How secure is GitLab?

GitLab security _______________________________________________________________________ When making various decisions regarding the development of our company, we must take into account many factors. Trend analysis, technology selection, customer needs - all this is very important and obvious. These are the foundations of a good business. But there is one more that must not be forgotten - security. So let’s check how secure GitLab is. _______________________________________________________________________ GitLab application security _______________________________________________________________________ There is probably no surprise here - to access the application, we must have an account and somehow log in to it. This is the first line of application access protection. Only an authorized person can access. The default authentication method is a simple login-password method. Be aware that the username is public. It is worth knowing what this means. A lot of people use the same logins on different portals. As a result, hackers can access our credentials from other portals and thus also log into the GitLab account. It is not the fault of this website, but the fault of the user, but it does not change the fact that this method of authorization is not very secure. _______________________________________________________________________ In order to protect ourselves from such situations, we must first of all use difficult, randomized passwords. By default, password length on GitLab is between 8 and 128 characters. GitLab also allows you to log in using credentials from external providers, such as Google, GitHub, Bitbucket or even Twitter. However, then the issue of security is also on the side of these portals. _______________________________________________________________________ It's also worth using 2-Factor authentication to increase our GitLab account security. The Quote from GitLab documentation describes it like this: _______________________________________________________________________ “Two-factor authentication (2FA) provides an additional level of security to your users’ GitLab account. When enabled, users are prompted for a code generated by an application in addition to supplying their username and password to sign in.” _______________________________________________________________________ GitLab backup _______________________________________________________________________ Consider the need to have GitLab backup. Besides the fact that we should always back up our data, by definition, there are also some specific reasons. The above-mentioned authorization methods never guarantee security. In fact, nothing gives us a 100% guarantee of safety in IT. Everyone should be prepared for the worst and have an appropriate backup and restoration plan. _______________________________________________________________________ For this purpose, you can use third-party solutions such as https://gitprotect.io/gitlab.html. Automation, encryption, scalability - these are the features of a good backup that such external solutions have. And they can save the day because GitLab itself is not a backup. Why? Among other things, because often GitLab is down. You can check GitLab server status yourself at any time. In truth, long failures are rare, but short-term availability problems are unfortunately quite common, which is a big downside when we talk about GitLab security and because of that, we need a proper backup tool.