11 Jul 2021
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
- 1 participant
- 3 minutes
23 Jun 2021
Philippe Lafoucrière's weekly update on the GitLab Inventory Build.
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
- 1 participant
- 5 minutes
18 Jun 2021
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
- 1 participant
- 4 minutes
12 Jun 2021
Philippe Lafoucrière, Engineer in the Security Department, introduces the GitLab Inventory Build, and the current progress on the project.
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
- 1 participant
- 14 minutes
26 Feb 2021
Security Awards Program update by Philippe Lafoucrière, Distinguished Security Engineer. The leaderboards are now updated automatically via the project pipeline.
- 1 participant
- 6 minutes
4 Dec 2020
The Security Department discusses the threat modeling process we plan on adapting to the rest of GitLab.
Handbook: https://about.gitlab.com/handbook/security/threat_modeling/
Template for issues or docs: https://gitlab.com/gitlab-com/gl-security/security-research/threat-modeling-template
Real world example: https://gitlab.com/gitlab-com/gl-security/security-research/gitlab-standalone-instance
Handbook: https://about.gitlab.com/handbook/security/threat_modeling/
Template for issues or docs: https://gitlab.com/gitlab-com/gl-security/security-research/threat-modeling-template
Real world example: https://gitlab.com/gitlab-com/gl-security/security-research/gitlab-standalone-instance
- 4 participants
- 14 minutes
21 May 2020
This is a discussion between Ryan Demmer - Technical Recruiter and Jan Urbanc - Director, Security Operations about what it's like to work all remote on the Security team at GitLab. We hope you enjoy!
Join our GitLab Talent Community!
https://about.gitlab.com/jobs/
Find more information about being a Security Engineer at GitLab here:
https://about.gitlab.com/job-families/engineering/security-engineer/
Security Team Page:
https://about.gitlab.com/handbook/engineering/security/
Join our GitLab Talent Community!
https://about.gitlab.com/jobs/
Find more information about being a Security Engineer at GitLab here:
https://about.gitlab.com/job-families/engineering/security-engineer/
Security Team Page:
https://about.gitlab.com/handbook/engineering/security/
- 2 participants
- 16 minutes
3 Apr 2020
Everyone wants to shift security left, but how? Security scans are unwieldy and don't fit an iterative, agile development cycle. We will step through the developers’ workflow and show exactly where application security can be embedded and automated - and best practices for optimal results.
This approach will benefit developers and security pros alike. See what can be achieved with a brief demo of an actual developer pipeline then ride along for the perspective of the security team. Learn how your app sec can become iterative, automated and embedded into the automated DevOps processes.
www.gitlab.com
This approach will benefit developers and security pros alike. See what can be achieved with a brief demo of an actual developer pipeline then ride along for the perspective of the security team. Learn how your app sec can become iterative, automated and embedded into the automated DevOps processes.
www.gitlab.com
- 2 participants
- 51 minutes
1 Apr 2020
https://about.gitlab.com/blog/2020/04/02/security-trends-in-gitlab-hosted-projects/
Top security risks include using components with known vulnerabilities, XSS, lack of secret management, lack of CSP, CSRF, and SQLi
Top security risks include using components with known vulnerabilities, XSS, lack of secret management, lack of CSP, CSRF, and SQLi
- 1 participant
- 5 minutes
6 Mar 2020
Presentation Slides: https://docs.google.com/presentation/d/1U8r5CJs9dLOLO2-hj_bHidRMXugUl3ejv8Hdw6bDMv4/
- 1 participant
- 17 minutes
8 Oct 2019
Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) and Jayson Salazar (Senior Security Engineer, Security Operations - https://about.gitlab.com/handbook/engineering/security/#security-operations) discuss what exactly the Security Operations Team Does at GitLab.
Jayson mentions several key links which are here:
- https://gitlab.com/gitlab-com/gl-security/secops/operations
- Slack: #security, #security-department, @secops-team, /security
Jayson mentions several key links which are here:
- https://gitlab.com/gitlab-com/gl-security/secops/operations
- Slack: #security, #security-department, @secops-team, /security
- 2 participants
- 6 minutes
7 Oct 2019
Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) and Greg Johnson (Senior Security Engineer, Red Team. - https://about.gitlab.com/handbook/engineering/security/#red-team) discuss what exactly the External Security Communications Team does at GitLab.
