BlogSecurity

Browse articles from Security

Securing AI together: GitLab’s partnership with security researchers

Learn how GitLab collaborates with security researchers to identify and defend against emerging threats.
Author: Kymberlee PriceRead Post

Recent posts

Security

How to transform compliance observation management with GitLab

Learn how GitLab's Security Compliance team improved observation management using the DevSecOps platform, enhancing visibility, collaboration, and accountability.

Security

Software supply chain security guide: Why organizations struggle

Part 1 of this new series explores fundamental challenges, practical solutions, and emerging trends, including AI, that every development team needs to understand.

Security

Bridging the visibility gap in software supply chain security

GitLab 18.2 includes support for comprehensive scanner coverage and transitive dependency visualization.

Security

GitLab catches MongoDB Go module supply chain attack

Learn how GitLab detected a supply chain attack targeting Go developers through fake MongoDB drivers that deploy persistent backdoor malware.

Security

Automating role-based access control (RBAC) at scale

This guide details setting up GitLab + Keycloak + OIDC for RBAC, covering planning, Docker configuration, and automated access governance for DevSecOps.

Security

Last year we signed the Secure by Design pledge - here's our progress

Learn about GitLab's CISA-aligned additions and improvements around MFA, default password reduction, patching, and vulnerability disclosure.

Security

Introducing compromised password detection for GitLab.com

GitLab is adding compromised password detection on June 19, 2025. After that date, users logging in with known compromised passwords will be warned. Here is what you need to know.

Security

Tutorial: Secure and optimize your Maven Repository in GitLab

Learn the best practices, advanced techniques, and upcoming features that improve the efficiency of your DevSecOps workflow.

Security

Our step-by-step guide to evaluating runtime security tools

Key learnings from the GitLab Security team’s runtime security tool evaluation on Kubernetes clusters and Linux servers using real-world attack simulations.

Ready to get started?

See what your team could do with a unified DevSecOps Platform

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert