[{"data":1,"prerenderedAt":905},["ShallowReactive",2],{"/en-us/blog/tags/security-research":3,"navigation-en-us":19,"banner-en-us":429,"footer-en-us":439,"security research-tag-posts-en-us":681},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":12,"meta":13,"navigation":14,"path":15,"seo":16,"slug":6,"stem":17,"testContent":6,"type":6,"__hash__":18},"blogTags/en-us/blog/tags/security-research.yml","Security Research",null,{"template":8},"BlogTag",{"tag":10,"tagSlug":11},"security research","security-research","yml",{},true,"/en-us/blog/tags/security-research",{},"en-us/blog/tags/security-research","25-JL1VMHy0dPpvBMKsjt40RQ13Lnds_84Qn90BTAuo",{"data":20},{"logo":21,"freeTrial":26,"sales":31,"login":36,"items":41,"search":349,"minimal":380,"duo":399,"switchNav":408,"pricingDeployment":419},{"config":22},{"href":23,"dataGaName":24,"dataGaLocation":25},"/","gitlab logo","header",{"text":27,"config":28},"Get free trial",{"href":29,"dataGaName":30,"dataGaLocation":25},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":32,"config":33},"Talk to sales",{"href":34,"dataGaName":35,"dataGaLocation":25},"/sales/","sales",{"text":37,"config":38},"Sign in",{"href":39,"dataGaName":40,"dataGaLocation":25},"https://gitlab.com/users/sign_in/","sign in",[42,69,164,169,270,330],{"text":43,"config":44,"cards":46},"Platform",{"dataNavLevelOne":45},"platform",[47,53,61],{"title":43,"description":48,"link":49},"The intelligent orchestration platform for DevSecOps",{"text":50,"config":51},"Explore our Platform",{"href":52,"dataGaName":45,"dataGaLocation":25},"/platform/",{"title":54,"description":55,"link":56},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":57,"config":58},"Meet GitLab Duo",{"href":59,"dataGaName":60,"dataGaLocation":25},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":62,"description":63,"link":64},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":65,"config":66},"Learn more",{"href":67,"dataGaName":68,"dataGaLocation":25},"/why-gitlab/","why gitlab",{"text":70,"left":14,"config":71,"link":73,"lists":77,"footer":146},"Product",{"dataNavLevelOne":72},"solutions",{"text":74,"config":75},"View all Solutions",{"href":76,"dataGaName":72,"dataGaLocation":25},"/solutions/",[78,102,125],{"title":79,"description":80,"link":81,"items":86},"Automation","CI/CD and automation to accelerate deployment",{"config":82},{"icon":83,"href":84,"dataGaName":85,"dataGaLocation":25},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[87,91,94,98],{"text":88,"config":89},"CI/CD",{"href":90,"dataGaLocation":25,"dataGaName":88},"/solutions/continuous-integration/",{"text":54,"config":92},{"href":59,"dataGaLocation":25,"dataGaName":93},"gitlab duo agent platform - product menu",{"text":95,"config":96},"Source Code Management",{"href":97,"dataGaLocation":25,"dataGaName":95},"/solutions/source-code-management/",{"text":99,"config":100},"Automated Software Delivery",{"href":84,"dataGaLocation":25,"dataGaName":101},"Automated software delivery",{"title":103,"description":104,"link":105,"items":110},"Security","Deliver code faster without compromising security",{"config":106},{"href":107,"dataGaName":108,"dataGaLocation":25,"icon":109},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[111,115,120],{"text":112,"config":113},"Application Security Testing",{"href":107,"dataGaName":114,"dataGaLocation":25},"Application security testing",{"text":116,"config":117},"Software Supply Chain Security",{"href":118,"dataGaLocation":25,"dataGaName":119},"/solutions/supply-chain/","Software supply chain security",{"text":121,"config":122},"Software Compliance",{"href":123,"dataGaName":124,"dataGaLocation":25},"/solutions/software-compliance/","software