName":112,"dataGaLocation":24},"Application security testing",{"text":114,"config":115},"Software Supply Chain Security",{"href":116,"dataGaLocation":24,"dataGaName":117},"/solutions/supply-chain/","Software supply chain security",{"text":119,"config":120},"Software Compliance",{"href":121,"dataGaName":122,"dataGaLocation":24},"/solutions/software-compliance/","software compliance",{"title":124,"link":125,"items":130},"Measurement",{"config":126},{"icon":127,"href":128,"dataGaName":129,"dataGaLocation":24},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[131,135,139],{"text":132,"config":133},"Visibility & Measurement",{"href":128,"dataGaLocation":24,"dataGaName":134},"Visibility and Measurement",{"text":136,"config":137},"Value Stream Management",{"href":138,"dataGaLocation":24,"dataGaName":136},"/solutions/value-stream-management/",{"text":140,"config":141},"Analytics & Insights",{"href":142,"dataGaLocation":24,"dataGaName":143},"/solutions/analytics-and-insights/","Analytics and insights",{"title":145,"items":146},"GitLab for",[147,152,157],{"text":148,"config":149},"Enterprise",{"href":150,"dataGaLocation":24,"dataGaName":151},"/enterprise/","enterprise",{"text":153,"config":154},"Small Business",{"href":155,"dataGaLocation":24,"dataGaName":156},"/small-business/","small business",{"text":158,"config":159},"Public Sector",{"href":160,"dataGaLocation":24,"dataGaName":161},"/solutions/public-sector/","public sector",{"text":163,"config":164},"Pricing",{"href":165,"dataGaName":166,"dataGaLocation":24,"dataNavLevelOne":166},"/pricing/","pricing",{"text":168,"config":169,"link":171,"lists":175,"feature":255},"Resources",{"dataNavLevelOne":170},"resources",{"text":172,"config":173},"View all resources",{"href":174,"dataGaName":170,"dataGaLocation":24},"/resources/",[176,209,227],{"title":177,"items":178},"Getting started",[179,184,189,194,199,204],{"text":180,"config":181},"Install",{"href":182,"dataGaName":183,"dataGaLocation":24},"/install/","install",{"text":185,"config":186},"Quick start guides",{"href":187,"dataGaName":188,"dataGaLocation":24},"/get-started/","quick setup checklists",{"text":190,"config":191},"Learn",{"href":192,"dataGaLocation":24,"dataGaName":193},"https://university.gitlab.com/","learn",{"text":195,"config":196},"Product documentation",{"href":197,"dataGaName":198,"dataGaLocation":24},"https://docs.gitlab.com/","product documentation",{"text":200,"config":201},"Best practice videos",{"href":202,"dataGaName":203,"dataGaLocation":24},"/getting-started-videos/","best practice videos",{"text":205,"config":206},"Integrations",{"href":207,"dataGaName":208,"dataGaLocation":24},"/integrations/","integrations",{"title":210,"items":211},"Discover",[212,217,222],{"text":213,"config":214},"Customer success stories",{"href":215,"dataGaName":216,"dataGaLocation":24},"/customers/","customer success stories",{"text":218,"config":219},"Blog",{"href":220,"dataGaName":221,"dataGaLocation":24},"/blog/","blog",{"text":223,"config":224},"Remote",{"href":225,"dataGaName":226,"dataGaLocation":24},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":228,"items":229},"Connect",[230,235,240,245,250],{"text":231,"config":232},"GitLab Services",{"href":233,"dataGaName":234,"dataGaLocation":24},"/services/","services",{"text":236,"config":237},"Community",{"href":238,"dataGaName":239,"dataGaLocation":24},"/community/","community",{"text":241,"config":242},"Forum",{"href":243,"dataGaName":244,"dataGaLocation":24},"https://forum.gitlab.com/","forum",{"text":246,"config":247},"Events",{"href":248,"dataGaName":249,"dataGaLocation":24},"/events/","events",{"text":251,"config":252},"Partners",{"href":253,"dataGaName":254,"dataGaLocation":24},"/partners/","partners",{"backgroundColor":256,"textColor":257,"text":258,"image":259,"link":263},"#2f2a6b","#fff","Insights for the future of software development",{"altText":260,"config":261},"the source promo card",{"src":262},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":264,"config":265},"Read the latest",{"href":266,"dataGaName":267,"dataGaLocation":24},"/the-source/","the source",{"text":269,"config":270,"lists":272},"Company",{"dataNavLevelOne":271},"company",[273],{"items":274},[275,280,286,288,293,298,303,308,313,318,323],{"text":276,"config":277},"About",{"href":278,"dataGaName":279,"dataGaLocation":24},"/company/","about",{"text":281,"config":282,"footerGa":285},"Jobs",{"href":283,"dataGaName":284,"dataGaLocation":24},"/jobs/","jobs",{"dataGaName":284},{"text":246,"config":287},{"href":248,"dataGaName":249,"dataGaLocation":24},{"text":289,"config":290},"Leadership",{"href":291,"dataGaName":292,"dataGaLocation":24},"/company/team/e-group/","leadership",{"text":294,"config":295},"Team",{"href":296,"dataGaName":297,"dataGaLocation":24},"/company/team/","team",{"text":299,"config":300},"Handbook",{"href":301,"dataGaName":302,"dataGaLocation":24},"https://handbook.gitlab.com/","handbook",{"text":304,"config":305},"Investor relations",{"href":306,"dataGaName":307,"dataGaLocation":24},"https://ir.gitlab.com/","investor relations",{"text":309,"config":310},"Trust Center",{"href":311,"dataGaName":312,"dataGaLocation":24},"/security/","trust center",{"text":314,"config":315},"AI Transparency Center",{"href":316,"dataGaName":317,"dataGaLocation":24},"/ai-transparency-center/","ai transparency center",{"text":319,"config":320},"Newsletter",{"href":321,"dataGaName":322,"dataGaLocation":24},"/company/contact/#contact-forms","newsletter",{"text":324,"config":325},"Press",{"href":326,"dataGaName":327,"dataGaLocation":24},"/press/","press",{"text":329,"config":330,"lists":331},"Contact us",{"dataNavLevelOne":271},[332],{"items":333},[334,337,342],{"text":31,"config":335},{"href":33,"dataGaName":336,"dataGaLocation":24},"talk to sales",{"text":338,"config":339},"Support portal",{"href":340,"dataGaName":341,"dataGaLocation":24},"https://support.gitlab.com","support portal",{"text":343,"config":344},"Customer portal",{"href":345,"dataGaName":346,"dataGaLocation":24},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":348,"login":349,"suggestions":356},"Close",{"text":350,"link":351},"To search repositories and projects, login to",{"text":352,"config":353},"gitlab.com",{"href":38,"dataGaName":354,"dataGaLocation":355},"search login","search",{"text":357,"default":358},"Suggestions",[359,361,365,367,371,375],{"text":53,"config":360},{"href":58,"dataGaName":53,"dataGaLocation":355},{"text":362,"config":363},"Code Suggestions (AI)",{"href":364,"dataGaName":362,"dataGaLocation":355},"/solutions/code-suggestions/",{"text":87,"config":366},{"href":89,"dataGaName":87,"dataGaLocation":355},{"text":368,"config":369},"GitLab on AWS",{"href":370,"dataGaName":368,"dataGaLocation":355},"/partners/technology-partners/aws/",{"text":372,"config":373},"GitLab on Google Cloud",{"href":374,"dataGaName":372,"dataGaLocation":355},"/partners/technology-partners/google-cloud-platform/",{"text":376,"config":377},"Why GitLab?",{"href":66,"dataGaName":376,"dataGaLocation":355},{"freeTrial":379,"mobileIcon":384,"desktopIcon":389,"secondaryButton":392},{"text":380,"config":381},"Start free trial",{"href":382,"dataGaName":29,"dataGaLocation":383},"https://gitlab.com/-/trials/new/","nav",{"altText":385,"config":386},"Gitlab Icon",{"src":387,"dataGaName":388,"dataGaLocation":383},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":385,"config":390},{"src":391,"dataGaName":388,"dataGaLocation":383},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":393,"config":394},"Get Started",{"href":395,"dataGaName":396,"dataGaLocation":383},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":398,"mobileIcon":403,"desktopIcon":405},{"text":399,"config":400},"Learn more about GitLab Duo",{"href":401,"dataGaName":402,"dataGaLocation":383},"/gitlab-duo/","gitlab duo",{"altText":385,"config":404},{"src":387,"dataGaName":388,"dataGaLocation":383},{"altText":385,"config":406},{"src":391,"dataGaName":388,"dataGaLocation":383},{"freeTrial":408,"mobileIcon":413,"desktopIcon":415},{"text":409,"config":410},"Back to pricing",{"href":165,"dataGaName":411,"dataGaLocation":383,"icon":412},"back to pricing","GoBack",{"altText":385,"config":414},{"src":387,"dataGaName":388,"dataGaLocation":383},{"altText":385,"config":416},{"src":391,"dataGaName":388,"dataGaLocation":383},{"title":418,"button":419,"config":424},"See how agentic AI transforms software delivery",{"text":420,"config":421},"Watch GitLab Transcend now",{"href":422,"dataGaName":423,"dataGaLocation":24},"/events/transcend/virtual/","transcend event",{"layout":425,"icon":426},"release","AiStar",{"data":428},{"text":429,"source":430,"edit":436,"contribute":441,"config":446,"items":451,"minimal":658},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":431,"config":432},"View page source",{"href":433,"dataGaName":434,"dataGaLocation":435},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":437,"config":438},"Edit this page",{"href":439,"dataGaName":440,"dataGaLocation":435},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":442,"config":443},"Please contribute",{"href":444,"dataGaName":445,"dataGaLocation":435},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":447,"facebook":448,"youtube":449,"linkedin":450},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[452,499,553,597,624],{"title":163,"links":453,"subMenu":468},[454,458,463],{"text":455,"config":456},"View plans",{"href":165,"dataGaName":457,"dataGaLocation":435},"view plans",{"text":459,"config":460},"Why Premium?",{"href":461,"dataGaName":462,"dataGaLocation":435},"/pricing/premium/","why premium",{"text":464,"config":465},"Why Ultimate?",{"href":466,"dataGaName":467,"dataGaLocation":435},"/pricing/ultimate/","why ultimate",[469],{"title":470,"links":471},"Contact Us",[472,475,477,479,484,489,494],{"text":473,"config":474},"Contact sales",{"href":33,"dataGaName":34,"dataGaLocation":435},{"text":338,"config":476},{"href":340,"dataGaName":341,"dataGaLocation":435},{"text":343,"config":478},{"href":345,"dataGaName":346,"dataGaLocation":435},{"text":480,"config":481},"Status",{"href":482,"dataGaName":483,"dataGaLocation":435},"https://status.gitlab.com/","status",{"text":485,"config":486},"Terms of use",{"href":487,"dataGaName":488,"dataGaLocation":435},"/terms/","terms of use",{"text":490,"config":491},"Privacy statement",{"href":492,"dataGaName":493,"dataGaLocation":435},"/privacy/","privacy statement",{"text":495,"config":496},"Cookie preferences",{"dataGaName":497,"dataGaLocation":435,"id":498,"isOneTrustButton":13},"cookie preferences","ot-sdk-btn",{"title":69,"links":500,"subMenu":509},[501,505],{"text":502,"config":503},"DevSecOps platform",{"href":51,"dataGaName":504,"dataGaLocation":435},"devsecops platform",{"text":506,"config":507},"AI-Assisted Development",{"href":401,"dataGaName":508,"dataGaLocation":435},"ai-assisted development",[510],{"title":511,"links":512},"Topics",[513,518,523,528,533,538,543,548],{"text":514,"config":515},"CICD",{"href":516,"dataGaName":517,"dataGaLocation":435},"/topics/ci-cd/","cicd",{"text":519,"config":520},"GitOps",{"href":521,"dataGaName":522,"dataGaLocation":435},"/topics/gitops/","gitops",{"text":524,"config":525},"DevOps",{"href":526,"dataGaName":527,"dataGaLocation":435},"/topics/devops/","devops",{"text":529,"config":530},"Version Control",{"href":531,"dataGaName":532,"dataGaLocation":435},"/topics/version-control/","version control",{"text":534,"config":535},"DevSecOps",{"href":536,"dataGaName":537,"dataGaLocation":435},"/topics/devsecops/","devsecops",{"text":539,"config":540},"Cloud Native",{"href":541,"dataGaName":542,"dataGaLocation":435},"/topics/cloud-native/","cloud native",{"text":544,"config":545},"AI for Coding",{"href":546,"dataGaName":547,"dataGaLocation":435},"/topics/devops/ai-for-coding/","ai for coding",{"text":549,"config":550},"Agentic AI",{"href":551,"dataGaName":552,"dataGaLocation":435},"/topics/agentic-ai/","agentic ai",{"title":554,"links":555},"Solutions",[556,558,560,565,569,572,576,579,581,584,587,592],{"text":110,"config":557},{"href":105,"dataGaName":110,"dataGaLocation":435},{"text":100,"config":559},{"href":83,"dataGaName":84,"dataGaLocation":435},{"text":561,"config":562},"Agile development",{"href":563,"dataGaName":564,"dataGaLocation":435},"/solutions/agile-delivery/","agile delivery",{"text":566,"config":567},"SCM",{"href":96,"dataGaName":568,"dataGaLocation":435},"source code management",{"text":514,"config":570},{"href":89,"dataGaName":571,"dataGaLocation":435},"continuous integration & delivery",{"text":573,"config":574},"Value stream management",{"href":138,"dataGaName":575,"dataGaLocation":435},"value stream management",{"text":519,"config":577},{"href":578,"dataGaName":522,"dataGaLocation":435},"/solutions/gitops/",{"text":148,"config":580},{"href":150,"dataGaName":151,"dataGaLocation":435},{"text":582,"config":583},"Small business",{"href":155,"dataGaName":156,"dataGaLocation":435},{"text":585,"config":586},"Public sector",{"href":160,"dataGaName":161,"dataGaLocation":435},{"text":588,"config":589},"Education",{"href":590,"dataGaName":591,"dataGaLocation":435},"/solutions/education/","education",{"text":593,"config":594},"Financial services",{"href":595,"dataGaName":596,"dataGaLocation":435},"/solutions/finance/","financial services",{"title":168,"links":598},[599,601,603,605,608,610,612,614,616,618,620,622],{"text":180,"config":600},{"href":182,"dataGaName":183,"dataGaLocation":435},{"text":185,"config":602},{"href":187,"dataGaName":188,"dataGaLocation":435},{"text":190,"config":604},{"href":192,"dataGaName":193,"dataGaLocation":435},{"text":195,"config":606},{"href":197,"dataGaName":607,"dataGaLocation":435},"docs",{"text":218,"config":609},{"href":220,"dataGaName":221,"dataGaLocation":435},{"text":213,"config":611},{"href":215,"dataGaName":216,"dataGaLocation":435},{"text":223,"config":613},{"href":225,"dataGaName":226,"dataGaLocation":435},{"text":231,"config":615},{"href":233,"dataGaName":234,"dataGaLocation":435},{"text":236,"config":617},{"href":238,"dataGaName":239,"dataGaLocation":435},{"text":241,"config":619},{"href":243,"dataGaName":244,"dataGaLocation":435},{"text":246,"config":621},{"href":248,"dataGaName":249,"dataGaLocation":435},{"text":251,"config":623},{"href":253,"dataGaName":254,"dataGaLocation":435},{"title":269,"links":625},[626,628,630,632,634,636,638,642,647,649,651,653],{"text":276,"config":627},{"href":278,"dataGaName":271,"dataGaLocation":435},{"text":281,"config":629},{"href":283,"dataGaName":284,"dataGaLocation":435},{"text":289,"config":631},{"href":291,"dataGaName":292,"dataGaLocation":435},{"text":294,"config":633},{"href":296,"dataGaName":297,"dataGaLocation":435},{"text":299,"config":635},{"href":301,"dataGaName":302,"dataGaLocation":435},{"text":304,"config":637},{"href":306,"dataGaName":307,"dataGaLocation":435},{"text":639,"config":640},"Sustainability",{"href":641,"dataGaName":639,"dataGaLocation":435},"/sustainability/",{"text":643,"config":644},"Diversity, inclusion and belonging (DIB)",{"href":645,"dataGaName":646,"dataGaLocation":435},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":309,"config":648},{"href":311,"dataGaName":312,"dataGaLocation":435},{"text":319,"config":650},{"href":321,"dataGaName":322,"dataGaLocation":435},{"text":324,"config":652},{"href":326,"dataGaName":327,"dataGaLocation":435},{"text":654,"config":655},"Modern Slavery Transparency Statement",{"href":656,"dataGaName":657,"dataGaLocation":435},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":659},[660,663,666],{"text":661,"config":662},"Terms",{"href":487,"dataGaName":488,"dataGaLocation":435},{"text":664,"config":665},"Cookies",{"dataGaName":497,"dataGaLocation":435,"id":498,"isOneTrustButton":13},{"text":667,"config":668},"Privacy",{"href":492,"dataGaName":493,"dataGaLocation":435},[670,680,691,702,712,722,732,742,752,762,771,780,791,801,812,821,830,841,849,860,869,878,888,898,906,915,924,934,943,952,964,974,985,994,1005,1014,1024,1033,1042,1051,1059,1068,1078,1088,1097,1106,1115,1125,1135,1144,1152,1161,1170,1180,1190,1199,1208,1217,1224,1235,1245,1253,1261,1270,1279,1288,1296,1306,1316,1327,1336,1346,1356,1364,1373,1382,1392,1401,1410,1420,1429,1439,1449,1457,1467,1478,1487,1497,1508,1517,1528,1537,1545,1555,1566,1576,1586,1595,1604,1613,1621,1631,1640,1648,1656,1665,1673,1681,1691,1701,1710,1719,1727,1735,1743,1753,1763,1772,1782,1791,1799,1810,1818,1828,1836,1844,1853,1860,1868,1877,1886,1894,1904,1913,1921,1930,1939,1948,1957,1965,1973,1982,1991,2000,2009,2017,2025,2035,2045,2054,2062,2071,2079,2088,2097,2105,2115,2124,2134,2142,2150,2160,2168,2177,2187,2197,2205,2214,2223,2232,2242,2251,2261,2270,2279,2288,2298,2306,2316,2325,2334,2343,2352,2362,2371,2381,2392,2400,2408,2418,2428,2436,2445,2455,2464,2472,2481,2490,2499,2508,2517,2526,2536,2545,2553,2563,2572,2581,2590,2599,2608,2617,2625,2633,2642,2651,2659,2669,2679,2687,2695,2704,2712,2721,2731,2740,2749,2758,2765,2777,2786,2794,2803,2812,2821,2829,2838,2846,2853,2863,2871,2880,2889,2898,2912,2920,2929,2939,2949,2958,2966,2975,2986,2995,3005,3014,3023,3033,3043,3053,3062,3071,3080,3088,3096,3106,3115,3125,3134,3142,3151,3161,3169,3179,3188,3197,3205,3213,3223,3232,3241,3249,3258,3266,3275,3284,3293,3302,3312,3321,3330,3337,3346,3356,3364,3372,3381,3390,3398,3409,3418,3426,3434,3443,3452,3461,3471,3481,3490,3498,3506,3515,3524,3532,3540,3549,3559,3568,3577,3587,3597,3604,3613,3622,3630,3639,3648,3657,3667,3676,3684,3693,3703,3712,3722,3731,3740,3749,3758,3767,3776,3786,3795,3804,3813,3813,3822,3832,3841,3850,3858,3867,3877,3886,3895,3904,3913,3922,3932,3941,3950,3960,3969,3977,3986,3995,4004,4013,4013,4022,4031,4040,4048,4057,4066,4075,4084,4093,4093,4102,4111,4120,4120,4129,4138,4147,4156,4166,4175,4184,4193,4202,4211,4221,4221,4230,4230,4238,4247,4247,4255,4264,4273,4282,4289,4298,4306,4315,4324,4332,4341,4348,4358,4367,4375,4385,4395,4404,4414,4423,4431,4440,4449,4457,4465,4473,4482,4491,4500,4509,4518,4527,4536,4544,4552],{"content":671,"config":678},{"title":672,"heroImage":673,"category":10,"description":674,"authors":675,"date":677},"How GitLab built a security control framework from scratch","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772630163/akp8ly2mrsfrhsb0liyb.png","GitLab's Security Compliance team created a custom control framework to scale across multiple certifications and products — here's why and how you can, too.\n",[676],"Davoud Tu","2026-03-04",{"slug":679,"externalUrl":-1},"how-gitlab-built-a-security-control-framework-from-scratch",{"content":681,"config":689},{"title":682,"heroImage":683,"category":684,"description":685,"authors":686,"date":688},"AI can detect vulnerabilities, but who governs risk?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772195014/ooezwusxjl1f7ijfmbvj.png","ai-ml","AI-assisted vulnerability detection is developing fast, but the harder challenges of enforcement, governance, and supply chain security require a holistic platform.",[687],"Omer Azaria","2026-02-27",{"slug":690,"externalUrl":-1},"ai-can-detect-vulnerabilities-but-who-governs-risk",{"content":692,"config":700},{"title":693,"heroImage":694,"category":695,"description":696,"authors":697,"date":699},"Passkeys now available for passwordless sign-in and 2FA on GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772029801/qk75nu1eezxa6aiefpup.png","bulletin-board","Learn how to register a passkey to your account and how two-factor authentication works as a phishing-resistant method.",[698],"GitLab","2026-02-25",{"slug":701,"externalUrl":-1},"passkeys-now-available-for-passwordless-sign-in-and-2fa-on-gitlab",{"content":703,"config":710},{"title":704,"heroImage":705,"category":10,"description":706,"authors":707,"date":709},"GitLab Threat Intelligence Team reveals North Korean tradecraft","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464282/r2ovpvmizpkcngy9kzqu.png","Gain threat intelligence about North Korea’s Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.",[708],"Oliver Smith","2026-02-19",{"slug":711,"externalUrl":-1},"gitlab-threat-intelligence-reveals-north-korean-tradecraft",{"content":713,"config":720},{"title":714,"heroImage":715,"category":10,"description":716,"authors":717,"date":709},"Track vulnerability remediation with the updated GitLab Security Dashboard","https://res.cloudinary.com/about-gitlab-com/image/upload/v1771438388/t6sts5qw4z8561gtlxiq.png","Quickly prioritize remediation on high-risk projects and measure progress with vulnerability insights.",[718,719],"Alisa Ho","Mike Clausen",{"slug":721,"externalUrl":-1},"track-vulnerability-remediation-with-the-updated-gitlab-security-dashboard",{"content":723,"config":730},{"title":724,"heroImage":725,"category":10,"description":726,"authors":727,"date":729},"How to set up GitLab SAML SSO with Google Workspace","https://res.cloudinary.com/about-gitlab-com/image/upload/v1759320418/xjmqcozxzt4frx0hori3.png","Learn how to automate user provisioning and sync permissions with Google groups with this step-by-step guide.",[728],"Omid Khan","2026-01-27",{"slug":731,"externalUrl":-1},"how-to-set-up-gitlab-saml-sso-with-google-workspace",{"content":733,"config":740},{"title":734,"heroImage":735,"category":10,"description":736,"authors":737,"date":739},"GitLab Bug Bounty Program policy updates","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664844/Blog/Hero%20Images/AdobeStock_941867776.jpg","Learn about the program's enhanced clarity and updated scope.",[738],"Kayla Hagopian","2026-01-20",{"slug":741,"externalUrl":-1},"gitlab-bug-bounty-program-policy-updates",{"content":743,"config":750},{"title":744,"heroImage":745,"category":10,"description":746,"authors":747,"date":749},"Strengthening GitLab.com security: Mandatory multi-factor authentication","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664923/Blog/Hero%20Images/security-checklist.png","Learn how GitLab is implementing mandatory MFA as part of Secure by Design commitment and what it means for users.",[748],"Kim Waters","2026-01-09",{"slug":751,"externalUrl":-1},"strengthening-gitlab-com-security-mandatory-multi-factor-authentication",{"content":753,"config":760},{"title":754,"heroImage":755,"category":537,"description":756,"authors":757,"date":759},"AI is reshaping DevSecOps: Attend GitLab Transcend to see what’s next","https://res.cloudinary.com/about-gitlab-com/image/upload/v1767982271/e9ogyosmuummq7j65zqg.png","AI-generated code is 34% of development work. Discover how to balance productivity gains with quality, reliability, and security.",[758],"Manav Khurana","2026-01-08",{"slug":761,"externalUrl":-1},"ai-is-reshaping-devsecops-attend-gitlab-transcend-to-see-whats-next",{"content":763,"config":769},{"title":764,"heroImage":725,"category":10,"description":765,"authors":766,"date":768},"OWASP Top 10 2025: What's changed and why it matters","Explore new supply chain and error handling risks, ranking shifts, and remediation strategies for all 10 categories.",[767],"Fernando Diaz","2026-01-07",{"slug":770,"externalUrl":-1},"2025-owasp-top-10-whats-changed-and-why-it-matters",{"content":772,"config":778},{"title":773,"heroImage":774,"category":10,"description":775,"authors":776,"date":777},"AI-powered vulnerability triaging with GitLab Duo Security Agent","https://res.cloudinary.com/about-gitlab-com/image/upload/v1756122536/akivvcnafog9c4dhhzkp.png","Learn how this GitLab Duo Agent Platform capability uses AI to prioritize vulnerabilities, reduce alert fatigue, and help teams focus on critical security risks.",[767],"2026-01-06",{"slug":779,"externalUrl":-1},"vulnerability-triage-made-simple-with-gitlab-security-analyst-agent",{"content":781,"config":789},{"title":782,"heroImage":783,"category":784,"description":785,"authors":786,"date":788},"GitLab 18.7: Advancing AI automation, governance, and developer experience","https://res.cloudinary.com/about-gitlab-com/image/upload/v1766061346/qky0m84chjftwmyk4kml.png","product","GitLab 18.7 adds new automation, pipeline controls, and policy updates to help teams reduce manual work, simplify processes, and deliver safer releases.",[787],"Bill Staples","2025-12-18",{"slug":790,"externalUrl":-1},"gitlab-18-7-advancing-ai-automation",{"content":792,"config":799},{"title":793,"heroImage":725,"category":794,"description":795,"authors":796,"date":798},"New wave of fake job scams impersonating recruiters","news","Here's what to know about these scams targeting job seekers, what GitLab is doing, and how to protect yourself.",[797],"Hasan Chawich","2025-12-10",{"slug":800,"externalUrl":-1},"new-wave-of-fake-job-scams-impersonating-recruiters",{"content":802,"config":810},{"title":803,"heroImage":804,"category":10,"description":805,"authors":806,"date":809},"GitLab discovers widespread npm supply chain attack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665667/Blog/Hero%20Images/built-in-security.jpg","Malware driving attack includes \"dead man's switch\" that can harm user data.",[807,808],"Michael Henriksen","Daniel Abeles","2025-11-24",{"slug":811,"externalUrl":-1},"gitlab-discovers-widespread-npm-supply-chain-attack",{"content":813,"config":819},{"title":814,"heroImage":725,"category":10,"description":815,"authors":816,"date":818},"Migrate from pipeline variables to pipeline inputs for better security","Follow this guide to learn about stronger controls around pipeline customization, including how to implement explicit declarations, type safety, and validation.",[817],"Fabio Pitino","2025-11-04",{"slug":820,"externalUrl":-1},"migrate-from-pipeline-variables-to-pipeline-inputs-for-better-security",{"content":822,"config":828},{"title":823,"heroImage":725,"category":10,"description":824,"authors":825,"date":827},"Delivering faster and smarter scans with Advanced SAST","New accuracy and speed enhancements improve the developer experience and drive adoption. ",[826],"Salman Ladha","2025-10-21",{"slug":829,"externalUrl":-1},"delivering-faster-and-smarter-scans-with-advanced-sast",{"content":831,"config":839},{"title":832,"heroImage":833,"category":834,"description":835,"authors":836,"date":838},"How we built a structured Streamlit Application Framework in Snowflake","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097447/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%284%29_3LZkiDjHLjhqEkvOvBsVKp_1750097447404.png","engineering","Want to transform development from chaos to compliance? Learn how we implemented governance early on rather than retrofitting when maintenance costs climb exponentially.",[837],"Radovan Bacovic","2025-10-10",{"slug":840,"externalUrl":-1},"how-we-built-a-structured-streamlit-application-framework-in-snowflake",{"content":842,"config":847},{"title":843,"heroImage":725,"category":10,"description":844,"authors":845,"date":846},"A comprehensive guide to GitLab DAST","DevSecOps teams can learn how to implement and configure dynamic application security testing, perform passive/active scans, and set security policies.",[767],"2025-09-17",{"slug":848,"externalUrl":-1},"comprehensive-guide-to-gitlab-dast",{"content":850,"config":858},{"title":851,"heroImage":852,"category":10,"description":853,"authors":854,"date":857},"A developer's guide to building secure retail apps with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1756989645/fojzxakmfdea6jfqjkrl.png","Learn how a DevSecOps platform helps retailers develop secure, compliant software for complex, high-traffic retail environments.",[855,856],"Itzik Gan Baruch","Rebeca Fenoy-Anthony","2025-09-04",{"slug":859,"externalUrl":-1},"a-developers-guide-to-building-secure-retail-apps-with-gitlab",{"content":861,"config":867},{"title":862,"heroImage":863,"category":684,"description":864,"authors":865,"date":866},"GitLab 18.3: Expanding AI orchestration in software engineering","https://res.cloudinary.com/about-gitlab-com/image/upload/v1755711502/wuuadis1pza3zehqohcc.png","Learn how we're advancing human-AI collaboration with enhanced Flows, enterprise governance, and seamless tool integration.",[787],"2025-08-21",{"slug":868,"externalUrl":-1},"gitlab-18-3-expanding-ai-orchestration-in-software-engineering",{"content":870,"config":876},{"title":871,"heroImage":872,"category":10,"description":873,"authors":874,"date":875},"GitLab uncovers Bittensor theft campaign via PyPI","https://res.cloudinary.com/about-gitlab-com/image/upload/f_auto,q_auto,c_lfill/v1750098739/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_282096522_securitycompliance.jpeg_1750098739024.jpg","GitLab's Vulnerability Research team identified a supply chain attack campaign using typosquatted