[{"data":1,"prerenderedAt":906},["ShallowReactive",2],{"/en-us/blog/tags/security-research":3,"navigation-en-us":19,"banner-en-us":430,"footer-en-us":440,"security research-tag-posts-en-us":682},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":12,"meta":13,"navigation":14,"path":15,"seo":16,"slug":6,"stem":17,"testContent":6,"type":6,"__hash__":18},"blogTags/en-us/blog/tags/security-research.yml","Security Research",null,{"template":8},"BlogTag",{"tag":10,"tagSlug":11},"security research","security-research","yml",{},true,"/en-us/blog/tags/security-research",{},"en-us/blog/tags/security-research","25-JL1VMHy0dPpvBMKsjt40RQ13Lnds_84Qn90BTAuo",{"data":20},{"logo":21,"freeTrial":26,"sales":31,"login":36,"items":41,"search":350,"minimal":381,"duo":400,"switchNav":409,"pricingDeployment":420},{"config":22},{"href":23,"dataGaName":24,"dataGaLocation":25},"/","gitlab logo","header",{"text":27,"config":28},"Get free trial",{"href":29,"dataGaName":30,"dataGaLocation":25},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":32,"config":33},"Talk to sales",{"href":34,"dataGaName":35,"dataGaLocation":25},"/sales/","sales",{"text":37,"config":38},"Sign in",{"href":39,"dataGaName":40,"dataGaLocation":25},"https://gitlab.com/users/sign_in/","sign in",[42,69,164,169,271,331],{"text":43,"config":44,"cards":46},"Platform",{"dataNavLevelOne":45},"platform",[47,53,61],{"title":43,"description":48,"link":49},"The intelligent orchestration platform for DevSecOps",{"text":50,"config":51},"Explore our Platform",{"href":52,"dataGaName":45,"dataGaLocation":25},"/platform/",{"title":54,"description":55,"link":56},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":57,"config":58},"Meet GitLab Duo",{"href":59,"dataGaName":60,"dataGaLocation":25},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":62,"description":63,"link":64},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":65,"config":66},"Learn more",{"href":67,"dataGaName":68,"dataGaLocation":25},"/why-gitlab/","why gitlab",{"text":70,"left":14,"config":71,"link":73,"lists":77,"footer":146},"Product",{"dataNavLevelOne":72},"solutions",{"text":74,"config":75},"View all Solutions",{"href":76,"dataGaName":72,"dataGaLocation":25},"/solutions/",[78,102,125],{"title":79,"description":80,"link":81,"items":86},"Automation","CI/CD and automation to accelerate deployment",{"config":82},{"icon":83,"href":84,"dataGaName":85,"dataGaLocation":25},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[87,91,94,98],{"text":88,"config":89},"CI/CD",{"href":90,"dataGaLocation":25,"dataGaName":88},"/solutions/continuous-integration/",{"text":54,"config":92},{"href":59,"dataGaLocation":25,"dataGaName":93},"gitlab duo agent platform - product menu",{"text":95,"config":96},"Source Code Management",{"href":97,"dataGaLocation":25,"dataGaName":95},"/solutions/source-code-management/",{"text":99,"config":100},"Automated Software Delivery",{"href":84,"dataGaLocation":25,"dataGaName":101},"Automated software delivery",{"title":103,"description":104,"link":105,"items":110},"Security","Deliver code faster without compromising security",{"config":106},{"href":107,"dataGaName":108,"dataGaLocation":25,"icon":109},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[111,115,120],{"text":112,"config":113},"Application Security Testing",{"href":107,"dataGaName":114,"dataGaLocation":25},"Application security testing",{"text":116,"config":117},"Software Supply Chain Security",{"href":118,"dataGaLocation":25,"dataGaName":119},"/solutions/supply-chain/","Software supply chain security",{"text":121,"config":122},"Software Compliance",{"href":123,"dataGaName":124,"dataGaLocation":25},"/solutions/software-compliance/","software compliance",{"title":126,"link":127,"items":132},"Measurement",{"config":128},{"icon":129,"href":130,"dataGaName":131,"dataGaLocation":25},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[133,137,141],{"text":134,"config":135},"Visibility & Measurement",{"href":130,"dataGaLocation":25,"dataGaName":136},"Visibility and Measurement",{"text":138,"config":139},"Value Stream Management",{"href":140,"dataGaLocation":25,"dataGaName":138},"/solutions/value-stream-management/",{"text":142,"config":143},"Analytics & Insights",{"href":144,"dataGaLocation":25,"dataGaName":145},"/solutions/analytics-and-insights/","Analytics and insights",{"title":147,"items":148},"GitLab for",[149,154,159],{"text":150,"config":151},"Enterprise",{"href":152,"dataGaLocation":25,"dataGaName":153},"/enterprise/","enterprise",{"text":155,"config":156},"Small Business",{"href":157,"dataGaLocation":25,"dataGaName":158},"/small-business/","small business",{"text":160,"config":161},"Public Sector",{"href":162,"dataGaLocation":25,"dataGaName":163},"/solutions/public-sector/","public sector",{"text":165,"config":166},"Pricing",{"href":167,"dataGaName":168,"dataGaLocation":25,"dataNavLevelOne":168},"/pricing/","pricing",{"text":170,"config":171,"link":173,"lists":177,"feature":262},"Resources",{"dataNavLevelOne":172},"resources",{"text":174,"config":175},"View all resources",{"href":176,"dataGaName":172,"dataGaLocation":25},"/resources/",[178,211,234],{"title":179,"items":180},"Getting started",[181,186,191,196,201,206],{"text":182,"config":183},"Install",{"href":184,"dataGaName":185,"dataGaLocation":25},"/install/","install",{"text":187,"config":188},"Quick start guides",{"href":189,"dataGaName":190,"dataGaLocation":25},"/get-started/","quick setup checklists",{"text":192,"config":193},"Learn",{"href":194,"dataGaLocation":25,"dataGaName":195},"https://university.gitlab.com/","learn",{"text":197,"config":198},"Product documentation",{"href":199,"dataGaName":200,"dataGaLocation":25},"https://docs.gitlab.com/","product documentation",{"text":202,"config":203},"Best practice videos",{"href":204,"dataGaName":205,"dataGaLocation":25},"/getting-started-videos/","best practice videos",{"text":207,"config":208},"Integrations",{"href":209,"dataGaName":210,"dataGaLocation":25},"/integrations/","integrations",{"title":212,"items":213},"Discover",[214,219,224,229],{"text":215,"config":216},"Customer success stories",{"href":217,"dataGaName":218,"dataGaLocation":25},"/customers/","customer success stories",{"text":220,"config":221},"Blog",{"href":222,"dataGaName":223,"dataGaLocation":25},"/blog/","blog",{"text":225,"config":226},"The Source",{"href":227,"dataGaName":228,"dataGaLocation":25},"/the-source/","the source",{"text":230,"config":231},"Remote",{"href":232,"dataGaName":233,"dataGaLocation":25},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":235,"items":236},"Connect",[237,242,247,252,257],{"text":238,"config":239},"GitLab Services",{"href":240,"dataGaName":241,"dataGaLocation":25},"/services/","services",{"text":243,"config":244},"Community",{"href":245,"dataGaName":246,"dataGaLocation":25},"/community/","community",{"text":248,"config":249},"Forum",{"href":250,"dataGaName":251,"dataGaLocation":25},"https://forum.gitlab.com/","forum",{"text":253,"config":254},"Events",{"href":255,"dataGaName":256,"dataGaLocation":25},"/events/","events",{"text":258,"config":259},"Partners",{"href":260,"dataGaName":261,"dataGaLocation":25},"/partners/","partners",{"textColor":263,"title":264,"text":265,"link":266},"#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":267,"config":268},"Read the latest",{"href":269,"dataGaName":270,"dataGaLocation":25},"/releases/whats-new/","whats new",{"text":272,"config":273,"lists":275},"Company",{"dataNavLevelOne":274},"company",[276],{"items":277},[278,283,289,291,296,301,306,311,316,321,326],{"text":279,"config":280},"About",{"href":281,"dataGaName":282,"dataGaLocation":25},"/company/","about",{"text":284,"config":285,"footerGa":288},"Jobs",{"href":286,"dataGaName":287,"dataGaLocation":25},"/jobs/","jobs",{"dataGaName":287},{"text":253,"config":290},{"href":255,"dataGaName":256,"dataGaLocation":25},{"text":292,"config":293},"Leadership",{"href":294,"dataGaName":295,"dataGaLocation":25},"/company/team/e-group/","leadership",{"text":297,"config":298},"Team",{"href":299,"dataGaName":300,"dataGaLocation":25},"/company/team/","team",{"text":302,"config":303},"Handbook",{"href":304,"dataGaName":305,"dataGaLocation":25},"https://handbook.gitlab.com/","handbook",{"text":307,"config":308},"Investor relations",{"href":309,"dataGaName":310,"dataGaLocation":25},"https://ir.gitlab.com/","investor relations",{"text":312,"config":313},"Trust Center",{"href":314,"dataGaName":315,"dataGaLocation":25},"/security/","trust