compliance",{"title":126,"link":127,"items":132},"Measurement",{"config":128},{"icon":129,"href":130,"dataGaName":131,"dataGaLocation":25},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[133,137,141],{"text":134,"config":135},"Visibility & Measurement",{"href":130,"dataGaLocation":25,"dataGaName":136},"Visibility and Measurement",{"text":138,"config":139},"Value Stream Management",{"href":140,"dataGaLocation":25,"dataGaName":138},"/solutions/value-stream-management/",{"text":142,"config":143},"Analytics & Insights",{"href":144,"dataGaLocation":25,"dataGaName":145},"/solutions/analytics-and-insights/","Analytics and insights",{"title":147,"items":148},"GitLab for",[149,154,159],{"text":150,"config":151},"Enterprise",{"href":152,"dataGaLocation":25,"dataGaName":153},"/enterprise/","enterprise",{"text":155,"config":156},"Small Business",{"href":157,"dataGaLocation":25,"dataGaName":158},"/small-business/","small business",{"text":160,"config":161},"Public Sector",{"href":162,"dataGaLocation":25,"dataGaName":163},"/solutions/public-sector/","public sector",{"text":165,"config":166},"Pricing",{"href":167,"dataGaName":168,"dataGaLocation":25,"dataNavLevelOne":168},"/pricing/","pricing",{"text":170,"config":171,"link":173,"lists":177,"feature":257},"Resources",{"dataNavLevelOne":172},"resources",{"text":174,"config":175},"View all resources",{"href":176,"dataGaName":172,"dataGaLocation":25},"/resources/",[178,211,229],{"title":179,"items":180},"Getting started",[181,186,191,196,201,206],{"text":182,"config":183},"Install",{"href":184,"dataGaName":185,"dataGaLocation":25},"/install/","install",{"text":187,"config":188},"Quick start guides",{"href":189,"dataGaName":190,"dataGaLocation":25},"/get-started/","quick setup checklists",{"text":192,"config":193},"Learn",{"href":194,"dataGaLocation":25,"dataGaName":195},"https://university.gitlab.com/","learn",{"text":197,"config":198},"Product documentation",{"href":199,"dataGaName":200,"dataGaLocation":25},"https://docs.gitlab.com/","product documentation",{"text":202,"config":203},"Best practice videos",{"href":204,"dataGaName":205,"dataGaLocation":25},"/getting-started-videos/","best practice videos",{"text":207,"config":208},"Integrations",{"href":209,"dataGaName":210,"dataGaLocation":25},"/integrations/","integrations",{"title":212,"items":213},"Discover",[214,219,224],{"text":215,"config":216},"Customer success stories",{"href":217,"dataGaName":218,"dataGaLocation":25},"/customers/","customer success stories",{"text":220,"config":221},"Blog",{"href":222,"dataGaName":223,"dataGaLocation":25},"/blog/","blog",{"text":225,"config":226},"Remote",{"href":227,"dataGaName":228,"dataGaLocation":25},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":230,"items":231},"Connect",[232,237,242,247,252],{"text":233,"config":234},"GitLab Services",{"href":235,"dataGaName":236,"dataGaLocation":25},"/services/","services",{"text":238,"config":239},"Community",{"href":240,"dataGaName":241,"dataGaLocation":25},"/community/","community",{"text":243,"config":244},"Forum",{"href":245,"dataGaName":246,"dataGaLocation":25},"https://forum.gitlab.com/","forum",{"text":248,"config":249},"Events",{"href":250,"dataGaName":251,"dataGaLocation":25},"/events/","events",{"text":253,"config":254},"Partners",{"href":255,"dataGaName":256,"dataGaLocation":25},"/partners/","partners",{"backgroundColor":258,"textColor":259,"text":260,"image":261,"link":265},"#2f2a6b","#fff","Insights for the future of software development",{"altText":262,"config":263},"the source promo card",{"src":264},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":266,"config":267},"Read the latest",{"href":268,"dataGaName":269,"dataGaLocation":25},"/the-source/","the