gitlab
Safeguard articles tagged "gitlab" — guides, analysis, and best practices for software supply chain and application security.
13 articles
GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained
CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.
GitLab ExifTool RCE (CVE-2021-22205) Explained
An unauthenticated attacker could run code on a GitLab server just by uploading an image. The bug was not in GitLab at all — it was in ExifTool. Here is the full story.
GitLab CI Supply Chain Hardening Checklist 2026
A 2026 hardening checklist for GitLab CI: ID tokens, protected branches, runner isolation, included templates, and the controls that actually shrink blast radius.
GitLab Ultimate Security Buyer Review 2026
GitLab bundles SAST, SCA, container scanning, and DAST into the Ultimate tier. Is the integrated story worth the premium over best-of-breed tools? An honest review.
GitLab OIDC Token Theft: Workflow Research
GitLab CI OIDC tokens are becoming the keys to cloud kingdoms. Recent research shows how workflow misconfigurations leak them in surprising ways.
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.
GitLab Unauthenticated RCE via ExifTool Image Processing ...
CVE-2021-22205 let attackers gain unauthenticated RCE on self-hosted GitLab via ExifTool image parsing. Here's the affected versions, severity, timeline, and fixes.
GitLab CI/CD Security Hardening for 2025
A practical hardening playbook for GitLab 17.8 covering runner isolation, OIDC federation, CI variable scoping, and protected branch enforcement.
Hardening GitLab vs GitHub Default Settings
GitLab and GitHub both ship with defaults that prioritize usability. A head-to-head on the specific hardening steps each platform needs before it is safe for enterprise use.
GitLab Pipeline Execution Vulnerability CVE-2024-6678: Running Pipelines as Any User
CVE-2024-6678 allowed attackers to trigger GitLab CI/CD pipelines as arbitrary users, potentially accessing secrets and deploying malicious code through impersonated pipeline runs.
GitLab CI/CD Security Configuration
Hardening GitLab CI/CD pipelines with protected variables, secure runners, and built-in security scanning.
GitLab Ultimate Security Features: Built-In Security Done Pragmatically
A review of GitLab Ultimate's security scanning features covering SAST, DAST, dependency scanning, container scanning, and how integrated security compares to best-of-breed tools.