center",{"text":317,"config":318},"AI Transparency Center",{"href":319,"dataGaName":320,"dataGaLocation":25},"/ai-transparency-center/","ai transparency center",{"text":322,"config":323},"Newsletter",{"href":324,"dataGaName":325,"dataGaLocation":25},"/company/contact/#contact-forms","newsletter",{"text":327,"config":328},"Press",{"href":329,"dataGaName":330,"dataGaLocation":25},"/press/","press",{"text":332,"config":333,"lists":334},"Contact us",{"dataNavLevelOne":274},[335],{"items":336},[337,340,345],{"text":32,"config":338},{"href":34,"dataGaName":339,"dataGaLocation":25},"talk to sales",{"text":341,"config":342},"Support portal",{"href":343,"dataGaName":344,"dataGaLocation":25},"https://support.gitlab.com","support portal",{"text":346,"config":347},"Customer portal",{"href":348,"dataGaName":349,"dataGaLocation":25},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":351,"login":352,"suggestions":359},"Close",{"text":353,"link":354},"To search repositories and projects, login to",{"text":355,"config":356},"gitlab.com",{"href":39,"dataGaName":357,"dataGaLocation":358},"search login","search",{"text":360,"default":361},"Suggestions",[362,364,368,370,374,378],{"text":54,"config":363},{"href":59,"dataGaName":54,"dataGaLocation":358},{"text":365,"config":366},"Code Suggestions (AI)",{"href":367,"dataGaName":365,"dataGaLocation":358},"/solutions/code-suggestions/",{"text":88,"config":369},{"href":90,"dataGaName":88,"dataGaLocation":358},{"text":371,"config":372},"GitLab on AWS",{"href":373,"dataGaName":371,"dataGaLocation":358},"/partners/technology-partners/aws/",{"text":375,"config":376},"GitLab on Google Cloud",{"href":377,"dataGaName":375,"dataGaLocation":358},"/partners/technology-partners/google-cloud-platform/",{"text":379,"config":380},"Why GitLab?",{"href":67,"dataGaName":379,"dataGaLocation":358},{"freeTrial":382,"mobileIcon":387,"desktopIcon":392,"secondaryButton":395},{"text":383,"config":384},"Start free trial",{"href":385,"dataGaName":30,"dataGaLocation":386},"https://gitlab.com/-/trials/new/","nav",{"altText":388,"config":389},"Gitlab Icon",{"src":390,"dataGaName":391,"dataGaLocation":386},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":388,"config":393},{"src":394,"dataGaName":391,"dataGaLocation":386},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":396,"config":397},"Get Started",{"href":398,"dataGaName":399,"dataGaLocation":386},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":401,"mobileIcon":405,"desktopIcon":407},{"text":402,"config":403},"Learn more about GitLab Duo",{"href":59,"dataGaName":404,"dataGaLocation":386},"gitlab duo",{"altText":388,"config":406},{"src":390,"dataGaName":391,"dataGaLocation":386},{"altText":388,"config":408},{"src":394,"dataGaName":391,"dataGaLocation":386},{"button":410,"mobileIcon":415,"desktopIcon":417},{"text":411,"config":412},"/switch",{"href":413,"dataGaName":414,"dataGaLocation":386},"#contact","switch",{"altText":388,"config":416},{"src":390,"dataGaName":391,"dataGaLocation":386},{"altText":388,"config":418},{"src":419,"dataGaName":391,"dataGaLocation":386},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":421,"mobileIcon":426,"desktopIcon":428},{"text":422,"config":423},"Back to pricing",{"href":167,"dataGaName":424,"dataGaLocation":386,"icon":425},"back to pricing","GoBack",{"altText":388,"config":427},{"src":390,"dataGaName":391,"dataGaLocation":386},{"altText":388,"config":429},{"src":394,"dataGaName":391,"dataGaLocation":386},{"title":431,"button":432,"config":437},"See how agentic AI transforms software delivery",{"text":433,"config":434},"Watch GitLab Transcend now",{"href":435,"dataGaName":436,"dataGaLocation":25},"/events/transcend/virtual/","transcend event",{"layout":438,"icon":439,"disabled":14},"release","AiStar",{"data":441},{"text":442,"source":443,"edit":449,"contribute":454,"config":459,"items":464,"minimal":671},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":444,"config":445},"View page source",{"href":446,"dataGaName":447,"dataGaLocation":448},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":450,"config":451},"Edit this page",{"href":452,"dataGaName":453,"dataGaLocation":448},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":455,"config":456},"Please