source",{"text":271,"config":272,"lists":274},"Company",{"dataNavLevelOne":273},"company",[275],{"items":276},[277,282,288,290,295,300,305,310,315,320,325],{"text":278,"config":279},"About",{"href":280,"dataGaName":281,"dataGaLocation":25},"/company/","about",{"text":283,"config":284,"footerGa":287},"Jobs",{"href":285,"dataGaName":286,"dataGaLocation":25},"/jobs/","jobs",{"dataGaName":286},{"text":248,"config":289},{"href":250,"dataGaName":251,"dataGaLocation":25},{"text":291,"config":292},"Leadership",{"href":293,"dataGaName":294,"dataGaLocation":25},"/company/team/e-group/","leadership",{"text":296,"config":297},"Team",{"href":298,"dataGaName":299,"dataGaLocation":25},"/company/team/","team",{"text":301,"config":302},"Handbook",{"href":303,"dataGaName":304,"dataGaLocation":25},"https://handbook.gitlab.com/","handbook",{"text":306,"config":307},"Investor relations",{"href":308,"dataGaName":309,"dataGaLocation":25},"https://ir.gitlab.com/","investor relations",{"text":311,"config":312},"Trust Center",{"href":313,"dataGaName":314,"dataGaLocation":25},"/security/","trust center",{"text":316,"config":317},"AI Transparency Center",{"href":318,"dataGaName":319,"dataGaLocation":25},"/ai-transparency-center/","ai transparency center",{"text":321,"config":322},"Newsletter",{"href":323,"dataGaName":324,"dataGaLocation":25},"/company/contact/#contact-forms","newsletter",{"text":326,"config":327},"Press",{"href":328,"dataGaName":329,"dataGaLocation":25},"/press/","press",{"text":331,"config":332,"lists":333},"Contact us",{"dataNavLevelOne":273},[334],{"items":335},[336,339,344],{"text":32,"config":337},{"href":34,"dataGaName":338,"dataGaLocation":25},"talk to sales",{"text":340,"config":341},"Support portal",{"href":342,"dataGaName":343,"dataGaLocation":25},"https://support.gitlab.com","support portal",{"text":345,"config":346},"Customer portal",{"href":347,"dataGaName":348,"dataGaLocation":25},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":350,"login":351,"suggestions":358},"Close",{"text":352,"link":353},"To search repositories and projects, login to",{"text":354,"config":355},"gitlab.com",{"href":39,"dataGaName":356,"dataGaLocation":357},"search login","search",{"text":359,"default":360},"Suggestions",[361,363,367,369,373,377],{"text":54,"config":362},{"href":59,"dataGaName":54,"dataGaLocation":357},{"text":364,"config":365},"Code Suggestions (AI)",{"href":366,"dataGaName":364,"dataGaLocation":357},"/solutions/code-suggestions/",{"text":88,"config":368},{"href":90,"dataGaName":88,"dataGaLocation":357},{"text":370,"config":371},"GitLab on AWS",{"href":372,"dataGaName":370,"dataGaLocation":357},"/partners/technology-partners/aws/",{"text":374,"config":375},"GitLab on Google Cloud",{"href":376,"dataGaName":374,"dataGaLocation":357},"/partners/technology-partners/google-cloud-platform/",{"text":378,"config":379},"Why GitLab?",{"href":67,"dataGaName":378,"dataGaLocation":357},{"freeTrial":381,"mobileIcon":386,"desktopIcon":391,"secondaryButton":394},{"text":382,"config":383},"Start free trial",{"href":384,"dataGaName":30,"dataGaLocation":385},"https://gitlab.com/-/trials/new/","nav",{"altText":387,"config":388},"Gitlab Icon",{"src":389,"dataGaName":390,"dataGaLocation":385},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":387,"config":392},{"src":393,"dataGaName":390,"dataGaLocation":385},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":395,"config":396},"Get Started",{"href":397,"dataGaName":398,"dataGaLocation":385},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":400,"mobileIcon":404,"desktopIcon":406},{"text":401,"config":402},"Learn more about GitLab Duo",{"href":59,"dataGaName":403,"dataGaLocation":385},"gitlab