Safeguard
Tag

gitlab

Safeguard articles tagged "gitlab" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Vulnerability Analysis

GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained

CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.

Jul 5, 20265 min read
Vulnerability Analysis

GitLab ExifTool RCE (CVE-2021-22205) Explained

An unauthenticated attacker could run code on a GitLab server just by uploading an image. The bug was not in GitLab at all — it was in ExifTool. Here is the full story.

Jul 1, 20265 min read
DevSecOps

GitLab CI Supply Chain Hardening Checklist 2026

A 2026 hardening checklist for GitLab CI: ID tokens, protected branches, runner isolation, included templates, and the controls that actually shrink blast radius.

Mar 19, 20265 min read
Application Security

GitLab Ultimate Security Buyer Review 2026

GitLab bundles SAST, SCA, container scanning, and DAST into the Ultimate tier. Is the integrated story worth the premium over best-of-breed tools? An honest review.

Mar 3, 20266 min read
Emerging Technology

GitLab OIDC Token Theft: Workflow Research

GitLab CI OIDC tokens are becoming the keys to cloud kingdoms. Recent research shows how workflow misconfigurations leak them in surprising ways.

Feb 8, 20268 min read
Vulnerability Analysis

GitLab ExifTool RCE (CVE-2021-22205)

CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.

Jan 11, 20268 min read
DevSecOps

GitLab Unauthenticated RCE via ExifTool Image Processing ...

CVE-2021-22205 let attackers gain unauthenticated RCE on self-hosted GitLab via ExifTool image parsing. Here's the affected versions, severity, timeline, and fixes.

Nov 24, 20257 min read
DevSecOps

GitLab CI/CD Security Hardening for 2025

A practical hardening playbook for GitLab 17.8 covering runner isolation, OIDC federation, CI variable scoping, and protected branch enforcement.

Feb 20, 20255 min read
DevSecOps

Hardening GitLab vs GitHub Default Settings

GitLab and GitHub both ship with defaults that prioritize usability. A head-to-head on the specific hardening steps each platform needs before it is safe for enterprise use.

Dec 5, 20246 min read
Vulnerability Analysis

GitLab Pipeline Execution Vulnerability CVE-2024-6678: Running Pipelines as Any User

CVE-2024-6678 allowed attackers to trigger GitLab CI/CD pipelines as arbitrary users, potentially accessing secrets and deploying malicious code through impersonated pipeline runs.

Sep 12, 20246 min read
DevSecOps

GitLab CI/CD Security Configuration

Hardening GitLab CI/CD pipelines with protected variables, secure runners, and built-in security scanning.

Apr 18, 20234 min read
Tool Reviews

GitLab Ultimate Security Features: Built-In Security Done Pragmatically

A review of GitLab Ultimate's security scanning features covering SAST, DAST, dependency scanning, container scanning, and how integrated security compares to best-of-breed tools.

Feb 28, 20235 min read
gitlab — Safeguard Blog