Open Source Security at GitLab

Empowering the Security Community

At GitLab, we believe in the power of open source to drive innovation and strengthen the security ecosystem.

Browse resources

Our Open Source Security Priorities

By sharing tools, templates, and frameworks developed by our security teams, we aim to empower developers, security practitioners, and organizations to build safer, more secure software.

Our commitment to an open-source-first approach aligns with GitLab's core values of transparency and collaboration. We're dedicated to providing the security community with resources that are easy to access, adopt, and integrate, helping teams everywhere stay ahead of evolving threats.

Featured Open Source Security Projects

StORM Templates

Enhance your security risk program

Security Risk Quarterly (SRQ) and Risk Register templates. These templates help structure the risk tracking and reporting processes, ensuring all information is tracked and relevant information is reported to appropriate stakeholders.

Browse StORM Templates

GUARD Framework

Automate response and detection

The GitLab Universal Automated Response and Detection (GUARD) framework simplifies detection creation, maintenance, alert routing, and metrics collection through a detections-as-code approach. Learn more about the open source framework.

Browse the GUARD Framework

GitLab CIS Benchmark Scanner

Improve your project's security posture

The GitLab CIS Benchmark Scanner is a Python CLI tool that audits a GitLab project against the Center for Internet Security (CIS) GitLab Benchmark.

Browse the CIS Benchmark Scanner

GitLab Assistant

Streamline resource management and workflows

A Python module that extends the python-gitlab API wrapper with a business layer for easier management of groups, projects, issues, and workflows. Available as both a CLI tool and Python package for automation and customization. Explore GitLab Assistant.

Browse the GitLab Assistant project

TLDR Framework

Contextualize threat detection

The Threat, Log, Detect, Response (TLDR) framework standardizes threat detection with comprehensive context on threats and how to respond effectively. Explore the open-source framework.

Browse the TLDR framework

Resources

Get the latest Security insights right here

More Security resources

Addressing the root cause of common security frustrations

Security frustrations are often framed as a cultural issue — but leaders also need to focus on issues like tech stack complexity and vulnerability management.

GitLab Advanced SAST is now generally available

Reduce false positives, shorten remediation time, and improve development velocity with a proprietary solution built into GitLab.

2023 Gartner® Magic Quadrant™ for Application Security Testing

The 2023 Magic Quadrant focuses on emerging technologies and approaches, and AST tools that address the new requirements they bring.

Ship better software. Faster

Accelerate, collaborate, and secure your code with GitLab

Get your free trialContact sales