PyPI packages to steal cryptocurrency from Bittensor wallets by hijacking staking operations.",[807],"2025-08-06",{"slug":877,"externalUrl":-1},"gitlab-uncovers-bittensor-theft-campaign-via-pypi",{"content":879,"config":886},{"title":880,"heroImage":881,"category":10,"description":882,"authors":883,"date":885},"Securing AI together: GitLab’s partnership with security researchers","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667636/Blog/Hero%20Images/Dedicated_Screengrab_1800x945.png","Learn how GitLab collaborates with security researchers to identify and defend against emerging threats.",[884],"Kymberlee Price","2025-07-31",{"slug":887,"externalUrl":-1},"securing-ai-together-gitlabs-partnership-with-security-researchers",{"content":889,"config":896},{"title":890,"heroImage":891,"category":10,"description":892,"authors":893,"date":895},"How to transform compliance observation management with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749675154/Blog/Hero%20Images/blog-image-template-1800x945__8_.png","Learn how GitLab's Security Compliance team improved observation management using the DevSecOps platform, enhancing visibility, collaboration, and accountability.",[894],"Madeline Lake","2025-07-24",{"slug":897,"externalUrl":-1},"how-to-transform-compliance-observation-management-with-gitlab",{"content":899,"config":904},{"title":900,"heroImage":901,"category":10,"description":902,"authors":903,"date":895},"Software supply chain security guide: Why organizations struggle","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097701/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%285%29_1iy516k40hwBDChKcUJ2zb_1750097700983.png","Part 1 of this new series explores fundamental challenges, practical solutions, and emerging trends, including AI, that every development team needs to understand.",[855],{"slug":905,"externalUrl":-1},"software-supply-chain-security-guide-why-organizations-struggle",{"content":907,"config":913},{"title":908,"heroImage":909,"category":10,"description":910,"authors":911,"date":912},"Bridging the visibility gap in software supply chain security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","GitLab 18.2 includes support for comprehensive scanner coverage and transitive dependency visualization.",[826],"2025-07-21",{"slug":914,"externalUrl":-1},"bridging-the-visibility-gap-in-software-supply-chain-security",{"content":916,"config":922},{"title":917,"heroImage":918,"category":684,"description":919,"authors":920,"date":921},"3 best practices for building software in the era of LLMs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662523/Blog/Hero%20Images/Gartner_DevOps_Blog_Post_Cover_Image_1800x945__2_.png","With AI transforming coding speed, developers need new security habits. Learn what they are and how to deploy them throughout the DevSecOps workflow.",[826],"2025-07-10",{"slug":923,"externalUrl":-1},"3-best-practices-for-building-software-in-the-era-of-llms",{"content":925,"config":932},{"title":926,"heroImage":927,"category":684,"description":928,"authors":929,"date":931},"Accelerate learning with GitLab Duo Agent Platform","Blog/Hero%20Images/Workflow_1800x945.png","Learn how agentic AI helped generate comprehensive gRPC documentation in minutes, not hours.",[930],"Halil Coban","2025-07-07",{"slug":933,"externalUrl":-1},"accelerate-learning-with-gitlab-duo-agent-platform",{"content":935,"config":941},{"title":936,"heroImage":937,"category":784,"description":938,"authors":939,"date":931},"CI/CD inputs: Secure and preferred method to pass parameters to a pipeline","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749658912/Blog/Hero%20Images/blog-image-template-1800x945__20_.png","Learn how CI/CD inputs provide type-safe parameter passing with validation, replacing error-prone variables for more reliable pipelines.",[940],"Dov Hershkovitch",{"slug":942,"externalUrl":-1},"ci-cd-inputs-secure-and-preferred-method-to-pass-parameters-to-a-pipeline",{"content":944,"config":950},{"title":945,"heroImage":946,"category":10,"description":947,"authors":948,"date":949},"GitLab catches MongoDB Go module supply chain attack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098739/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_282096522_securitycompliance.jpeg_1750098739024.jpg","Learn how GitLab detected a supply chain attack targeting Go developers through fake MongoDB drivers that deploy persistent backdoor malware.",[807],"2025-06-30",{"slug":951,"externalUrl":-1},"gitlab-catches-mongodb-go-module-supply-chain-attack",{"content":953,"config":962},{"title":954,"heroImage":955,"category":10,"description":956,"authors":957,"date":961},"Automating role-based access control (RBAC) at scale","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659561/Blog/Hero%20Images/securitycheck.png","This guide details setting up GitLab + Keycloak + OIDC for RBAC, covering planning, Docker configuration, and automated access governance for DevSecOps.",[958,959,960],"James Wormwell","Paul Meresanu","Kees Valkhof","2025-06-20",{"slug":963,"externalUrl":-1},"automating-role-based-access-control-rbac-at-scale",{"content":965,"config":972},{"title":966,"heroImage":967,"category":10,"description":968,"authors":969,"date":971},"Last year we signed the Secure by Design pledge - here's our progress","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659684/Blog/Hero%20Images/AdobeStock_479904468__1_.jpg","Learn about GitLab's CISA-aligned additions and improvements around MFA, default password reduction, patching, and vulnerability disclosure.",[970],"Joseph Longo","2025-06-09",{"slug":973,"externalUrl":-1},"last-year-we-signed-the-secure-by-design-pledge-heres-our-progress",{"content":975,"config":983},{"title":976,"heroImage":977,"category":10,"description":978,"authors":979,"date":982},"Introducing compromised password detection for GitLab.com","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097341/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%287%29_6QBUJnfaq500YYVKVDlxK7_1750097340425.png","GitLab is adding compromised password detection on June 19, 2025. After that date, users logging in with known compromised passwords will be warned.  Here is what you need to know.",[980,981],"Ruby Nealon","Matt Coons","2025-05-22",{"slug":984,"externalUrl":-1},"introducing-compromised-password-detection-for-gitlab-com",{"content":986,"config":992},{"title":987,"heroImage":988,"category":10,"description":989,"authors":990,"date":982},"Tutorial: Secure and optimize your Maven Repository in GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666187/Blog/Hero%20Images/blog-image-template-1800x945__6_.png","Learn the best practices, advanced techniques, and upcoming features that improve the efficiency of your DevSecOps workflow.",[991],"Tim Rizzi",{"slug":993,"externalUrl":-1},"tutorial-secure-and-optimize-your-maven-repository-in-gitlab",{"content":995,"config":1003},{"title":996,"heroImage":997,"category":10,"description":998,"authors":999,"date":1002},"Our step-by-step guide to evaluating runtime security tools","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097534/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_1097303277_6gTk7M1DNx0tFuovupVFB1_1750097534344.jpg","Key learnings from the GitLab Security team’s runtime security tool evaluation on Kubernetes clusters and Linux servers using real-world attack simulations.",[1000,1001],"Hiroki Suezawa","Mitra Jozenazemian","2025-05-13",{"slug":1004,"externalUrl":-1},"our-step-by-step-guide-to-evaluating-runtime-security-tools",{"content":1006,"config":1012},{"title":1007,"heroImage":1008,"category":10,"description":1009,"authors":1010,"date":1011},"How to use GitLab's Custom Compliance Frameworks in your DevSecOps environment","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097104/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%284%29_3LZkiDjHLjhqEkvOvBsVKp_1750097104092.png","Explore how new frameworks, along with more than 50 out-of-the-box controls, transform regulatory requirements from burdensome checkboxes to integrated, automated workflow components.",[767],"2025-04-30",{"slug":1013,"externalUrl":-1},"how-to-use-gitlabs-custom-compliance-frameworks-in-your-devsecops",{"content":1015,"config":1022},{"title":1016,"heroImage":1017,"category":10,"description":1018,"authors":1019,"date":1021},"Introducing Custom Compliance Frameworks in GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099268/Blog/Hero%20Images/Blog/Hero%20Images/GitLab_Blog_Header_v4_YBzFAgt2EAkqQfqxNFEgj_1750099267940.svg","Reduce manual tracking, accelerate audit readiness, and enforce controls faster natively within GitLab DevSecOps workflows.",[1020,826],"Ian Khor","2025-04-17",{"slug":1023,"externalUrl":-1},"introducing-custom-compliance-frameworks-in-gitlab",{"content":1025,"config":1031},{"title":1026,"heroImage":1027,"category":695,"description":1028,"authors":1029,"date":1030},"GitLab rotating Omnibus Linux package signing key","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663000/Blog/Hero%20Images/tanukilifecycle.png","Learn who is impacted by the rotation of the GNU Privacy Guard (GPG) key and what you need to know.",[698],"2025-04-16",{"slug":1032,"externalUrl":-1},"gitlab-rotating-omnibus-linux-package-signing-key",{"content":1034,"config":1040},{"title":1035,"heroImage":1036,"category":10,"description":1037,"authors":1038,"date":1039},"Enhance application security with GitLab + HackerOne","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097503/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2810%29_5ET24Q6i8ihqrAOkge7a1R_1750097503214.png","Learn about the GitLab + HackerOne partnership and how to easily implement an integration that improves your organization’s application security posture.",[767],"2025-04-03",{"slug":1041,"externalUrl":-1},"enhance-application-security-with-gitlab-hackerone",{"content":1043,"config":1049},{"title":1044,"heroImage":1045,"category":10,"description":1046,"authors":1047,"date":1048},"Secure and safe login and commits with GitLab + Yubico","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663259/Blog/Hero%20Images/REFERENCE_-_display_preview_for_blog_images__3_.png","Learn how GitLab and Yubico have partnered to strengthen software development security through robust authentication measures.",[767],"2025-04-02",{"slug":1050,"externalUrl":-1},"secure-and-safe-login-and-commits-with-gitlab-yubico",{"content":1052,"config":1057},{"title":1053,"heroImage":901,"category":10,"description":1054,"authors":1055,"date":1056},"Strengthen data security with custom PII detection rulesets","This tutorial explains how GitLab's customizable Secret Detection rulesets enhance data security by identifying PII patterns in code repositories. Learn how AI can help.",[767],"2025-04-01",{"slug":1058,"externalUrl":-1},"enhance-data-security-with-custom-pii-detection-rulesets",{"content":1060,"config":1066},{"title":1061,"heroImage":1062,"category":784,"description":1063,"authors":1064,"date":1056},"Improving OAuth ROPC security on GitLab.com","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663239/Blog/Hero%20Images/AdobeStock_1023776629.jpg","GitLab.com is improving the security of OAuth Resource Owner Password Credentials (ROPC) by requiring client authentication, effective April 8, 2025.",[1065],"GitLab Security Team",{"slug":1067,"externalUrl":-1},"improving-oauth-ropc-security-on-gitlab-com",{"content":1069,"config":1076},{"title":1070,"heroImage":1071,"category":10,"description":1072,"authors":1073,"date":1075},"Self-service security alert handling with GitLab's UAM","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662080/Blog/Hero%20Images/AdobeStock_1097303277.jpg","The User Attestation Module automates security alerts by routing them directly to team members for verification, reducing manual SecOps work and enhancing audit trails.",[1074,981],"Bala Allam","2025-03-18",{"slug":1077,"externalUrl":-1},"self-service-security-alert-handling-with-gitlabs-uam",{"content":1079,"config":1086},{"title":1080,"heroImage":1081,"category":695,"description":1082,"authors":1083,"date":1085},"GitLab achieves PCI DSS Attestation of Compliance","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749673615/Blog/Hero%20Images/blog-image-template-1800x945__4_.png","Learn how our completion of the AoC as a service provider, along with our broader security credentials, helps us support customers'  compliance efforts.",[1084],"Sasha Gazlay","2025-03-17",{"slug":1087,"externalUrl":-1},"gitlab-achieves-pci-dss-attestation-of-compliance",{"content":1089,"config":1095},{"title":1090,"heroImage":1091,"category":10,"description":1092,"authors":1093,"date":1094},"Vulnerability risk prioritization made simple with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674528/Blog/Hero%20Images/blog-image-template-1800x945__5_.png","GitLab provides detailed vulnerability risk data to assess the potential impact of detected vulnerabilities. Learn how this enables teams to effectively prioritize remediation efforts.",[767],"2025-03-12",{"slug":1096,"externalUrl":-1},"vulnerability-risk-prioritization-made-simple-with-gitlab",{"content":1098,"config":1104},{"title":1099,"heroImage":1062,"category":10,"description":1100,"authors":1101,"date":1103},"How GitLab measures Red Team impact: The adoption rate metric","Follow our journey to develop and implement better metrics, including how we used GitLab to track our results end-to-end. Also find out the lessons learned along the way.",[1102],"Chris Moberly","2025-03-05",{"slug":1105,"externalUrl":-1},"how-gitlab-measures-red-team-impact-the-adoption-rate-metric",{"content":1107,"config":1113},{"title":1108,"heroImage":1109,"category":10,"description":1110,"authors":1111,"date":1112},"Introducing GitLab’s Open Source Security Center","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661895/Blog/Hero%20Images/blog-image-template-1800x945__7_.png","Our open source repository of projects designed to enhance security operations and risk management will help developers adapt faster, respond smarter, and defend better — together.",[826,970],"2025-03-04",{"slug":1114,"externalUrl":-1},"introducing-gitlabs-open-source-security-center",{"content":1116,"config":1123},{"title":1117,"heroImage":1118,"category":684,"description":1119,"authors":1120,"date":1112},"The GitLab AI Security Framework for security leaders","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664299/Blog/Hero%20Images/AdobeStock_887599633.jpg","Discover how GitLab Duo's security controls, third-party integrations, and retention policies help teams safely implement AI into their development workflow.",[1121,1122],"Kyle Smith","Ayoub Fandi",{"slug":1124,"externalUrl":-1},"the-gitlab-ai-security-framework-for-security-leaders",{"content":1126,"config":1133},{"title":1127,"heroImage":1128,"category":10,"description":1129,"authors":1130,"date":1132},"The ultimate guide to token management at GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097408/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_1097303277_6gTk7M1DNx0tFuovupVFB1_1750097407860.jpg","Learn all the steps in the end-to-end process of identifying, managing, and securing tokens for improved security across the software development lifecycle.",[1131],"Hakeem Abdul-Razak","2025-02-25",{"slug":1134,"externalUrl":-1},"the-ultimate-guide-to-token-management-at-gitlab",{"content":1136,"config":1142},{"title":1137,"heroImage":1138,"category":10,"description":1139,"authors":1140,"date":1141},"Tutorial: Security scanning in air-gapped environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099301/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_1097303277_6gTk7M1DNx0tFuovupVFB1_1750099300786.jpg","Security scanning remains crucial even in air-gapped environments to detect internal threats, prevent data exfiltration, and maintain operational integrity. Learn how GitLab can help get air-gapped environments secure.",[767],"2025-02-05",{"slug":1143,"externalUrl":-1},"tutorial-security-scanning-in-air-gapped-environments",{"content":1145,"config":1150},{"title":1146,"heroImage":1062,"category":10,"description":1147,"authors":1148,"date":1149},"Automating cybersecurity threat detections with GitLab CI/CD","Discover how GUARD automates cybersecurity threat detections through the use\nof GitLab CI/CD and how it ensures high-quality detections.",[1001],"2025-01-29",{"slug":1151,"externalUrl":-1},"automating-cybersecurity-threat-detections-with-gitlab-ci-cd",{"content":1153,"config":1159},{"title":1154,"heroImage":1155,"category":10,"description":1156,"authors":1157,"date":1149},"Improve AI security in GitLab with composite identities","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664638/Blog/Hero%20Images/applicationsecurity.png","Learn how to implement AI features responsibly by applying authentication best practices with service accounts for AI agents in GitLab.",[1158],"Grzegorz Bizon",{"slug":1160,"externalUrl":-1},"improve-ai-security-in-gitlab-with-composite-identities",{"content":1162,"config":1168},{"title":1163,"heroImage":1164,"category":10,"description":1165,"authors":1166,"date":1149},"Improve security auditing with GitLab Operational Container Scanning","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664654/Blog/Hero%20Images/AdobeStock_1172300481.jpg","Learn how to conduct container vulnerability scans post-deployment to raise awareness of existing threats and to track resolution of vulnerabilities.",[1167],"Daniel Helfand",{"slug":1169,"externalUrl":-1},"improve-security-auditing-with-gitlab-operational-container-scanning",{"content":1171,"config":1178},{"title":1172,"heroImage":1173,"category":784,"description":1174,"authors":1175,"date":1177},"Secure, compliant, and AI-powered: Get to know 3 new GitLab features","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664458/Blog/Hero%20Images/Gartner_AI_Code_Assistants_Blog_Post_Cover_Image_1800x945.png","Enhance security, leverage new AI capabilities, and protect sensitive data with our latest platform improvements.",[1176],"Jessica Hurwitz","2025-01-27",{"slug":1179,"externalUrl":-1},"secure-compliant-and-ai-powered-get-to-know-3-new-gitlab-features",{"content":1181,"config":1188},{"title":1182,"heroImage":1183,"category":10,"description":1184,"authors":1185,"date":1187},"How-to: GitLab Single Sign-on with SAML, SCIM, and Azure’s Entra ID","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098047/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_1097303277_6gTk7M1DNx0tFuovupVFB1_1750098046895.jpg","Follow this detailed walk-through of the configuration steps required to configure GitLab Single Sign-on, using Microsoft Azure’s Entra ID as the identity provider.",[1186],"Rob Jackson","2025-01-23",{"slug":1189,"externalUrl":-1},"how-to-gitlab-single-sign-on-with-saml-scim-and-azures-entra-id",{"content":1191,"config":1197},{"title":1192,"heroImage":1193,"category":10,"description":1194,"authors":1195,"date":1196},"Guide to fulfilling SOC 2 security requirements with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099576/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_1172300481_IGPi3TS4VzFgcqhvEdBlR_1750099575518.jpg","Understand the application security features in the GitLab DevSecOps platform that map to System and Organization Controls 2 requirements.",[767],"2025-01-22",{"slug":1198,"externalUrl":-1},"guide-to-fulfilling-soc-2-security-requirements-with-gitlab",{"content":1200,"config":1206},{"title":1201,"heroImage":1202,"category":10,"description":1203,"authors":1204,"date":1196},"Tutorial: Advanced use case for GitLab Pipeline Execution Policies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098083/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_397632156_3Ldy1urjMStQCl4qnOBvE0_1750098083312.jpg","Learn how new GitLab Ultimate functionality can enforce a standardized pipeline across an organization for improved compliance.",[1205],"Dan Rabinovitz",{"slug":1207,"externalUrl":-1},"tutorial-advanced-use-case-for-gitlab-pipeline-execution-policies",{"content":1209,"config":1215},{"title":1210,"heroImage":735,"category":10,"description":1211,"authors":1212,"date":1214},"Introducing GitLab Advanced Vulnerability Tracking","Learn how this security feature improves the efficiency of vulnerability management by reducing futile auditing time (includes data from a new study).",[1213],"Julian Thome","2025-01-21",{"slug":1216,"externalUrl":-1},"introducing-gitlab-advanced-vulnerability-tracking",{"content":1218,"config":1222},{"title":1219,"heroImage":1071,"category":10,"description":1220,"authors":1221,"date":1214},"Secure and publish Python packages: A guide to CI integration","Learn how to implement a secure CI/CD pipeline across five stages with the GitLab DevSecOps platform.",[991],{"slug":1223,"externalUrl":-1},"secure-and-publish-python-packages-a-guide-to-ci-integration",{"content":1225,"config":1233},{"title":1226,"heroImage":1227,"category":10,"description":1228,"authors":1229,"date":1232},"What the Digital Operational Resilience Act means for banks","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098149/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%284%29_3LZkiDjHLjhqEkvOvBsVKp_1750098149751.png","Find out why financial institutions need to understand the DORA legislative framework introduced in the European Union to strengthen operational resilience.",[1230,1231],"Joshua Carroll","Allie Holland","2025-01-15",{"slug":1234,"externalUrl":-1},"what-the-digital-operational-resilience-act-means-for-banks",{"content":1236,"config":1243},{"title":1237,"heroImage":1238,"category":10,"description":1239,"authors":1240,"date":1242},"GitLab supports banks in navigating regulatory challenges","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664874/Blog/Hero%20Images/AdobeStock_880918603.jpg","Learn the upcoming changes to key frameworks, how they impact organizations, and the DevSecOps platform features that can help address them.",[1241,1231],"George Kichukov","2025-01-09",{"slug":1244,"externalUrl":-1},"gitlab-supports-banks-in-navigating-regulatory-challenges",{"content":1246,"config":1251},{"title":1247,"heroImage":1091,"category":10,"description":1248,"authors":1249,"date":1250},"Reduce supply chain risk with smarter vulnerability prioritization","New software composition analysis features use risk-based intelligence so developers and security teams can prioritize critical vulnerabilities for targeted remediation.",[826],"2025-01-07",{"slug":1252,"externalUrl":-1},"reduce-supply-chain-risk-with-smarter-vulnerability-prioritization",{"content":1254,"config":1259},{"title":1255,"heroImage":1256,"category":10,"description":1257,"authors":1258,"date":1250},"Streamline the path to CMMC Level 2 compliance with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098208/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_479904468%20%281%29_4lmOEVlaXP0YC3hSFmOw6i_1750098208185.jpg","Learn how GitLab’s comprehensive, AI-powered DevSecOps platform can help organizations meet Cybersecurity Maturity Model Certification Level 2 compliance requirements.",[970],{"slug":1260,"externalUrl":-1},"streamline-the-path-to-cmmc-level-2-compliance-with-gitlab",{"content":1262,"config":1268},{"title":1263,"heroImage":735,"category":10,"description":1264,"authors":1265,"date":1267},"GitLab's 2024 bug bounty year in review","Who were the 2024 top 5 bug reporters? Find out in this look back at 12 months of bug hunting. Also learn how to participate in 2025's bug bounty program.",[1266],"Ottilia Westerlund","2025-01-06",{"slug":1269,"externalUrl":-1},"gitlabs-2024-bug-bounty-year-in-review",{"content":1271,"config":1277},{"title":1272,"heroImage":1273,"category":537,"description":1274,"authors":1275,"date":1267},"Ultimate guide to CI/CD: Fundamentals to advanced implementation","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749660151/Blog/Hero%20Images/blog-image-template-1800x945__26_.png","Learn how to modernize continuous integration/continuous deployment, including automating the development, delivery, and security of pipelines.",[1276],"Sandra Gittlen",{"slug":1278,"externalUrl":-1},"ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation",{"content":1280,"config":1286},{"title":1281,"heroImage":1118,"category":10,"description":1282,"authors":1283,"date":1285},"3 signs your team is ready to uplevel security controls in GitLab","Learn when to upgrade your GitLab security practices, from permission management to compliance adherence. Discover key features in GitLab Premium that scale with your team.",[1284],"Julie Griffin","2024-12-18",{"slug":1287,"externalUrl":-1},"3-signs-your-team-is-ready-to-uplevel-security-controls-in-gitlab",{"content":1289,"config":1294},{"title":1290,"heroImage":1273,"category":784,"description":1291,"authors":1292,"date":1293},"Transform code quality and compliance with automated processes","Learn how GitLab Premium features address the technical debt and security vulnerability challenges that plague traditional approaches.",[1176],"2024-12-13",{"slug":1295,"externalUrl":-1},"transform-code-quality-and-compliance-with-automated-processes",{"content":1297,"config":1304},{"title":1298,"heroImage":1299,"category":1300,"description":1301,"authors":1302,"date":1303},"Ask a hacker: A conversation with ahacker1","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098255/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%282%29_5kE1qyriiwHs6cpvIwuyB_1750098255490.png","open-source","Alexander Siyou Tan, also known as ahacker1, joined us for an AMA to discuss how he got into hacking and some of his best bug bounty hunting strategies.",[1266],"2024-12-12",{"slug":1305,"externalUrl":-1},"ask-a-hacker-a-conversation-with-ahacker1",{"content":1307,"config":1314},{"title":1308,"heroImage":1309,"category":537,"description":1310,"authors":1311,"date":1313},"ICYMI: Key AI and security insights from our developer community","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098331/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%286%29_55zMmdJIUpfh5qaPW9dtVA_1750098331584.png","Our latest LinkedIn Live highlights the hottest trends in AI, security, DevSecOps, and more. Also get a taste of the GitLab community contributions that are making an impact.",[1312],"Fatima Sarah Khalid","2024-12-05",{"slug":1315,"externalUrl":-1},"icymi-key-ai-and-security-insights-from-our-developer-community",{"content":1317,"config":1325},{"title":1318,"heroImage":1319,"category":684,"description":1320,"authors":1321,"date":1324},"How to leverage GitLab Duo for enhanced security reporting","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098339/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%285%29_1iy516k40hwBDChKcUJ2zb_1750098339103.png","Learn how GitLab Duo enables efficient, real-world security reporting for development, operations, and security teams.",[1322,1323],"Valentine Mairet","David O'Regan","2024-12-03",{"slug":1326,"externalUrl":-1},"how-to-leverage-gitlab-duo-for-enhanced-security-reporting",{"content":1328,"config":1334},{"title":1329,"heroImage":967,"category":10,"description":1330,"authors":1331,"date":1333},"Unveiling the GUARD framework to automate security detections at GitLab","The GitLab Universal Automated Response and Detection (GUARD) framework spans creation, maintenance, alert routing and handling, rich metrics collection, and more.",[1332,1322,981],"Harjeet Sharma","2024-11-26",{"slug":1335,"externalUrl":-1},"unveiling-the-guard-framework-to-automate-security-detections-at-gitlab",{"content":1337,"config":1344},{"title":1338,"heroImage":1339,"category":10,"description":1340,"authors":1341,"date":1343},"Enable secure sudo access for GitLab Remote Development workspaces","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749675033/Blog/Hero%20Images/blog-image-template-1800x945.png","Learn how to allow support for sudo commands using Sysbox, Kata Containers, and user namespaces in this easy-to-follow tutorial.",[1342],"Vishal Tak","2024-11-20",{"slug":1345,"externalUrl":-1},"enable-secure-sudo-access-for-gitlab-remote-development-workspaces",{"content":1347,"config":1354},{"title":1348,"heroImage":1349,"category":794,"description":1350,"authors":1351,"date":1353},"GitLab Ultimate's total economic impact: 483% ROI over 3 years","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098354/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%281%29_5XrohmuWBNuqL89BxVUzWm_1750098354056.png","A Forrester Consulting study of GitLab Ultimate finds that the DevSecOps platform enhanced security posture with 5x time saved on security-related activities.