Test Blog

Test 123

Comments

Post a Comment

Popular posts from this blog

Git security audit: Inside the hunt for - and discovery of - CVEs

Image
Keeping a secure development environment is my daily focus here at GitLab. My team and I are committed to hunting for vulnerabilities and mitigating them before they impact others. I feel equally enthusiastic about helping the development community identify potential risk. So when I had the opportunity to join an open-source security audit of Git, funded by the Open Source Technology Improvement Fund (OSTIF) , I jumped at it. Little did I know it would lead to the discovery of CVE-2022-41903 . Here's how it all unfolded. How we set up a collaboration environment The Git security audit was run by X41 D-Sec on behalf of OSTIF. Due to prior experiences in finding vulnerabilities in Git, I was very keen on joining the audit. When Markus at X41 suggested a collaboration to the OSTIF they were very open to it, so all I had to do was convince my manager to spend some time on this audit. This wasn't a problem at all. The to-be-done work fits nicely into our Security Research Tea...
Read more

How open source contributions accelerate Gitlab Secure

Image
When you think about security you probably imagine locks, gates, and closed systems. This is the more traditional approach to security but modern security is much more open and collaborative. If you want to build the most secure systems, there is nothing better than building those systems in the open. Open security practices allow you to get fast feedback from a broad audience with diverse perspectives, helping you build better more holistic solutions. That's our approach to building GitLab Secure at GitLab. We're leveraging amazing open source security projects, the collective contribution of the wider community, and providing an open integration system for anyone to build on top of GitLab security scanners. Shifting left Traditional security approaches are opaque and late in the development life cycle. Security scans are performed by isolated security experts long after developers write code, often after it's deployed to production. GitLab aims to make security an inte...
Read more

How to advance your DevOps practices with communication and collaboration

Image
We believe that the best software developers, companies, and products are those that embrace collaboration and transparency in communication, which is why we’ve compiled some of our best blog posts, articles, and videos about the topic in this blog collection. But first, has your engineering team adopted a DevOps strategy? Start here if you need help communicating why DevOps is the best approach to stakeholders outside the engineering team. Why collaboration in software development matters We unpack three key reasons why collaboration is an essential skill for software developers. Your future as a software developer is bright if you embrace collaboration While some might consider teamwork and communication to be soft skills, the results of our 2020 DevSecOps survey reveal a consensus among developers, security pros, ops team members, and testers that collaboration and communication are the most important skills for a DevOps professional. "You can’t have one brain that know...
Read more