Discover and read the best of Twitter Threads about #gitlab
Most recents (9)
2023 will be the year of layoffs…
#SoftwareTesting can be complex. 🤯
Here's a mega-thread of the top 50 articles of 2022 from BrowserStack that will help you test better and faster. 🚀
Let's begin! 🧵
Here's a mega-thread of the top 50 articles of 2022 from BrowserStack that will help you test better and faster. 🚀
Let's begin! 🧵
#Selenium vs #Cypress helps you identify when to use which automation framework to meet all your testing requirements.
Learn more 👉 ow.ly/NS1o50Kr3Lh
Learn more 👉 ow.ly/NS1o50Kr3Lh
Learn more about breakpoints and the popular breakpoints in a responsive design 👉 ow.ly/YPTN50Kr3KG
Are you looking for the most awesome #Vue videos? Well, look no further, we deliver exactly what you need. Here are the best ones from November, and believe us, they are all worth checking out.
blog.meetupfeed.io/vue-vue-js-nov…
blog.meetupfeed.io/vue-vue-js-nov…
Jump into what continuous delivery and feature flags truly are. Learn how to reach continuous delivery in #Vue, using #Gitlab feature flags.
@kristianmzmz @codurance
meetupfeed.io/talk/continuou…
@kristianmzmz @codurance
meetupfeed.io/talk/continuou…
Get ready for @ErikCH telling you all the details of how you can create a full stack application including AWS Amplify, Appsync, Lambda, Cognito for Authentication and Authorization and more!
meetupfeed.io/talk/create-a-…
meetupfeed.io/talk/create-a-…
noob: i wanna become hacker
hacker: are you ready to spend two years to learn just basics?
noob: no
hacker: good bye
hacker: are you ready to spend two years to learn just basics?
noob: no
hacker: good bye
Very well then - lesson One: Maths and Hobbies - YAN :)- #Hackers
Lesson Two: Encryption is nice - but true Ephemerality means you might never need it - YAN :)-
Weird #gitlabci behaviour.
When I use "only: - master", everything's fine (docker login, build, push).
When I use "only: - tags", the "docker login" command fails "Error: Cannot perform an interactive login from a non TTY device".
Any idea?
#gitlab #Docker
When I use "only: - master", everything's fine (docker login, build, push).
When I use "only: - tags", the "docker login" command fails "Error: Cannot perform an interactive login from a non TTY device".
Any idea?
#gitlab #Docker
If you want to check, it is in this repo: gitlab.com/arnaduga/renta…
Well, problem solved, thanks to a #redditor.
It is not a "weird" behaviour, but a normal one when you misuse the tool (as I did) 😀
The error message indicates the creds are not valued. This is because my Gitlab CI variables were "protected".
It is not a "weird" behaviour, but a normal one when you misuse the tool (as I did) 😀
The error message indicates the creds are not valued. This is because my Gitlab CI variables were "protected".
precommit and prepush #git hooks are used to catch issues before they are pushed upstream.
* precommit runs only on staged files (takes few seconds)
* prepush runs #eslint #typescript and unit tests (takes up to 20 seconds)
Every time a commit is pushed:
* precommit runs only on staged files (takes few seconds)
* prepush runs #eslint #typescript and unit tests (takes up to 20 seconds)
Every time a commit is pushed:
1) We build a #docker image & bundle cypress and other development dependencies. This allows us to run all subsequent tasks using the same Docker image.
It is fast. Takes 2-4 minutes. 🏎
It is fast. Takes 2-4 minutes. 🏎
Found a Gitlab instance on a penetration test or red teaming engagement? If the version is <12.9.1, chances are you can get (unauthenticated) RCE by chaining some under-the-radar vulnerabilities! Info in thread 👇
#infosec #redteam #bugbountytips #hacking #gitlab
#infosec #redteam #bugbountytips #hacking #gitlab
The initial exploit is CVE-2020-10535, which allows you to register an account without verification on Gitlab instances with an email domain whitelist in place (@corp.com). You can then confirm the account after changing the email to an address of your choosing 😎
The second exploit is CVE-2020-10977, an arbitrary file read vulnerability when moving issues. The vulnerability is disclosed here: hackerone.com/reports/827052. Using this vulnerability, you can read the server's 'secret_key_base', required for Vuln #3.
How we monitor secrets committed in our self hosted @gitlab instance in real time ?
(Twitter thread which summarises multiple experiments)
#ProductSecurity #gitlab #security
(Twitter thread which summarises multiple experiments)
#ProductSecurity #gitlab #security
Use Pre-commit / Pre-receive / Post-receive git hooks ?
Pre-commit : scan for secrets before commit. Prevents committing secrets by devs
Problem: requires access to dev laptops (privacy issue?). Hard to manage regexes in their laptop. Harder in a company hiring lots of devs
Pre-commit : scan for secrets before commit. Prevents committing secrets by devs
Problem: requires access to dev laptops (privacy issue?). Hard to manage regexes in their laptop. Harder in a company hiring lots of devs
Pre-receive : scan for secrets before commits are saved in Gitlab. If secrets found reject. Easy to manage server controls.
Problem: If a person commits secret to code, server rejects push. The person requires (advanced) git skills to remove secret from git history
Problem: If a person commits secret to code, server rejects push. The person requires (advanced) git skills to remove secret from git history
Повбрасываем? :) Один лайк - один факт о жизни фронтенд-разработчика в GitLab :)
#1 Фронтенд - очень широкое понятие в GitLab. Фронты должны уметь писать HAML-шаблоны (для меня это бооль), e2e-тесты на rspec + Capybara, helper'ы для отображения и прочие ужасы. Ruby придётся подтянуть, хотя есть команды, где пишут всё новое и такого нет
#2 Если брать всю кодовую базу GitLab - то можно найти уникальные вещи. К примеру при редактировании проекта в ответ приезжает JS-код, который надо eval'ить. Таких мест немного, но они есть. Это связано с тем что долгое время в GitLab было очень мало фронтов и код писали рубисты