\n",[1352],"Dave Steer","2024-11-13",{"slug":1355,"externalUrl":-1},"gitlab-ultimates-total-economic-impact-483-roi-over-3-years",{"content":1357,"config":1362},{"title":1358,"heroImage":804,"category":10,"description":1359,"authors":1360,"date":1361},"Best practices to keep secrets out of GitLab repositories","Learn strategies to secure secrets and what to do if secrets are accidentally leaked in a GitLab repository.",[981],"2024-10-31",{"slug":1363,"externalUrl":-1},"best-practices-to-keep-secrets-out-of-gitlab-repositories",{"content":1365,"config":1371},{"title":1366,"heroImage":1367,"category":784,"description":1368,"authors":1369,"date":1370},"3 GitLab features to level up DevSecOps workflows","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665762/Blog/Hero%20Images/blog-gl17-release-hero-17-0-93-1800x945-fy25__1_.png","Fix broken pipelines faster, better understand security vulnerabilities, and filter out false positives with our latest platform improvements.",[826],"2024-10-29",{"slug":1372,"externalUrl":-1},"3-gitlab-features-to-level-up-devsecops-workflows",{"content":1374,"config":1380},{"title":1375,"heroImage":1376,"category":794,"description":1377,"authors":1378,"date":1370},"Introducing The Source: Insights for the future of software development","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674616/Blog/Hero%20Images/blog-image-template-1800x945__1_.png","Explore our new publication for transformative software development strategies and expert advice on emerging technologies.",[1379],"Chandler Gibbons",{"slug":1381,"externalUrl":-1},"introducing-the-source-insights-for-the-future-of-software-development",{"content":1383,"config":1390},{"title":1384,"heroImage":1385,"category":10,"description":1386,"authors":1387,"date":1370},"New CIS GitLab Benchmark scanner boosts security and compliance","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664530/Blog/Hero%20Images/AdobeStock_282096522.jpg","GitLab's gitlabcis scanner determines level of compliance for GitLab projects. Learn how to install and use the tool with this tutorial, as well as what's on the roadmap.",[1001,1388,1389],"Neil McDonald","Nate Rosandich",{"slug":1391,"externalUrl":-1},"new-cis-gitlab-benchmark-scanner-boosts-security-and-compliance",{"content":1393,"config":1399},{"title":1394,"heroImage":1395,"category":10,"description":1396,"authors":1397,"date":1398},"5 things to know from our LinkedIn Live Security Deep Dive","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659856/Blog/Hero%20Images/blog-hero-banner-1-0178-820x470-fy25.png","Security experts and product leaders offered their take on new developments in application security and the latest from GitLab 17.5.",[1312],"2024-10-28",{"slug":1400,"externalUrl":-1},"5-things-to-know-from-our-linkedin-live-security-deep-dive",{"content":1402,"config":1408},{"title":1403,"heroImage":1404,"category":684,"description":1405,"authors":1406,"date":1407},"Quick vulnerability remediation with GitLab Advanced SAST + Duo AI ","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098458/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945_24mPf16vAPHORs3d9y62q_1750098458538.png","Shorten your mean time to remediation by pairing Advanced SAST and artificial intelligence. This detailed demo shows you how.",[767],"2024-10-22",{"slug":1409,"externalUrl":-1},"quick-vulnerability-remediation-with-gitlab-advanced-sast-duo-ai",{"content":1411,"config":1417},{"title":1412,"heroImage":1413,"category":10,"description":1414,"authors":1415,"date":1416},"GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662877/Blog/Hero%20Images/security-cover-new.png","Learn more about this critical patch release.",[],"2024-10-09",{"slug":1418,"externalUrl":1419},"","https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/",{"content":1421,"config":1427},{"title":1422,"heroImage":1423,"category":10,"description":1424,"authors":1425,"date":1426},"Why GitLab is deprecating compliance pipelines in favor of security policies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098128/Blog/Hero%20Images/Blog/Hero%20Images/security-checklist_security-checklist.png_1750098128272.png","Learn about our decision to deprecate compliance pipelines and how to migrate to pipeline execution policies. The process is detailed in this tutorial.",[1020],"2024-10-01",{"slug":1428,"externalUrl":-1},"why-gitlab-is-deprecating-compliance-pipelines-in-favor-of-security-policies",{"content":1430,"config":1437},{"title":1431,"heroImage":1432,"category":10,"description":1433,"authors":1434,"date":1436},"GitLab Advanced SAST is now generally available","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665917/Blog/Hero%20Images/blog-advanced-sast-creative-imagery-0390-1800x945-fy25.png","Reduce false positives, shorten remediation time, and improve development velocity with a proprietary solution built into GitLab.",[826,1435],"Connor Gilbert","2024-09-19",{"slug":1438,"externalUrl":-1},"gitlab-advanced-sast-is-now-generally-available",{"content":1440,"config":1447},{"title":1441,"heroImage":1442,"category":695,"description":1443,"authors":1444,"date":1446},"GitLab Linux package being upgraded to OpenSSL 3 in GitLab 17.7","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749676004/Blog/Hero%20Images/blog-image-template-1800x945__6_.png","OpenSSL 1 is now end-of-life. Learn which GitLab instances will be impacted, and how to update your external endpoints to support OpenSSL 3.",[1445],"Dilan Orrino","2024-09-18",{"slug":1448,"externalUrl":-1},"gitlab-linux-package-being-upgraded-to-openssl-3",{"content":1450,"config":1455},{"title":1451,"heroImage":1413,"category":10,"description":1452,"authors":1453,"date":1454},"GitLab Critical Patch Release: 17.3.2, 17.2.5, 17.1.7","Learn more about GitLab Critical Patch Release: 17.3.2, 17.2.5, 17.1.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-09-12",{"slug":1418,"externalUrl":1456},"https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/",{"content":1458,"config":1465},{"title":1459,"heroImage":1460,"category":10,"description":1461,"authors":1462,"date":1464},"Annotate container images with build provenance using Cosign in GitLab CI/CD","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098395/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2823%29_2w6waL76KROjhJHM2vXet6_1750098395162.png","Use GitLab pipelines to automate building, signing, and annotating Docker images. This tutorial shares code to show you how. Try it out in your own organization.",[1463,991],"João Pereira","2024-09-04",{"slug":1466,"externalUrl":-1},"annotate-container-images-with-build-provenance-using-cosign-in-gitlab-ci-cd",{"content":1468,"config":1476},{"title":1469,"heroImage":1470,"category":10,"description":1471,"authors":1472,"date":1475},"How to choose the right security scanning approach","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097969/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_282096522_securitycompliance.jpeg_1750097968823.jpg","GitLab offers multiple scanning methods for CI/CD pipelines, including compliance frameworks and scan and pipeline execution policies. Learn the basics, configurations, and advantages/disadvantages.",[1473,1474],"Matt Genelin","Mathias Ewald","2024-08-26",{"slug":1477,"externalUrl":-1},"how-to-choose-the-right-security-scanning-approach",{"content":1479,"config":1485},{"title":1480,"heroImage":1481,"category":10,"description":1482,"authors":1483,"date":1484},"How GitLab helps meet NIS2 requirements","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659437/Blog/Hero%20Images/AdobeStock_398929148.jpg","The EU's NIS2 cybersecurity legislation focuses on resilience, incident response, and risk management. Learn how GitLab's DevSecOps platform helps meet these compliance requirements.",[970],"2024-08-20",{"slug":1486,"externalUrl":-1},"how-gitlab-helps-meet-nis2-requirements",{"content":1488,"config":1495},{"title":1489,"heroImage":1490,"category":695,"description":1491,"authors":1492,"date":1494},"GitLab now supports SHA256 repositories","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667390/Blog/Hero%20Images/blog-image-template-1800x945__19_.png","Try this experimental security feature to create test projects.",[1493],"John Cai","2024-08-19",{"slug":1496,"externalUrl":-1},"gitlab-now-supports-sha256-repositories",{"content":1498,"config":1506},{"title":1499,"heroImage":1500,"category":10,"description":1501,"authors":1502,"date":1505},"FinServ: How to implement GitLab's separation of duties features","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097688/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%286%29_6vL96ttKF8zJLLqfPpvFs_1750097687913.png","Learn how GitLab ensures secure, compliant software development with separation of duties in the financial services sector, including features that help adhere to regulatory frameworks.",[1503,1504],"Cherry Han","Gavin Peltz","2024-08-13",{"slug":1507,"externalUrl":-1},"finserv-how-to-implement-gitlabs-separation-of-duties-features",{"content":1509,"config":1515},{"title":1510,"heroImage":1511,"category":10,"description":1512,"authors":1513,"date":1514},"Get to know the security and governance updates in GitLab 17, 17.1","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098858/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_282096522_securitycompliance.jpeg_1750098857843.jpg","Dive deep into the new enhancements that can strengthen your organization's security posture, including how-to videos for SAST, DAST, API security, container registry, and more.",[767],"2024-07-17",{"slug":1516,"externalUrl":-1},"get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1",{"content":1518,"config":1526},{"title":1519,"heroImage":1520,"category":684,"description":1521,"authors":1522,"date":1525},"Developing GitLab Duo: Use AI to remediate security vulnerabilities ","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098106/Blog/Hero%20Images/Blog/Hero%20Images/blog-hero-banner-1-0178-820x470-fy25_7JlF3WlEkswGQbcTe8DOTB_1750098106040.png","This tutorial shows how GitLab Duo Vulnerability Explanation and GitLab Duo Vulnerability Resolution, along with our other AI-powered features, can help to address vulnerabilities quickly.",[1523,1524],"Michael Friedrich","Alana Bellucci","2024-07-15",{"slug":1527,"externalUrl":-1},"developing-gitlab-duo-use-ai-to-remediate-security-vulnerabilities",{"content":1529,"config":1535},{"title":1530,"heroImage":955,"category":10,"description":1531,"authors":1532,"date":1534},"FAQ: The RegreSSHion vulnerability and GitLab","Find out what CVE-2024-6387 is, how it impacts GitLab, and what you need to know to mitigate it in your GitLab environment.",[1533],"Mark Loveless","2024-07-09",{"slug":1536,"externalUrl":-1},"faq-the-regresshion-vulnerability-and-gitlab",{"content":1538,"config":1543},{"title":1539,"heroImage":1413,"category":10,"description":1540,"authors":1541,"date":1542},"GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5","Learn more about GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-06-26",{"slug":1418,"externalUrl":1544},"https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/",{"content":1546,"config":1553},{"title":1547,"heroImage":881,"category":784,"description":1548,"authors":1549,"date":1552},"Introducing GitLab Dedicated for Government","Learn how our single-tenant SaaS offering, along with our new FedRAMP \"In Process\" designation, will help public sector customers securely advance their modernization objectives.",[1550,1551],"Chris Balane","Corey Oas","2024-06-25",{"slug":1554,"externalUrl":-1},"introducing-gitlab-dedicated-for-government",{"content":1556,"config":1564},{"title":1557,"heroImage":1558,"category":10,"description":1559,"authors":1560,"date":1563},"Prevent secret leaks in source code with GitLab Secret Push Protection","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097761/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%286%29_6vL96ttKF8zJLLqfPpvFs_1750097761137.png","Learn how Secret Push Protection, now generally available, adds to a defense-in-depth detection strategy and decreases the resources needed to remediate secret leaks.",[1561,1562],"Amar Patel","Sara Meadzinger","2024-06-24",{"slug":1565,"externalUrl":-1},"prevent-secret-leaks-in-source-code-with-gitlab-secret-push-protection",{"content":1567,"config":1574},{"title":1568,"heroImage":1569,"category":1570,"description":1571,"authors":1572,"date":1573},"Online retailer bol tackles growing compliance needs with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665465/Blog/Hero%20Images/blog-image-template-1800x945__15_.png","customer-stories","Learn how GitLab helps the major international company adhere to regulations while increasing development efficiency.",[1284],"2024-06-12",{"slug":1575,"externalUrl":-1},"online-retailer-bol-tackles-growing-compliance-needs-with-gitlab",{"content":1577,"config":1584},{"title":1578,"heroImage":1579,"category":537,"description":1580,"authors":1581,"date":1583},"Combine GitLab webhooks and Twilio for SMS alerts on DevSecOps platform","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099013/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2814%29_6VTUA8mUhOZNDaRVNPeKwl_1750099012960.png","Configure GitLab webhooks with SMS alerts to instantly get feedback on new and existing issues within a project and enable teams to react quickly to project- and group-level changes.",[1582],"Ted Gieschen","2024-06-10",{"slug":1585,"externalUrl":-1},"combine-gitlab-webhooks-and-twilio-for-sms-alerts-on-devsecops-platform",{"content":1587,"config":1593},{"title":1588,"heroImage":1442,"category":10,"description":1589,"authors":1590,"date":1592},"Secure by Design principles meet DevSecOps innovation in GitLab 17","GitLab reinforced a commitment to Secure by Design principles across key aspects of the software development lifecycle in latest release, further protecting the software supply chain.",[1591],"Elisabeth Burrows","2024-06-05",{"slug":1594,"externalUrl":-1},"secure-by-design-principles-meet-devsecops-innovation-in-gitlab-17",{"content":1596,"config":1602},{"title":1597,"heroImage":1413,"category":695,"description":1598,"authors":1599,"date":1601},"GitLab extends Omnibus package signing key expiration to 2025","Our GNU Privacy Guard (GPG) key will now expire on July 1, 2025. Here's what you need to know.",[1600],"Andrew Patterson","2024-05-31",{"slug":1603,"externalUrl":-1},"gitlab-extends-omnibus-package-signing-key-expiration-to-2025",{"content":1605,"config":1611},{"title":1606,"heroImage":1607,"category":684,"description":1608,"authors":1609,"date":1610},"Developing GitLab Duo: Secure and thoroughly test AI-generated code","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097183/Blog/Hero%20Images/Blog/Hero%20Images/blog-hero-banner-1-0178-820x470-fy25_7JlF3WlEkswGQbcTe8DOTB_1750097183481.png","Learn step-by-step how to enhance AI-generated code reliability and security using GitLab Duo and GitLab Pages (includes code samples and prompts).",[1323],"2024-05-30",{"slug":1612,"externalUrl":-1},"how-gitlab-duo-helps-secure-and-thoroughly-test-ai-generated-code",{"content":1614,"config":1619},{"title":1615,"heroImage":804,"category":10,"description":1616,"authors":1617,"date":1618},"3 tips to improve your security risk management program","Establishing a security risk management program is more than just checking the compliance box. Here are a few ways to help better protect information and support strategic decision-making.",[1121],"2024-05-28",{"slug":1620,"externalUrl":-1},"3-tips-to-improve-your-security-risk-management-program",{"content":1622,"config":1629},{"title":1623,"heroImage":1624,"category":10,"description":1625,"authors":1626,"date":1628},"7 steps to enhance application security without slowing developer velocity","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099154/Blog/Hero%20Images/Blog/Hero%20Images/applicationsecurity_applicationsecurity.png_1750099154308.png","Learn how to incrementally enable scanning to successfully shift-left security while keeping development at pace.",[1627],"Julie Byrne","2024-05-21",{"slug":1630,"externalUrl":-1},"7-steps-to-enhance-application-security-without-slowing-developer-velocity",{"content":1632,"config":1638},{"title":1633,"heroImage":1385,"category":10,"description":1634,"authors":1635,"date":1637},"GitLab native secrets manager to give software supply chain security a boost","GitLab is building a secrets manager that is key to providing an end-to-end, cloud-agnostic approach to the management of sensitive information.",[1636],"Jocelyn Eillis","2024-05-20",{"slug":1639,"externalUrl":-1},"gitlab-native-secrets-manager-to-give-software-supply-chain-security-a-boost",{"content":1641,"config":1646},{"title":1642,"heroImage":745,"category":10,"description":1643,"authors":1644,"date":1645},"Detect application vulnerabilities with GitLab’s browser-based DAST","Learn why you should include dynamic application security testing as part of a defense-in-depth strategy for software development, and how to migrate from proxy-based DAST.",[1562],"2024-05-13",{"slug":1647,"externalUrl":-1},"detect-application-vulnerabilities-with-gitlabs-browser-based-dast",{"content":1649,"config":1654},{"title":1650,"heroImage":988,"category":10,"description":1651,"authors":1652,"date":1653},"Migration guide: GitHub Advanced Security to GitLab Ultimate","Understand the similarities and differences between GitLab Ultimate and GitHub Advanced Security. Then follow this in-depth tutorial to make the move to the GitLab DevSecOps platform.",[767],"2024-05-01",{"slug":1655,"externalUrl":-1},"migration-guide-github-advanced-security-to-gitlab-ultimate",{"content":1657,"config":1663},{"title":1658,"heroImage":1385,"category":10,"description":1659,"authors":1660,"date":1662},"Happy birthday, Secure by Design!","The U.S. government's initiative to ensure greater security in software products turns one. Find out what GitLab has done to align with this critical effort.",[1661],"Joel Krooswyk","2024-04-30",{"slug":1664,"externalUrl":-1},"happy-birthday-secure-by-design",{"content":1666,"config":1671},{"title":1667,"heroImage":1155,"category":684,"description":1668,"authors":1669,"date":1670},"A developer's guide to building an AI security governance framework","Learn the strategies and practices to adopt for secure and responsible development and use of AI.",[1122],"2024-04-23",{"slug":1672,"externalUrl":-1},"a-developers-guide-to-building-an-ai-security-governance-framework",{"content":1674,"config":1679},{"title":1675,"heroImage":745,"category":10,"description":1676,"authors":1677,"date":1678},"GitLab introduces new CIS Benchmark for improved security","Learn why CIS Benchmarks matter, how the CIS GitLab Benchmark was created, and how to use it to properly secure your GitLab installation.",[1562,1122],"2024-04-17",{"slug":1680,"externalUrl":-1},"gitlab-introduces-new-cis-benchmark-for-improved-security",{"content":1682,"config":1689},{"title":1683,"heroImage":1684,"category":10,"description":1685,"authors":1686,"date":1688},"Integrate external security scanners into your DevSecOps workflow","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098768/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%282%29_1khno1AUtxuL6zzmEmjK7v_1750098768560.png","Learn how to bring Snyk scan results into the merge request widget by parsing JSON artifacts and leveraging the SARIF file format.",[1687],"Sam Morris","2024-04-08",{"slug":1690,"externalUrl":-1},"integrate-external-security-scanners-into-your-devsecops-workflow",{"content":1692,"config":1699},{"title":1693,"heroImage":1694,"category":1695,"description":1696,"authors":1697,"date":1698},"Building GitLab with GitLab: Expanding our security certification portfolio","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659740/Blog/Hero%20Images/building-gitlab-with-gitlab-no-type.png","agile-planning","Learn how the Security Compliance team uses the Agile planning and security features in the GitLab DevSecOps Platform to manage the certification process.\n\n",[894],"2024-04-04",{"slug":1700,"externalUrl":-1},"building-gitlab-with-gitlab-expanding-our-security-certification-portfolio",{"content":1702,"config":1708},{"title":1703,"heroImage":1704,"category":537,"description":1705,"authors":1706,"date":1698},"How to successfully deliver your software development roadmap","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669103/Blog/Hero%20Images/AdobeStock_243118595.jpg","Here are three common blockers and how to overcome them to fully realize the ROI of a DevSecOps platform investment.",[1707],"David DeSanto, Chief Product Officer, GitLab",{"slug":1709,"externalUrl":-1},"how-to-successfully-deliver-your-software-development-roadmap",{"content":1711,"config":1717},{"title":1712,"heroImage":955,"category":10,"description":1713,"authors":1714,"date":1716},"Important information regarding xz-utils (CVE-2024-3094)","Affected software not used for GitLab.com, GitLab Dedicated, or default self-hosted software packages.",[1715],"Shrishti Choudhary","2024-03-30",{"slug":1718,"externalUrl":-1},"important-information-regarding-xz-utils-cve-2024-3094",{"content":1720,"config":1725},{"title":1721,"heroImage":1413,"category":10,"description":1722,"authors":1723,"date":1724},"GitLab Security Release: 16.10.1, 16.9.3, 16.8.5","Learn more about GitLab Security Release: 16.10.1, 16.9.3, 16.8.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-03-27",{"slug":1418,"externalUrl":1726},"https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/",{"content":1728,"config":1733},{"title":1729,"heroImage":804,"category":10,"description":1730,"authors":1731,"date":1732},"Coming soon: GitLab dependency firewall","Learn how this new feature will help organizations avoid supply chain software attacks by warning them or blocking the download based on a project's policy.",[991],"2024-03-26",{"slug":1734,"externalUrl":-1},"coming-soon-gitlab-dependency-firewall",{"content":1736,"config":1741},{"title":1737,"heroImage":955,"category":10,"description":1738,"authors":1739,"date":1732},"We’re combining patch and security releases","This improvement in our release process matches the industry standard and will help GitLab users get information about security and bug fixes sooner.",[1740],"Sam Wiskow",{"slug":1742,"externalUrl":-1},"were-combining-patch-and-security-releases",{"content":1744,"config":1751},{"title":1745,"heroImage":1746,"category":794,"description":1747,"authors":1748,"date":1750},"Oxeye joins GitLab to advance application security capabilities ","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671969/Blog/Hero%20Images/gitlab-oxeye-blog-1800x945.png","The initial focus will be on accelerating GitLab's Static Application Security (SAST) roadmap.\n",[1707,1749],"Dean Agron, co-founder and CEO, Oxeye","2024-03-20",{"slug":1752,"externalUrl":-1},"oxeye-joins-gitlab-to-advance-application-security-capabilities",{"content":1754,"config":1761},{"title":1755,"heroImage":1756,"category":10,"description":1757,"authors":1758,"date":1760},"Simplify your cloud account management for Kubernetes access","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670563/Blog/Hero%20Images/cloudcomputing.jpg","In this tutorial, learn how to use the GitLab agent for Kubernetes and its user impersonation features for secure cluster access.\n\n",[1759],"Viktor Nagy","2024-03-19",{"slug":1762,"externalUrl":-1},"simplify-your-cloud-account-management-for-kubernetes-access",{"content":1764,"config":1770},{"title":1765,"heroImage":1766,"category":10,"description":1767,"authors":1768,"date":1769},"The ultimate guide to least privilege access with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099438/Blog/Hero%20Images/Blog/Hero%20Images/built-in-security_built-in-security.jpeg_1750099438377.jpg","This tutorial demonstrates how to achieve least privilege access using custom roles, security policies, compliance pipelines, branch protections, and more.",[767],"2024-03-06",{"slug":1771,"externalUrl":-1},"the-ultimate-guide-to-least-privilege-access-with-gitlab",{"content":1773,"config":1780},{"title":1774,"heroImage":1775,"category":10,"description":1776,"authors":1777,"date":1779},"How-to: Detecting secrets in video content ","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099421/Blog/Hero%20Images/Blog/Hero%20Images/security-checklist_security-checklist.png_1750099421443.png","GitLab’s Security team identifies and mitigates security risks in video content by searching for API keys or other sensitive tokens. Here's how we do it (with an assist from AI) and how you can, too.",[1778],"Dennis Appelt","2024-02-29",{"slug":1781,"externalUrl":-1},"how-to-detecting-secrets-in-video",{"content":1783,"config":1789},{"title":1784,"heroImage":1785,"category":10,"description":1786,"authors":1787,"date":1788},"How to integrate custom security scanners into GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097082/Blog/Hero%20Images/Blog/Hero%20Images/securitycheck_securitycheck.png_1750097081856.png","Learn how to extend the DevSecOps platform by adding custom security scanners to your workflows (includes an easy-to-follow tutorial).",[767],"2024-02-27",{"slug":1790,"externalUrl":-1},"how-to-integrate-custom-security-scanners-into-gitlab",{"content":1792,"config":1797},{"title":1793,"heroImage":1413,"category":10,"description":1794,"authors":1795,"date":1796},"GitLab Security Release: 16.9.1, 16.8.3, 16.7.6","Learn more about GitLab Security Release: 16.9.1, 16.8.3, 16.7.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-02-21",{"slug":1418,"externalUrl":1798},"https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/",{"content":1800,"config":1808},{"title":1801,"heroImage":1802,"category":537,"description":1803,"authors":1804,"date":1807},"How to tailor GitLab access with custom roles","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098975/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_729993502_1Xe0pzHPX4C3b1Ycs2q7RP_1750098974565.jpg","Find out the current capabilities of custom roles and what's to come, including initial grouping of permissions and templating from default roles.",[1805,1806],"Joe Randazzo","Hannah Sutor","2024-02-13",{"slug":1809,"externalUrl":-1},"how-to-tailor-gitlab-access-with-custom-roles",{"content":1811,"config":1816},{"title":1812,"heroImage":1413,"category":10,"description":1813,"authors":1814,"date":1815},"GitLab Security Release: 16.8.2, 16.7.5, 16.6.7","Learn more about GitLab Security Release: 16.8.2, 16.7.5, 16.