Discover and read the best of Twitter Threads about #gitlab

Most recents (9)

2023 will be the year of layoffs…
20/1/2023 - #Google's parent #Alphabet to lay off 12,000
18/1/2023 - #Microsoft is laying off 10,000 employees

#layoffs #layoffs2023
Read 64 tweets
#SoftwareTesting can be complex. 🤯

Here's a mega-thread of the top 50 articles of 2022 from BrowserStack that will help you test better and faster. 🚀

Let's begin! 🧵
#Selenium vs #Cypress helps you identify when to use which automation framework to meet all your testing requirements.

Learn more 👉 Image
Learn more about breakpoints and the popular breakpoints in a responsive design 👉 Image
Read 45 tweets
Are you looking for the most awesome #Vue videos? Well, look no further, we deliver exactly what you need. Here are the best ones from November, and believe us, they are all worth checking out.…
Jump into what continuous delivery and feature flags truly are. Learn how to reach continuous delivery in #Vue, using #Gitlab feature flags.
@kristianmzmz @codurance…
Get ready for @ErikCH telling you all the details of how you can create a full stack application including AWS Amplify, Appsync, Lambda, Cognito for Authentication and Authorization and more!…
Read 5 tweets
noob: i wanna become hacker
hacker: are you ready to spend two years to learn just basics?
noob: no
hacker: good bye
Very well then - lesson One: Maths and Hobbies - YAN :)- #Hackers So you say you wanna be a h...
Lesson Two: Encryption is nice - but true Ephemerality means you might never need it - YAN :)- Image
Read 41 tweets
Weird #gitlabci behaviour.

When I use "only: - master", everything's fine (docker login, build, push).

When I use "only: - tags", the "docker login" command fails "Error: Cannot perform an interactive login from a non TTY device".

Any idea?

#gitlab #Docker
If you want to check, it is in this repo:…
Well, problem solved, thanks to a #redditor.

It is not a "weird" behaviour, but a normal one when you misuse the tool (as I did) 😀

The error message indicates the creds are not valued. This is because my Gitlab CI variables were "protected".
Read 4 tweets
#frontend engineers: What is your dream CI/CD pipeline? 🥰

Here is what we have at @contrahq 👇👇👇
precommit and prepush #git hooks are used to catch issues before they are pushed upstream.

* precommit runs only on staged files (takes few seconds)
* prepush runs #eslint #typescript and unit tests (takes up to 20 seconds)

Every time a commit is pushed:
1) We build a #docker image & bundle cypress and other development dependencies. This allows us to run all subsequent tasks using the same Docker image.

It is fast. Takes 2-4 minutes. 🏎
Read 10 tweets
Found a Gitlab instance on a penetration test or red teaming engagement? If the version is <12.9.1, chances are you can get (unauthenticated) RCE by chaining some under-the-radar vulnerabilities! Info in thread 👇
#infosec #redteam #bugbountytips #hacking #gitlab Image
The initial exploit is CVE-2020-10535, which allows you to register an account without verification on Gitlab instances with an email domain whitelist in place ( You can then confirm the account after changing the email to an address of your choosing 😎
The second exploit is CVE-2020-10977, an arbitrary file read vulnerability when moving issues. The vulnerability is disclosed here: Using this vulnerability, you can read the server's 'secret_key_base', required for Vuln #3. Image
Read 5 tweets
How we monitor secrets committed in our self hosted @gitlab instance in real time ?

(Twitter thread which summarises multiple experiments)

#ProductSecurity #gitlab #security
Use Pre-commit / Pre-receive / Post-receive git hooks ?

Pre-commit : scan for secrets before commit. Prevents committing secrets by devs

Problem: requires access to dev laptops (privacy issue?). Hard to manage regexes in their laptop. Harder in a company hiring lots of devs
Pre-receive : scan for secrets before commits are saved in Gitlab. If secrets found reject. Easy to manage server controls.

Problem: If a person commits secret to code, server rejects push. The person requires (advanced) git skills to remove secret from git history
Read 15 tweets
Повбрасываем? :) Один лайк - один факт о жизни фронтенд-разработчика в GitLab :)
#1 Фронтенд - очень широкое понятие в GitLab. Фронты должны уметь писать HAML-шаблоны (для меня это бооль), e2e-тесты на rspec + Capybara, helper'ы для отображения и прочие ужасы. Ruby придётся подтянуть, хотя есть команды, где пишут всё новое и такого нет
#2 Если брать всю кодовую базу GitLab - то можно найти уникальные вещи. К примеру при редактировании проекта в ответ приезжает JS-код, который надо eval'ить. Таких мест немного, но они есть. Это связано с тем что долгое время в GitLab было очень мало фронтов и код писали рубисты
Read 215 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!