contribute",{"href":457,"dataGaName":458,"dataGaLocation":448},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":460,"facebook":461,"youtube":462,"linkedin":463},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[465,512,566,610,637],{"title":165,"links":466,"subMenu":481},[467,471,476],{"text":468,"config":469},"View plans",{"href":167,"dataGaName":470,"dataGaLocation":448},"view plans",{"text":472,"config":473},"Why Premium?",{"href":474,"dataGaName":475,"dataGaLocation":448},"/pricing/premium/","why premium",{"text":477,"config":478},"Why Ultimate?",{"href":479,"dataGaName":480,"dataGaLocation":448},"/pricing/ultimate/","why ultimate",[482],{"title":483,"links":484},"Contact Us",[485,488,490,492,497,502,507],{"text":486,"config":487},"Contact sales",{"href":34,"dataGaName":35,"dataGaLocation":448},{"text":341,"config":489},{"href":343,"dataGaName":344,"dataGaLocation":448},{"text":346,"config":491},{"href":348,"dataGaName":349,"dataGaLocation":448},{"text":493,"config":494},"Status",{"href":495,"dataGaName":496,"dataGaLocation":448},"https://status.gitlab.com/","status",{"text":498,"config":499},"Terms of use",{"href":500,"dataGaName":501,"dataGaLocation":448},"/terms/","terms of use",{"text":503,"config":504},"Privacy statement",{"href":505,"dataGaName":506,"dataGaLocation":448},"/privacy/","privacy statement",{"text":508,"config":509},"Cookie preferences",{"dataGaName":510,"dataGaLocation":448,"id":511,"isOneTrustButton":14},"cookie preferences","ot-sdk-btn",{"title":70,"links":513,"subMenu":522},[514,518],{"text":515,"config":516},"DevSecOps platform",{"href":52,"dataGaName":517,"dataGaLocation":448},"devsecops platform",{"text":519,"config":520},"AI-Assisted Development",{"href":59,"dataGaName":521,"dataGaLocation":448},"ai-assisted development",[523],{"title":524,"links":525},"Topics",[526,531,536,541,546,551,556,561],{"text":527,"config":528},"CICD",{"href":529,"dataGaName":530,"dataGaLocation":448},"/topics/ci-cd/","cicd",{"text":532,"config":533},"GitOps",{"href":534,"dataGaName":535,"dataGaLocation":448},"/topics/gitops/","gitops",{"text":537,"config":538},"DevOps",{"href":539,"dataGaName":540,"dataGaLocation":448},"/topics/devops/","devops",{"text":542,"config":543},"Version Control",{"href":544,"dataGaName":545,"dataGaLocation":448},"/topics/version-control/","version control",{"text":547,"config":548},"DevSecOps",{"href":549,"dataGaName":550,"dataGaLocation":448},"/topics/devsecops/","devsecops",{"text":552,"config":553},"Cloud Native",{"href":554,"dataGaName":555,"dataGaLocation":448},"/topics/cloud-native/","cloud native",{"text":557,"config":558},"AI for Coding",{"href":559,"dataGaName":560,"dataGaLocation":448},"/topics/devops/ai-for-coding/","ai for coding",{"text":562,"config":563},"Agentic AI",{"href":564,"dataGaName":565,"dataGaLocation":448},"/topics/agentic-ai/","agentic ai",{"title":567,"links":568},"Solutions",[569,571,573,578,582,585,589,592,594,597,600,605],{"text":112,"config":570},{"href":107,"dataGaName":112,"dataGaLocation":448},{"text":101,"config":572},{"href":84,"dataGaName":85,"dataGaLocation":448},{"text":574,"config":575},"Agile development",{"href":576,"dataGaName":577,"dataGaLocation":448},"/solutions/agile-delivery/","agile delivery",{"text":579,"config":580},"SCM",{"href":97,"dataGaName":581,"dataGaLocation":448},"source code management",{"text":527,"config":583},{"href":90,"dataGaName":584,"dataGaLocation":448},"continuous integration & delivery",{"text":586,"config":587},"Value stream management",{"href":140,"dataGaName":588,"dataGaLocation":448},"value stream management",{"text":532,"config":590},{"href":591,"dataGaName":535,"dataGaLocation":448},"/solutions/gitops/",{"text":150,"config":593},{"href":152,"dataGaName":153,"dataGaLocation":448},{"text":595,"config":596},"Small business",{"href":157,"dataGaName":158,"dataGaLocation":448},{"text":598,"config":599},"Public sector",{"href":162,"dataGaName":163,"dataGaLocation":448},{"text":601,"config":602},"Education",{"href":603,"dataGaName":604,"dataGaLocation":448},"/solutions/education/","education",{"text":606,"config":607},"Financial services",{"href":608,"dataGaName":609,"dataGaLocation":448},"/solutions/finance/","financial