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-02-07",{"slug":1418,"externalUrl":1817},"https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/",{"content":1819,"config":1826},{"title":1820,"heroImage":1821,"category":10,"description":1822,"authors":1823,"date":1825},"GitLab drives automotive industry information security with TISAX certification","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659703/Blog/Hero%20Images/AdobeStock_577940357.jpg","Learn why we pursued this certification and how it will help GitLab customers in the automotive industry.",[1824],"Liz Coleman","2024-01-30",{"slug":1827,"externalUrl":-1},"gitlab-drives-automotive-industry-information-security-with-tisax",{"content":1829,"config":1834},{"title":1830,"heroImage":1413,"category":10,"description":1831,"authors":1832,"date":1833},"GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8","Learn more about GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-01-25",{"slug":1418,"externalUrl":1835},"https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",{"content":1837,"config":1842},{"title":1838,"heroImage":1413,"category":10,"description":1839,"authors":1840,"date":1841},"GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6","Learn more about GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2024-01-11",{"slug":1418,"externalUrl":1843},"https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/",{"content":1845,"config":1851},{"title":1846,"heroImage":1847,"category":10,"description":1848,"authors":1849,"date":1850},"GitLab Trust Center: Welcome to self-service customer assurance","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099558/Blog/Hero%20Images/Blog/Hero%20Images/gitlabflatlogomap_gitlabflatlogomap.png_1750099558369.png","The single, unified trust center provides access to security and privacy collateral, streamlined questionnaire submissions, an interactive knowledge base, and GitLab updates.",[970],"2024-01-09",{"slug":1852,"externalUrl":-1},"gitlab-trust-center-welcome-to-self-service-customer-assurance",{"content":1854,"config":1858},{"title":1855,"heroImage":1027,"category":537,"description":1856,"authors":1857,"date":1850},"Top 10 GitLab technical blogs of 2023","2023 was a big year! Catch up on expert insights into DevSecOps, AI, CI/CD, and more.",[1276],{"slug":1859,"externalUrl":-1},"top-10-gitlab-technical-blogs-of-2023",{"content":1861,"config":1866},{"title":1862,"heroImage":955,"category":10,"description":1863,"authors":1864,"date":1865},"The 2023 bug bounty year in review","GitLab's bug bounty program had an incredible year. Learn more about the prizes awarded and the bug reporters who won them.",[1266],"2024-01-04",{"slug":1867,"externalUrl":-1},"the-2023-bug-bounty-year-in-review",{"content":1869,"config":1875},{"title":1870,"heroImage":1871,"category":1570,"description":1872,"authors":1873,"date":1874},"U.S. Navy Black Pearl: Lessons in championing DevSecOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749658924/Blog/Hero%20Images/securitylifecycle-light.png","Sigma Defense built a managed service software factory environment for the military using GitLab as its DevSecOps platform. Here's what they learned.",[1276],"2023-12-12",{"slug":1876,"externalUrl":-1},"u-s-navy-black-pearl-lessons-in-championing-devsecops",{"content":1878,"config":1884},{"title":1879,"heroImage":804,"category":10,"description":1880,"authors":1881,"date":1883},"How GitLab's Red Team automates C2 testing ","Learn how to apply professional development practices to Red Teams using open source command and control tools.",[1882],"Josh Feehs","2023-11-28",{"slug":1885,"externalUrl":-1},"how-gitlabs-red-team-automates-c2-testing",{"content":1887,"config":1892},{"title":1888,"heroImage":955,"category":10,"description":1889,"authors":1890,"date":1891},"Stealth operations: The evolution of GitLab's Red Team","We discuss how GitLab's Red Team has matured over the years, evolving from opportunistic hacking to stealth adversary emulation.",[1102],"2023-11-20",{"slug":1893,"externalUrl":-1},"stealth-operations-the-evolution-of-gitlabs-red-team",{"content":1895,"config":1902},{"title":1896,"heroImage":1897,"category":1570,"description":1898,"authors":1899,"date":1901},"Dunelm strengthens business by enhancing its DevSecOps culture","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670332/Blog/Hero%20Images/groupcollaboration.jpg","Learn how a major UK retailer is using GitLab to ensure everyone in their DevSecOps teams can work together, increasing speed, security, and trust.",[1900],"Sharon Gaudin","2023-11-16",{"slug":1903,"externalUrl":-1},"dunelm-strengthens-business-by-enhancing-its-devsecops-culture",{"content":1905,"config":1911},{"title":1906,"heroImage":955,"category":10,"description":1907,"authors":1908,"date":1910},"Tips to configure browser-based DAST scans","Learn how to use the browser-based analyzer with common dynamic application security testing settings, based on web application attributes, to ensure successful scans.",[1627,1909],"Jerez Solis","2023-11-14",{"slug":1912,"externalUrl":-1},"tips-to-configure-browser-based-dast-scans",{"content":1914,"config":1919},{"title":1915,"heroImage":1413,"category":834,"description":1916,"authors":1917,"date":1918},"Why GitLab access tokens now have lifetime limits","Pre-existing and new personal, group, or project access tokens now have enforced lifetime limits. Find out why and learn how to minimize disruption.",[1806],"2023-10-25",{"slug":1920,"externalUrl":-1},"access-token-lifetime-limits",{"content":1922,"config":1928},{"title":1923,"heroImage":1924,"category":1570,"description":1925,"authors":1926,"date":1927},"How global real estate company Lendlease is driving change with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670317/Blog/Hero%20Images/blog-banner-blue-neon.png","Learn how Lendlease is using GitLab to improve visibility, foster collaboration, and empower everyone to be responsible for security.",[1900],"2023-10-23",{"slug":1929,"externalUrl":-1},"lendlease-driving-change-with-gitlab",{"content":1931,"config":1937},{"title":1932,"heroImage":1933,"category":10,"description":1934,"authors":1935,"date":1936},"GitLab’s response to a high severity vulnerability impacting curl and libcurl","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672878/Blog/Hero%20Images/securityscreen.jpg","Learn about CVE-2023-38545, which leverages a heap buffer overflow through the SOCKS5 protocol, and what it means for GitLab customers.",[970],"2023-10-12",{"slug":1938,"externalUrl":-1},"gitlab-response-to-cve-2023-38545",{"content":1940,"config":1946},{"title":1941,"heroImage":1155,"category":10,"description":1942,"authors":1943,"date":1945},"Introducing GitLab browser-based active checks in DAST","As of GitLab 16.4, or DAST 4.0.9, browser-based DAST active scans will search for path traversal vulnerabilities using the GitLab check 22.1 instead of the ZAP alert 6.",[1944],"Cameron Swords","2023-10-10",{"slug":1947,"externalUrl":-1},"dast-release-first-gitlab-active-check",{"content":1949,"config":1955},{"title":1950,"heroImage":1951,"category":10,"description":1952,"authors":1953,"date":1954},"Ask a hacker - 0xn3va","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749683087/Blog/Hero%20Images/cover-fotis-fotopoulos.png","Vladislav Nechakhin or @0xn3va, one of our top 10 hacker contributors, joined us for an AMA and details his approach and strategy for bug bounty hunting.",[1266],"2023-10-02",{"slug":1956,"externalUrl":-1},"ask-a-hacker",{"content":1958,"config":1963},{"title":1959,"heroImage":745,"category":10,"description":1960,"authors":1961,"date":1962},"Unmasking password attacks at GitLab","Our security team has identified an increased volume of password attacks against GitLab.com on the OAuth API endpoint since September 22, 2023. Learn more.",[1065],"2023-09-28",{"slug":1964,"externalUrl":-1},"unmasking-password-attacks-at-gitlab",{"content":1966,"config":1971},{"title":1967,"heroImage":1871,"category":537,"description":1968,"authors":1969,"date":1970},"Atlassian Server ending: Goodbye disjointed toolchain, hello DevSecOps platform","Atlassian is about to end support for Server products. Learn why now is the time to make the upgrade to GitLab’s single DevSecOps platform.",[1352],"2023-09-26",{"slug":1972,"externalUrl":-1},"atlassian-server-ending-move-to-a-single-devsecops-platform",{"content":1974,"config":1980},{"title":1975,"heroImage":1976,"category":10,"description":1977,"authors":1978,"date":1979},"How GitLab supports NSA and CISA CI/CD security guidance","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749683032/Blog/Hero%20Images/vaultimage.png","GitLab can support your alignment with NSA and CISA CI/CD recommendations and best practices for cloud-based DevSecOps environments.",[970],"2023-09-19",{"slug":1981,"externalUrl":-1},"how-gitlab-supports-the-nsa-and-cisa-cicd-security-guidance",{"content":1983,"config":1989},{"title":1984,"heroImage":1413,"category":834,"description":1985,"authors":1986,"date":1988},"How to export vulnerability reports to HTML/PDF and Jira","With GitLab's API, it's easy to query vulnerability info and send the report details elsewhere, such as a PDF file or a Jira project.",[1987],"Siddharth Mathur","2023-09-14",{"slug":1990,"externalUrl":-1},"exporting-vulnerability-reports-to-html-pdf-jira",{"content":1992,"config":1998},{"title":1993,"heroImage":1994,"category":10,"description":1995,"authors":1996,"date":1988},"The ultimate guide to enabling SAML and SSO on GitLab.com","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666495/Blog/Hero%20Images/cover-1800x945.png","Learn how to make full use of SAML and SSO security features on the GitLab DevSecOps platform.",[1997],"Bradley Lee",{"slug":1999,"externalUrl":-1},"the-ultimate-guide-to-enabling-saml",{"content":2001,"config":2007},{"title":2002,"heroImage":745,"category":10,"description":2003,"authors":2004,"date":2006},"Streamline security with keyless signing and verification in GitLab","Our partnership with Sigstore means that with just a few lines in a yml file, GitLab customers can make their development environment more secure.",[2005],"Sam White","2023-09-13",{"slug":2008,"externalUrl":-1},"keyless-signing-with-cosign",{"content":2010,"config":2015},{"title":2011,"heroImage":1413,"category":10,"description":2012,"authors":2013,"date":2014},"How GitLab can support your ISO 27001 compliance journey","As a strategic partner, GitLab's software security features can help support your ISO 27001 compliance.",[970],"2023-09-06",{"slug":2016,"externalUrl":-1},"how-gitlab-can-support-your-iso-compliance-journey",{"content":2018,"config":2023},{"title":2019,"heroImage":1413,"category":684,"description":2020,"authors":2021,"date":2022},"Remediating vulnerabilities with GitLab's security insights and AI","Learn how to leverage vulnerability insights and the Explain this Vulnerability AI feature to not only resolve a vulnerability, but also understand it.",[767],"2023-08-31",{"slug":2024,"externalUrl":-1},"remediating-vulnerabilities-with-insights-and-ai",{"content":2026,"config":2033},{"title":2027,"heroImage":2028,"category":794,"description":2029,"authors":2030,"date":2032},"GitLab and Google together at Google Cloud Next '23","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679290/Blog/Hero%20Images/gitlabgooglecloud.png","Here's a roundup of all the GitLab events and announcements at the Next ‘23 conference.",[2031],"Nima Badiey","2023-08-22",{"slug":2034,"externalUrl":-1},"gitlab-and-google-together-at-google-cloud-next-23",{"content":2036,"config":2043},{"title":2037,"heroImage":2038,"category":834,"description":2039,"authors":2040,"date":2042},"How to secure Google Cloud Run deployment with GitLab Auto DevOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682898/Blog/Hero%20Images/cloud-security.png","This tutorial will help teams speed development, improve security, and harness the power of serverless technology.",[2041],"Regnard Raquedan","2023-08-21",{"slug":2044,"externalUrl":-1},"how-to-secure-cloud-run-deployment-with-auto-devops",{"content":2046,"config":2052},{"title":2047,"heroImage":946,"category":10,"description":2048,"authors":2049,"date":2051},"Meet regulatory standards with GitLab security and compliance","Compliance is more than one-off audits; it's a continuous process of managing risk by implementing guardrails and monitoring specific metrics. Learn how with this comprehensive guide.",[2050],"Abubakar Siddiq Ango","2023-08-17",{"slug":2053,"externalUrl":-1},"meet-regulatory-standards-with-gitlab",{"content":2055,"config":2060},{"title":2056,"heroImage":804,"category":10,"description":2057,"authors":2058,"date":2059},"Use GitLab and MITRE ATT&CK Navigator to visualize adversary techniques","This tutorial helps build and deploy a customized version of MITRE's ATT&CK Navigator using GitLab CI/CD and GitLab Pages.",[1102],"2023-08-09",{"slug":2061,"externalUrl":-1},"gitlab-mitre-attack-navigator",{"content":2063,"config":2069},{"title":2064,"heroImage":745,"category":794,"description":2065,"authors":2066,"date":2068},"GitLab account security: Verify your information for enhanced protection","GitLab users soon will be required to provide a valid email address during login to boost security and prevent credential stuffing.",[2067],"Jensen Stava","2023-08-08",{"slug":2070,"externalUrl":-1},"gitlab-account-security",{"content":2072,"config":2077},{"title":2073,"heroImage":804,"category":10,"description":2074,"authors":2075,"date":2076},"The backstory on GitLab's security hardening documentation","GitLab has detailed documentation about how to harden your instance, now as a part of GitLab itself. Here's how it came to be.",[1533],"2023-08-01",{"slug":2078,"externalUrl":-1},"gitlab-security-hardening-documentation",{"content":2080,"config":2086},{"title":2081,"heroImage":2082,"category":684,"description":2083,"authors":2084,"date":2085},"GitLab 16: AI and security take center stage","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671793/Blog/Hero%20Images/16_0-cover-image.png","Our GitLab 16 launch event showcased our AI-powered workflows that drive usability improvements, security enhancements, and observability advancements.",[1707],"2023-06-30",{"slug":2087,"externalUrl":-1},"gitlab-16-ai-and-security-take-center-stage",{"content":2089,"config":2095},{"title":2090,"heroImage":2091,"category":794,"description":2092,"authors":2093,"date":2094},"What to know about a fake job scam impersonating GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682784/Blog/Hero%20Images/cautionsign.jpg","GitLab Security is aware of a fake GitLab job scam, ultimately requesting job seekers pay thousands of dollars for 'technology equipment.' Here's how to spot it.",[981],"2023-06-29",{"slug":2096,"externalUrl":-1},"fake-gitlab-job-scam",{"content":2098,"config":2103},{"title":2099,"heroImage":2100,"category":10,"description":2101,"authors":2102,"date":2094},"SecureFlag integrated with GitLab for rapid vulnerability remediation","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679321/Blog/Hero%20Images/cover_image_secureflag.png","Empower developers with hands-on security training within the DevSecOps platform.",[1524],{"slug":2104,"externalUrl":-1},"secureflag-integrated-with-gitlab-for-rapid-vulnerability-remediation",{"content":2106,"config":2113},{"title":2107,"heroImage":2108,"category":10,"description":2109,"authors":2110,"date":2112},"How OIDC can simplify authentication of GitLab CI/CD pipelines with Google Cloud","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669863/Blog/Hero%20Images/security-pipelines.jpg","OpenID Connect can sometimes be complex, but it's the safer and recommended way to authenticate your GitLab pipeline with Google Cloud. This tutorial shows you how.",[1000,2111],"Dhruv Jain","2023-06-28",{"slug":2114,"externalUrl":-1},"introduction-of-oidc-modules-for-integration-between-google-cloud-and-gitlab-ci",{"content":2116,"config":2122},{"title":2117,"heroImage":2108,"category":794,"description":2118,"authors":2119,"date":2121},"GitLab extends Omnibus package signing key expiration to 2024","Our GPG key will now expire on July 1, 2024. Here's what you need to know.",[2120],"João Alexandre Prado Tavares Cunha","2023-06-14",{"slug":2123,"externalUrl":-1},"gitlab-extends-omnibus-package-signing-key-expiration",{"content":2125,"config":2132},{"title":2126,"heroImage":2127,"category":10,"description":2128,"authors":2129,"date":2121},"Managing multiple environments with Terraform and GitLab CI","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663779/Blog/Hero%20Images/cicd-2018_blogimage.jpg","This tutorial shows how to set up and manage three different environments in one project using GitLab CI and Terraform.",[2130,2131],"Sophia Manicor","Noah Ing",{"slug":2133,"externalUrl":-1},"managing-multiple-environments-with-terraform-and-gitlab-ci",{"content":2135,"config":2140},{"title":2136,"heroImage":745,"category":10,"description":2137,"authors":2138,"date":2139},"How Secret Detection can proactively revoke leaked credentials","GitLab extends Secret Detection capabilities to customers on Google Cloud.",[1435],"2023-06-13",{"slug":2141,"externalUrl":-1},"how-secret-detection-can-proactively-revoke-leaked-credentials",{"content":2143,"config":2148},{"title":2144,"heroImage":745,"category":834,"description":2145,"authors":2146,"date":2147},"How to harden your self-managed GitLab instance","Learn seven easy steps to ensure your self-managed GitLab instance is as secure as possible.",[1122],"2023-05-23",{"slug":2149,"externalUrl":-1},"how-to-harden-your-self-managed-gitlab-instance",{"content":2151,"config":2158},{"title":2152,"heroImage":1694,"category":834,"description":2153,"authors":2154,"date":2157},"Building GitLab with GitLab: Web API Fuzz Testing","Our new series shows how we dogfood new DevSecOps platform features to ready them for you. First up, security testing.",[2155,2156],"Mike Eddington","Eugene Lim","2023-05-09",{"slug":2159,"externalUrl":-1},"building-gitlab-with-gitlab-api-fuzzing-workflow",{"content":2161,"config":2166},{"title":2162,"heroImage":2163,"category":537,"description":2164,"authors":2165,"date":2157},"Protestware threats: How to protect your software supply chain","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669673/Blog/Hero%20Images/engineering.png","Some people protest for change by changing code others depend on throughout the software supply chain. Learn more about protestware, its impact, and how to protect against it.",[2050],{"slug":2167,"externalUrl":-1},"rise-of-protestware",{"content":2169,"config":2175},{"title":2170,"heroImage":2171,"category":537,"description":2172,"authors":2173,"date":2174},"GitLab survey highlights wins, challenges as orgs adopt DevSecOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663908/Blog/Hero%20Images/2023-devsecops-report-blog-banner2.png","This year’s survey findings show that DevSecOps principles, together with a DevSecOps platform, help organizations ship more secure software, faster.",[1707],"2023-04-20",{"slug":2176,"externalUrl":-1},"gitlab-survey-highlights-wins-challenges-as-orgs-adopt-devsecops",{"content":2178,"config":2185},{"title":2179,"heroImage":2180,"category":834,"description":2181,"authors":2182,"date":2184},"SourceWarp: Make data-driven, agile DevSecOps decisions","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682686/Blog/Hero%20Images/velocity2.png","How the SourceWarp approach and tool help make informed, agile decisions for CI/CD tools and DevSecOps platforms at GitLab.",[2183],"GitLab Vulnerability Research Team","2023-04-13",{"slug":2186,"externalUrl":-1},"data-driven-decision-making-with-sourcewarp",{"content":2188,"config":2195},{"title":2189,"heroImage":2190,"category":834,"description":2191,"authors":2192,"date":2194},"Getting started with GitLab application security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663993/Blog/Hero%20Images/2018-developer-report-cover.jpg","This tutorial shows how to incorporate GitLab security scan templates into a .gitlab-ci.yml file and view scan results.",[2193,1627],"Victor Hernandez","2023-03-15",{"slug":2196,"externalUrl":-1},"getting-started-with-gitlab-application-security",{"content":2198,"config":2203},{"title":2199,"heroImage":1933,"category":10,"description":2200,"authors":2201,"date":2202},"How to secure memory-safe vs. manually managed languages","Learn how GitLab reduces source code risk using scanning, vulnerability management, and other key features.",[767],"2023-03-14",{"slug":2204,"externalUrl":-1},"memory-safe-vs-unsafe",{"content":2206,"config":2212},{"title":2207,"heroImage":2208,"category":10,"description":2209,"authors":2210,"date":2211},"How to action security vulnerabilities in GitLab Premium","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099637/Blog/Hero%20Images/Blog/Hero%20Images/security-pipelines_security-pipelines.jpg_1750099637178.jpg","Learn step-by-step how to process detected vulnerabilities and spawn merge request approval rules from critical vulnerabilities.",[1687,2131],"2023-03-13",{"slug":2213,"externalUrl":-1},"actioning-security-vulnerabilities-in-gitlab-premium",{"content":2215,"config":2221},{"title":2216,"heroImage":2217,"category":537,"description":2218,"authors":2219,"date":2220},"How GitLab and Google Cloud drive innovation and efficiency for retailers","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667457/Blog/Hero%20Images/open_source_program_blog_image.jpg","Learn how pairing DevSecOps with multicloud environments eases the development burden on retailers.",[2041],"2023-03-08",{"slug":2222,"externalUrl":-1},"gitlab-and-google-cloud",{"content":2224,"config":2230},{"title":2225,"heroImage":2127,"category":10,"description":2226,"authors":2227,"date":2229},"Software supply chain security practices seeing only modest adoption","DORA Accelerate State of DevOps report shows opportunity lies within better security practices, including a focus on culture.",[2228],"Aathira Nair","2023-02-21",{"slug":2231,"externalUrl":-1},"accelerate-state-of-devops-report-key-takeaways",{"content":2233,"config":2240},{"title":2234,"heroImage":2235,"category":537,"description":2236,"authors":2237,"date":2239},"It’s time to really put the Sec in DevSecOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671091/Blog/Hero%20Images/lock.jpg","Organizations may tack on security to DevOps but unless they wholly integrate it, they will miss out on DevSecOps benefits.",[2238],"Francis Ofungwu","2023-02-02",{"slug":2241,"externalUrl":-1},"its-time-to-put-the-sec-in-devsecops",{"content":2243,"config":2249},{"title":2244,"heroImage":2245,"category":537,"description":2246,"authors":2247,"date":2248},"GitLab’s 2023 predictions: What’s next for DevSecOps?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663820/Blog/Hero%20Images/prediction.jpg","Check out insights on securing the supply chain, new uses for AI/ML, and more.",[1276],"2023-01-26",{"slug":2250,"externalUrl":-1},"whats-next-for-devsecops",{"content":2252,"config":2259},{"title":2253,"heroImage":2254,"category":10,"description":2255,"authors":2256,"date":2258},"Git security audit: Inside the hunt for - and discovery of - CVEs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668524/Blog/Hero%20Images/closeup-photo-of-black-and-blue-keyboard-1194713.jpg","Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.",[2257],"Joern Schneeweisz","2023-01-24",{"slug":2260,"externalUrl":-1},"git-security-audit",{"content":2262,"config":2268},{"title":2263,"heroImage":2264,"category":10,"description":2265,"authors":2266,"date":2267},"Monitor your web attack surface with GitLab CI/CD and GitLab Pages","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682233/Blog/Hero%20Images/aleks-dahlberg-glass-unsplash.jpg","Use this tutorial to build an automated web application screenshot report.",[1102],"2023-01-11",{"slug":2269,"externalUrl":-1},"monitor-web-attack-surface-with-gitlab",{"content":2271,"config":2277},{"title":2272,"heroImage":2273,"category":537,"description":2274,"authors":2275,"date":2276},"DevSecOps platforms give SMBs security muscle","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667094/Blog/Hero%20Images/container-security.jpg","A single platform enables teams to build, test, and deploy secure software with fewer resources.",[1900],"2023-01-10",{"slug":2278,"externalUrl":-1},"devsecops-platforms-give-smbs-security-muscle",{"content":2280,"config":2286},{"title":2281,"heroImage":2282,"category":794,"description":2283,"authors":2284,"date":2285},"Secret Detection update: Leaked Personal Access Tokens will soon be revoked","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682562/Blog/Hero%20Images/michael-dziedzic-1bjsASjhfkE-unsplash.jpg","Learn about upcoming changes to better protect GitLab users and organizations.",[1435],"2023-01-04",{"slug":2287,"externalUrl":-1},"pat-revocation-coming-soon",{"content":2289,"config":2296},{"title":2290,"heroImage":2291,"category":10,"description":2292,"authors":2293,"date":2295},"Why 2022 was a record-breaking year in bug bounty awards","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679034/Blog/Hero%20Images/inside-gitLab-public-bug-bounty-program.png","Find out about the researchers who together earned more than $1 million USD in prizes and their bug hunting contributions.",[2294],"Nick Malcolm","2022-12-19",{"slug":2297,"externalUrl":-1},"why-2022-was-a-record-breaking-year-in-bug-bounty-awards",{"content":2299,"config":2304},{"title":2300,"heroImage":2273,"category":10,"description":2301,"authors":2302,"date":2303},"Achieve SLSA Level 2 compliance with GitLab","Compliance mandates call for controls to prevent software tampering, improve integrity of builds and artifacts, and support attestation. Here's how GitLab can help.",[1276],"2022-11-30",{"slug":2305,"externalUrl":-1},"achieve-slsa-level-2-compliance-with-gitlab",{"content":2307,"config":2314},{"title":2308,"heroImage":2309,"category":10,"description":2310,"authors":2311,"date":2313},"How we boosted WebAuthn adoption from 20 percent to 93 percent in two days","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682498/Blog/Hero%20Images/webauthn.jpg","With phishing campaigns on the rise across the industry, we accelerated rollout of a program to further enhance our security hygiene program. This is how we did it.",[2312],"Eric Rubin","2022-11-09",{"slug":2315,"externalUrl":-1},"how-we-boosted-webauthn-adoption-from-20-percent-to-93-percent-in-2-days",{"content":2317,"config":2323},{"title":2318,"heroImage":2319,"category":10,"description":2320,"authors":2321,"date":2322},"Top challenges to securing the software supply chain","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668437/Blog/Hero%20Images/faster-cycle-times.jpg","Learn what organizations should keep in mind while incorporating software supply chain security into their software development lifecycle.",[1379],"2022-11-07",{"slug":2324,"externalUrl":-1},"top-challenges-to-securing-the-software-supply-chain",{"content":2326,"config":2332},{"title":2327,"heroImage":2328,"category":10,"description":2329,"authors":2330,"date":2331},"New OpenSSL 3.0 vulnerabilities: What you need to know to find and fix them","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679348/Blog/Hero%20Images/locks.jpg","Learn how to identify your risk for CVE-2022-3786 and CVE-2022-3602.",[1065],"2022-11-01",{"slug":2333,"externalUrl":-1},"new-openssl-30-vulnerabilities-what-you-need-to-know-to-find-and-fix-them",{"content":2335,"config":2341},{"title":2336,"heroImage":2337,"category":10,"description":2338,"authors":2339,"date":2340},"The ultimate guide to SBOMs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664571/Blog/Hero%20Images/blog-image-template-1800x945__8_.png","Learn what a software bill of materials is and why it has become an integral part of modern software development.",[1276],"2022-10-25",{"slug":2342,"externalUrl":-1},"the-ultimate-guide-to-sboms",{"content":2344,"config":2350},{"title":2345,"heroImage":2346,"category":10,"description":2347,"authors":2348,"date":2349},"Meet the demand for SBOMs and supply chain security with GitLab and Rezilion","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672849/Blog/Hero%20Images/jessica-lewis-fJXv46LT7Xk-unsplash.jpg","Learn the role of SBOMs in helping to secure your software supply chain and how to generate them with the GitLab + Rezilion integration.",[767],"2022-10-17",{"slug":2351,"externalUrl":-1},"fast-and-efficient-sbom-with-gitlab-and-rezilion",{"content":2353,"config":2360},{"title":2354,"heroImage":2355,"category":537,"description":2356,"authors":2357,"date":2359},"Mobile DevOps with GitLab, Part 3 - Code signing for iOS with GitLab CI and Fastlane","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668568/Blog/Hero%20Images/vinicius-amnx-amano-IPemgbj9aDY-unsplash.jpg","Learn how to use Project-level Secure Files with Fastlane Match to sign an iOS app.",[2358],"Darby Frey","2022-10-03",{"slug":2361,"externalUrl":-1},"mobile-devops-with-gitlab-part-3-code-signing-for-ios-with-gitlab-and-fastlane",{"content":2363,"config":2369},{"title":2364,"heroImage":2273,"category":10,"description":2365,"authors":2366,"date":2368},"GitLab and Let's Encrypt partner to improve website security","Learn how to add a Let's Encrypt TLS certificate to a website hosted and managed via GitLab Pages.",[1312,2367],"Bryan Behrenshausen","2022-09-29",{"slug":2370,"externalUrl":-1},"using-gitlab-pages-lets-encrypt",{"content":2372,"config":2379},{"title":2373,"heroImage":2374,"category":10,"description":2375,"authors":2376,"date":2378},"Introducing the infrastructure bill of materials","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671160/Blog/Hero%20Images/ibom.jpg","Pair IBoMs and SBOMs for a more secure software supply chain.",[2377],"Cindy Blake","2022-09-22",{"slug":2380,"externalUrl":-1},"introducing-the-infrastructure-bill-of-materials",{"content":2382,"config":2390},{"title":2383,"heroImage":2384,"category":2385,"description":2386,"authors":2387,"date":2389},"Why - and how - DevOps roles are changing","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664007/Blog/Hero%20Images/devopsroles.jpg","insights","Our 