is now in public beta!
Browse articles from Security
Recent posts
Security
How to write and continuously test vulnerability detection rules for SAST
Interns with the Google Summer of Code helped GitLab transition from our old SAST tools to Semgrep.
Security
Why are developers so vulnerable to drive-by attacks?
The complexity of developer working environments make them more likely to be vulnerable to a drive-by attack. We talk about why and walk you through a real-life example from a recent disclosure here at GitLab, and provide tips to reduce the risk and impact of drive-by attacks.
Security
How to secure your software build pipeline using code signing
The Venafi plugin for GitLab enables single sign-on and digital signatures to better secure your app.
Security
Introducing Spamcheck: A data-driven, anti-abuse engine
How we built, tested and deployed a new tool on GitLab that fights spam and abuse.
Security
How DevSecOps can protect businesses from future supply chain attacks
Learn how GitLab's all-in-one DevSecOps solution can help businesses keep their supply chains secure.
Security
Meet Package Hunter: A tool for detecting malicious code in your dependencies
We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.
Security
How we’re creating a threat model framework that works for GitLab
As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.
Find out which plan works best for your team
Learn about pricingLearn about what GitLab can do for your team
Talk to an expert