HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Security testing of Gitlab self-hosted deployments(github.com)

3 points·by laserspeed·11 mesi fa·3 comments
github.com
Security testing of Gitlab self-hosted deployments

https://github.com/kulkansecurity/GitLab-Security-Checklist

3 comments

laserspeed·11 mesi fa
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
gkoos·11 mesi fa
Good start, covers the big GitLab pitfalls (auth, runners, vars, project config). The the fun part to be added: runner isolation/cleanup, built-in scans (SAST/dep/secret), logging/audit trails, push-rules (signed commits), and secret management practices. Solid so far tho.
laserspeed·11 mesi fa
Agreed! Those are indeed some nice pointers to add.