2022 Global DevSecOps Survey finds developers in ops and security while operations is everywhere.",[2388],"Valerie Silverthorne","2022-08-31",{"slug":2391,"externalUrl":-1},"the-changing-roles-in-devsecops",{"content":2393,"config":2398},{"title":2394,"heroImage":2395,"category":537,"description":2396,"authors":2397,"date":2389},"What you need to know about DevOps audits","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668339/Blog/Hero%20Images/a-tale-of-two-editors.jpg","DevOps’s many steps can streamline the audit process. Here’s how.",[2388],{"slug":2399,"externalUrl":-1},"what-you-need-to-know-about-devops-audits",{"content":2401,"config":2406},{"title":2402,"heroImage":2273,"category":537,"description":2403,"authors":2404,"date":2405},"The ultimate guide to software supply chain security","Coupling DevSecOps with software supply chain security results in the advanced protection organizations need.",[1276],"2022-08-30",{"slug":2407,"externalUrl":-1},"the-ultimate-guide-to-software-supply-chain-security",{"content":2409,"config":2416},{"title":2410,"heroImage":2411,"category":537,"description":2412,"authors":2413,"date":2415},"A 3-step plan for DevOps platform migration","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668319/Blog/Hero%20Images/more-robust-task-lists.jpg","Too many tools = too much time wasted. Use our 3-step plan and detailed checklist to jumpstart a DevOps platform migration.",[2414],"Lauren Minning","2022-08-25",{"slug":2417,"externalUrl":-1},"a-3-step-plan-for-devops-platform-migration",{"content":2419,"config":2426},{"title":2420,"heroImage":2421,"category":10,"description":2422,"authors":2423,"date":2425},"Give it a go: Capture the flag for $20K USD in our bug bounty program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670960/Blog/Hero%20Images/sigmund-i2VgGp5BwJg-unsplash.jpg","We created a private project containing a file with a flag. Use a permission-related vulnerability to bypass access control (without user interaction) and read the flag for a $20K USD bonus.",[2424],"Heather Simpson","2022-08-24",{"slug":2427,"externalUrl":-1},"capture-the-flag-in-our-bug-bounty-program",{"content":2429,"config":2434},{"title":2430,"heroImage":2431,"category":537,"description":2432,"authors":2433,"date":2425},"Ditch toolchain problems with a DevOps platform","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667978/Blog/Hero%20Images/go-tools-and-gitlab.jpg","Migrating to a platform is the next step in the DevOps evolution.",[1900],{"slug":2435,"externalUrl":-1},"too-many-toolchains-a-devops-platform-migration-is-the-answer",{"content":2437,"config":2443},{"title":2438,"heroImage":2439,"category":537,"description":2440,"authors":2441,"date":2442},"GitLab's 2022 Global DevSecOps Survey: Security is the top concern, investment","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663982/Blog/Hero%20Images/2022-devsecops-survey-blog-header.png","Find out if your successes and concerns about security and more match those of your peers.",[2388],"2022-08-23",{"slug":2444,"externalUrl":-1},"gitlabs-2022-global-devsecops-survey-security-is-the-top-concern-investment",{"content":2446,"config":2453},{"title":2447,"heroImage":2448,"category":10,"description":2449,"authors":2450,"date":2452},"GitLab adds further measures to combat credential stuffing and other types of platform abuse","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671606/Blog/Hero%20Images/workflow-tips-security-quality-cover.jpg","Integration of fraud detection and prevention tool into authentication flow increases risk reduction.",[2451],"Monmayuri Ray","2022-08-19",{"slug":2454,"externalUrl":-1},"gitlab-adds-further-measures-to-combat-credential-stuffing-and-other-types-of-platform-abuse",{"content":2456,"config":2462},{"title":2457,"heroImage":2458,"category":10,"description":2459,"authors":2460,"date":2461},"Why DevOps and zero trust go together","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749683257/Blog/Hero%20Images/devopszerotrust.jpg","Learn how DevOps and zero trust have matured into a solid pairing and the security considerations that come into play.",[1276],"2022-08-17",{"slug":2463,"externalUrl":-1},"why-devops-and-zero-trust-go-together",{"content":2465,"config":2470},{"title":2466,"heroImage":2163,"category":834,"description":2467,"authors":2468,"date":2461},"Why we implemented our own SSHD solution","Until recently we used OpenSSH Server to handle SSH connections to provide SSH-related features, but we ultimately decided to implement our own SSHD solution. Learn more!",[2469],"Igor Drozdov",{"slug":2471,"externalUrl":-1},"why-we-have-implemented-our-own-sshd-solution-on-gitlab-sass",{"content":2473,"config":2479},{"title":2474,"heroImage":2475,"category":10,"description":2476,"authors":2477,"date":2478},"The importance of compliance in DevOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670037/Blog/Hero%20Images/auto-deploy-google-cloud.jpg","A basic understanding of what compliance means and how it impacts DevOps.",[2414],"2022-08-15",{"slug":2480,"externalUrl":-1},"the-importance-of-compliance-in-devops",{"content":2482,"config":2488},{"title":2483,"heroImage":2484,"category":10,"description":2485,"authors":2486,"date":2487},"Securing the software supply chain through automated attestation","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667086/Blog/Hero%20Images/blog-compliance.jpg","Standards bodies want to know how orgs are protecting against software tampering. Learn how automating compliance attestation can help.",[1276],"2022-08-10",{"slug":2489,"externalUrl":-1},"securing-the-software-supply-chain-through-automated-attestation",{"content":2491,"config":2497},{"title":2492,"heroImage":2493,"category":10,"description":2494,"authors":2495,"date":2496},"Want to start hacking? Here's how to quickly dive in","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670967/Blog/Hero%20Images/hack-gtlab-keyboard.png","We asked one of our top 10 hacker contributors, Johan Carlsson, to share his novel approach to bug bounty hunting.",[2424],"2022-07-27",{"slug":2498,"externalUrl":-1},"cracking-our-bug-bounty-top-10",{"content":2500,"config":2506},{"title":2501,"heroImage":2502,"category":10,"description":2503,"authors":2504,"date":2505},"Top 5 compliance features to leverage in GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679391/Blog/Hero%20Images/pexels-5strike.jpg","Highlighting features we use daily, our security team outlines 5 ways to configure your GitLab instance for increased security and compliance.",[894],"2022-07-13",{"slug":2507,"externalUrl":-1},"top-5-compliance-features-to-leverage-in-gitlab",{"content":2509,"config":2515},{"title":2510,"heroImage":2484,"category":10,"description":2511,"authors":2512,"date":2514},"Tackle a Plan of Actions and Milestones with GitLab’s risk management features","The One DevOps Platform helps identify interdependencies and vulnerabilities as required by government compliance frameworks.",[2513],"Sameer Kamani","2022-07-07",{"slug":2516,"externalUrl":-1},"tackle-nists-plan-of-action-and-milestones-with-gitlabs-risk-management-features",{"content":2518,"config":2524},{"title":2519,"heroImage":2520,"category":2385,"description":2521,"authors":2522,"date":2523},"How to leverage modern software testing skills in DevOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668307/Blog/Hero%20Images/test-automation-devops.jpg","Test automation is finally happening, but do teams have the necessary modern software testing skills? Here's what you need to know",[2414],"2022-07-05",{"slug":2525,"externalUrl":-1},"how-to-leverage-modern-software-testing-skills-in-devops",{"content":2527,"config":2534},{"title":2528,"heroImage":2529,"category":10,"description":2530,"authors":2531,"date":2533},"Use Streaming Audit Events to connect your technology stack with GitLab and Pipedream","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667845/Blog/Hero%20Images/gl15.jpg","Automation lets your DevSecOps teams have logic in place for how to handle events as they come in.",[2532],"Sam Kerr","2022-06-27",{"slug":2535,"externalUrl":-1},"use-streaming-audit-events-to-connect-your-technology-stack-with-gitlab-and-pipedream",{"content":2537,"config":2543},{"title":2538,"heroImage":2539,"category":537,"description":2540,"authors":2541,"date":2542},"GitLab is the single source of truth for eCommerce provider","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668755/Blog/Hero%20Images/swelllogo3.png","Swell uses GitLab company-wide and says the biggest advantage so far is the review operations capability.",[698],"2022-06-23",{"slug":2544,"externalUrl":-1},"gitlab-is-the-single-source-of-truth-for-ecommerce-provider",{"content":2546,"config":2551},{"title":2547,"heroImage":2529,"category":10,"description":2548,"authors":2549,"date":2550},"GitLab's commitment to enhanced application security in the modern DevOps world","Security abounds in our latest DevOps platform release, GitLab 15.",[767],"2022-06-21",{"slug":2552,"externalUrl":-1},"security-gitlab-15",{"content":2554,"config":2561},{"title":2555,"heroImage":2556,"category":834,"description":2557,"authors":2558,"date":2560},"Observability vs. monitoring in DevOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665484/Blog/Hero%20Images/monitoring-update-feature-image.jpg","Want to gain true and actionable visibility across your software development lifecycle? Observability is the answer.",[2559],"Mike Vanbuskirk","2022-06-14",{"slug":2562,"externalUrl":-1},"observability-vs-monitoring-in-devops",{"content":2564,"config":2570},{"title":2565,"heroImage":2529,"category":537,"description":2566,"authors":2567,"date":2569},"GitLab 15: The retrospective","GitLab was founded in 2011 but that was a world nearly unrecognizable today. Here's a look back at what life was like then.",[2568],"Brendan O'Leary","2022-06-13",{"slug":2571,"externalUrl":-1},"gitlab-15-the-retrospective",{"content":2573,"config":2579},{"title":2574,"heroImage":2575,"category":10,"description":2576,"authors":2577,"date":2578},"Terraform as part of the software supply chain, Part 1 - Modules and Providers","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682329/Blog/Hero%20Images/pexels-mateusz-dach-353641.jpg","We examine the supply chain aspects of Terraform, starting with a closer look at malicious Terraform modules and providers and how you can better secure them.",[2257],"2022-06-01",{"slug":2580,"externalUrl":-1},"terraform-as-part-of-software-supply-chain-part1-modules-and-providers",{"content":2582,"config":2588},{"title":2583,"heroImage":2584,"category":537,"description":2585,"authors":2586,"date":2587},"Manager of France's .fr domain selects GitLab for its DevSecOps capabilities","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667869/Blog/Hero%20Images/afniclogo.png","Afnic looks to The One DevOps Platform to modernize its software development with automation, security and compliance, and support for multi-cloud environments.",[698],"2022-05-19",{"slug":2589,"externalUrl":-1},"manager-of-frances-fr-domain-selects-gitlab",{"content":2591,"config":2597},{"title":2592,"heroImage":2593,"category":794,"description":2594,"authors":2595,"date":2596},"Pull-based GitOps moving to GitLab Free tier","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670178/Blog/Hero%20Images/GitLab-Ops.png","Learn how this change provides organizations increased flexibility, security, scalability, and automation in cloud-native environments.",[1276,2414],"2022-05-18",{"slug":2598,"externalUrl":-1},"pull-based-kubernetes-deployments-coming-to-gitlab-free-tier",{"content":2600,"config":2606},{"title":2601,"heroImage":2602,"category":537,"description":2603,"authors":2604,"date":2605},"Biden administration accelerates software supply chain security expectations a year into Executive Order","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667852/Blog/Hero%20Images/eosecurity.jpg","GitLab's One DevOps Platform can help agencies comply with government requirements.",[1276],"2022-05-12",{"slug":2607,"externalUrl":-1},"biden-administration-celebrates-1-year-anniversary-of-eo-by-accelerating-software-supply-chain-security",{"content":2609,"config":2615},{"title":2610,"heroImage":2611,"category":10,"description":2612,"authors":2613,"date":2614},"How we run Red Team operations remotely","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679403/Blog/Hero%20Images/pexels-andrey-grushnikov-707676_crop.jpg","Our team shares the process and templates that drive our successful red team ops in our all-remote environment.",[1102],"2022-05-11",{"slug":2616,"externalUrl":-1},"how-we-run-red-team-operations-remotely",{"content":2618,"config":2623},{"title":2619,"heroImage":2328,"category":10,"description":2620,"authors":2621,"date":2622},"One DevOps platform can help you achieve DevSecOps","GitLab drives innovation in the AST market to secure cloud-native applications.",[1276],"2022-05-09",{"slug":2624,"externalUrl":-1},"one-devops-platform-can-help-you-achieve-devsecops",{"content":2626,"config":2631},{"title":2627,"heroImage":2628,"category":10,"description":2629,"authors":2630,"date":2622},"Updates regarding Rubygems ‘Unauthorized gem takeover for some gems’ vulnerability CVE-2022-29176","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666816/Blog/Hero%20Images/security-cover.png","Actions we've taken to investigate the Rubygems takeover vulnerability.",[698],{"slug":2632,"externalUrl":-1},"updates-regarding-rubygems-unauthorized-gem-takeover-for-some-gems-vulnerability",{"content":2634,"config":2640},{"title":2635,"heroImage":2636,"category":537,"description":2637,"authors":2638,"date":2639},"GitLab is now an approved SLP vendor in California","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668402/Blog/Hero%20Images/code-gitlab-tanuki.png","State and local agencies in California can now purchase GitLab licenses at an agreed-upon discount.",[698],"2022-04-19",{"slug":2641,"externalUrl":-1},"gitlab-is-now-an-approved-slp-vendor-in-california",{"content":2643,"config":2649},{"title":2644,"heroImage":2645,"category":537,"description":2646,"authors":2647,"date":2648},"6 ways SMBs can leverage the power of a DevOps platform","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668224/Blog/Hero%20Images/inside-our-new-development-team-lead-persona.jpg","Bringing a DevOps platform into a small business can be a game changer. It can also cut down on the hat wearing. Here are the top 6 benefits.",[1900],"2022-04-12",{"slug":2650,"externalUrl":-1},"6-ways-smbs-can-leverage-the-power-of-a-devops-platform",{"content":2652,"config":2657},{"title":2653,"heroImage":2628,"category":10,"description":2654,"authors":2655,"date":2656},"Updates regarding Spring remote code execution vulnerabilities CVE-2022-22965 and CVE-2022-22963","Actions we've taken to investigate the Spring RCE vulnerabilities.",[698],"2022-04-07",{"slug":2658,"externalUrl":-1},"updates-regarding-spring-rce-vulnerabilities",{"content":2660,"config":2667},{"title":2661,"heroImage":2662,"category":10,"description":2663,"authors":2664,"date":2666},"How to ensure separation of duties and enforce compliance with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098232/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_479904468%20%281%29_4lmOEVlaXP0YC3hSFmOw6i_1750098232241.jpg","Use your DevSecOps platform to help maintain compliance without compromising on development speed.",[2665,767],"Beatriz Barbosa","2022-04-04",{"slug":2668,"externalUrl":-1},"ensuring-compliance",{"content":2670,"config":2677},{"title":2671,"heroImage":2672,"category":537,"description":2673,"authors":2674,"date":2676},"Kontra and GitLab integrate vulnerability education into the DevOps workflow","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668199/Blog/Hero%20Images/KontraCover.png","Interactive training labs are now available within the GitLab platform from Kontra Application Security, a ThriveDX company.",[2675],"Gyan Chawdhary","2022-03-31",{"slug":2678,"externalUrl":-1},"kontra-and-gitlab-integrate-vulnerability-education-into-the-devops-workflow",{"content":2680,"config":2685},{"title":2681,"heroImage":2273,"category":10,"description":2682,"authors":2683,"date":2684},"Comply with NIST's secure software supply chain framework with GitLab","The U.S. government's Secure Software Development Framework has four key practices. GitLab's DevOps platform has features to address them all.",[1276],"2022-03-29",{"slug":2686,"externalUrl":-1},"comply-with-nist-secure-supply-chain-framework-with-gitlab",{"content":2688,"config":2693},{"title":2689,"heroImage":1413,"category":794,"description":2690,"authors":2691,"date":2692},"How to get integrated secure coding advice in GitLab","Secure Code Warrior now offers integrated security training and guidance within the GitLab DevOps Platform.",[698],"2022-03-24",{"slug":2694,"externalUrl":-1},"heres-how-to-get-integrated-secure-coding-advice-in-gitlab",{"content":2696,"config":2702},{"title":2697,"heroImage":2319,"category":10,"description":2698,"authors":2699,"date":2701},"How GitLab's integration with Rezilion reduces vulnerability backlog and identifies exploitable risks","The native integration helps developers detect and remediate vulnerabilities that are exploitable early on in the development process.",[2700],"Baksheesh Singh Ghuman","2022-03-23",{"slug":2703,"externalUrl":-1},"gitlab-rezilion-integration-reduces-vulnerability-backlog-identifies-exploitable-risks-to-fix",{"content":2705,"config":2710},{"title":2706,"heroImage":2628,"category":10,"description":2707,"authors":2708,"date":2709},"Action we've taken in response to a potential Okta breach","Actions we've taken to investigate a potential Okta breach.",[698],"2022-03-22",{"slug":2711,"externalUrl":-1},"action-weve-taken-in-response-to-potential-okta-breach",{"content":2713,"config":2719},{"title":2714,"heroImage":2628,"category":10,"description":2715,"authors":2716,"date":2718},"Security hygiene best practices for GitLab users","Security hygiene measures that GitLab.com and Self-managed users should consider implementing.",[2717],"Johnathan Hunt","2022-03-21",{"slug":2720,"externalUrl":-1},"security-hygiene-best-practices-for-gitlab-users",{"content":2722,"config":2729},{"title":2723,"heroImage":2724,"category":834,"description":2725,"authors":2726,"date":2728},"How to enhance supply chain security with GitLab and TestifySec","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663397/Blog/Hero%20Images/logoforblogpost.jpg","New alliance partner TestifySec makes Witness available in GitLab",[2727],"Nicole Schwartz","2022-03-16",{"slug":2730,"externalUrl":-1},"gitlab-and-testify-sec-witness-alliance",{"content":2732,"config":2738},{"title":2733,"heroImage":2734,"category":834,"description":2735,"authors":2736,"date":2737},"How to protect GitLab-connected SSH key with Yubikey","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667202/Blog/Hero%20Images/gitlabultimatesecurity.jpg","Add a layer of security to SSH keys by restricting physical access to YubiKey.",[2568],"2022-03-03",{"slug":2739,"externalUrl":-1},"how-to-protect-gitlab-connected-ssh-key-with-yubikey",{"content":2741,"config":2747},{"title":2742,"heroImage":2743,"category":537,"description":2744,"authors":2745,"date":2746},"The best of GitLab's DevOps Platform 2021","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667509/Blog/Hero%20Images/continuous-integration-from-jenkins-to-gitlab-using-docker.jpg","Some highlights from last year, and what to expect from 2022.",[2568],"2022-02-18",{"slug":2748,"externalUrl":-1},"the-best-of-gitlabs-devops-platform-2021",{"content":2750,"config":2756},{"title":2751,"heroImage":2752,"category":2385,"description":2753,"authors":2754,"date":2755},"Fantastic Infrastructure as Code security attacks and how to find them","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667482/Blog/Hero%20Images/cover-image-unsplash.jpg","Learn about possible attack scenarios in Infrastructure as Code and GitOps environments, evaluate tools and scanners with Terraform, Kubernetes, etc., and more.",[1523],"2022-02-17",{"slug":2757,"externalUrl":-1},"fantastic-infrastructure-as-code-security-attacks-and-how-to-find-them",{"content":2759,"config":2763},{"title":2760,"heroImage":2264,"category":10,"description":2761,"authors":2762,"date":2755},"How GitLab handles security bugs (and why it matters)","Learn what makes our approach to handling and transparently disclosing security bugs unique.",[2294],{"slug":2764,"externalUrl":-1},"how-gitlab-handles-security-bugs",{"content":2766,"config":2775},{"title":2767,"heroImage":2768,"category":10,"description":2769,"authors":2770,"date":2774},"Introducing a community-driven advisory database for third-party software dependencies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668354/Blog/Hero%20Images/handshake.png","The advisory data can be readily adopted, adapted, and exchanged. Learn more here.",[2771,2772,2773,1213],"Mark Art","Dinesh Bolkensteyn","Isaac Dawson","2022-02-16",{"slug":2776,"externalUrl":-1},"a-community-driven-advisory-database",{"content":2778,"config":2784},{"title":2779,"heroImage":2780,"category":271,"description":2781,"authors":2782,"date":2783},"Introducing GitLab’s supply chain security direction and landscape","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667466/Blog/Hero%20Images/GitLab-Sec.png","Learn about software supply chain security at GitLab.",[2005],"2022-02-15",{"slug":2785,"externalUrl":-1},"gitlab-supply-chain-security",{"content":2787,"config":2792},{"title":2788,"heroImage":2780,"category":10,"description":2789,"authors":2790,"date":2791},"GitLab’s newest continuous compliance features bolster software supply chain security","Business leaders and DevOps teams can continuously mitigate the risk of cloud-native environments and use guard rails to automate software compliance.",[2377],"2022-02-09",{"slug":2793,"externalUrl":-1},"gitlabs-newest-continuous-compliance-features-bolster-software",{"content":2795,"config":2801},{"title":2796,"heroImage":2797,"category":10,"description":2798,"authors":2799,"date":2800},"Using the GitLab GraphQL API for vulnerability reporting","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682219/Blog/Hero%20Images/jeremy-bishop-FzrlPh20l7Q-unsplash.jpg","Follow along as we teach you how to use GitLab GraphQL API to manage vulnerabilities programatically.",[767],"2022-02-02",{"slug":2802,"externalUrl":-1},"graphql-vulnerability-api",{"content":2804,"config":2810},{"title":2805,"heroImage":2806,"category":10,"description":2807,"authors":2808,"date":2809},"Detecting and alerting on anomalies in your container host with GitLab + Falco","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663383/Blog/Hero%20Images/tanuki-bg-full.png","Learn how to install and use Falco to detect anomalies in your containers",[767],"2022-01-20",{"slug":2811,"externalUrl":-1},"securing-the-container-host-with-falco",{"content":2813,"config":2819},{"title":2814,"heroImage":2815,"category":2385,"description":2816,"authors":2817,"date":2818},"Want secure software development? Our top 5 tips to bring dev and sec together","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679444/Blog/Hero%20Images/twotogether.jpg","Every DevOps team wants secure software development but it's surprisingly hard to achieve. Here are 5 strategies to bring dev and sec together.",[2388],"2022-01-10",{"slug":2820,"externalUrl":-1},"want-secure-software-development-our-top-5-tips-to-bring-dev-and-sec-together",{"content":2822,"config":2827},{"title":2823,"heroImage":2780,"category":10,"description":2824,"authors":2825,"date":2826},"How elite DevOps teams secure the software supply chain","The time is now to integrate security into your DevOps processes - your business will be better for it.",[1276],"2022-01-06",{"slug":2828,"externalUrl":-1},"elite-team-strategies-to-secure-software-supply-chains",{"content":2830,"config":2836},{"title":2831,"heroImage":2832,"category":10,"description":2833,"authors":2834,"date":2835},"GitLab Security in 2021: protect, enhance, certify and strengthen","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670795/Blog/Hero%20Images/security-year-in-review-2021.png","Join our Security team as we review how we worked to keep GitLab, and our community, secure this past year.",[2717],"2021-12-17",{"slug":2837,"externalUrl":-1},"gitlab-security-twenty-twenty-one",{"content":2839,"config":2844},{"title":2840,"heroImage":2628,"category":10,"description":2841,"authors":2842,"date":2843},"Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab","Actions we’ve taken to investigate and mitigate the impact of Log4j, and actions our users can take.",[698],"2021-12-15",{"slug":2845,"externalUrl":-1},"updates-and-actions-to-address-logj-in-gitlab",{"content":2847,"config":2851},{"title":2848,"heroImage":2628,"category":271,"description":2849,"authors":2850,"date":2843},"How to use GitLab security features to detect log4j vulnerabilities","Detailed guidance to help customers detect vulnerabilities.",[698],{"slug":2852,"externalUrl":-1},"use-gitlab-to-detect-vulnerabilities",{"content":2854,"config":2861},{"title":2855,"heroImage":2856,"category":10,"description":2857,"authors":2858,"date":2860},"How GitLab successfully expanded our SOC 2 Type II Trust Services Report Criteria","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669950/Blog/Hero%20Images/security-cameras.jpg","Here's how we expanded our SOC 2 Type 2 and SOC 3 reports.",[2859,1824],"Julia Lake","2021-12-14",{"slug":2862,"externalUrl":-1},"how-gitlab-successfully-expanded-our-soc-2-type-ii-trust-services-report-criteria",{"content":2864,"config":2869},{"title":2865,"heroImage":2866,"category":10,"description":2867,"authors":2868,"date":2860},"2021: Smashing bugs and dropping names","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670978/Blog/Hero%20Images/3-bug-bounty-3-years-blog.png","We take a look at some of the big things that happened in our Bug Bounty program this last year and celebrate the contributions of the bug bounty hunters who make it all possible.",[2424],{"slug":2870,"externalUrl":-1},"smashing-bugs-and-dropping-names-in-2021",{"content":2872,"config":2878},{"title":2873,"heroImage":2874,"category":2385,"description":2875,"authors":2876,"date":2877},"DevSecOps FAQ: Get up to speed","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669784/Blog/Hero%20Images/security-testing-principles-devs.jpg","There's more to dev, sec and ops than meets the eye, particularly when they're combined. Here's what you need to know about DevSecOps.",[2388],"2021-12-08",{"slug":2879,"externalUrl":-1},"devsecops-faq-get-up-to-speed-on-this-hot-devops-area",{"content":2881,"config":2887},{"title":2882,"heroImage":2883,"category":2385,"description":2884,"authors":2885,"date":2886},"2022 DevOps predictions: GitLab experts weigh in on AI, security, remote work, and more","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749683162/Blog/Hero%20Images/tomasz-frankowski-kbufvkbfioe-unsplash.jpg","Want to see into the DevOps future? We’ve got insights to share, including the challenges for AI/ML and the impact of cloud-native on DevSecOps.",[698],"2021-12-06",{"slug":2888,"externalUrl":-1},"devops-predictions-gitlab-experts-weigh-in-on-ai-security-remote-work-and-more",{"content":2890,"config":2896},{"title":2891,"heroImage":2734,"category":10,"description":2892,"authors":2893,"date":2895},"Three things you might not know about GitLab security","There's so much more to GitLab's security offering than meets the eye. Here are three features you may have missed.",[2894],"Matt Wilson","2021-11-23",{"slug":2897,"externalUrl":-1},"three-things-you-might-not-know-about-gitlab-security",{"content":2899,"config":2910},{"title":2900,"heroImage":2901,"category":10,"description":2902,"authors":2903,"date":2909},"Deep dive: the tech stack behind Spamcheck","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669851/Blog/Hero%20Images/vincent-toesca-KnK98ScsZbU-unsplash.jpg","We take a closer look at the tooling, technical choices, metrics and lessons learned behind our new anti-abuse tool.",[2904,2905,2906,2907,2908],"Jayson Salazar","Alexander Dietrich","Alex Groleau","Ethan Urie","Juliet Wanjohi","2021-11-18",{"slug":2911,"externalUrl":-1},"deep-dive-tech-stack-behind-spamcheck",{"content":2913,"config":2918},{"title":2914,"heroImage":2628,"category":10,"description":2915,"authors":2916,"date":2917},"Action needed by self-managed customers in response to CVE-2021-22205","Self-managed users using outdated versions should update immediately.",[698],"2021-11-04",{"slug":2919,"externalUrl":-1},"action-needed-in-response-to-cve2021-22205",{"content":2921,"config":2927},{"title":2922,"heroImage":2923,"category":10,"description":2924,"authors":2925,"date":2926},"Our 3rd annual bug bounty contest: the swagtastic sequel to the sequel","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670997/Blog/Hero%20Images/BB-3rd-Anniversary-blog-header.png","We’re running a bug bounty contest November 1 thru December 3. Find a bug and be entered to win some sweet custom swag. What’s better than a contest? Increased bounty ranges!",[2424],"2021-11-01",{"slug":2928,"externalUrl":-1},"3rd-annual-bug-bounty-contest",{"content":2930,"config":2937},{"title":2931,"heroImage":2932,"category":10,"description":2933,"authors":2934,"date":2936},"How we’re using DAST 2 for easier scan configuration and reduced noise","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682167/Blog/Hero%20Images/pexels-chernaya-575.jpg","Our security team upgraded to GitLab’s DAST 2. Here’s how and why we did it.",[2935],"Nikhil George","2021-10-27",{"slug":2938,"externalUrl":-1},"how-were-using-dast2-for-easier-scan-configuration",{"content":2940,"config":2947},{"title":2941,"heroImage":2942,"category":10,"description":2943,"authors":2944,"date":2946},"Threat modeling the Kubernetes Agent: from MVC to continuous improvement","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682156/Blog/Hero%20Images/pexels-jesus-miron-garcia-3043592.jpg","Learn how we put our threat model into action iteratively and expanded the\nprocess into a full-fledged standalone activity.",[2945],"Vitor Meireles De Sousa","2021-10-11",{"slug":2948,"externalUrl":-1},"threat-modeling-kubernetes-agent",{"content":2950,"config":2956},{"title":2951,"heroImage":2952,"category":794,"description":2953,"authors":2954,"date":2955},"Updates to de-identifying Service Usage Data","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664472/Blog/Hero%20Images/gitlabflatlogomap.png","GitLab is creating a process to pseudonymize directly identifiable Service Usage Data for SaaS customers. There will be no changes to the service data usage policy.",[698],"2021-10-08",{"slug":2957,"externalUrl":-1},"updates-to-de-identifying-service-usage-data",{"content":2959,"config":2964},{"title":2960,"heroImage":2724,"category":10,"description":2961,"authors":2962,"date":2963},"SemVer versioning: how we handled it with linear interval arithmetic","SemVer versioning made it difficult to automate processing. We turned to linear interval arithmetic to come up with a unified, language-agnostic semantic versioning approach.",[1213],"2021-09-28",{"slug":2965,"externalUrl":-1},"generic-semantic-version-processing",{"content":2967,"config":2973},{"title":2968,"heroImage":2969,"category":537,"description":2970,"authors":2971,"date":2972},"How to deploy the GitLab Agent for Kubernetes with limited permissions","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668655/Blog/Hero%20Images/seabass-creatives-U3m4_cKbUfc-unsplash.jpg"," Learn how to deploy the GitLab Agent for Kubernetes with Limited Permissions.",[767],"2021-09-10",{"slug":2974,"externalUrl":-1},"setting-up-the-k-agent",{"content":2976,"config":2984},{"title":2977,"heroImage":2978,"category":10,"description":2979,"authors":2980,"date":2983},"How to write and continuously test vulnerability detection rules for SAST","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667819/Blog/Hero%20Images/anomaly-detection-cover.png","Interns with the Google Summer of Code helped GitLab transition from our old SAST tools to Semgrep.",[2981,2982,1213],"Ross Fuhrman","Anshuman Singh","2021-09-08",{"slug":2985,"externalUrl":-1},"write-vulnerability-detection-rules",{"content":2987,"config":2993},{"title":2988,"heroImage":2989,"category":10,"description":2990,"authors":2991,"date":2992},"Why are developers so vulnerable to drive-by attacks?