services",{"title":170,"links":611},[612,614,616,618,621,623,625,627,629,631,633,635],{"text":182,"config":613},{"href":184,"dataGaName":185,"dataGaLocation":448},{"text":187,"config":615},{"href":189,"dataGaName":190,"dataGaLocation":448},{"text":192,"config":617},{"href":194,"dataGaName":195,"dataGaLocation":448},{"text":197,"config":619},{"href":199,"dataGaName":620,"dataGaLocation":448},"docs",{"text":220,"config":622},{"href":222,"dataGaName":223,"dataGaLocation":448},{"text":215,"config":624},{"href":217,"dataGaName":218,"dataGaLocation":448},{"text":230,"config":626},{"href":232,"dataGaName":233,"dataGaLocation":448},{"text":238,"config":628},{"href":240,"dataGaName":241,"dataGaLocation":448},{"text":243,"config":630},{"href":245,"dataGaName":246,"dataGaLocation":448},{"text":248,"config":632},{"href":250,"dataGaName":251,"dataGaLocation":448},{"text":253,"config":634},{"href":255,"dataGaName":256,"dataGaLocation":448},{"text":258,"config":636},{"href":260,"dataGaName":261,"dataGaLocation":448},{"title":272,"links":638},[639,641,643,645,647,649,651,655,660,662,664,666],{"text":279,"config":640},{"href":281,"dataGaName":274,"dataGaLocation":448},{"text":284,"config":642},{"href":286,"dataGaName":287,"dataGaLocation":448},{"text":292,"config":644},{"href":294,"dataGaName":295,"dataGaLocation":448},{"text":297,"config":646},{"href":299,"dataGaName":300,"dataGaLocation":448},{"text":302,"config":648},{"href":304,"dataGaName":305,"dataGaLocation":448},{"text":307,"config":650},{"href":309,"dataGaName":310,"dataGaLocation":448},{"text":652,"config":653},"Sustainability",{"href":654,"dataGaName":652,"dataGaLocation":448},"/sustainability/",{"text":656,"config":657},"Diversity, inclusion and belonging (DIB)",{"href":658,"dataGaName":659,"dataGaLocation":448},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":312,"config":661},{"href":314,"dataGaName":315,"dataGaLocation":448},{"text":322,"config":663},{"href":324,"dataGaName":325,"dataGaLocation":448},{"text":327,"config":665},{"href":329,"dataGaName":330,"dataGaLocation":448},{"text":667,"config":668},"Modern Slavery Transparency Statement",{"href":669,"dataGaName":670,"dataGaLocation":448},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":672},[673,676,679],{"text":674,"config":675},"Terms",{"href":500,"dataGaName":501,"dataGaLocation":448},{"text":677,"config":678},"Cookies",{"dataGaName":510,"dataGaLocation":448,"id":511,"isOneTrustButton":14},{"text":680,"config":681},"Privacy",{"href":505,"dataGaName":506,"dataGaLocation":448},[683,694,704,715,726,737,747,757,767,775,786,795,805,815,824,833,843,852,861,870,878,888,898],{"content":684,"config":692},{"title":685,"heroImage":686,"category":687,"description":688,"authors":689,"date":691},"Automating detection gap analysis with GitLab Duo Agent Platform","https://res.cloudinary.com/about-gitlab-com/image/upload/v1773147991/op5xyroonltdwqix0x3u.png","security-labs","Learn how GitLab's Signals Engineering team uses our AI platform to automatically surface detection gaps from security incidents — no manual review required.",[690],"Matt Coons","2026-03-10",{"slug":693,"externalUrl":-1},"automating-detection-gap-analysis-with-gitlab-duo-agent-platform",{"content":695,"config":702},{"title":696,"heroImage":697,"category":687,"description":698,"authors":699,"date":701},"GitLab Threat Intelligence Team reveals North Korean tradecraft","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464282/r2ovpvmizpkcngy9kzqu.png","Gain threat intelligence about North Korea’s Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.",[700],"Oliver Smith","2026-02-19",{"slug":703,"externalUrl":-1},"gitlab-threat-intelligence-reveals-north-korean-tradecraft",{"content":705,"config":713},{"title":706,"heroImage":707,"category":687,"description":708,"authors":709,"date":712},"GitLab discovers widespread npm supply chain attack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665667/Blog/Hero%20Images/built-in-security.jpg","Malware driving attack includes \"dead man's switch\" that can harm user data.",[710,711],"Michael Henriksen","Daniel