Greg mentions several key links which are here:
- https://about.gitlab.com/handbook/engineering/security/red-team-roe.html
- Slack: #security, #security-department
Greg mentions several key links which are here:
- https://about.gitlab.com/handbook/engineering/security/red-team-roe.html
- Slack: #security, #security-department
- 2 participants
- 3 minutes
7 Oct 2019
Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) and Antony Saba (Senior Threat Intelligence Engineer - https://about.gitlab.com/handbook/engineering/security/#threat-intelligence) discuss what exactly the Threat Intelligence Team does at GitLab.
Antony mentions several key links which are here:
- https://about.gitlab.com/handbook/engineering/security/#engaging-the-security-on-call
- https://about.gitlab.com/handbook/engineering/security/#internal-application-security-reviews
-Slack: #security, #security-department, @sec-ops-team
Antony mentions several key links which are here:
- https://about.gitlab.com/handbook/engineering/security/#engaging-the-security-on-call
- https://about.gitlab.com/handbook/engineering/security/#internal-application-security-reviews
-Slack: #security, #security-department, @sec-ops-team
- 2 participants
- 5 minutes
4 Oct 2019
Heather Simpson (Senior Security Analyst, External Communications - https://about.gitlab.com/handbook/engineering/security/#security-external-communications) and Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) discuss what exactly the Field Security Team does at GitLab.
- Slack: #security-department, #security
- Slack: #security-department, #security
- 2 participants
- 2 minutes
4 Oct 2019
Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) and Heather Simpson (Senior Security Analyst, External Communications - https://about.gitlab.com/handbook/engineering/security/#security-external-communications) discuss what exactly the External Security Communications Team does at GitLab.
Heather mentions several key links which are here:
- https://gitlab.com/gitlab-com/gl-security/security-communications/communications/issues
- https://about.gitlab.com/blog/categories/security/
Heather mentions several key links which are here:
- https://gitlab.com/gitlab-com/gl-security/security-communications/communications/issues
- https://about.gitlab.com/blog/categories/security/
- 2 participants
- 3 minutes
4 Oct 2019
Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) and Jennifer Blanco (Senior Security Analyst, Compliance - https://about.gitlab.com/handbook/engineering/security/#compliance) discuss what exactly the Compliance Team does at GitLab.
Jennifer mentions several key links which are here:
- https://about.gitlab.com/handbook/engineering/security/sec-controls.html
- https://about.gitlab.com/2019/05/07/choosing-a-compliance-framework/
- https://about.gitlab.com/2019/04/10/gitlab-security-tools-and-the-hipaa-risk-analysis/
- Slack: @sec-compliance-team
Jennifer mentions several key links which are here:
- https://about.gitlab.com/handbook/engineering/security/sec-controls.html
- https://about.gitlab.com/2019/05/07/choosing-a-compliance-framework/
- https://about.gitlab.com/2019/04/10/gitlab-security-tools-and-the-hipaa-risk-analysis/
- Slack: @sec-compliance-team
- 2 participants
- 3 minutes
1 Oct 2019
Devin Harris (Senior Security Analyst, Field Security - https://about.gitlab.com/handbook/engineering/security/#field-security) and Charl de Wit (Security Analyst, Abuse Operations - https://about.gitlab.com/handbook/engineering/security/#abuse-operations) discuss what exactly the Anti-Abuse Team does at GitLab.
Charl mentions several key links which are here:
- https://about.gitlab.com/terms/
- https://docs.gitlab.com/ee/user/abuse_reports.html
- Slack: @abuse-team
Charl mentions several key links which are here:
- https://about.gitlab.com/terms/
- https://docs.gitlab.com/ee/user/abuse_reports.html
- Slack: @abuse-team
- 2 participants
- 3 minutes
7 Jun 2018
Security is a critical part of automating the DevOps lifecycle. Join us to learn how can healthcare and insurance providers within the BCBS network are developing a faster DevOps lifecycle by integrated security directly into the process with GitLab.
- 4 participants
- 46 minutes