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682986/Blog/Hero%20Images/pexels-pixabay-434450.jpg","The complexity of developer working environments make them more likely to be vulnerable to a drive-by attack. We talk about why and walk you through a real-life example from a recent disclosure here at GitLab, and provide tips to reduce the risk and impact of drive-by attacks.",[1102],"2021-09-07",{"slug":2994,"externalUrl":-1},"why-are-developers-vulnerable-to-driveby-attacks",{"content":2996,"config":3003},{"title":2997,"heroImage":2998,"category":10,"description":2999,"authors":3000,"date":3002},"How to secure your software build pipeline using code signing","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682125/Blog/Hero%20Images/venafi_coverimage.jpg","The Venafi plugin for GitLab enables single sign-on and digital signatures to better secure your app.",[3001],"Eddie Glenn","2021-08-30",{"slug":3004,"externalUrl":-1},"secure-pipeline-with-single-sign-in",{"content":3006,"config":3012},{"title":3007,"heroImage":2724,"category":834,"description":3008,"authors":3009,"date":3011},"How a new integration helps GitLab customers secure their code","GitLab Ultimate customers can use CodeSonar from GrammaTech for SAST and to bake protection into every stage of software development.",[3010],"Christian Simko","2021-08-20",{"slug":3013,"externalUrl":-1},"how-grammatech-and-gitlab-enables-better-devsecops",{"content":3015,"config":3021},{"title":3016,"heroImage":3017,"category":10,"description":3018,"authors":3019,"date":3020},"Introducing Spamcheck: A data-driven, anti-abuse engine","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669841/Blog/Hero%20Images/lionello-delpiccolo-unsplash.jpg","How we built, tested and deployed a new tool on GitLab that fights spam and abuse.",[2904,2905,2906,2907,2908],"2021-08-19",{"slug":3022,"externalUrl":-1},"introducing-spamcheck-data-driven-anti-abuse",{"content":3024,"config":3031},{"title":3025,"heroImage":3026,"category":10,"description":3027,"authors":3028,"date":3030},"How DevSecOps can protect businesses from future supply chain attacks","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669522/Blog/Hero%20Images/solarpanels.jpg","Learn how GitLab's all-in-one DevSecOps solution can help businesses keep their supply chains secure.",[3029,2532],"Pedro Fortuna","2021-08-18",{"slug":3032,"externalUrl":-1},"what-the-solarwinds-attack-can-teach-us-about-devsecops",{"content":3034,"config":3041},{"title":3035,"heroImage":3036,"category":834,"description":3037,"authors":3038,"date":3040},"How I use analogy to design for highly technical spaces","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668041/Blog/Hero%20Images/Understand-Highly-Technical-Spaces.jpg","Just how much does a designer need to know about a technical space or product to design for it?",[3039],"Camellia Yang","2021-08-13",{"slug":3042,"externalUrl":-1},"understand-highly-technical-spaces",{"content":3044,"config":3051},{"title":3045,"heroImage":3046,"category":834,"description":3047,"authors":3048,"date":3050},"How to secure your container images with GitLab and Grype","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671873/Blog/Hero%20Images/logos_header.jpg","Learn how to start detecting vulnerabilities in your container images in just a few steps.",[3049],"Dan Luhring","2021-07-28",{"slug":3052,"externalUrl":-1},"secure-container-images-with-gitlab-and-grype",{"content":3054,"config":3060},{"title":3055,"heroImage":3056,"category":10,"description":3057,"authors":3058,"date":3059},"Meet Package Hunter: A tool for detecting malicious code in your dependencies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682075/Blog/Hero%20Images/package-hunter.png","We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.",[1778],"2021-07-23",{"slug":3061,"externalUrl":-1},"announcing-package-hunter",{"content":3063,"config":3069},{"title":3064,"heroImage":3065,"category":2385,"description":3066,"authors":3067,"date":3068},"Are you ready for the newest era of DevSecOps?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665839/Blog/Hero%20Images/devops.png","DevSecOps is about more than shifting security testing to developers. Can you secure your software development end-to-end?",[2377],"2021-07-20",{"slug":3070,"externalUrl":-1},"are-you-ready-for-the-newest-era-of-devsecops",{"content":3072,"config":3078},{"title":3073,"heroImage":3074,"category":10,"description":3075,"authors":3076,"date":3077},"How we’re creating a threat model framework that works for GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682058/Blog/Hero%20Images/pexels-nathan-j-hilton.jpg","As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.",[1533],"2021-07-09",{"slug":3079,"externalUrl":-1},"creating-a-threat-model-that-works-for-gitlab",{"content":3081,"config":3086},{"title":3082,"heroImage":2254,"category":10,"description":3083,"authors":3084,"date":3085},"A brief look at Gitpod, two bugs, and a quick fix","Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.",[2257],"2021-07-08",{"slug":3087,"externalUrl":-1},"two-bugs-and-a-quick-fix-in-gitpod",{"content":3089,"config":3094},{"title":3090,"heroImage":2724,"category":794,"description":3091,"authors":3092,"date":3093},"Usage Ping configuration bug for self-managed instances","Patch was released in 13.12.4",[698],"2021-06-21",{"slug":3095,"externalUrl":-1},"usage-ping-configuration-bug-for-self-managed-instances",{"content":3097,"config":3104},{"title":3098,"heroImage":3099,"category":794,"description":3100,"authors":3101,"date":3103},"The GPG key used to sign GitLab Runner packages has been rotated","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666262/Blog/Hero%20Images/default-blog-image.png","Out of an abundance of caution we’ve rotated the impacted keys and tokens.",[3102],"Elliot Rushton","2021-06-16",{"slug":3105,"externalUrl":-1},"gpg-key-used-to-sign-gitlab-runner-packages-rotated",{"content":3107,"config":3113},{"title":3108,"heroImage":3109,"category":10,"description":3110,"authors":3111,"date":3112},"How do bug bounty hunters use GitLab to help their hack?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670944/Blog/Hero%20Images/gitlab-to-help-my-hack.png","We know GitLab is a complete open source DevOps platform, but can it improve your hack? We chat with three bug bounty hunters to find out.",[2424],"2021-06-11",{"slug":3114,"externalUrl":-1},"how-i-use-gitlab-to-help-my-hack",{"content":3116,"config":3123},{"title":3117,"heroImage":3118,"category":834,"description":3119,"authors":3120,"date":3122},"How to get GitOps right with infrastructure as code security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663403/Blog/Hero%20Images/gitops-partner-cover-image.jpg","Learn how the GitLab and Indeni integration makes security a core component of your GitOps workflow.",[3121],"Ulrica de Fort-Menares","2021-06-10",{"slug":3124,"externalUrl":-1},"how-to-get-gitops-right-with-iac-security",{"content":3126,"config":3132},{"title":3127,"heroImage":3128,"category":834,"description":3129,"authors":3130,"date":3131},"How to protect your source code with GitLab and Jscrambler","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669529/Blog/Hero%20Images/gitlab-jscrambler-blog-post-protecting-source-code.png","Learn how to seamlessly protect your source code at build time in just a few steps.",[3029,2532],"2021-06-09",{"slug":3133,"externalUrl":-1},"how-to-protect-your-source-code-with-gitlab-and-jscrambler",{"content":3135,"config":3140},{"title":3136,"heroImage":2724,"category":794,"description":3137,"authors":3138,"date":3139},"GitLab is setting the standard for DevSecOps","GitLab has been recognized as a challenger in the 2021 Gartner Magic Quadrant for Application Security Testing",[2377],"2021-06-01",{"slug":3141,"externalUrl":-1},"gitlab-is-setting-standard-for-devsecops",{"content":3143,"config":3149},{"title":3144,"heroImage":3145,"category":10,"description":3146,"authors":3147,"date":3148},"A deep dive into how we investigate and secure GitLab packages","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682004/Blog/Hero%20Images/gabriel-sollmann-unsplash.jpg","Supply chain attacks aren't new, but that doesn't mean extra vigilance and protection aren't needed. We take a look at how we secure our packages and registries.",[2945],"2021-05-27",{"slug":3150,"externalUrl":-1},"deep-dive-investigation-of-gitlab-packages",{"content":3152,"config":3159},{"title":3153,"heroImage":3154,"category":2385,"description":3155,"authors":3156,"date":3158},"Looking for a DevSecOps maturity model that works? Start with our 2021 Global Survey","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678388/Blog/Hero%20Images/advanced-devsecops-practices.jpg","72% of security pros rated their organizations’ security efforts as “strong” or “good.” Could 2021 be the year DevSecOps becomes a reality?",[3157],"Chrissie Buchanan","2021-05-18",{"slug":3160,"externalUrl":-1},"2021-devsecops-survey-the-great-shift-left-continues",{"content":3162,"config":3167},{"title":3163,"heroImage":2724,"category":794,"description":3164,"authors":3165,"date":3166},"How to prevent crypto mining abuse on GitLab.com SaaS","GitLab now requires new users to provide a valid credit or debit card in order to use free pipeline minutes on GitLab.com SaaS.",[698],"2021-05-17",{"slug":3168,"externalUrl":-1},"prevent-crypto-mining-abuse",{"content":3170,"config":3177},{"title":3171,"heroImage":3172,"category":10,"description":3173,"authors":3174,"date":3176},"How we used GitLab values to develop a successful Security Awards Program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681989/Blog/Hero%20Images/security-awards-blog.png","We built a program that encourages, recognizes, and awards a shared responsibility for security.",[3175],"Philippe Lafoucrière","2021-05-14",{"slug":3178,"externalUrl":-1},"how-we-used-gitlab-values-to-build-a-security-awards-program",{"content":3180,"config":3186},{"title":3181,"heroImage":3182,"category":10,"description":3183,"authors":3184,"date":3185},"How the Security Culture Committee is strengthening GitLab values","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670879/Blog/Hero%20Images/Sec-Culture-Committee-blog.png","Learn how this group of team members works to preserve and reinforce GitLab values in the Security department and beyond.",[2424],"2021-05-07",{"slug":3187,"externalUrl":-1},"how-the-security-culture-committee-is-strengthening-gitlab-values",{"content":3189,"config":3195},{"title":3190,"heroImage":3191,"category":2385,"description":3192,"authors":3193,"date":3194},"The software testing life cycle in 2021: A more upbeat outlook","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664041/Blog/Hero%20Images/open-devops.png","When DevOps teams trip, it's almost always over software testing. But in our 2021 survey we found some signs the software testing life cycle might finally be moving forward.",[2388],"2021-05-06",{"slug":3196,"externalUrl":-1},"the-software-testing-life-cycle-in-2021-a-more-upbeat-outlook",{"content":3198,"config":3203},{"title":3199,"heroImage":3191,"category":2385,"description":3200,"authors":3201,"date":3202},"GitLab's 2021 Survey uncovers a new DevOps maturity model","Our 2021 Global DevSecOps Survey found dramatic advances in DevOps maturity including faster release/deployment cycles, increased automation and improved security postures.",[2388],"2021-05-04",{"slug":3204,"externalUrl":-1},"gitlabs-2021-survey-uncovers-a-new-devops-maturity-model",{"content":3206,"config":3211},{"title":3207,"heroImage":3065,"category":537,"description":3208,"authors":3209,"date":3210},"How a DevOps Platform helps protect against supply chain attacks","Built-in security features can simplify your software factory",[2377],"2021-04-28",{"slug":3212,"externalUrl":-1},"devops-platform-supply-chain-attacks",{"content":3214,"config":3221},{"title":3215,"heroImage":3216,"category":10,"description":3217,"authors":3218,"date":3220},"Inside the Bug Bounty Council at GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681956/Blog/Hero%20Images/gitlab-values-header.png","We improve consistency across severity ratings and payouts in our bug bounty program with collaboration, iteration, and async communication.",[3219],"Andrew Kelly","2021-03-16",{"slug":3222,"externalUrl":-1},"how-we-apply-gitlab-values-to-our-bug-bounty-council-process",{"content":3224,"config":3230},{"title":3225,"heroImage":3226,"category":10,"description":3227,"authors":3228,"date":3229},"Ask a hacker: ajxchapman","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670926/Blog/Hero%20Images/bug-bounty-ask-a-hacker.png","We talk with bug bounty hunter Alex Chapman about his favorite type of vulnerability to research and the one piece of security advice he’d offer to the company he hacks.",[2424],"2021-03-04",{"slug":3231,"externalUrl":-1},"ajxchapman-ask-a-hacker",{"content":3233,"config":3239},{"title":3234,"heroImage":3235,"category":3236,"description":3237,"authors":3238,"date":3229},"Considering a career in security? Here’s some advice.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670859/Blog/Hero%20Images/woctech-photo7.jpg","unfiltered","Eight team members from our Security department talk about what they've learned working in Tech and what advice they’d offer to someone considering a career in security.",[2424],{"slug":3240,"externalUrl":-1},"considering-a-career-in-security",{"content":3242,"config":3247},{"title":3243,"heroImage":2724,"category":3236,"description":3244,"authors":3245,"date":3246},"Bug found and resolved in Dependency Scanning","Some customers will need to take specific action to manually update their Dependency Scanning image to receive a bug fix.",[2727],"2021-02-19",{"slug":3248,"externalUrl":-1},"secure-composition-analysis-bug-not-updating-database",{"content":3250,"config":3256},{"title":3251,"heroImage":2628,"category":10,"description":3252,"authors":3253,"date":3255},"Masked variable vulnerability in Runner version 13.9.0-rc1","How we responded to a masked variable vulnerability in GitLab Runner version 13.9.0-rc1 and actions users should take.",[3254],"Lee Matos","2021-02-18",{"slug":3257,"externalUrl":-1},"masked-variable-vulnerability-in-runner-ver-13-9-0-rc1",{"content":3259,"config":3264},{"title":3260,"heroImage":2724,"category":3236,"description":3261,"authors":3262,"date":3263},"Secure Composition Analysis 14.0 deprecations and removals","A review of the deprecations and removals in 14.0 for the Secure Composition Analysis group.",[2727],"2021-02-08",{"slug":3265,"externalUrl":-1},"composition-analysis-14-deprecations-and-removals",{"content":3267,"config":3273},{"title":3268,"heroImage":3269,"category":3236,"description":3270,"authors":3271,"date":3272},"You asked, and our Red Team answered","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670889/Blog/Hero%20Images/security-ama-blog-header.png","We held a public, ask me anything with our Red Team. Here’s what people asked.",[2424],"2021-01-29",{"slug":3274,"externalUrl":-1},"you-asked-and-our-red-team-answered",{"content":3276,"config":3282},{"title":3277,"heroImage":3278,"category":3236,"description":3279,"authors":3280,"date":3281},"2020: A year of iteration","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681857/Blog/Hero%20Images/cover-2020-a-year-of-iteration.jpg","A look at how far Vulnerability Management progressed in 2020 through hard work and lots of iterations.",[2894],"2021-01-18",{"slug":3283,"externalUrl":-1},"a-year-of-iteration",{"content":3285,"config":3291},{"title":3286,"heroImage":3287,"category":3236,"description":3288,"authors":3289,"date":3290},"A quick guide to GitLab Dependency Scanning","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681849/Blog/Hero%20Images/iceberg_header.jpg","A walk through of creating a quick example project in order to see Dependency Scanning in action.",[2727],"2021-01-14",{"slug":3292,"externalUrl":-1},"try-dependency-scanning",{"content":3294,"config":3300},{"title":3295,"heroImage":3296,"category":3236,"description":3297,"authors":3298,"date":3299},"What’s it like to work in security at GitLab?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671032/Blog/Hero%20Images/wocintechchat_blog2.jpg","Job descriptions and the job they represent don't always line up.  What does someone working in our Security department actually do?",[2424],"2021-01-07",{"slug":3301,"externalUrl":-1},"whats-it-like-to-work-security-at-gitlab",{"content":3303,"config":3310},{"title":3304,"heroImage":3305,"category":834,"description":3306,"authors":3307,"date":3309},"How we prevented security fixes leaking into our public repositories","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667227/Blog/Hero%20Images/security-leaks-unlocked.jpg","Working in the open makes it difficult to work on security vulnerabilities before they're disclosed, especially when that openness discloses them early!",[3308],"Robert Speicher","2021-01-04",{"slug":3311,"externalUrl":-1},"how-we-prevented-security-fixes-leaking-into-our-public-repositories",{"content":3313,"config":3319},{"title":3314,"heroImage":2724,"category":3236,"description":3315,"authors":3316,"date":3318},"How GitLab uses Third Party Security Rating to Build Customer Confidence","This blog is about how GitLab manages Third Party Security Rating platforms, why we chose to partner with BitSight, and how we are using BitSight’s external validation to increase customer confidence.",[3317],"Meghan Maneval","2020-12-18",{"slug":3320,"externalUrl":-1},"how-gitlab-uses-third-party-security-ratings-to-build-customer-confidence",{"content":3322,"config":3328},{"title":3323,"heroImage":3324,"category":3236,"description":3325,"authors":3326,"date":3327},"How we made GitLab more secure in 2020","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670800/Blog/Hero%20Images/sec-2020-review.png","From preventing vulnerabilities to squashing bugs in source code; here’s how our security team has made GitLab more secure in 2020, and where they’ll focus efforts in 2021.",[2717],"2020-12-16",{"slug":3329,"externalUrl":-1},"how-we-made-gitlab-more-secure-in-twenty-twenty",{"content":3331,"config":3335},{"title":3332,"heroImage":2628,"category":10,"description":3333,"authors":3334,"date":3327},"Android App Security Testing with SAST","Learn how to secure your Android application with Static Application Security Testing.",[767],{"slug":3336,"externalUrl":-1},"mobile-static-application-security-testing-for-android",{"content":3338,"config":3344},{"title":3339,"heroImage":3340,"category":10,"description":3341,"authors":3342,"date":3343},"2020 through a bug bounty lens","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671018/Blog/Hero%20Images/gitlab-security-blog-cover_3.png","We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.",[2424],"2020-12-14",{"slug":3345,"externalUrl":-1},"twenty-twenty-through-a-bug-bounty-lens",{"content":3347,"config":3354},{"title":3348,"heroImage":3349,"category":3236,"description":3350,"authors":3351,"date":3353},"Why (Continuous) Fuzzing","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664102/Blog/Hero%20Images/gitlab-values-cover.png","Learn what fuzzing is, what's so good at fuzzing code continuously and why to do it here!",[3352],"Yevgeny Pats","2020-12-10",{"slug":3355,"externalUrl":-1},"why-continuous-fuzzing",{"content":3357,"config":3362},{"title":3358,"heroImage":2734,"category":10,"description":3359,"authors":3360,"date":3361},"Tired of afterthought security? Take a fresh look at GitLab Ultimate","Security may not be the first thing that comes to mind when thinking of our DevOps platform, but we’re going to make the case it should be. Here’s a look at some of the too-often-overlooked security features in GitLab Ultimate.",[2377],"2020-12-08",{"slug":3363,"externalUrl":-1},"security-features-in-ultimate",{"content":3365,"config":3370},{"title":3366,"heroImage":3349,"category":3236,"description":3367,"authors":3368,"date":3369},"How to fuzz Go code with go-fuzz continuously","Learn how (and why!) to fuzz Go code",[3352],"2020-12-03",{"slug":3371,"externalUrl":-1},"how-to-fuzz-go",{"content":3373,"config":3379},{"title":3374,"heroImage":3375,"category":2385,"description":3376,"authors":3377,"date":3378},"CNCF's 5 technologies to watch in 2021","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680997/Blog/Hero%20Images/clouds-cover.jpg","We predict how CNCF's five tech trends to watch will impact cloud native and the tech industry over the next year and beyond.",[2568],"2020-11-24",{"slug":3380,"externalUrl":-1},"cncf-five-technologies-to-watch-in-2021",{"content":3382,"config":3388},{"title":3383,"heroImage":3384,"category":3236,"description":3385,"authors":3386,"date":3387},"How to break into security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670847/Blog/Hero%20Images/wocintechchat_blog1.jpg","Oftentimes, the professional road to security practitioner is a windy one. We talk to 9 women from our Security team to see what their journey looked like.",[2424],"2020-11-12",{"slug":3389,"externalUrl":-1},"breaking-into-security",{"content":3391,"config":3396},{"title":3392,"heroImage":3226,"category":3236,"description":3393,"authors":3394,"date":3395},"Ask a hacker: rpadovani","We chat with a leading bug bounty researcher on why he hacks, what motivates him and his best bug report yet.",[2424],"2020-11-10",{"slug":3397,"externalUrl":-1},"rpadovani-ask-a-hacker",{"content":3399,"config":3407},{"title":3400,"heroImage":3401,"category":3236,"description":3402,"authors":3403,"date":3406},"How we work to detect and mitigate Spam on GitLab.com and beyond","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667172/Blog/Hero%20Images/ranurte-unsplash.jpg","Working to fight spam and abuse can be a full time job.  