duo",{"altText":387,"config":405},{"src":389,"dataGaName":390,"dataGaLocation":385},{"altText":387,"config":407},{"src":393,"dataGaName":390,"dataGaLocation":385},{"button":409,"mobileIcon":414,"desktopIcon":416},{"text":410,"config":411},"/switch",{"href":412,"dataGaName":413,"dataGaLocation":385},"#contact","switch",{"altText":387,"config":415},{"src":389,"dataGaName":390,"dataGaLocation":385},{"altText":387,"config":417},{"src":418,"dataGaName":390,"dataGaLocation":385},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":420,"mobileIcon":425,"desktopIcon":427},{"text":421,"config":422},"Back to pricing",{"href":167,"dataGaName":423,"dataGaLocation":385,"icon":424},"back to pricing","GoBack",{"altText":387,"config":426},{"src":389,"dataGaName":390,"dataGaLocation":385},{"altText":387,"config":428},{"src":393,"dataGaName":390,"dataGaLocation":385},{"title":430,"button":431,"config":436},"See how agentic AI transforms software delivery",{"text":432,"config":433},"Watch GitLab Transcend now",{"href":434,"dataGaName":435,"dataGaLocation":25},"/events/transcend/virtual/","transcend event",{"layout":437,"icon":438,"disabled":14},"release","AiStar",{"data":440},{"text":441,"source":442,"edit":448,"contribute":453,"config":458,"items":463,"minimal":670},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":443,"config":444},"View page source",{"href":445,"dataGaName":446,"dataGaLocation":447},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":449,"config":450},"Edit this page",{"href":451,"dataGaName":452,"dataGaLocation":447},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":454,"config":455},"Please contribute",{"href":456,"dataGaName":457,"dataGaLocation":447},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":459,"facebook":460,"youtube":461,"linkedin":462},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[464,511,565,609,636],{"title":165,"links":465,"subMenu":480},[466,470,475],{"text":467,"config":468},"View plans",{"href":167,"dataGaName":469,"dataGaLocation":447},"view plans",{"text":471,"config":472},"Why Premium?",{"href":473,"dataGaName":474,"dataGaLocation":447},"/pricing/premium/","why premium",{"text":476,"config":477},"Why Ultimate?",{"href":478,"dataGaName":479,"dataGaLocation":447},"/pricing/ultimate/","why ultimate",[481],{"title":482,"links":483},"Contact Us",[484,487,489,491,496,501,506],{"text":485,"config":486},"Contact sales",{"href":34,"dataGaName":35,"dataGaLocation":447},{"text":340,"config":488},{"href":342,"dataGaName":343,"dataGaLocation":447},{"text":345,"config":490},{"href":347,"dataGaName":348,"dataGaLocation":447},{"text":492,"config":493},"Status",{"href":494,"dataGaName":495,"dataGaLocation":447},"https://status.gitlab.com/","status",{"text":497,"config":498},"Terms of use",{"href":499,"dataGaName":500,"dataGaLocation":447},"/terms/","terms of use",{"text":502,"config":503},"Privacy statement",{"href":504,"dataGaName":505,"dataGaLocation":447},"/privacy/","privacy statement",{"text":507,"config":508},"Cookie preferences",{"dataGaName":509,"dataGaLocation":447,"id":510,"isOneTrustButton":14},"cookie preferences","ot-sdk-btn",{"title":70,"links":512,"subMenu":521},[513,517],{"text":514,"config":515},"DevSecOps platform",{"href":52,"dataGaName":516,"dataGaLocation":447},"devsecops platform",{"text":518,"config":519},"AI-Assisted Development",{"href":59,"dataGaName":520,"dataGaLocation":447},"ai-assisted development",[522],{"title":523,"links":524},"Topics",[525,530,535,540,545,550,555,560],{"text":526,"config":527},"CICD",{"href":528,"dataGaName":529,"dataGaLocation":447},"/topics/ci-cd/","cicd",{"text":531,"config":532},"GitOps",{"href":533,"dataGaName":534,"dataGaLocation":447},"/topics/gitops/","gitops",{"text":536,"config":537},"DevOps",{"href":538,"dataGaName":539,"dataGaLocation":447},"/topics/devops/","devops",{"text":541,"config":542},"Version