Abeles","2025-11-24",{"slug":714,"externalUrl":-1},"gitlab-discovers-widespread-npm-supply-chain-attack",{"content":716,"config":723},{"title":717,"heroImage":718,"category":719,"description":720,"authors":721,"date":722},"GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","product","Learn more about this patch release for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2025-11-12",{"slug":724,"externalUrl":725},"","https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-5-2-released/",{"content":727,"config":735},{"title":728,"heroImage":729,"category":730,"description":731,"authors":732,"date":734},"Introducing GitLab Advanced Vulnerability Tracking","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664844/Blog/Hero%20Images/AdobeStock_941867776.jpg","security","Learn how this security feature improves the efficiency of vulnerability management by reducing futile auditing time (includes data from a new study).",[733],"Julian Thome","2025-01-21",{"slug":736,"externalUrl":-1},"introducing-gitlab-advanced-vulnerability-tracking",{"content":738,"config":745},{"title":739,"heroImage":740,"category":687,"description":741,"authors":742,"date":744},"Git security audit: Inside the hunt for - and discovery of - CVEs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668524/Blog/Hero%20Images/closeup-photo-of-black-and-blue-keyboard-1194713.jpg","Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.",[743],"Joern Schneeweisz","2023-01-24",{"slug":746,"externalUrl":-1},"git-security-audit",{"content":748,"config":755},{"title":749,"heroImage":750,"category":730,"description":751,"authors":752,"date":754},"Meet Package Hunter: A tool for detecting malicious code in your dependencies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682075/Blog/Hero%20Images/package-hunter.png","We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.",[753],"Dennis Appelt","2021-07-23",{"slug":756,"externalUrl":-1},"announcing-package-hunter",{"content":758,"config":765},{"title":759,"heroImage":760,"category":730,"description":761,"authors":762,"date":764},"How we’re creating a threat model framework that works for GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682058/Blog/Hero%20Images/pexels-nathan-j-hilton.jpg","As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.",[763],"Mark Loveless","2021-07-09",{"slug":766,"externalUrl":-1},"creating-a-threat-model-that-works-for-gitlab",{"content":768,"config":773},{"title":769,"heroImage":740,"category":730,"description":770,"authors":771,"date":772},"A brief look at Gitpod, two bugs, and a quick fix","Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.",[743],"2021-07-08",{"slug":774,"externalUrl":-1},"two-bugs-and-a-quick-fix-in-gitpod",{"content":776,"config":784},{"title":777,"heroImage":778,"category":779,"description":780,"authors":781,"date":783},"You asked, and our Red Team answered","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670889/Blog/Hero%20Images/security-ama-blog-header.png","unfiltered","We held a public, ask me anything with our Red Team. Here’s what people asked.",[782],"Heather Simpson","2021-01-29",{"slug":785,"externalUrl":-1},"you-asked-and-our-red-team-answered",{"content":787,"config":793},{"title":788,"heroImage":789,"category":779,"description":790,"authors":791,"date":792},"Switching “sides” in security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679594/Blog/Hero%20Images/jason-polychronopulos-unsplash.jpg","How does product security work differ from pen testing and hacking all the things?",[743],"2020-10-23",{"slug":794,"externalUrl":-1},"switching-sides-in-security",{"content":796,"config":803},{"title":797,"heroImage":798,"category":730,"description":799,"authors":800,"date":802},"Why you need a security champions program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664002/Blog/Hero%20Images/securitychampions.jpg","Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.",[801],"Valerie Silverthorne","2020-10-14",{"slug":804,"externalUrl":-1},"why-security-champions",{"content":806,"config":813},{"title":807,"heroImage":808,"category":730,"description":809,"authors":810,"date":812},"GitLab's security trends report – our latest look at what's most vulnerable","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678152/Blog/Hero%20Images/data.jpg","From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.",[811],"Wayne