Archive for the ‘DevSecOps’ Category

We hosted Infisical company to discuss different aspects of secrets management

We’ve recently organized the videos we have recorded over the years into a centralized “library” of VOD (Video On-Demand) .We arranged it by products, tags, language and recording date (at your convivence). Feel free to find what interests you the most and watch! >> The DevOps VOD library is available here Do you want to […]

Besides version control and CI/CD, GitLab also offers a variety of security tests on your proprietary code (code you develop) or external code you use (i.e. open source), as well as code compliance capabilities – to help you ensure that you make proper and legal use of any open source libraries and code snippets. In […]

As a company that deals a lot with GitLab and Kubernetes and helps many customers with these issues, We are often asked about the nature of the connection between GitLab and GitLab CI/CD and Kubernetes, and in particular OpenShift. From ongoing engagement on the subject, we have accumulated quite a bit of knowledge and decided […]

Initially written in January 2022. Last update: April 2023 I’m frequently asked what the differences are between SonarQube versions. From the questions it is clear that the licensing options are not so clear and quite confusing, so I decided to write down the essential points and help make things right. Legend: Core differences What’s in […]

Date: January 12, 2023 Time: 6pm – 9pm CET / 9am – 12pm PST Cyber attacks have never been more in the news. From Twitter hacks to identity theft, vulnerabilities are exposing gaps in the application development process. Application security is difficult, especially when security is a separate process from your DevOps workflow. Security has […]

Date: Tuesday, December 13, 2022 Time: 2pm – 5pm CET Join us to learn how GitLab can quickly get you started down your GitOps journey! This workshop will go over how you can quickly get started using the GitLab Agent for Kubernetes starting with an empty project and moving all the way to deploying a […]

Date: Wednesday, September 15th Time: 2:00 pm – 5:00 pm CEST GitLab is a great DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. Join a virtual & live session for a 3-hour virtual hands on workshop (at no charge) to gain a better understanding of how […]

Date: Wednesday, August 31st Time: 2:00 pm – 5:00 pm CEST GitLab is a great DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. Join a virtual & live session for a 3-hour virtual hands on workshop (at no charge), an Introduction to our CI/CD. In this […]

GitHub reported that a hacker was apparently exploiting a security vulnerability or human error on 3rd-party apps Travis and Heroku. The security vulnerability exposed the tokens, allowing the hacker to steal the tokens and utilize them to enter private repositories on GitHub (including NPM) so he managed to download those repositories – including all the […]

Since we provide a variety of secrets management solutions, we’re frequently asked about the differences between HashiCorp Vault and Akeyless Vault platform – so here it is! We made a comparison sheet including more than 10 criteria: Platform; technology; infrastructures; maintenance; required skills; security aspects; high availability (HA) ; user interface (UI) ; Multi-cloud; supporting […]

Every week we hear about the latest website to get hacked, and hackers getting access to another database with consumers’ personal data inside. Just in the last weeks there have been numerous reports of hacking, including stealing the medical records of 290,000 patients of the “Mor Medical Institute,” and releasing data of 1 million subscribers […]

You can use Akeyless Vault secret management within GitLab and GitLab CI. Code placed in GitLab or GitLab CI/CD requires secrets in order to properly execute access to various resources. By integrating GitLab CI with Akeyless Vault, you would not need to keep hard coded secrets within the GitLab code repo such as username & […]

Concerning the reported Log4J vulnerability (CVE-2021-44228), you should know that GitLab does not use Log4j or Log4j2 packages. GitLab was written using Ruby, JS and Go so it uses different log libraries. If you use GitLab Advance Search or Code Search features (available in paid edition including Premium, Ultimate and Starter) you should know it […]

As you probably know, a few months ago HashiCorp started offering the popular Vault product as a managed service in the cloud (known as “Vault HCP” or Vault Cloud), until then this had  only been offered as an on-premises product – Vault OSS and Vault Enterprise. We recently (in response to questions from our customers) […]