Here's how we do that for gitlab.com and some tips for self-managed users.",[3404,3405],"Charl de Wit","Greg Myers","2020-10-29",{"slug":3408,"externalUrl":-1},"how-we-work-to-detect-and-mitigate-spam",{"content":3410,"config":3416},{"title":3411,"heroImage":3412,"category":10,"description":3413,"authors":3414,"date":3415},"How to secure your Kubernetes pods using GitLab Container Network Security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681687/Blog/Hero%20Images/diane-helentjaris-TYk0YQbog9g-unsplash.jpg","We help you get started with securing your Kubernetes cluster using Cilium, a GitLab-managed application.",[767],"2020-10-23",{"slug":3417,"externalUrl":-1},"container-network-security-is-important",{"content":3419,"config":3424},{"title":3420,"heroImage":3421,"category":3236,"description":3422,"authors":3423,"date":3415},"Switching “sides” in security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679594/Blog/Hero%20Images/jason-polychronopulos-unsplash.jpg","How does product security work differ from pen testing and hacking all the things?",[2257],{"slug":3425,"externalUrl":-1},"switching-sides-in-security",{"content":3427,"config":3432},{"title":3428,"heroImage":3349,"category":3236,"description":3429,"authors":3430,"date":3431},"Fuzzit - GitLab journey","From a bootstrap startup to integral part of GitLab.",[3352],"2020-10-22",{"slug":3433,"externalUrl":-1},"fuzzit-acquisition-journey",{"content":3435,"config":3441},{"title":3436,"heroImage":3437,"category":1300,"description":3438,"authors":3439,"date":3431},"How open source contributions accelerate GitLab Secure","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668622/Blog/Hero%20Images/group-rowing-collaboration.jpg","Community contributions and an open integration framework allows anyone to extend GitLab Secure",[3440],"Taylor McCaslin",{"slug":3442,"externalUrl":-1},"integrating-with-gitlab-secure",{"content":3444,"config":3450},{"title":3445,"heroImage":3446,"category":10,"description":3447,"authors":3448,"date":3449},"Why you need a security champions program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664002/Blog/Hero%20Images/securitychampions.jpg","Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.",[2388],"2020-10-14",{"slug":3451,"externalUrl":-1},"why-security-champions",{"content":3453,"config":3459},{"title":3454,"heroImage":3455,"category":834,"description":3456,"authors":3457,"date":3458},"Get the most out of the Checkmarx integration with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681659/Blog/Hero%20Images/checkmarx.jpg","Make it easier for developers to find bugs and for dev and sec to get along. Here’s what you need to know about the GitLab/Checkmarx integration.",[2388],"2020-10-12",{"slug":3460,"externalUrl":-1},"checkmarx-integration",{"content":3462,"config":3469},{"title":3463,"heroImage":3464,"category":3236,"description":3465,"authors":3466,"date":3468},"A single application for your end-to-end DevOps needs starts with Version Control & Collaboration","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681652/Blog/Hero%20Images/markus-spiske-MkwAXj8LV8c-unsplash.png","Version Control & Collaboration is centered at the core of your end-to-end DevOps single application needs",[3467],"Tye Davis","2020-10-07",{"slug":3470,"externalUrl":-1},"vcc-with-a-single-app",{"content":3472,"config":3479},{"title":3473,"heroImage":3474,"category":10,"description":3475,"authors":3476,"date":3478},"GitLab's security trends report – our latest look at what's most vulnerable","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678152/Blog/Hero%20Images/data.jpg","From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.",[3477],"Wayne Haber","2020-10-06",{"slug":3480,"externalUrl":-1},"gitlab-latest-security-trends",{"content":3482,"config":3488},{"title":3483,"heroImage":3484,"category":3236,"description":3485,"authors":3486,"date":3487},"Managing Compliance with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681610/Blog/Hero%20Images/andrew-neel-cckf4TsHAuw-unsplash.jpg","GitLab makes compliance easy!",[767],"2020-10-01",{"slug":3489,"externalUrl":-1},"compliance-management",{"content":3491,"config":3496},{"title":3492,"heroImage":3493,"category":3236,"description":3494,"authors":3495,"date":3487},"Find Bugs with Coverage-Guided Fuzz Testing","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681620/Blog/Hero%20Images/taya-dianna-zgSaLgXIINI-unsplash.jpg","Use fuzz testing to find bugs and security issues other QA processes might miss.",[767],{"slug":3497,"externalUrl":-1},"fuzzing-with-gitlab",{"content":3499,"config":3504},{"title":3500,"heroImage":3501,"category":3236,"description":3502,"authors":3503,"date":3487},"Running Security Scans in Limited Connectivity and Offline Environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666484/Blog/Hero%20Images/steven-kamenar-MMJx78V7xS8-unsplash.jpg","GitLab Security Scans can ensure Security in the most locked down environments.",[767],{"slug":3505,"externalUrl":-1},"offline-environments",{"content":3507,"config":3513},{"title":3508,"heroImage":3509,"category":10,"description":3510,"authors":3511,"date":3512},"Our top tips for better bug bounty reports, plus a hacker contest!","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671004/Blog/Hero%20Images/pexels-shawn-stutzman-1010496.jpg","Our AppSec team breaks down what makes a great bug bounty report. That advice comes just in time, as we're having another bug bounty contest.",[2424],"2020-09-28",{"slug":3514,"externalUrl":-1},"top-tips-for-better-bug-bounty-reports-and-a-hacker-contest",{"content":3516,"config":3522},{"title":3517,"heroImage":3349,"category":3236,"description":3518,"authors":3519,"date":3521},"Top Ten Reasons to Check Out GitLab's Virtual Commit","An overview of GitLab's Virtual Commit and the content available specific to public sector.",[3520],"Jim Riley","2020-09-14",{"slug":3523,"externalUrl":-1},"top-ten-reasons-to-check-out-gitlab-virtual-commit",{"content":3525,"config":3530},{"title":3526,"heroImage":3527,"category":3236,"description":3528,"authors":3529,"date":3521},"How information security practices help everyone","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670783/Blog/Hero%20Images/pexels-christina-morillo.jpg","Security oversights can happen to anyone without the right practices in place. Read here on why security practices matter and what you should use.",[2424],{"slug":3531,"externalUrl":-1},"why-basic-security-practices-matter-for-everyone",{"content":3533,"config":3538},{"title":3534,"heroImage":3535,"category":3236,"description":3534,"authors":3536,"date":3537},"Being A Better Ally","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679611/Blog/Hero%20Images/cook-county-blog-unsplash.jpg",[1323],"2020-09-09",{"slug":3539,"externalUrl":-1},"being-a-better-ally",{"content":3541,"config":3547},{"title":3542,"heroImage":3543,"category":3236,"description":3544,"authors":3545,"date":3546},"How being public by default in security builds trust","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670904/Blog/Hero%20Images/corded-devices.jpg","The rewards of being open in security still outweigh the challenges.",[2424],"2020-09-03",{"slug":3548,"externalUrl":-1},"how-being-public-by-default-in-security-builds-trust",{"content":3550,"config":3557},{"title":3551,"heroImage":3552,"category":3236,"description":3553,"authors":3554,"date":3546},"How the Search Team at GitLab Implemented a Risk Map to Direct Automated Testing Efforts","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669590/Blog/Hero%20Images/niklas_hamann-fyvNzhJTQBA-unsplash.jpg","A justification of how the search team decided to try risk mapping as an ongoing exercise to determine where test automation should be written, and some guidance on how to create a risk map.",[3555,3556],"Erick Banks","John McGuire",{"slug":3558,"externalUrl":-1},"risk-mapping",{"content":3560,"config":3566},{"title":3561,"heroImage":3562,"category":10,"description":3563,"authors":3564,"date":3565},"How to configure DAST full scans for complex web applications","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679617/Blog/Hero%20Images/tuning-237454.jpg","Keep your DAST job within timeout limits and fine-tune job configurations for better results",[1778],"2020-08-31",{"slug":3567,"externalUrl":-1},"how-to-configure-dast-full-scans-for-complex-web-applications",{"content":3569,"config":3575},{"title":3570,"heroImage":3571,"category":3236,"description":3572,"authors":3573,"date":3574},"Applying risk management to pandemic-driven remote learning","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672774/Blog/Hero%20Images/pexels-august.jpg","A GitLab team member and parent offers some tips to improve today’s remote learning experience.",[3317],"2020-08-27",{"slug":3576,"externalUrl":-1},"applying-risk-management-to-remote-learning",{"content":3578,"config":3585},{"title":3579,"heroImage":3580,"category":834,"description":3581,"authors":3582,"date":3584},"How developer-centric AppSec testing can dramatically change your DevOps team","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681513/Blog/Hero%20Images/stackhawk.jpg","Find and fix security bugs faster by implementing developer-centric application security testing in the CI pipeline. And the bonus? Engineering and security will finally be better aligned.",[3583],"Joni Klippert","2020-08-21",{"slug":3586,"externalUrl":-1},"align-engineering-security-appsec-tests-in-ci",{"content":3588,"config":3595},{"title":3589,"heroImage":3590,"category":3236,"description":3591,"authors":3592,"date":3594},"How Arctic Engine uses GitLab's fuzz testing","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681504/Blog/Hero%20Images/arcticengine.png","Using GitLab's fuzz testing, we discovered and fixed various real defects that could crash our software. Now we can detect vulnerabilities before merging the code.",[3593],"Huldra","2020-08-19",{"slug":3596,"externalUrl":-1},"arctic-engine-fuzz-testing-blog",{"content":3598,"config":3602},{"title":3599,"heroImage":2724,"category":10,"description":3600,"authors":3601,"date":3594},"Upcoming GitLab.com narrow breaking changes to Secure Analyzers in GitLab 13.4","Our next release, 13.4, will include narrow breaking changes for our Secure scanning features. Find out how this could affect you and what you need to do.",[3440],{"slug":3603,"externalUrl":-1},"gitlab-com-13-4-breaking-changes",{"content":3605,"config":3611},{"title":3606,"heroImage":3349,"category":537,"description":3607,"authors":3608,"date":3610},"How GitLab improves cloud native application security and protection","In this article, we will show you how GitLab can help you streamline your cloud native application security from a code and operations point of view by providing you with real-world examples.",[3609],"Nico Meisenzahl","2020-08-18",{"slug":3612,"externalUrl":-1},"how-gitlab-can-help-you-secure-your-cloud-native-applications",{"content":3614,"config":3620},{"title":3615,"heroImage":3616,"category":2385,"description":3617,"authors":3618,"date":3619},"The developer-security divide: frank talk from both sides","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681492/Blog/Hero%20Images/puzzle.jpg","Data from our 2020 DevSecOps Survey shows dev and sec remain at odds over test, bug finding, fixes, and more. Can we be friends? Maybe.",[2568],"2020-08-13",{"slug":3621,"externalUrl":-1},"developer-security-divide",{"content":3623,"config":3628},{"title":3624,"heroImage":3625,"category":3236,"description":3626,"authors":3627,"date":3619},"What it's like to intern on the GitLab Security team","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672427/Blog/Hero%20Images/cgower_desk.jpg","I spent 16 weeks interning across the GitLab security department and here’s what I learned",[2908],{"slug":3629,"externalUrl":-1},"what-its-like-to-intern-in-gitlab-security",{"content":3631,"config":3637},{"title":3632,"heroImage":3633,"category":10,"description":3634,"authors":3635,"date":3636},"How to play GitLab's Capture the Flag at home","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681485/Blog/Hero%20Images/gitlab_ctf.png","Our AppSec team built and ran a CTF, and now it's available for you to play at home.",[2257],"2020-08-12",{"slug":3638,"externalUrl":-1},"how-to-play-gitlab-ctf-at-home",{"content":3640,"config":3646},{"title":3641,"heroImage":3642,"category":10,"description":3643,"authors":3644,"date":3645},"How to benchmark security tools: a case study using WebGoat","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678166/Blog/Hero%20Images/benchmarking.jpg","When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.",[2773],"2020-08-11",{"slug":3647,"externalUrl":-1},"how-to-benchmark-security-tools",{"content":3649,"config":3655},{"title":3650,"heroImage":3651,"category":10,"description":3652,"authors":3653,"date":3654},"How to secure your dependencies with GitLab and WhiteSource","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663445/Blog/Hero%20Images/snowymtns.jpg","We walk you through how to configure WhiteSource in your GitLab instance to enhance your application security.",[767],"2020-08-10",{"slug":3656,"externalUrl":-1},"whitesource-for-dependency-scanning",{"content":3658,"config":3665},{"title":3659,"heroImage":3660,"category":834,"description":3661,"authors":3662,"date":3664},"How GitLab protects your IP","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667110/Blog/Hero%20Images/how-gitlab-protects-your-ip.jpg","There are many ways in which hosting intellectual property in GitLab is not only secure but also flexible and invites collaboration.",[3663],"Jordi Mon","2020-08-07",{"slug":3666,"externalUrl":-1},"how-gitlab-protects-your-ip",{"content":3668,"config":3674},{"title":3669,"heroImage":3099,"category":794,"description":3670,"authors":3671,"date":3673},"GitLab Support is no longer processing MFA resets for free users","From August 15th, GitLab Support will no longer be manually removing MFA from free accounts.",[3672],"Lyle Kozloff","2020-08-04",{"slug":3675,"externalUrl":-1},"gitlab-support-no-longer-processing-mfa-resets-for-free-users",{"content":3677,"config":3682},{"title":3678,"heroImage":3349,"category":3236,"description":3679,"authors":3680,"date":3673},"My experience interning to work with security scanning at GitLab","Experience with doing a 4 week internship implementing security scans",[3681],"Eric Rosenberg",{"slug":3683,"externalUrl":-1},"security-scan-experience",{"content":3685,"config":3691},{"title":3686,"heroImage":2273,"category":10,"description":3687,"authors":3688,"date":3690},"Get better container security with GitLab: 4 real-world examples","Containers are increasingly popular – and increasingly vulnerable. Using\nfour threat scenarios, we step through how GitLab's built-in security\nfeatures will make containers safer.",[3689],"Thiago Figueiró","2020-07-28",{"slug":3692,"externalUrl":-1},"container-security-in-gitlab",{"content":3694,"config":3701},{"title":3695,"heroImage":3696,"category":834,"description":3697,"authors":3698,"date":3700},"GitLab's guide to safe deployment practices","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678412/Blog/Hero%20Images/safe_deploy.jpg","It's important to safeguard your deployment process. Here's our best advice to protect your environments.",[3699],"Orit Golowinski","2020-07-23",{"slug":3702,"externalUrl":-1},"safe-deploys",{"content":3704,"config":3710},{"title":3705,"heroImage":3706,"category":2385,"description":3707,"authors":3708,"date":3709},"A guide to Rust programming language","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681441/Blog/Hero%20Images/rust.jpg","Rust is a well-loved programming language but it is a mindset shift from options like C++. Here's a tutorial and an inside look at Rust code and its capabilities.",[2388],"2020-07-21",{"slug":3711,"externalUrl":-1},"rust-programming-language",{"content":3713,"config":3720},{"title":3714,"heroImage":3715,"category":2385,"description":3716,"authors":3717,"date":3719},"DevSecOps basics: 5 steps to standardize (and then scale) security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663613/Blog/Hero%20Images/devsecops-security-standardization.jpg","DevSecOps is incomplete without speed and scale. Standardize security to make it happen.",[3718],"Vanessa Wegner","2020-07-20",{"slug":3721,"externalUrl":-1},"devsecops-security-standardization",{"content":3723,"config":3729},{"title":3724,"heroImage":3725,"category":794,"description":3726,"authors":3727,"date":3728},"How recent acquisitions introduce fuzz testing to GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681436/Blog/Hero%20Images/peaches2.jpg","Learn more about fuzz testing and GitLab's recent acquisitions in the space.",[2532],"2020-07-17",{"slug":3730,"externalUrl":-1},"fuzz-testing",{"content":3732,"config":3738},{"title":3733,"heroImage":3734,"category":2385,"description":3735,"authors":3736,"date":3737},"DevSecOps basics: how to build a security culture in 6 steps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663608/Blog/Hero%20Images/security-culture-devsecops.jpg","How to build a DevSecOps culture in your workplace. Get there faster by creating a strong security culture.",[3718],"2020-07-15",{"slug":3739,"externalUrl":-1},"security-culture-devsecops",{"content":3741,"config":3747},{"title":3742,"heroImage":3743,"category":2385,"description":3744,"authors":3745,"date":3746},"Automated security testing for DevSecOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662504/Blog/Hero%20Images/devsecops-automated-security.jpg","We share four fool-proof ways to bring your security automation to the next level and five reasons why it's critical.",[3718],"2020-07-08",{"slug":3748,"externalUrl":-1},"devsecops-security-automation",{"content":3750,"config":3756},{"title":3751,"heroImage":3752,"category":834,"description":3753,"authors":3754,"date":3755},"How GitLab's application security dashboard helps AppSec engineers","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663482/Blog/Hero%20Images/ralph-kayden-4Cg5T03B_8s-unsplash.jpg","GitLab Security features help application security engineers collaborate more efficiently and better assess the security posture of the projects they oversee.",[767],"2020-07-07",{"slug":3757,"externalUrl":-1},"secure-stage-for-appsec",{"content":3759,"config":3765},{"title":3760,"heroImage":3761,"category":2385,"description":3762,"authors":3763,"date":3764},"DevSecOps basics: 5 cross-functional team collaboration goals","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663594/Blog/Hero%20Images/devsecops-cross-collaboration.jpg","Team work makes the (DevSecOps) dream work. Here's what you need to know about collaboration.",[3718],"2020-07-01",{"slug":3766,"externalUrl":-1},"achieve-devsecops-collaboration",{"content":3768,"config":3774},{"title":3769,"heroImage":3099,"category":10,"description":3770,"authors":3771,"date":3773},"GitLab will extend package signing key expiration by one year","Our GPG key will now expire on July 1, 2021. Here's what you need to know.",[3772],"Gerard Hickey","2020-06-25",{"slug":3775,"externalUrl":-1},"package-key-extension",{"content":3777,"config":3784},{"title":3778,"heroImage":3779,"category":10,"description":3780,"authors":3781,"date":3783},"How secure is GitLab?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669646/Blog/Hero%20Images/blog-soc2-compliance.jpg","Learn about GitLab's commitment to security and compliance, our security program maturity and accreditations.",[3782,940],"Saumya Upadhyaya","2020-06-24",{"slug":3785,"externalUrl":-1},"soc2-compliance",{"content":3787,"config":3793},{"title":3788,"heroImage":3789,"category":2385,"description":3790,"authors":3791,"date":3792},"DevSecOps basics: 9 tips for shifting left","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663602/Blog/Hero%20Images/efficient-devsecops-9-tips.jpg","Here's how to create an efficient DevSecOps practice and shift your security left.",[3718],"2020-06-23",{"slug":3794,"externalUrl":-1},"efficient-devsecops-nine-tips-shift-left",{"content":3796,"config":3802},{"title":3797,"heroImage":3349,"category":3236,"description":3798,"authors":3799,"date":3801},"Successful approaches for team collaboration between Design, Product, Engineering, and Quality","Collaboration can be hard, but we've found a few tips and tricks that help us succeed here at GitLab.",[3800],"Jason Yavorska","2020-06-03",{"slug":3803,"externalUrl":-1},"collaboration-in-product-planning",{"content":3805,"config":3811},{"title":3806,"heroImage":3807,"category":10,"description":3808,"authors":3809,"date":3810},"GitLab instance: security best practices","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667057/Blog/Hero%20Images/configs_unsplash.jpg","Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.",[1533],"2020-05-20",{"slug":3812,"externalUrl":-1},"gitlab-instance-security-best-practices",{"content":3814,"config":3820},{"title":3815,"heroImage":3816,"category":3236,"description":3817,"authors":3818,"date":3819},"Security strengthened by iteration, and transparency","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670837/Blog/Hero%20Images/two-brown-trees.jpg","Iteration is a core value at GitLab. How do you keep things protected when change is a constant?",[2424],"2020-05-18",{"slug":3821,"externalUrl":-1},"security-strengthened-by-interation-and-transparency",{"content":3823,"config":3830},{"title":3824,"heroImage":3825,"category":10,"description":3826,"authors":3827,"date":3829},"The benefits of transparency in a compliance audit","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681258/Blog/Hero%20Images/mvdheuvel-unsplash.jpg","We’re transparent by default, and just completed our first SOC 2 Type 1 audit! How does our public-first stance affect our compliance efforts and impact an audit?",[3828],"Steve Truong","2020-04-28",{"slug":3831,"externalUrl":-1},"benefits-of-transparency-in-compliance",{"content":3833,"config":3839},{"title":3834,"heroImage":3835,"category":10,"description":3836,"authors":3837,"date":3838},"How we manage open source security software","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681227/Blog/Hero%20Images/opensourcesecurity.jpg","Open source software presents unique security challenges. Here’s what you need to know.",[1533],"2020-04-10",{"slug":3840,"externalUrl":-1},"open-source-security",{"content":3842,"config":3848},{"title":3843,"heroImage":3844,"category":10,"description":3845,"authors":3846,"date":3847},"Top 6 security trends in GitLab-hosted projects","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663502/Blog/Hero%20Images/paperclips.jpg","Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.",[3477],"2020-04-02",{"slug":3849,"externalUrl":-1},"security-trends-in-gitlab-hosted-projects",{"content":3851,"config":3856},{"title":3852,"heroImage":2254,"category":10,"description":3853,"authors":3854,"date":3855},"How to exploit parser differentials","Your guide to abusing 'language barriers' between web components.",[2257],"2020-03-30",{"slug":3857,"externalUrl":-1},"how-to-exploit-parser-differentials",{"content":3859,"config":3865},{"title":3860,"heroImage":3861,"category":2385,"description":3862,"authors":3863,"date":3864},"Why implementing security as code is important for DevSecOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663618/Blog/Hero%20Images/how-to-implement-security-as-code.jpg","We created a DevSecOps assessment to help your company level up its DevSecOps capabilities.",[3718],"2020-03-12",{"slug":3866,"externalUrl":-1},"how-to-security-as-code",{"content":3868,"config":3875},{"title":3869,"heroImage":3870,"category":271,"description":3871,"authors":3872,"date":3874},"How to bring GitLab to a classroom near you","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669503/Blog/Hero%20Images/susan-yin-library.jpg","Learn more about the education program at GitLab!",[3873],"Christina Hupy, Ph.D.","2020-03-06",{"slug":3876,"externalUrl":-1},"bring-gitlab-to-classroom-nearyou",{"content":3878,"config":3884},{"title":3879,"heroImage":3880,"category":10,"description":3881,"authors":3882,"date":3883},"We answer your most popular questions about our Zero Trust journey","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681098/Blog/Hero%20Images/lysander-yuen-wk-ztn-unsplash.jpg","From why we chose Okta to issues around data fluidity, here are answers to your most-asked ZT questions.",[1533],"2020-02-19",{"slug":3885,"externalUrl":-1},"questions-regarding-our-zero-trust-efforts",{"content":3887,"config":3893},{"title":3888,"heroImage":3889,"category":794,"description":3890,"authors":3891,"date":3892},"How we’ll simplify Vault access for GitLab CI/CD users","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681067/Blog/Hero%20Images/vaultintegration.jpg","CEO Sid Sijbrandij and senior product manager Thao Yeager discuss the easiest way to bring Vault access to GitLab customers. Hint: it involves a minimum viable change.",[2388],"2020-02-13",{"slug":3894,"externalUrl":-1},"vault-integration-process",{"content":3896,"config":3902},{"title":3897,"heroImage":3898,"category":10,"description":3899,"authors":3900,"date":3901},"Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672755/Blog/Hero%20Images/white-lightning-heating-mountain.jpg","A Red Team exercise on exploiting design decisions on GCP.",[1102],"2020-02-12",{"slug":3903,"externalUrl":-1},"plundering-gcp-escalating-privileges-in-google-cloud-platform",{"content":3905,"config":3911},{"title":3906,"heroImage":3907,"category":2385,"description":3908,"authors":3909,"date":3910},"Securing next generation software","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749673038/Blog/Hero%20Images/ciso-secure-next-gen-software.jpg","Scale your security efforts by understanding and integrating with the DevOps workflow.",[2377],"2020-01-27",{"slug":3912,"externalUrl":-1},"ciso-secure-next-gen-software",{"content":3914,"config":3920},{"title":3915,"heroImage":3916,"category":10,"description":3917,"authors":3918,"date":3919},"GitLab is now a member of the OWASP Foundation","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679658/Blog/Hero%20Images/Owasp_logo.jpg","GitLab is thrilled to announce our membership in the OWASP Foundation.",[3477],"2020-01-21",{"slug":3921,"externalUrl":-1},"gitlab-is-now-a-member-of-the-owasp-foundation",{"content":3923,"config":3930},{"title":3924,"heroImage":3925,"category":834,"description":3926,"authors":3927,"date":3929},"Why GitLab.com is changing its CDN provider to Cloudflare March 28","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665811/Blog/Hero%20Images/daytime-clouds.jpg","Get the scoop on our plan to change GitLab.com to Cloudflare.",[3928],"David Smith","2020-01-16",{"slug":3931,"externalUrl":-1},"gitlab-changes-to-cloudflare",{"content":3933,"config":3939},{"title":3934,"heroImage":3935,"category":10,"description":3936,"authors":3937,"date":3938},"Celebrating a million dollars in bounties paid","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680992/Blog/Hero%20Images/silhouette-of-crowd-people-1486628.jpg","Our bug bounty program has grown, expanded and matured in the past 5 years. A lot can happen in a million dollars’ time.",[2424],"2020-01-14",{"slug":3940,"externalUrl":-1},"celebrating-one-million-bug-bounties-paid",{"content":3942,"config":3948},{"title":3943,"heroImage":3944,"category":1300,"description":3945,"authors":3946,"date":3938},"GitLab and WhiteSource: the easy way to secure your open source code","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681016/Blog/Hero%20Images/gitlab-whitesource.png","How we integrated with GitLab's security dashboards to make it easier to secure your open source code earlier in the dev lifecycle",[3947],"Guy Bar-Gil, Product Manager at WhiteSource",{"slug":3949,"externalUrl":-1},"whitesource-gitlab-security-integration",{"content":3951,"config":3958},{"title":3952,"heroImage":3953,"category":10,"description":3954,"authors":3955,"date":3957},"Introducing Token-Hunter","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679669/Blog/Hero%20Images/lightscape-Bsw6l6e01Rw-unsplash.jpg","Our red team has created a new tool to find sensitive data in the vast, wide-open.",[3956],"Greg Johnson","2019-12-20",{"slug":3959,"externalUrl":-1},"introducing-token-hunter",{"content":3961,"config":3967},{"title":3962,"heroImage":3340,"category":10,"description":3963,"authors":3964,"date":3966},"Bugs, bounties, and cherry browns","Cheers, our bug bounty program is celebrating one year!",[3965],"Juan Broullon","2019-12-12",{"slug":3968,"externalUrl":-1},"bugs-bounties-and-cherry-browns",{"content":3970,"config":3975},{"title":3971,"heroImage":2254,"category":10,"description":3972,"authors":3973,"date":3974},"Shopping for an admin account via path traversal","How to exploit a path traversal issue to gain an admin account",[2257],"2019-11-29",{"slug":3976,"externalUrl":-1},"shopping-for-an-admin-account",{"content":3978,"config":3984},{"title":3979,"heroImage":3980,"category":2385,"description":3981,"authors":3982,"date":3983},"A brief guide to multicloud security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679136/Blog/Hero%20Images/multi-cloud-security.jpg","Five challenges and seven best practices to consider for your multicloud strategy.",[3718],"2019-11-21",{"slug":3985,"externalUrl":-1},"multi-cloud-security",{"content":3987,"config":3993},{"title":3988,"heroImage":3989,"category":10,"description":3990,"authors":3991,"date":3992},"How to overcome toolchain security challenges with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749673158/Blog/Hero%20Images/toolchain-security-gitlab-cover.jpg","Use GitLab to control your toolchain sprawl, improve team communication and productivity, and secure your DevOps lifecycle.",[3718],"2019-11-20",{"slug":3994,"externalUrl":-1},"toolchain-security-with-gitlab",{"content":3996,"config":4002},{"title":3997,"heroImage":3998,"category":2385,"description":3999,"authors":4000,"date":4001},"Defending the CI/CD pipeline","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678499/Blog/Hero%20Images/defend-cicd-security.jpg","Speed to launch often comes at the cost of security – but it doesn’t have to. Here are four ways to achieve both by using a CI/CD pipeline",[3718],"2019-11-19",{"slug":4003,"externalUrl":-1},"defend-cicd-security",{"content":4005,"config":4011},{"title":4006,"heroImage":4007,"category":10,"description":4008,"authors":4009,"date":4010},"We are increasing bounties in our bug bounty program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672689/Blog/Hero%20Images/banter-snaps-REyoFHP9pw8-unsplash.jpg","We're now offering higher bounties for critical and high severity reports.",[2424],"2019-11-18",{"slug":4012,"externalUrl":-1},"were-increasing-bounties-in-our-bug-bounty-program",{"content":4014,"config":4020},{"title":4015,"heroImage":4016,"category":3236,"description":4017,"authors":4018,"date":4019},"The security tightrope: balancing security with ease-of-use","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680866/Blog/Hero%20Images/architecture-boulder-city-cityscape-220759.jpg","How do you balance user experience with the friction that’s introduced when trying to keep something secure?",[2424],"2019-11-07",{"slug":4021,"externalUrl":-1},"the-security-tightrope",{"content":4023,"config":4029},{"title":4024,"heroImage":4025,"category":2385,"description":4026,"authors":4027,"date":4028},"How to ensure security at the speed of DevOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678356/Blog/Hero%20Images/balance-speed-security-devops.jpg","Read here on how to speed up your secure DevOps for faster delivery on your safe and secure applications.",[3718],"2019-10-31",{"slug":4030,"externalUrl":-1},"speed-security-devops",{"content":4032,"config":4038},{"title":4033,"heroImage":4034,"category":2385,"description":4035,"authors":4036,"date":4037},"Securing the journey to continuous delivery","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678442/Blog/Hero%20Images/londoncommit.png","The UK Dept for Work and Pensions bring security best practices to the forefront of a massive transition to continuous delivery.",[3718],"2019-10-30",{"slug":4039,"externalUrl":-1},"secure-journey-continuous-delivery",{"content":4041,"config":4046},{"title":4042,"heroImage":3154,"category":2385,"description":4043,"authors":4044,"date":4045},"How advanced are your DevSecOps practices?","Read here what the three levels of DevSecOps practices are and what they include and how to improve your own",[3718],"2019-10-21",{"slug":4047,"externalUrl":-1},"advanced-devsecops-practices",{"content":4049,"config":4055},{"title":4050,"heroImage":4051,"category":3236,"description":4052,"authors":4053,"date":4054},"The sky is not falling","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679692/Blog/Hero%20Images/dawn-idyllic-ocean-464344.jpg","Tips to avoid the FUD and protect yourself online.",[2424],"2019-10-17",{"slug":4056,"externalUrl":-1},"the-sky-is-not-falling",{"content":4058,"config":4064},{"title":4059,"heroImage":4060,"category":10,"description":4061,"authors":4062,"date":4063},"Zero Trust at GitLab: Where do we go from here?