Haber","2020-10-06",{"slug":814,"externalUrl":-1},"gitlab-latest-security-trends",{"content":816,"config":822},{"title":817,"heroImage":818,"category":730,"description":819,"authors":820,"date":821},"How to configure DAST full scans for complex web applications","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679617/Blog/Hero%20Images/tuning-237454.jpg","Keep your DAST job within timeout limits and fine-tune job configurations for better results",[753],"2020-08-31",{"slug":823,"externalUrl":-1},"how-to-configure-dast-full-scans-for-complex-web-applications",{"content":825,"config":831},{"title":826,"heroImage":827,"category":730,"description":828,"authors":829,"date":830},"How to play GitLab's Capture the Flag at home","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681485/Blog/Hero%20Images/gitlab_ctf.png","Our AppSec team built and ran a CTF, and now it's available for you to play at home.",[743],"2020-08-12",{"slug":832,"externalUrl":-1},"how-to-play-gitlab-ctf-at-home",{"content":834,"config":841},{"title":835,"heroImage":836,"category":730,"description":837,"authors":838,"date":840},"How to benchmark security tools: a case study using WebGoat","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678166/Blog/Hero%20Images/benchmarking.jpg","When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.",[839],"Isaac Dawson","2020-08-11",{"slug":842,"externalUrl":-1},"how-to-benchmark-security-tools",{"content":844,"config":850},{"title":845,"heroImage":846,"category":730,"description":847,"authors":848,"date":849},"GitLab instance: security best practices","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667057/Blog/Hero%20Images/configs_unsplash.jpg","Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.",[763],"2020-05-20",{"slug":851,"externalUrl":-1},"gitlab-instance-security-best-practices",{"content":853,"config":859},{"title":854,"heroImage":855,"category":730,"description":856,"authors":857,"date":858},"How we manage open source security software","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681227/Blog/Hero%20Images/opensourcesecurity.jpg","Open source software presents unique security challenges. Here’s what you need to know.",[763],"2020-04-10",{"slug":860,"externalUrl":-1},"open-source-security",{"content":862,"config":868},{"title":863,"heroImage":864,"category":730,"description":865,"authors":866,"date":867},"Top 6 security trends in GitLab-hosted projects","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663502/Blog/Hero%20Images/paperclips.jpg","Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.",[811],"2020-04-02",{"slug":869,"externalUrl":-1},"security-trends-in-gitlab-hosted-projects",{"content":871,"config":876},{"title":872,"heroImage":740,"category":730,"description":873,"authors":874,"date":875},"How to exploit parser differentials","Your guide to abusing 'language barriers' between web components.",[743],"2020-03-30",{"slug":877,"externalUrl":-1},"how-to-exploit-parser-differentials",{"content":879,"config":886},{"title":880,"heroImage":881,"category":730,"description":882,"authors":883,"date":885},"Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672755/Blog/Hero%20Images/white-lightning-heating-mountain.jpg","A Red Team exercise on exploiting design decisions on GCP.",[884],"Chris Moberly","2020-02-12",{"slug":887,"externalUrl":-1},"plundering-gcp-escalating-privileges-in-google-cloud-platform",{"content":889,"config":896},{"title":890,"heroImage":891,"category":730,"description":892,"authors":893,"date":895},"Introducing Token-Hunter","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679669/Blog/Hero%20Images/lightscape-Bsw6l6e01Rw-unsplash.jpg","Our red team has created a new tool to find sensitive data in the vast, wide-open.",[894],"Greg Johnson","2019-12-20",{"slug":897,"externalUrl":-1},"introducing-token-hunter",{"content":899,"config":904},{"title":900,"heroImage":740,"category":730,"description":901,"authors":902,"date":903},"Shopping for an admin account via path traversal","How to exploit a path traversal issue to gain an admin account",[743],"2019-11-29",{"slug":905,"externalUrl":-1},"shopping-for-an-admin-account",1777493625622]