Canadian incident reaction firm Digital Defense CEO Robert Begs said that CSO would have to remember that Gitlab is not a passive folder where a user deposits and rebuilds the data or source code later. It is a complex application that supports the entire devops life cycle, from planning to deployment and monitoring. To support this role, Gitlab provides a large number of complex functions. This feature increases the surface of the set attack. In combination with the complexity of the application, any misconception or weaknesses can have a significant effect for users.
“With all the applications, the CSO will have to pay attention to any patch or upgrade for the seller reports and application,” he said in an email. “They also have to take care of their own safety cleanliness and follow the best practices for Gitlab use.”
These involve limiting access to Github repository and limiting access privileges-for example, ensuring that default visibility is set for private-enabling multi-factor authentication for private and ensure that passwords follow specific complexity rules, apply roll-based access to roll-based access contracts and review the Access-based access and review tls, SSL and Tls, SSL and Tls. To secure charpalling. Branch Protection Rules and Code Sign, and more.
