Search

about.gitlab.com › blog

OWASP Top 10 2025: What's changed and why it matters

… Impact on your system Unauthorized information disclosure Complete data destruction or data modification Privilege escalation users gaining admin rights Viewing or editing other users' accounts API access from unauthorized or untrusted sources Notable CWEs CWE-22: Path Traversal CWE-200: Exposure o… …

Jan 7, 2026 · Fernando Diaz

about.gitlab.com › blog

5 ways to fix misleading vulnerability severities with policy

… Policies are managed in a security policy project with restricted access. …

May 13, 2026 · Grant Hickman

about.gitlab.com › blog

Why GitLab access tokens now have lifetime limits

… An attacker stumbles on this leaked access token AT1 , uses AT1 and the token rotation endpoint to get a new access token AT2 to continue maintaining access to the user's account. …

Oct 25, 2023 · Hannah Sutor

about.gitlab.com › blog › gitlab-transcend-announcements

GitLab: Built for the agentic engineering era

… Next-generation SCM and governance for agents capabilities are in private beta, and you can request early access here. …

Jun 10, 2026

about.gitlab.com › blog

A developer's guide to building an AI security governance framework

… As AI continues to advance , there is a growing need for strong oversight and accountability. …

Apr 23, 2024 · Ayoub Fandi

about.gitlab.com › blog › administering-gitlab-edu

Administering your GitLab for Education License

… Can students be issued accounts from a bulk list of email addresses? Rather than allowing anyone to sign up or create an account, Administrators can automate user creation of accounts using the REST API. …

Jul 10, 2020

about.gitlab.com › blog

An SA story about hyperscaling GitLab Runner workloads using Kubernetes

… So a new pod resourcing profile was defined and could be accessed with the runner tag ‘xlarge’. …

Jun 29, 2022 · Darwin Sanoy