Discover and read the best of Twitter Threads about #gitlab

Most recents (8)

#SoftwareTesting can be complex. 🤯

Here's a mega-thread of the top 50 articles of 2022 from BrowserStack that will help you test better and faster. 🚀

Let's begin! 🧵
#Selenium vs #Cypress helps you identify when to use which automation framework to meet all your testing requirements.

Learn more 👉 ow.ly/NS1o50Kr3Lh Image
Learn more about breakpoints and the popular breakpoints in a responsive design 👉 ow.ly/YPTN50Kr3KG Image
Read 45 tweets
Are you looking for the most awesome #Vue videos? Well, look no further, we deliver exactly what you need. Here are the best ones from November, and believe us, they are all worth checking out.

blog.meetupfeed.io/vue-vue-js-nov…
Jump into what continuous delivery and feature flags truly are. Learn how to reach continuous delivery in #Vue, using #Gitlab feature flags.
@kristianmzmz @codurance

meetupfeed.io/talk/continuou…
Get ready for @ErikCH telling you all the details of how you can create a full stack application including AWS Amplify, Appsync, Lambda, Cognito for Authentication and Authorization and more!

meetupfeed.io/talk/create-a-…
Read 5 tweets
noob: i wanna become hacker
hacker: are you ready to spend two years to learn just basics?
noob: no
hacker: good bye
Very well then - lesson One: Maths and Hobbies - YAN :)- #Hackers So you say you wanna be a h...
Lesson Two: Encryption is nice - but true Ephemerality means you might never need it - YAN :)- Image
Read 41 tweets
Weird #gitlabci behaviour.

When I use "only: - master", everything's fine (docker login, build, push).

When I use "only: - tags", the "docker login" command fails "Error: Cannot perform an interactive login from a non TTY device".

Any idea?

#gitlab #Docker
If you want to check, it is in this repo: gitlab.com/arnaduga/renta…
Well, problem solved, thanks to a #redditor.

It is not a "weird" behaviour, but a normal one when you misuse the tool (as I did) 😀

The error message indicates the creds are not valued. This is because my Gitlab CI variables were "protected".
Read 4 tweets
#frontend engineers: What is your dream CI/CD pipeline? 🥰

Here is what we have at @contrahq 👇👇👇
precommit and prepush #git hooks are used to catch issues before they are pushed upstream.

* precommit runs only on staged files (takes few seconds)
* prepush runs #eslint #typescript and unit tests (takes up to 20 seconds)

Every time a commit is pushed:
1) We build a #docker image & bundle cypress and other development dependencies. This allows us to run all subsequent tasks using the same Docker image.

It is fast. Takes 2-4 minutes. 🏎
Read 10 tweets
Found a Gitlab instance on a penetration test or red teaming engagement? If the version is <12.9.1, chances are you can get (unauthenticated) RCE by chaining some under-the-radar vulnerabilities! Info in thread 👇
#infosec #redteam #bugbountytips #hacking #gitlab Image
The initial exploit is CVE-2020-10535, which allows you to register an account without verification on Gitlab instances with an email domain whitelist in place (@corp.com). You can then confirm the account after changing the email to an address of your choosing 😎
The second exploit is CVE-2020-10977, an arbitrary file read vulnerability when moving issues. The vulnerability is disclosed here: hackerone.com/reports/827052. Using this vulnerability, you can read the server's 'secret_key_base', required for Vuln #3. Image
Read 5 tweets
How we monitor secrets committed in our self hosted @gitlab instance in real time ?

(Twitter thread which summarises multiple experiments)

#ProductSecurity #gitlab #security
Use Pre-commit / Pre-receive / Post-receive git hooks ?

Pre-commit : scan for secrets before commit. Prevents committing secrets by devs

Problem: requires access to dev laptops (privacy issue?). Hard to manage regexes in their laptop. Harder in a company hiring lots of devs
Pre-receive : scan for secrets before commits are saved in Gitlab. If secrets found reject. Easy to manage server controls.

Problem: If a person commits secret to code, server rejects push. The person requires (advanced) git skills to remove secret from git history
Read 15 tweets
Повбрасываем? :) Один лайк - один факт о жизни фронтенд-разработчика в GitLab :)
#1 Фронтенд - очень широкое понятие в GitLab. Фронты должны уметь писать HAML-шаблоны (для меня это бооль), e2e-тесты на rspec + Capybara, helper'ы для отображения и прочие ужасы. Ruby придётся подтянуть, хотя есть команды, где пишут всё новое и такого нет
#2 Если брать всю кодовую базу GitLab - то можно найти уникальные вещи. К примеру при редактировании проекта в ответ приезжает JS-код, который надо eval'ить. Таких мест немного, но они есть. Это связано с тем что долгое время в GitLab было очень мало фронтов и код писали рубисты
Read 215 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!