Christian Stankowic
6 hours ago

@publicvoit We really need an user-friendly alternative to #GitHub. Love seeing that both @forgejo and #GitLab work on ActivityPub support. Can't wait to try it out.

Ain Tohvri
6 hours ago

Not many CI providers can brag about having users as prominent as #Debian. Got to give it to #GitLab. #DevOps #DevSecOps #OpenSource

Michael Aye
10 hours ago

Looks like #gitlab 's new interface is still buggy? When clicking on the (+) symbol to create something new, I get just this white line (both in FF and Chrome):

Ain Tohvri
13 hours ago

Good to see #GitLab chipping in to take over the on-premises #Atlassian people on JIRA and BitBucket. That combo felt outdated years ago. #DevOps #DevSecOps

"#GitLabSecurityRelease 🛡️ - Unveiling GitLab 16.4.1: A Step Forward in Secure Coding 🚀"

GitLab has released important security updates (versions 16.4.1, 16.3.5, and 16.2.8) for both Community Edition (CE) and Enterprise Edition (EE).

These updates address various security vulnerabilities, including high-severity issues like an attacker being able to execute pipelines under another user's context, impersonation of users in CI pipelines during group imports, and code owner approval bypass.

Other medium-severity issues include source code leakage through forks, a third-party library patch requiring configuration changes, service accounts not being deleted with namespace deletion, and Single Sign-On (SSO) settings bypassed for public projects.

There are also lower-severity concerns such as unauthorized access to CI/CD variables, asset proxy bypass, and unauthorized manipulation of branch permissions.

GitLab recommends all users to upgrade to the latest security release for their supported version to maintain good security practices.

I've included a list of all the high-severity fixes mentioned in the provided GitLab security release summary:

  1. Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project

    • Affects versions: 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1
    • Description: An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
    • CVE: CVE-2023-5207
  2. Group import allows impersonation of users in CI pipelines

    • Affects versions: 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1
    • Description: Attackers could impersonate users in CI pipelines through direct transfer group imports.
    • CVE: CVE-2023-5207
  3. Developers can bypass code owners approval by changing a MR's base branch

    • Affects versions: 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1
    • Description: Code owner approval was not removed from merge requests when the target branch was updated.
    • CVE: CVE-2023-4379

For more details on each issue and how to update GitLab, visit the GitLab security release page. Additionally, Exiftool, Mattermost, and the Auto deploy image have also been updated to address security issues. 🏰💻🔐

Source: GitLab Release Notes

Tags: #GitLab #SecurityUpdate #Cybersecurity #SecureCoding #DevSecOps #InfoSec #PatchManagement #VulnerabilityManagement 🌐🔒🛠️

Johannes Ernst
1 day ago

ActivityPub mentioned in Thoughtworks’ Technology Radar:

“We expect ActivityPub will play a significant role in [social media interop], but … we’re intrigued by the possibilities beyond the obvious use cases in social media. An example is ActivityPub support for merge requests, recently proposed for #GitLab.

They got that right!

Marcel SIneM(S)US
2 days ago
Linux Is Best
2 days ago

I have published both my follow and block list here on Mastodon onto GitLab.

Use it as your own discretion.

#Mastodon #GitLab

2 days ago

I'm beginning to to build a sense of dread about the delay in #gitlab's open source program renewal responding to applications.

Sven A. Schmidt
2 days ago

It's weird, I'm using #Gitlab a lot but I wouldn't be able to tell you what the “Jobs" view layout is. That is until they move stuff around like for example the job's current run time.

I just stared at the place where I look normally and was completely baffled where the time went. Until I noticed that they moved it to the front, under the "Running" bubble.

It's nice that this auto-updates and all but it can really be confusing for a moment when your accustomed UI changes from under you 🤪

🌱 pvergain ⏚
2 days ago

#gitlab #pages #sphinx #URI #CoolURI #GitlabPages #DoNotUseUniqueDomain


Décocher "Use unique domain "pour avoir de belles URLs avec gitlab pages (c'est coché depuis la version 16.4 (2023-09-22) ce qui donne d'horribles URLs pour les nouveaux projets)

Affichage de la page Pages avec 2 cases à cocher:

- force https qui est coché
- Use unique domain qui n'est pas coché ce qui permet d'avoir de belles URLS (
Werner Keil
2 days ago

Ouais ça donne une bonne idée de l'urgence de faire une #OpenDemocraty à la #Wikipedia / #OSQA avec votes et suivi des textes à la #Github (oui #GitLab) 🙄
(ouais je sais c'est compliqué... ou alors on demande à l' #IA et on dit amen 🤭 😂 )

PS: c'est le site à partir duquel j'ai conçu tout mon système de gestion des eaux (usées-grises, pluie, bassin/piscine naturelle).