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679704/Blog/Hero%20Images/puria-berenji-Dyi1K2atCRw-unsplash.jpg","We take a look back at how far we've come in our ZTN implementation, and at the progress we still need to make.",[1533],"2019-10-15",{"slug":4065,"externalUrl":-1},"zero-trust-at-gitlab-where-do-we-go-from-here",{"content":4067,"config":4073},{"title":4068,"heroImage":4069,"category":10,"description":4070,"authors":4071,"date":4072},"Zero Trust at GitLab: Implementation challenges (and a few solutions)","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665982/Blog/Hero%20Images/jpvalery-9pLx0sLli4unsplash.jpg","Implementing change in an already working environment always brings its fair share of growing pains. What happens when that change is Zero Trust?",[1533],"2019-10-02",{"slug":4074,"externalUrl":-1},"zero-trust-at-gitlab-implementation-challenges",{"content":4076,"config":4082},{"title":4077,"heroImage":4078,"category":10,"description":4079,"authors":4080,"date":4081},"Why we're reducing the time to payout and launching a bug bounty anniversary contest","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678574/Blog/Hero%20Images/art-backlight-blur-249203.jpg","You talked. We listened. Quicker bug bounty payouts and we're holding a contest for our hackers!",[1778],"2019-09-24",{"slug":4083,"externalUrl":-1},"reducing-time-to-payout-and-launching-a-bug-bounty-anniversary-contest",{"content":4085,"config":4091},{"title":4086,"heroImage":2874,"category":2385,"description":4087,"authors":4088,"date":4090},"5 Security testing principles every developer should know","Developers are looking for guidance and standard practices as they take on more security testing responsibilities.",[3718,4089],"Seth Berger","2019-09-16",{"slug":4092,"externalUrl":-1},"security-testing-principles-developer",{"content":4094,"config":4100},{"title":4095,"heroImage":4096,"category":3236,"description":4097,"authors":4098,"date":4099},"The cloud-native, all-remote security challenge","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670171/Blog/Hero%20Images/akshay-nanavati-Zq6HerrBPEs-unsplash.jpg","What are the challenges and rewards of working in security at a cloud-native, all-remote company like GitLab?",[2424],"2019-09-13",{"slug":4101,"externalUrl":-1},"the-cloud-native-all-remote-security-challenge",{"content":4103,"config":4109},{"title":4104,"heroImage":4105,"category":2385,"description":4106,"authors":4107,"date":4108},"Don’t let your dependency-laden software become the next monolith","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678488/Blog/Hero%20Images/software-dependencies-monolith.jpg","Keep your software development fast and efficient with dependency scanning and auto-remediation.",[3718],"2019-09-09",{"slug":4110,"externalUrl":-1},"software-dependencies-tech-debt",{"content":4112,"config":4118},{"title":4113,"heroImage":4114,"category":10,"description":4115,"authors":4116,"date":4117},"Zero Trust at GitLab: Mitigating challenges with data zones and authentication scoring","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680808/Blog/Hero%20Images/fabio-oyXis2kALVg-unsplash.png","How we're defining and aligning data zones in our Zero Trust implementation.",[1533],"2019-09-06",{"slug":4119,"externalUrl":-1},"zero-trust-at-gitlab-data-zones-and-authentication-scoring",{"content":4121,"config":4127},{"title":4122,"heroImage":4123,"category":3236,"description":4124,"authors":4125,"date":4126},"The difference transparency makes in security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670826/Blog/Hero%20Images/orlova-maria-EF6z_6R94zQ-unsplash.jpg","What happens when you lift the veil around security?",[2424],"2019-09-05",{"slug":4128,"externalUrl":-1},"the-difference-transparency-makes-in-security",{"content":4130,"config":4136},{"title":4131,"heroImage":4132,"category":2385,"description":4133,"authors":4134,"date":4135},"4 Ways developers can write secure code with GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666895/Blog/Hero%20Images/developers-write-secure.jpg","GitLab Secure is not just for your security team – it’s for developers too. Learn four ways to write secure code with GitLab.",[3718],"2019-09-03",{"slug":4137,"externalUrl":-1},"developers-write-secure-code-gitlab",{"content":4139,"config":4145},{"title":4140,"heroImage":4141,"category":10,"description":4142,"authors":4143,"date":4144},"Zero Trust at GitLab: The data classification and infrastructure challenge","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679055/Blog/Hero%20Images/close-up-colorful-colors-40799.jpg","The classification of data is a huge step in the right direction when it comes to handling Zero Trust, but it comes with its own set of challenges.",[1533],"2019-08-21",{"slug":4146,"externalUrl":-1},"zero-trust-at-gitlab-the-data-classification-and-infrastructure-challenge",{"content":4148,"config":4154},{"title":4149,"heroImage":4150,"category":2385,"description":4151,"authors":4152,"date":4153},"Why building compliance as code in DevOps will benefit your entire company","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680734/Blog/Hero%20Images/compliance-as-code-header.jpg","Read here on how to integrate compliance as code into your DevOps cycle and why it's important to have in your business",[3718],"2019-08-19",{"slug":4155,"externalUrl":-1},"get-started-compliance-as-code",{"content":4157,"config":4164},{"title":4158,"heroImage":4159,"category":10,"description":4160,"authors":4161,"date":4163},"American Fuzzy Lop on GitLab: Automating instrumented fuzzing using pipelines","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680723/Blog/Hero%20Images/aerial-shot-birds-eye-view.jpg","An example of how to automate instrumented fuzzing with American Fuzzy Lop using pipelines.",[4162],"Luka Trbojevic","2019-08-14",{"slug":4165,"externalUrl":-1},"american-fuzzy-lop-on-gitlab",{"content":4167,"config":4173},{"title":4168,"heroImage":4169,"category":2385,"description":4170,"authors":4171,"date":4172},"Why you need static and dynamic application security testing in your development workflows","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680714/Blog/Hero%20Images/intro-developer-sast-dast.jpg","Bolster your code quality with static and dynamic application security testing. Learn why you need SAST and DAST for your projects.",[3718],"2019-08-12",{"slug":4174,"externalUrl":-1},"developer-intro-sast-dast",{"content":4176,"config":4182},{"title":4177,"heroImage":4178,"category":10,"description":4179,"authors":4180,"date":4181},"Zero Trust at GitLab: Problems, goals, and coming challenges","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680704/Blog/Hero%20Images/beasty-ztblog-unsplash.jpg","We map out our Zero Trust goals, the challenges we expect to encounter along the way, and how we plan to address them.",[1533],"2019-08-09",{"slug":4183,"externalUrl":-1},"zero-trust-at-gitlab-problems-goals-challenges",{"content":4185,"config":4191},{"title":4186,"heroImage":4187,"category":834,"description":4188,"authors":4189,"date":4190},"Moving workflows to GitLab: The case of the HIPAA Audit Protocol","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679716/Blog/Hero%20Images/bright-cardiac-cardiology.jpg","With the GitLab API, you can easily move workflows into GitLab. Here’s how we did it for the HIPAA Audit Protocol.",[4162],"2019-07-25",{"slug":4192,"externalUrl":-1},"moving-workflows-to-gitlab-the-case-of-the-hipaa-audit-protocol",{"content":4194,"config":4200},{"title":4195,"heroImage":2291,"category":10,"description":4196,"authors":4197,"date":4199},"What we learned by taking our bug bounty program public","Six months into our public bug bounty program, we're taking stock of what's working and where we can make improvements.",[4198],"Ethan Strike","2019-07-19",{"slug":4201,"externalUrl":-1},"what-we-learned-by-taking-our-bug-bounty-program-public",{"content":4203,"config":4209},{"title":4204,"heroImage":4205,"category":2385,"description":4206,"authors":4207,"date":4208},"4 Risks to consider when implementing third-party code","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680662/Blog/Hero%20Images/third-party-code-risks.jpg","Third-party code is a great resource for businesses, but comes with a number of risks. Explore four ways developers can keep their code secure.",[3718],"2019-07-16",{"slug":4210,"externalUrl":-1},"third-party-code-risks",{"content":4212,"config":4219},{"title":4213,"heroImage":4214,"category":10,"description":4215,"authors":4216,"date":4218},"Turning the Adobe CCF into the GitLab Control Framework (it's all open source!)","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749683200/Blog/Hero%20Images/geraldo-stanislas-unsplash.jpg","We've implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.",[4217],"Jeff Burrows","2019-07-10",{"slug":4220,"externalUrl":-1},"creating-the-gitlab-controls-framework",{"content":4222,"config":4228},{"title":4223,"heroImage":4224,"category":10,"description":4225,"authors":4226,"date":4227},"Ask GitLab Security: Alexander Dietrich","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679726/Blog/Hero%20Images/ask-security-cover.png","What are the challenges and rewards of working security for a growing, cloud native company? We grill one of our senior security engineers.",[2424],"2019-06-26",{"slug":4229,"externalUrl":-1},"ask-gitlab-security-alexander-dietrich",{"content":4231,"config":4236},{"title":4232,"heroImage":4224,"category":10,"description":4233,"authors":4234,"date":4235},"Ask GitLab Security: Roger Ostrander","What’s it like working day and night to kill spam, Bitcoin mining, malware and more? Meet our security team.",[2424],"2019-06-14",{"slug":4237,"externalUrl":-1},"ask-gitlab-security-roger-ostrander",{"content":4239,"config":4245},{"title":4240,"heroImage":4241,"category":10,"description":4242,"authors":4243,"date":4244},"When technology outpaces security compliance","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678968/Blog/Hero%20Images/signpost-sunset.jpg","Where does today's tech transformation leave tomorrow's security compliance? A senior security analyst tackles the question.",[4162],"2019-06-10",{"slug":4246,"externalUrl":-1},"when-technology-outpaces-security-compliance",{"content":4248,"config":4253},{"title":4249,"heroImage":4224,"category":10,"description":4250,"authors":4251,"date":4252},"Ask GitLab Security: Paul Harrison","What’s it like working to secure one of the most transparent organizations in the world? Meet our security team.",[2424],"2019-05-31",{"slug":4254,"externalUrl":-1},"ask-gitlab-security-paul-harrison",{"content":4256,"config":4262},{"title":4257,"heroImage":2724,"category":271,"description":4258,"authors":4259,"date":4261},"Git ransom campaign incident report","This is a coordinated effort to help educate and inform users on secure best practices relating to the recent Git ransomware incident.",[4260],"Atlassian Bitbucket, GitHub, GitLab","2019-05-14",{"slug":4263,"externalUrl":-1},"git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab",{"content":4265,"config":4271},{"title":4266,"heroImage":4267,"category":10,"description":4268,"authors":4269,"date":4270},"How GitLab went about choosing the right compliance framework","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680591/Blog/Hero%20Images/compliance-frameworks.jpg","Independent vs aggregate? Determining the most effective security controls approach for any organization has many considerations.",[4217],"2019-05-07",{"slug":4272,"externalUrl":-1},"choosing-a-compliance-framework",{"content":4274,"config":4280},{"title":4275,"heroImage":4276,"category":2385,"description":4277,"authors":4278,"date":4279},"A shift left strategy for the cloud","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670146/Blog/Hero%20Images/containers-for-five-things-kubernetes-blog-post.jpg","Protect your software in the cloud by bringing vulnerability testing closer to remediation.",[2377,3718],"2019-05-03",{"slug":4281,"externalUrl":-1},"secure-containers-devops",{"content":4283,"config":4287},{"title":4284,"heroImage":3099,"category":271,"description":4285,"authors":4286,"date":4279},"Repositories held for ransom by using valid credentials","We’ve learned of suspicious Git activity on GitLab. Affected users have been notified.",[698],{"slug":4288,"externalUrl":-1},"suspicious-git-activity-security-update",{"content":4290,"config":4296},{"title":4291,"heroImage":4292,"category":271,"description":4293,"authors":4294,"date":4295},"Gemnasium: Our GitLab journey","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679751/Blog/Hero%20Images/gemnasium-gitlab-cover.png","We joined GitLab as a small startup and quickly became an integral part of the company. We want to share our success story with the startup community.",[3175],"2019-04-30",{"slug":4297,"externalUrl":-1},"gemnasium-our-gitlab-journey",{"content":4299,"config":4304},{"title":4300,"heroImage":4301,"category":2385,"description":4302,"authors":4303,"date":4295},"Speed up secure software delivery with DevSecOps","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671258/Blog/Hero%20Images/just-commit-blog-cover.png","It’s time to shift left: Embed security into your DevOps workflow to increase speed, quality, and efficiency in the SDLC.",[3718],{"slug":4305,"externalUrl":-1},"speed-secure-software-delivery-devsecops",{"content":4307,"config":4313},{"title":4308,"heroImage":2291,"category":10,"description":4309,"authors":4310,"date":4312},"Inside the GitLab public bug bounty program","Four months since going public with our bug bounty program, we dive into where we’re at, what success looks like, and what to expect down the road.",[4311],"Kathy Wang","2019-04-29",{"slug":4314,"externalUrl":-1},"inside-the-gitlab-public-bug-bounty-program",{"content":4316,"config":4322},{"title":4317,"heroImage":1413,"category":10,"description":4318,"authors":4319,"date":4321},"Agile iteration: My unique onboarding experience at GitLab","How I learned to iterate quickly during my first week at GitLab.",[4320],"Michael Fahey","2019-04-26",{"slug":4323,"externalUrl":-1},"agile-iteration-unique-onboarding-experience",{"content":4325,"config":4330},{"title":4326,"heroImage":2856,"category":271,"description":4327,"authors":4328,"date":4329},"GitLab is named a Challenger in The Forrester Wave™: Software Composition Analysis, Q2 2019","GitLab has been recognized by analysts as a challenger in Software Composition Analysis.",[2377],"2019-04-12",{"slug":4331,"externalUrl":-1},"gitlab-is-an-sca-contender",{"content":4333,"config":4339},{"title":4334,"heroImage":4335,"category":10,"description":4336,"authors":4337,"date":4338},"GitLab's security tools and the HIPAA risk analysis","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749680548/Blog/Hero%20Images/gitlab-security-and-hipaa-risk-analysis.jpg","A closer look at GitLab’s security scanning tools and the HIPAA risk analysis.",[4162],"2019-04-10",{"slug":4340,"externalUrl":-1},"gitlab-security-tools-and-the-hipaa-risk-analysis",{"content":4342,"config":4346},{"title":4343,"heroImage":1413,"category":10,"description":4344,"authors":4345,"date":4338},"Group Runner Registration Token Vulnerability","How we responded to a vulnerability in group runner registration tokens.",[4311],{"slug":4347,"externalUrl":-1},"group-runner-registration-token-vulnerability",{"content":4349,"config":4356},{"title":4350,"heroImage":4351,"category":271,"description":4352,"authors":4353,"date":4355},"What to check out at Google Cloud Next 2019","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679235/Blog/Hero%20Images/cloud-native-predictions-2019.jpg","Support women who code by stopping by our booth, learn from a host of GitLab experts, and more.",[4354],"Mayank Tahilramani","2019-04-04",{"slug":4357,"externalUrl":-1},"google-next-post",{"content":4359,"config":4365},{"title":4360,"heroImage":4361,"category":10,"description":4362,"authors":4363,"date":4364},"The evolution of Zero Trust","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664096/Blog/Hero%20Images/evolution-of-zero-trust.jpg","Zero Trust may be one of the hottest topics in security today, but it's not exactly new. Here's a history.",[1533],"2019-04-01",{"slug":4366,"externalUrl":-1},"evolution-of-zero-trust",{"content":4368,"config":4373},{"title":4369,"heroImage":2724,"category":10,"description":4370,"authors":4371,"date":4372},"An update on project runner registration token exposed through issues quick actions vulnerability","How we responded to a vulnerability in quick actions for issues that can expose project runner registration tokens to unauthorized users.",[4311],"2019-03-25",{"slug":4374,"externalUrl":-1},"security-incident-runner-registration-token",{"content":4376,"config":4383},{"title":4377,"heroImage":4378,"category":10,"description":4379,"authors":4380,"date":4382},"A deep dive into the Security Analyst persona","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663736/Blog/Hero%20Images/a-deep-dive-into-the-security-analyst-persona.jpg","See how we created our new Security Analyst persona, and how we are already putting it to use.",[4381],"Andy Volpe","2019-02-12",{"slug":4384,"externalUrl":-1},"a-deep-dive-into-the-security-analyst-persona",{"content":4386,"config":4393},{"title":4387,"heroImage":4388,"category":1300,"description":4389,"authors":4390,"date":4392},"Streamline and shorten error remediation with Sentry’s new GitLab integration","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679964/Blog/Hero%20Images/sentry-io-blog.jpg","Your code has bugs, my code has bugs, everyone’s code has bugs (probably). Let’s fix that.",[4391],"Eva Sasson","2019-01-25",{"slug":4394,"externalUrl":-1},"sentry-integration-blog-post",{"content":4396,"config":4402},{"title":4397,"heroImage":2724,"category":271,"description":4398,"authors":4399,"date":4401},"How we are iterating on Group Single Sign On for GitLab.com","Here's some insight into our approach to improving a key enterprise capability for GitLab.com, SSO.",[4400],"Eric Brinkman","2019-01-17",{"slug":4403,"externalUrl":-1},"iterating-on-sso",{"content":4405,"config":4412},{"title":4406,"heroImage":4407,"category":1300,"description":4408,"authors":4409,"date":4411},"How Wag! cut their release process from 40 minutes to just 6","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678923/Blog/Hero%20Images/dog-walking.jpg","The popular dog-walking app is rolling out new features faster and with more confidence as they adopt GitLab for more of their DevOps workflows.",[4410],"Aricka Flowers","2019-01-16",{"slug":4413,"externalUrl":-1},"wag-labs-blog-post",{"content":4415,"config":4421},{"title":4416,"heroImage":2628,"category":271,"description":4417,"authors":4418,"date":4420},"Support for TLS 1.0 and 1.1 discontinued on GitLab.com and GitLab API on 2018-12-15","TLS 1.2 is now required for all clients that connect to GitLab.com and our GitLab API.",[4419],"Melissa Farber","2018-12-17",{"slug":4422,"externalUrl":-1},"gitlab-tls1011-discontinued-update",{"content":4424,"config":4429},{"title":4425,"heroImage":2628,"category":834,"description":4426,"authors":4427,"date":4428},"GitLab's HackerOne Bug Bounty Program is public today","With 200 reported vulnerabilities and $200,000 awarded already, our bug bounty program is now public and open for your contributions.",[4311],"2018-12-12",{"slug":4430,"externalUrl":-1},"gitlab-hackerone-bug-bounty-program-is-public-today",{"content":4432,"config":4438},{"title":4433,"heroImage":3099,"category":834,"description":4434,"authors":4435,"date":4437},"GitLab Runner update required to use SAST in Auto DevOps","Make sure you upgrade GitLab Runner to 11.5+ to coninue using SAST in Auto DevOps.",[4436],"Fabio Busatto","2018-12-06",{"slug":4439,"externalUrl":-1},"gitlab-runner-update-required-to-use-auto-devops-and-sast",{"content":4441,"config":4447},{"title":4442,"heroImage":4443,"category":834,"description":4444,"authors":4445,"date":4446},"It's raining repos: The microservices repo explosion, and what we're doing about it","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662898/Blog/Hero%20Images/microservices-explosion.jpg","Microservices have spawned an explosion of dependent projects with multiple repos, creating the need for an integrated solution – we're working on it right now.",[4410],"2018-11-26",{"slug":4448,"externalUrl":-1},"microservices-integrated-solution",{"content":4450,"config":4455},{"title":4451,"heroImage":2628,"category":271,"description":4452,"authors":4453,"date":4454},"We're on target to discontinue support for TLS 1.0 and TLS 1.1 by end of 2018","Find out how to test for potential operational disruptions to your integrations and browsers.",[4419],"2018-11-15",{"slug":4456,"externalUrl":-1},"gitlab-tls-support-discontinue-update",{"content":4458,"config":4463},{"title":4459,"heroImage":3099,"category":271,"description":4460,"authors":4461,"date":4462},"GitLab to deprecate support for TLS 1.0 and TLS 1.1 by end of 2018","Support for TLS 1.0 and 1.1 will be disabled on December 15th, 2018",[4419],"2018-10-15",{"slug":4464,"externalUrl":-1},"gitlab-to-deprecate-older-tls",{"content":4466,"config":4471},{"title":4467,"heroImage":2628,"category":271,"description":4468,"authors":4469,"date":4470},"This is what happens if you lose access to your 2FA GitLab.com account","Support Engineering Manager Lyle Kozloff explains why we no longer accept government ID for two-factor authentication removal.",[3672],"2018-10-08",{"slug":4472,"externalUrl":-1},"enforcing-managing-2fa-support-security",{"content":4474,"config":4480},{"title":4475,"heroImage":4476,"category":834,"description":4477,"authors":4478,"date":4479},"How can teams secure applications at DevOps speed? Security Dashboards are here to help.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678710/Blog/Hero%20Images/inside-gitlab-security-dashboards.jpg","GitLab Security Dashboards enable security professionals to view vulnerabilities across a project. Here’s an inside look.",[2377],"2018-09-14",{"slug":4481,"externalUrl":-1},"inside-gitlab-security-dashboards",{"content":4483,"config":4489},{"title":4484,"heroImage":4485,"category":2385,"description":4486,"authors":4487,"date":4488},"What our summit in South Africa taught me about cybersecurity","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671140/Blog/Hero%20Images/south-africa-cyber-security.jpg","Cybersecurity is a necessity, but it's often treated as an afterthought. What it has in common with modern photography could tell us how to make it less painful to achieve.",[2377],"2018-09-11",{"slug":4490,"externalUrl":-1},"what-south-africa-taught-me-about-cybersecurity",{"content":4492,"config":4498},{"title":4493,"heroImage":4494,"category":834,"description":4495,"authors":4496,"date":4497},"GitLab Auto DevOps in action","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664015/Blog/Hero%20Images/laptop.jpg","See how the only single application for the entire DevOps lifecycle helps you deliver better software, faster.",[4410],"2018-08-10",{"slug":4499,"externalUrl":-1},"gitlab-auto-devops-in-action",{"content":4501,"config":4507},{"title":4502,"heroImage":4503,"category":271,"description":4504,"authors":4505,"date":4497},"Google Next 2018 security track recap","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678940/Blog/Hero%20Images/securitygooglenext.jpg","Here's how one GitLab team-member made the most of the security track at Google Next 2018.",[4506],"Jim Thavisouk",{"slug":4508,"externalUrl":-1},"google-next-2018-security-track-recap",{"content":4510,"config":4516},{"title":4511,"heroImage":4512,"category":271,"description":4513,"authors":4514,"date":4515},"How to keep your GitLab account safe (and accessible)","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666806/Blog/Hero%20Images/keep-gitlab-account-safe.jpg","Some practical tips from the GitLab.com Support Team to make sure you can get into your account when (not if!) disaster strikes.",[3672],"2018-08-09",{"slug":4517,"externalUrl":-1},"keeping-your-account-safe",{"content":4519,"config":4525},{"title":4520,"heroImage":4521,"category":834,"description":4522,"authors":4523,"date":4515},"Why you should join the GitLab security team","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668486/Blog/Hero%20Images/why-you-should-join-the-gitlab-security-team.jpg","Meet Director of Security Kathy Wang for a look inside our remote (and growing!) security team.",[4524],"Emily von Hoffmann",{"slug":4526,"externalUrl":-1},"why-you-should-join-the-gitlab-security-team",{"content":4528,"config":4534},{"title":4529,"heroImage":4530,"category":2385,"description":4531,"authors":4532,"date":4533},"Top 5 cloud trends of 2018: What has happened and what’s next","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678732/Blog/Hero%20Images/clouds.jpg","Cloud computing is officially where it's at. Find out who's in the lead and how to plan for the future.",[4410],"2018-08-02",{"slug":4535,"externalUrl":-1},"top-five-cloud-trends",{"content":4537,"config":4542},{"title":4538,"heroImage":2628,"category":271,"description":4539,"authors":4540,"date":4541},"GitLab joins Cybersecurity Tech Accord","Today we're happy to announce that we're one of 11 companies joining the Cybersecurity Tech Accord.",[4311],"2018-06-20",{"slug":4543,"externalUrl":-1},"gitlab-joins-msft-tech-accord",{"content":4545,"config":4550},{"title":4546,"heroImage":2724,"category":794,"description":4547,"authors":4548,"date":4549},"GitLab inbound email issue notification","We've identified a potential risk impacting those using our email an issue to project, Reply by Email, and Service Desk features.",[4506],"2018-03-06",{"slug":4551,"externalUrl":-1},"reconfigure-inbound-email-for-gitlab-notification",{"content":4553,"config":4560},{"title":4554,"heroImage":2448,"category":4555,"description":4556,"authors":4557,"date":4559},"Workflow tips to ship faster without sacrificing security or quality","culture","We partnered up with HackerOne to explain how to ship faster with a security-first development mindset. Watch the recording and check out the slides here.",[4558],"Erica Lindberg","2017-06-05",{"slug":4561,"externalUrl":-1},"speed-security-quality-with-hackerone",1772652081713]