Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
TechRepublic

Best CI/CD Pipeline Tools for DevOps

Software developers can leverage the power of continuous integration and continuous delivery/deployment (CI/CD) tools to automate the development lifecycle. Such automation allows them to increase ...
Bleeping Computer

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. GitLab is a popular web-based ...
Bleeping Computer

GitLab warns of critical arbitrary branch pipeline execution flaw

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. The vulnerability, ...
CSOonline

Securing CI/CD pipelines: 6 best practices

In May, GitLab reported tackling similar cryptomining attacks on its platform from attackers abusing “free minutes” (quota) allotted to new accounts. Because the very nature of CI/CD automation tools ...