最严重的漏洞涉及 GitLab Duo 代码审查功能中的提示注入攻击。攻击者可直接在合并请求评论中植入隐藏的恶意指令，诱使 AI 系统泄露机密议题中的敏感信息。该漏洞影响 GitLab 企业版 17.9 及后续版本，可能导致未授权用户获取项目机密数据。

SAN FRANCISCO, May 15, 2025--(BUSINESS WIRE)--All Remote - GitLab Inc., the most comprehensive, intelligent DevSecOps platform, today announced the launch of GitLab 18, including AI capabilities ...

IT之家 11 月 29 日消息，Truffle Security 安全工程师对 GitLab Cloud 上约 560 万个公共仓库进行扫描，发现其中包含 17,430 条有效密钥，涉及 2,804 个独立域名，涵盖云服务、数据库和各类 API 凭据等敏感信息。他也因此获得超 9000 美元（IT之家注：现汇率约合 63748 元人民币）的漏洞奖金。 该研究由安全工程师 Luke ...

SAN FRANCISCO--(BUSINESS WIRE)--All Remote - GitLab Inc., the most comprehensive, intelligent DevSecOps platform, today announced the launch of GitLab 18, including AI capabilities natively integrated ...

Developer platform GitLab today announced a new AI-driven security feature that uses a large language model to explain potential vulnerabilities to developers, with plans to expand this to ...

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed ...

GitLab Community Edition and Enterprise Edition are vulnerable through several security flaws. If the prerequisites are met, ...

On GitLab Cloud there were 17,000 secrets exposed in public repositories, spread across 2,800 unique domains. On Bitbucket, ...

GTLB and TEAM reveal contrasting strengths as AI reshapes DevSecOps, highlighting how each platform tackles security, ...

Recently I chatted with Dawie Olivier, the CIO of Westpac Bank. Olivier has a long history within the financial services industry, and we talked about helping these kinds of organizations become agile ...