I am glad to announce that the pip package #mkdocs-tex2svg , that renders #maths #variations #tables directly inside mkdocs #markdown files, with the #tikz-tab syntax, natively compatible with both (mkdocs) dark and light modes (as other #LaTeX snippets as well) is now compatible with the new #Archlinux #texlive packages ( #texlive-meta )

Compatible with #gitlab pages and #github pages

Examples Here :

#eskool #maths #variation #tables #mkdocs #markdown #mkdocs-tex2svg

Konrad Borowski
4 days ago

@JMMaok @Codeberg I believe an option to log in with GitHub or GitLab on Codeberg's login page is a single sign-on implementation (

Just as some websites allow logging it with a Google account, #Codeberg allows logging in with a #GitHub or #GitLab account.

I don't think there's any practical difference between logging in with accounts registered with those services and using a password. No matter what you use, all functionality should be available.

4 days ago

#GitLab has released version 16.4, introducing customizable roles, group-level dependency list, workspaces for private projects, and the ability to bulk change the status and comment on multiple vulnerabilities.

A dark background with some color bits, with the text "GitLab 16.4" in white and orange in the center.
Yann Büchau :nixos:
4 days ago

Is there a way to enter the exact container/execution environment of a #GitLab pipeline? Like ssh? The turnaround time debugging CI problems is frustratingly slow.

(I know sourcehut is apparently leagues better when it comes to CI, but this is not what I'm asking for)

@dnsmichi Note the MVP was @kik for their work with this MR:

which is the first step on the epic to add #ActivityPub support into #gitlab !

5 days ago

#Security Patches für #GitLab, Trend Micro und Atlassian, #Microsoft verliert 38TB sensible Daten, #Cyber Angriff auf ICC, neue Bedrohung "Sandman" entdeckt und #Europol schließt Dark-Web Marktplatz #Piilopuoti.

Michael Friedrich 🦊
1 week ago

💥 #GitLab 16.4

🛡️ Customizable roles & fine granular security permissions
🗺️ Group/sub-group level dependency list
🔐 Remote development workspaces for private projects
📦 Private registry support for Operational Container Scanning
🔑 Access clusters locally using your GitLab user identity
🌱 Custom email address for Service Desk

... and more:

So after many years of using #GitLab CI/CD yaml config I created my 1st set of #GitHub action workflows.

I find it disconcerting having to trust the authors of the actions you use, and it's also a PITA having to work out what parameters each one takes ('cause they are different).

GitLab script sections are just shell scripts and personally that seems a lot easier...

Maybe once I become more familiar with actions it will be less like hard work

Just my 2c

1 week ago

Voy a dejar de usar #github y pasarme a #gitlab

1 week ago

Desktop #Anki app has this #Github-like activity graph, so I can compare my habit of repeating #German #language cards to my #programming activity on #Gitlab.

Well, my priorities are obvious. Not really, though. Programming and committing requires sitting down and actually working on it, which is hard since I develop software as day job. While repeating cards takes no more than 10 minutes a day and can be done while I commute, so I don't have to make the time, the time makes itself.

1 week ago

#AI & #ML are shifting from "nice to have" to "MUST HAVE" in the world of #softwaredevelopment!

23% of organizations are already using AI in software development, with 60% using it daily!

Ready to be a part of this evolution? Read #InfoQ for more insights:

#DevOps #GitLab

Hayden Stainsby
1 week ago

Your regular reminder that you should be reviewing the commit message as much (if not more) than the code.

You have tests to ensure that the code someone else wrote is correct, but only **you** can check that the commit message is correct.

#Gerrit did it right, #GitHub and #GitLab are differing shades of wrong.

#git #rant

1 week ago

This might seem #obvious but I'll say it anyway:

If you're high when programming, do not commit to main.

(End of public service announcement.)

#git #github #gitlab #programminglife #programming #branch #devlife #devs #drugscene #drugs

Anonymous :anarchism: 🏴
1 week ago

🚨 Critical Security Alert! #GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.

Protect your code—update now:

#infosec #cybersecurity

Open Source JobHub
1 week ago

The company behind the DevSecOps platform for software innovation, GitLab is seeking professionals in engineering, sales, product design, finance, legal, and more! Browse open positions now on #OSJobHub #DevSecOps #GitLab #OpenSource #sales #engineer #security #paralegal #accountant #jobs #career

GitLab logo on a white background
1 week ago

In light of the severity of the vulnerability, GitLab urges users to promptly apply the available security updates.