Control",{"href":543,"dataGaName":544,"dataGaLocation":447},"/topics/version-control/","version control",{"text":546,"config":547},"DevSecOps",{"href":548,"dataGaName":549,"dataGaLocation":447},"/topics/devsecops/","devsecops",{"text":551,"config":552},"Cloud Native",{"href":553,"dataGaName":554,"dataGaLocation":447},"/topics/cloud-native/","cloud native",{"text":556,"config":557},"AI for Coding",{"href":558,"dataGaName":559,"dataGaLocation":447},"/topics/devops/ai-for-coding/","ai for coding",{"text":561,"config":562},"Agentic AI",{"href":563,"dataGaName":564,"dataGaLocation":447},"/topics/agentic-ai/","agentic ai",{"title":566,"links":567},"Solutions",[568,570,572,577,581,584,588,591,593,596,599,604],{"text":112,"config":569},{"href":107,"dataGaName":112,"dataGaLocation":447},{"text":101,"config":571},{"href":84,"dataGaName":85,"dataGaLocation":447},{"text":573,"config":574},"Agile development",{"href":575,"dataGaName":576,"dataGaLocation":447},"/solutions/agile-delivery/","agile delivery",{"text":578,"config":579},"SCM",{"href":97,"dataGaName":580,"dataGaLocation":447},"source code management",{"text":526,"config":582},{"href":90,"dataGaName":583,"dataGaLocation":447},"continuous integration & delivery",{"text":585,"config":586},"Value stream management",{"href":140,"dataGaName":587,"dataGaLocation":447},"value stream management",{"text":531,"config":589},{"href":590,"dataGaName":534,"dataGaLocation":447},"/solutions/gitops/",{"text":150,"config":592},{"href":152,"dataGaName":153,"dataGaLocation":447},{"text":594,"config":595},"Small business",{"href":157,"dataGaName":158,"dataGaLocation":447},{"text":597,"config":598},"Public sector",{"href":162,"dataGaName":163,"dataGaLocation":447},{"text":600,"config":601},"Education",{"href":602,"dataGaName":603,"dataGaLocation":447},"/solutions/education/","education",{"text":605,"config":606},"Financial services",{"href":607,"dataGaName":608,"dataGaLocation":447},"/solutions/finance/","financial services",{"title":170,"links":610},[611,613,615,617,620,622,624,626,628,630,632,634],{"text":182,"config":612},{"href":184,"dataGaName":185,"dataGaLocation":447},{"text":187,"config":614},{"href":189,"dataGaName":190,"dataGaLocation":447},{"text":192,"config":616},{"href":194,"dataGaName":195,"dataGaLocation":447},{"text":197,"config":618},{"href":199,"dataGaName":619,"dataGaLocation":447},"docs",{"text":220,"config":621},{"href":222,"dataGaName":223,"dataGaLocation":447},{"text":215,"config":623},{"href":217,"dataGaName":218,"dataGaLocation":447},{"text":225,"config":625},{"href":227,"dataGaName":228,"dataGaLocation":447},{"text":233,"config":627},{"href":235,"dataGaName":236,"dataGaLocation":447},{"text":238,"config":629},{"href":240,"dataGaName":241,"dataGaLocation":447},{"text":243,"config":631},{"href":245,"dataGaName":246,"dataGaLocation":447},{"text":248,"config":633},{"href":250,"dataGaName":251,"dataGaLocation":447},{"text":253,"config":635},{"href":255,"dataGaName":256,"dataGaLocation":447},{"title":271,"links":637},[638,640,642,644,646,648,650,654,659,661,663,665],{"text":278,"config":639},{"href":280,"dataGaName":273,"dataGaLocation":447},{"text":283,"config":641},{"href":285,"dataGaName":286,"dataGaLocation":447},{"text":291,"config":643},{"href":293,"dataGaName":294,"dataGaLocation":447},{"text":296,"config":645},{"href":298,"dataGaName":299,"dataGaLocation":447},{"text":301,"config":647},{"href":303,"dataGaName":304,"dataGaLocation":447},{"text":306,"config":649},{"href":308,"dataGaName":309,"dataGaLocation":447},{"text":651,"config":652},"Sustainability",{"href":653,"dataGaName":651,"dataGaLocation":447},"/sustainability/",{"text":655,"config":656},"Diversity, inclusion and belonging (DIB)",{"href":657,"dataGaName":658,"dataGaLocation":447},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":311,"config":660},{"href":313,"dataGaName":314,"dataGaLocation":447},{"text":321,"config":662},{"href":323,"dataGaName":324,"dataGaLocation":447},{"text":326,"config":664},{"href":328,"dataGaName":329,"dataGaLocation":447},{"text":666,"config":667},"Modern Slavery Transparency Statement",{"href":668,"dataGaName":669,"dataGaLocation":447},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":671},[672,675,678],{"text":673,"config":674},"Terms",{"href":499,"dataGaName":500,"dataGaLocation":447},{"text":676,"config":677},"Cookies",{"dataGaName":509,"dataGaLocation":447,"id":510,"isOneTrustButton":14},{"text":679,"config":680},"Privacy",{"href":504,"dataGaName":505,"dataGaLocation":447},[682,693,703,714,725,736,746,756,766,774,785,794,804,814,823,832,842,851,860,869,877,887,897],{"content":683,"config":691},{"title":684,"heroImage":685,"category":686,"description":687,"authors":688,"date":690},"Automating detection gap analysis with GitLab Duo Agent Platform","https://res.cloudinary.com/about-gitlab-com/image/upload/v1773147991/op5xyroonltdwqix0x3u.png","security-labs","Learn how GitLab's Signals Engineering team uses our AI platform to automatically surface detection gaps from security incidents — no manual review required.",[689],"Matt Coons","2026-03-10",{"slug":692,"externalUrl":-1},"automating-detection-gap-analysis-with-gitlab-duo-agent-platform",{"content":694,"config":701},{"title":695,"heroImage":696,"category":686,"description":697,"authors":698,"date":700},"GitLab Threat Intelligence Team reveals North Korean tradecraft","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464282/r2ovpvmizpkcngy9kzqu.png","Gain threat intelligence about North Korea’s Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.",[699],"Oliver Smith","2026-02-19",{"slug":702,"externalUrl":-1},"gitlab-threat-intelligence-reveals-north-korean-tradecraft",{"content":704,"config":712},{"title":705,"heroImage":706,"category":686,"description":707,"authors":708,"date":711},"GitLab discovers widespread npm supply chain attack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665667/Blog/Hero%20Images/built-in-security.jpg","Malware driving attack includes \"dead man's switch\" that can harm user data.",[709,710],"Michael Henriksen","Daniel Abeles","2025-11-24",{"slug":713,"externalUrl":-1},"gitlab-discovers-widespread-npm-supply-chain-attack",{"content":715,"config":722},{"title":716,"heroImage":717,"category":718,"description":719,"authors":720,"date":721},"GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","product","Learn more about this patch release for GitLab Community Edition (CE) and Enterprise Edition (EE).",[],"2025-11-12",{"slug":723,"externalUrl":724},"","https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/",{"content":726,"config":734},{"title":727,"heroImage":728,"category":729,"description":730,"authors":731,"date":733},"Introducing GitLab Advanced Vulnerability Tracking","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664844/Blog/Hero%20Images/AdobeStock_941867776.jpg","security","Learn how this security feature improves the efficiency of vulnerability management by reducing futile auditing time (includes data from a new study).",[732],"Julian Thome","2025-01-21",{"slug":735,"externalUrl":-1},"introducing-gitlab-advanced-vulnerability-tracking",{"content":737,"config":744},{"title":738,"heroImage":739,"category":686,"description":740,"authors":741,"date":743},"Git security audit: Inside the hunt for - and discovery of - CVEs","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668524/Blog/Hero%20Images/closeup-photo-of-black-and-blue-keyboard-1194713.jpg","Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.",[742],"Joern Schneeweisz","2023-01-24",{"slug":745,"externalUrl":-1},"git-security-audit",{"content":747,"config":754},{"title":748,"heroImage":749,"category":729,"description":750,"authors":751,"date":753},"Meet Package Hunter: A tool for detecting malicious code in your dependencies","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682075/Blog/Hero%20Images/package-hunter.png","We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.",[752],"Dennis Appelt","2021-07-23",{"slug":755,"externalUrl":-1},"announcing-package-hunter",{"content":757,"config":764},{"title":758,"heroImage":759,"category":729,"description":760,"authors":761,"date":763},"How we’re creating a threat model framework that works for GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682058/Blog/Hero%20Images/pexels-nathan-j-hilton.jpg","As usual, we’re creating our own path in how we handle our threat modeling, approaching development both iteratively and collaboratively, and seriously shifting left with our framework and processes.",[762],"Mark Loveless","2021-07-09",{"slug":765,"externalUrl":-1},"creating-a-threat-model-that-works-for-gitlab",{"content":767,"config":772},{"title":768,"heroImage":739,"category":729,"description":769,"authors":770,"date":771},"A brief look at Gitpod, two bugs, and a quick fix","Our security researcher takes a look at Gitpod and finds some access tokens under the carpet.",[742],"2021-07-08",{"slug":773,"externalUrl":-1},"two-bugs-and-a-quick-fix-in-gitpod",{"content":775,"config":783},{"title":776,"heroImage":777,"category":778,"description":779,"authors":780,"date":782},"You asked, and our Red Team answered","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670889/Blog/Hero%20Images/security-ama-blog-header.png","unfiltered","We held a public, ask me anything with our Red Team. Here’s what people asked.",[781],"Heather Simpson","2021-01-29",{"slug":784,"externalUrl":-1},"you-asked-and-our-red-team-answered",{"content":786,"config":792},{"title":787,"heroImage":788,"category":778,"description":789,"authors":790,"date":791},"Switching “sides” in security","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679594/Blog/Hero%20Images/jason-polychronopulos-unsplash.jpg","How does product security work differ from pen testing and hacking all the things?",[742],"2020-10-23",{"slug":793,"externalUrl":-1},"switching-sides-in-security",{"content":795,"config":802},{"title":796,"heroImage":797,"category":729,"description":798,"authors":799,"date":801},"Why you need a security champions program","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664002/Blog/Hero%20Images/securitychampions.jpg","Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.",[800],"Valerie Silverthorne","2020-10-14",{"slug":803,"externalUrl":-1},"why-security-champions",{"content":805,"config":812},{"title":806,"heroImage":807,"category":729,"description":808,"authors":809,"date":811},"GitLab's security trends report – our latest look at what's most vulnerable","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678152/Blog/Hero%20Images/data.jpg","From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.",[810],"Wayne Haber","2020-10-06",{"slug":813,"externalUrl":-1},"gitlab-latest-security-trends",{"content":815,"config":821},{"title":816,"heroImage":817,"category":729,"description":818,"authors":819,"date":820},"How to configure DAST full scans for complex web applications","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679617/Blog/Hero%20Images/tuning-237454.jpg","Keep your DAST job within timeout limits and fine-tune job configurations for better results",[752],"2020-08-31",{"slug":822,"externalUrl":-1},"how-to-configure-dast-full-scans-for-complex-web-applications",{"content":824,"config":830},{"title":825,"heroImage":826,"category":729,"description":827,"authors":828,"date":829},"How