25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in …
GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics
GitLab has released GitLab 18.11, expanding agentic AI across the entire software lifecycle with security remediation, pipeline configuration, and delivery analytics. …
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put …
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose …
Rust package registry adds security tools and metrics to crates.io
The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which …
GitLab Duo Agent Platform solves the AI paradox in software delivery
GitLab announced the GitLab Duo Agent Platform, delivering agentic AI that enables teams to orchestrate agents across the entire software lifecycle. AI tools have been …
Hackers claim to have plundered Red Hat’s GitLab repos
The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitLab and have …
Development vs. security: The friction threatening your code
Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s …
GitLab 18 increases developer productivity by integrating AI throughout the platform
GitLab launched GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows …
GitLab CISO on proactive monitoring and metrics for DevSecOps success
In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating …
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every …
Featured news
Resources
Don't miss
- 88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)
- Buggy Vect ransomware is effectively a data wiper, researchers find
- CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
- The Exchange Online security controls organizations keep getting wrong
- Identity discovery: The overlooked lever in strategic risk reduction