#Cybersecurity #Gitlab #Vulnerability #Update

FWIW made #UML fn again

just a little disappointed by the import/export extension
it's not that good and should, really, be part of the app itself
and it could use some additional shortcut keys

it's very light weight (unlike many other bloated java apps), it looks great (comes with darkmode!!) and it's snappy

file is JSON and can be versioned in #GIT
and there is a #CLI, but need to see if I can use it to generate #GitLab pages with clickable documentation in HTML

1 week ago

Socks are certainly a trend in marketing material #OSSummit #redhat #gitlab #synopsis

Pairs of synopsis, gitlab and redhat socks

"🔍 GitLab's Critical Pipeline Flaw - Update Now! ⚠️"
GitLab has rolled out security patches for a critical vulnerability that could allow attackers to execute pipelines as other users. Ensure your systems are updated to stay protected. 🔄🛡️
Source: BleepingComputer
Tags: #GitLab #Pipeline #SecurityUpdate #CriticalVulnerability

Cynthia (Arty)
1 week ago

I used to think I was good at writing resumes.

Years of working at #GitLab which is very results oriented, I realize I wasn't bad, but not great. In libraries, we were very focused on responsibilities.

(a couple of examples in replies)

1 week ago

Why is it extra hard to pay attention to my work today omfg. My attention went from #YouTube vids, to YouTube shorts, to random repos on #GitHub/#GitLab, to my personal coding projects, to actual work for a bit, to #Spotify, and now I'm on #Firefish. This is actually impossible.

⚠️ Beware:

#Gitlab has a Critical #Security Release for GitLab Community Edition (CE) and Enterprise Edition (EE).

Cynthia (Arty)
1 week ago

Wow, just got over 10,000 completed ToDos in #GitLab

2 weeks ago

Estoy pensando en empezar un proyecto nuevo para programar algo de optimización multiobjetivo, pero no se donde alojarlo.

Voy a abandonar GitHub por quién hay detrás (Microsoft) y la movida que hubo con el tema de no respetar las licencias de los proyectos

He pensado en Codeberg aunque están teniendo problemas por la cantidad de gente y peticiones, lo que me echa un poco atrás.

También tengo la opción de GitLab, que lo tengo por ahí como mirror de mis repos antiguos de GitHub.

¿Alguna opinión/recomendación?

#git #gitlab #codeberg #github

Gergely Imreh
2 weeks ago

Oh, nice, #GitLab :gitlab: seems to be (potentially) accepting merge requests for "Add mastodon :mastodon: as a social in profile with the rel=me for verification"

That should be fun to add, wouldn't it?

A self-hosted #FOSS alternative for #Gitlab Snippets and #Github Gists, you ask?

Well, consider @realaravinth #Gitpad. And where its still rough round the edges, your contributions will fit right in 😉

#Gitlab Snippets #UX

"Thou shall not enlarge that textbox. How DARE you edit long comments, thou mortal!"

There's a "distraction-free editing" button on the toolbar, but that's different than just enlarging in context. And it blows stuff up into monstrous proportion, huge font size.

#Firefox #YMMV

Michael Friedrich 🦊
2 weeks ago

🤖 The Inner Dev learning AI/ML

Learn C++ with a little help from AI @sugaroverflow
AI/ML implementation security - #GitLab Global DevSecOps AI report
Civo machine learning with Kubeflow
MLflow in GitLab
OpenLLMetry for LLM #Observability

Michael Friedrich 🦊
2 weeks ago

⚡ Ops in Dev newsletter, September 2023: LLM #Observability, #eBPF for chaos engineering, auto-instrumentation with Odigos , IAST, #GitLab #DevSecOps AI report 💡 eBPF Summit insights

Thread 👇

2 weeks ago

@btp #Azure outage today. #BitWarden logins are down too:

I recall #GitLab using Azure for things, so that's probably related.

@cadey (regrets for recurring themse, but ) #nix -build is dynamic values assigned to environments , so nix-shell is dynamic values assigned to venvs , so besides a reproduced build env in a bash shell (with the latter) , is there any other functional difference between them?
As , in both ain't very different from gitlab-runner -l debug --debug run --config config.toml --service gitlab-runner
nix-channel / copy-closure : Aside from nix-copy-closure, Nix offers another pull deployment mechanism that is more powerful and more commonly used, namely: channels. This is what people typically use when installing "end-user" packages with Nix. 1
hydra : CI

Cyril Brulebois
2 weeks ago

Help, is there a “stop trying to show me “Create merge request”” option in #gitlab? This is driving me crazy.

