Blogsecurity41

Browse articles that include the security tag

Recent posts

Security

Unmasking password attacks at GitLab

Our security team has identified an increased volume of password attacks against GitLab.com on the OAuth API endpoint since September 22, 2023. Learn more.

Security

Unveiling the GUARD framework to automate security detections at GitLab

The GitLab Universal Automated Response and Detection (GUARD) framework spans creation, maintenance, alert routing and handling, rich metrics collection, and more.

Security

Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab

Actions we’ve taken to investigate and mitigate the impact of Log4j, and actions our users can take.

Security

Updates regarding Rubygems ‘Unauthorized gem takeover for some gems’ vulnerability CVE-2022-29176

Actions we've taken to investigate the Rubygems takeover vulnerability.

Security

Updates regarding Spring remote code execution vulnerabilities CVE-2022-22965 and CVE-2022-22963

Actions we've taken to investigate the Spring RCE vulnerabilities.

News

Updates to de-identifying Service Usage Data

GitLab is creating a process to pseudonymize directly identifiable Service Usage Data for SaaS customers. There will be no changes to the service data usage policy.

News

Usage Ping configuration bug for self-managed instances

Patch was released in 13.12.4

Company

How to use GitLab security features to detect log4j vulnerabilities

Detailed guidance to help customers detect vulnerabilities.

Security

Use Streaming Audit Events to connect your technology stack with GitLab and Pipedream

Automation lets your DevSecOps teams have logic in place for how to handle events as they come in.

Ready to get started?

See what your team could do with a unified DevSecOps Platform

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert