Test Blog

Test 123

Comments

Post a Comment

Popular posts from this blog

Git security audit: Inside the hunt for - and discovery of - CVEs

Image
Keeping a secure development environment is my daily focus here at GitLab. My team and I are committed to hunting for vulnerabilities and mitigating them before they impact others. I feel equally enthusiastic about helping the development community identify potential risk. So when I had the opportunity to join an open-source security audit of Git, funded by the Open Source Technology Improvement Fund (OSTIF) , I jumped at it. Little did I know it would lead to the discovery of CVE-2022-41903 . Here's how it all unfolded. How we set up a collaboration environment The Git security audit was run by X41 D-Sec on behalf of OSTIF. Due to prior experiences in finding vulnerabilities in Git, I was very keen on joining the audit. When Markus at X41 suggested a collaboration to the OSTIF they were very open to it, so all I had to do was convince my manager to spend some time on this audit. This wasn't a problem at all. The to-be-done work fits nicely into our Security Research Tea...
Read more

How open source contributions accelerate Gitlab Secure

Image
When you think about security you probably imagine locks, gates, and closed systems. This is the more traditional approach to security but modern security is much more open and collaborative. If you want to build the most secure systems, there is nothing better than building those systems in the open. Open security practices allow you to get fast feedback from a broad audience with diverse perspectives, helping you build better more holistic solutions. That's our approach to building GitLab Secure at GitLab. We're leveraging amazing open source security projects, the collective contribution of the wider community, and providing an open integration system for anyone to build on top of GitLab security scanners. Shifting left Traditional security approaches are opaque and late in the development life cycle. Security scans are performed by isolated security experts long after developers write code, often after it's deployed to production. GitLab aims to make security an inte...
Read more

How to create a hub of GitLab CI/CD jobs with R2Devops

Image
CI/CD has changed our development processes, but it hasn’t simplified them in every aspect. The amount of knowledge necessary to implement and maintain your first CI/CD pipelines is huge, and the time you need to invest in it is consequential. Partnering with GitLab, R2Devops aims to simplify CI/CD onboarding by creating a hub of CI/CD jobs. In this blog post I'll show you how to use R2DevOps with GitLab to add jobs to an open source hub. A collaborative hub of open source jobs Collaboration is core to our development processes. On a daily basis, we use open source software and code and ask our teammates for review. Working together to achieve common goals helps us to develop better products and improve continuously. With R2Devops, you’ll find a collaborative library of open source CI/CD jobs . You can save a lot of time by using jobs from an open source library. You won’t have to write your pipeline from scratch for every new project, and you can focus on what you like doing, w...
Read more