to play GitLab's Capture the Flag at home","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681485/Blog/Hero%20Images/gitlab_ctf.png","Our AppSec team built and ran a CTF, and now it's available for you to play at home.",[742],"2020-08-12",{"slug":831,"externalUrl":-1},"how-to-play-gitlab-ctf-at-home",{"content":833,"config":840},{"title":834,"heroImage":835,"category":729,"description":836,"authors":837,"date":839},"How to benchmark security tools: a case study using WebGoat","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749678166/Blog/Hero%20Images/benchmarking.jpg","When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.",[838],"Isaac Dawson","2020-08-11",{"slug":841,"externalUrl":-1},"how-to-benchmark-security-tools",{"content":843,"config":849},{"title":844,"heroImage":845,"category":729,"description":846,"authors":847,"date":848},"GitLab instance: security best practices","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667057/Blog/Hero%20Images/configs_unsplash.jpg","Default settings on products can be massively helpful. However, when it comes to hardening your GitLab instance, we’ve got some helpful configuration recommendations from our security team.",[762],"2020-05-20",{"slug":850,"externalUrl":-1},"gitlab-instance-security-best-practices",{"content":852,"config":858},{"title":853,"heroImage":854,"category":729,"description":855,"authors":856,"date":857},"How we manage open source security software","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681227/Blog/Hero%20Images/opensourcesecurity.jpg","Open source software presents unique security challenges. Here’s what you need to know.",[762],"2020-04-10",{"slug":859,"externalUrl":-1},"open-source-security",{"content":861,"config":867},{"title":862,"heroImage":863,"category":729,"description":864,"authors":865,"date":866},"Top 6 security trends in GitLab-hosted projects","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663502/Blog/Hero%20Images/paperclips.jpg","Using components with known vulnerabilities is the most common security problem in GitLab.com-hosted projects.",[810],"2020-04-02",{"slug":868,"externalUrl":-1},"security-trends-in-gitlab-hosted-projects",{"content":870,"config":875},{"title":871,"heroImage":739,"category":729,"description":872,"authors":873,"date":874},"How to exploit parser differentials","Your guide to abusing 'language barriers' between web components.",[742],"2020-03-30",{"slug":876,"externalUrl":-1},"how-to-exploit-parser-differentials",{"content":878,"config":885},{"title":879,"heroImage":880,"category":729,"description":881,"authors":882,"date":884},"Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749672755/Blog/Hero%20Images/white-lightning-heating-mountain.jpg","A Red Team exercise on exploiting design decisions on GCP.",[883],"Chris Moberly","2020-02-12",{"slug":886,"externalUrl":-1},"plundering-gcp-escalating-privileges-in-google-cloud-platform",{"content":888,"config":895},{"title":889,"heroImage":890,"category":729,"description":891,"authors":892,"date":894},"Introducing Token-Hunter","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679669/Blog/Hero%20Images/lightscape-Bsw6l6e01Rw-unsplash.jpg","Our red team has created a new tool to find sensitive data in the vast, wide-open.",[893],"Greg Johnson","2019-12-20",{"slug":896,"externalUrl":-1},"introducing-token-hunter",{"content":898,"config":903},{"title":899,"heroImage":739,"category":729,"description":900,"authors":901,"date":902},"Shopping for an admin account via path traversal","How to exploit a path traversal issue to gain an admin account",[742],"2019-11-29",{"slug":904,"externalUrl":-1},"shopping-for-an-admin-account",1776438109024]