Yes, I have several active branches. No, I don't want to see that popup after every single push.


Caching between builds
Fast rebuilds
Sharing between builds, even between different #gitlab projects. #nix

2 weeks ago

So I just managed to lose an hour because the #Gitlab CI lines are not #Posix compliant. Maybe I missed that in the docks. Maybe they thought it wasn't worth mentioning.

I felt that the error message 'unterminated quote string' could have been something more elucidating.

podman \
run \
-v mystorage:/home/podman/.local/share/containers:rw \
--rm \
--security-opt label=disable \
--user podman \ \
podman \
run \
--rm \ \
ls /
#stackoverflow 1 is still cool for finding answers

it works , all that's left to do is to automate it with #gitlab runner

Carlo Zottmann
2 weeks ago

Well, I guess I will not sign in to #GitLab, then. Gotta love the CloudFlare “are you human” loop playing ad nauseam. Turned off all content blockers, cleared site settings, to no avail.

#CloudFlare's “challenge platform” returns a 401 for one resource, I think that's the culprit.

I’ll not look at my repos today, I think. Either way, this is bullshit

#pipglr , a #Podman -in-Podman setup to stand up your own rootless #GitLab Runners using rootless Podman. This approach does not require any changes to your .gitlab-ci.yaml configuration, so you can continue using your existing setup as is.
i am new to managing this on my own , so atm tying #trivy 1 for that , let's see

Brie 🦄
2 weeks ago

I (finally) gave @simon Simon Willison's shot-scraper a try and... 🎉 it's amazing! In 10 minutes, I put together a little GitLab CI pipeline that takes a screenshot of a website and serves that screenshot via Pages. #gitlab

🌐 Pages site:
💚 .gitlab-ci.yml:

🤭 I used my site for testing -- of course! 😹

Matthew Flint
3 weeks ago

Did a sneaky memory upgrade for one of my Mac Minis today, from 8Gb to 36Gb… this is the #GitLab runner that uses Fastlane to build the app and make screenshots.
The 2018 model is much easier to work with compared with the 2014.

might have a "relationship ended with #gitlab now #forgejo is my new friend" moment here

3 weeks ago

GitLab is starting work on implementing ActivityPub, which will hopefully lead to a full implementation of ForgeFed, allowing interaction between accounts and projects across forges:

#federation #ActivityPub #ActivityPub #GitLab

3 weeks ago

Coming from #gitlab CI, I find #github actions so confusing. Why is there an image/action to "checkout the repo"?!

Even the Github docs themselves prove it's a lot more convoluted in comparison:

If you're curious, here's how the Fedora Websites & Apps Team used GitLab to develop our new website!*
#Fedora #GitLab #WebDev


*Can we still say it's new? It took a long time to make 😅

Andrew Wooldridge 🌱
3 weeks ago

If you were starting a new side project and you wanted to host in a git site , which would you do? #github #codeberg #gitlab #sideproject

Cynthia (Arty)
1 month ago

Have you ever found the #GitLab #handbook helpful, especially the #CustomerSupport section?

Let me know!

If you have an account, you can comment directly in

1 month ago

@erlend @github I'm a bit disappointed that #Github is on fedi before #GitLab but still, it's great!

Steffo 🐲
1 month ago

Imagine a world where you could self-host your own #git instance, and then interact with repositories from other instances, like adding a star, creating issues, and pull requests. You wouldn't need multiple git accounts for little things anymore!

I heard @forgejo is currently working on this and I'm excited!

I hope I can finally delete some of my duplicate accounts.

And now just imagine: How cool would it be if #forgejo, #gitlab and #github all implemented the same #federation protocol!

Martin Owens
1 month ago

We ran out of free #GitLab #CI minutes this month and I've just had to fix a linking error in #inkscape main caused by not having code compiled before being merged.

This is a good and bad sign. We're hitting the limits of the resources the project has at it's disposal because our activity this month has been very high with the paid
#Gtk4 migration work.

Some of the new code from our contract workers is looking really good by the way. Lots of valuable cleanup along with fixing the core issues with the upgrade.

#foss #project #opensource #softwarefreedom #sfconservancy #git

Michael Friedrich 🦊
1 month ago

🌴 At #GitLab we love swag, but to improve sustainability, we are also now offering to plant trees in the names of our wider community contributors.
We have started by planting a tree for each of our Core team members. Fancy helping us grow our forest?

Everyone Can Contribute 🌱

Ivan Enderlin 🦀
1 month ago

Support ActivityPub for merge requests,

> The goal of those documents is to provide an implementation path for adding fediverse capabilities to Gitlab.


#fediverse #ActivityPub #gitlab #git #scm

Marcus Noble
1 month ago

It’s nice to see #Gitlab working on adding federation ( but I wish they’d collab with @gitea etc. that have been working on this topic for a few years now (

@Lafiel @J12t @forgefed

Indeed. It was already suggested in the Epic issue, so I hope that #Gitlab won't pass that by.

So, if #Gitlab does this, and #Gitea follows along, I will move all my repos from GitHub to a self-hosted Gitea instance. What’s keeping me on GitHub right now is ubiquity.

Johannes Ernst
1 month ago

Another interesting tidbit from the #Gitlab #ActivityPub thread which may well also apply to other #fediverse software:

"This also is a rich target IMHO for very, very large organizations, such as the US federal government and the States, which consists of various departments, ... and partners that ...need separate control over instances but need ...controlled collaboration across them."

That kind of thing was one of the original uses cases @evan had been working on back in the days, right?

Johannes Ernst
1 month ago

If #Gitlab start supporting merge requests etc over #activitypub, what will #GitHub do?

Johannes Ernst
1 month ago

A few weeks ago I asked about Fediverse apps that are as unlike as Mastodon as possible. People pointed me to some quite interesting ones, like playing chess over ActivityPub or public transport delay announcements

Today I hear that #Gitlab is working on decentralized merge requests over #ActivityPub! If this comes into being, this could be a really major development for the #fediverse.

Daniel Siepmann
1 month ago
@erlend Even better move would be to participate in I didn't see any mention within their issues. Looks like #GitLab is trying to build ActivityPub support where it can't fulfill the need. Even while there already are efforts to build upon it and extend for a forge based protocol #ForgeFed. Leading to still isolated software instead of distributed where I don't need additional wrapper and efforts.
1 month ago

Learn C++ and enter the 🐉 Dragon Realm with my new blog post!

🎮 We'll craft a text-based adventure game using #GitLab Duo Code Suggestions as an AI sidekick

✨ it's giving magical ✨

#Cplusplus #GitLab #GameDev #AIprogramming

Anders Eknert
1 month ago

Does anyone know if #GitLab has anything similar to the "workflow commands" ( ) that #GitHub has?

I'd love to integrate my linter #Regal in GitLab CI pipelines, and it would be sweet if the output could actually annotate the #Rego source code at the location of a violation.

Looking at the GitLab docs I'm thinking "no", but I'd love to be wrong about that!

Michael Friedrich 🦊
1 month ago

#GitLab 16.3

🏗️ #flux sync status UI
📈 Value Stream Dashboards velocity metrics
🔥 Async CI/CD matrix builds
🌤️ SSH Workspace connections

🛡️ Security scan results in VS Code
💡 Explain This Vulnerability Beta
🔐 #Azure Key Vault secrets mgmt support

1 month ago

Got a proof-of-concept of ( working in a Gitlab CI process without having to run docker in docker and without having to use the premium-only snippet (

Blog post coming soon!

#performance #gitlab #perf #ci

Kathy Reid
1 month ago

My thinking here is that @huggingface is an acquisition target for #NVIDIA because they don't have an #MLOps platform offering - I also wonder where #GitLab sits in all this too ...

Michael Friedrich 🦊
1 month ago

Thank you Dannyel Fonseca for sharing your #gitlab contribution experience 🦊

Everyone can contribute 🙌
Contribution is everywhere ✨
Hackathon 👾
Boost your CV 🚀
Final thoughts 💭

2 months ago

@horuskol 👋 I'm a CTO at a small agency and do all sorts in my role and generally log about it as I go

Less CSS these days, more posts about #PHP, #DevOps, #gitlab #ci

Dennis Hoppe
2 months ago

@dnsmichi Unfortunately termsvg did not work, but I found a subproject of Asciinema. #agg #asciinema #gitlab #markdown

Dennis Hoppe
2 months ago

@dnsmichi I think it should be possible if I convert the file with termsvg from demo.cast to demo.svg. #asciinema #gitlab #markdown #termsvg

Dennis Hoppe
2 months ago

@dnsmichi I have a quick question.

When I run the command asciinema rec demo.cast there is no file uploaded to the server. Can I save this file in a repository and embed it in a

Is this possible or do I need to convert the file demo.cast to another format?

#asciinema #gitlab #markdown