teriradichel.bsky.social
CEO, 2nd Sight Lab. Cloud and App Pentesting. Security Software & Research. Cybersecurity Phone Consulting > IANS Research . GSE . AWS Security Hero . Author on Amazon.
760 posts
1,127 followers
115 following
Prolific Poster
Conversation Starter
comment in response to
post
I did find an IP restriction option for groups but not sure how complete it is and I don’t think it applies to runners. Need to try it out.
comment in response to
post
I found this on GitLab information about IP restrictions which I need to test out. They need to add a link in the other security and allowlist documentation up this. I didn’t find it searching through security docs for some reason. docs.gitlab.com/user/group/a...
comment in response to
post
I found this on GitLab information about IP restrictions which I need to test out. They need to add a link in the other security and allowlist documentation up this. I didn’t find it searching through security docs for some reason. docs.gitlab.com/user/group/a...
comment in response to
post
I looked at self-hosted GitLab in the AWS Marketplace. The cost is like minimum $3k per year with security features. Too steep for one or two people. Plus I see a lot of GitLab vulnerabilities announced so you have to keep it updated. I would prefer the cloud hosted version.
comment in response to
post
Well, whatever the supposed improvement was to @Xfinity networks was yesterday to improve performance is not doing what it advertised. Having all kinds of weird problems today. One domain resolution changed to a blocked ip range but no explanation for the other weirdness going on today in my logs.
comment in response to
post
Seems like ip resolution for us-east-1.console.aws.amazon.com may have changed also? Checking logs to see if I blocked something. 3.3.9.1 and 3.3.8.1. Logout fails. This could result in unwanted sessions hanging around.
comment in response to
post
I am familiar with OIDC for GitHub actions and GitLab. It does not solve network security problems. In addition, I have my own method of running jobs in containers posted on my blog which requires MFA for each job execution. I would like to use that method for auth on a secure network.
comment in response to
post
I have a typo above. The price of ultimate is too high but the features DO look cool, I meant to say. There are a lot of code scanning and governance options but I didn’t test them all out. Just missing super basic network controls.
comment in response to
post
Large enterprises likely choose the Dedicated option. Most small companies are as aware of the security issues. If they could fix a couple of things I just posted in my wishlist I’d switch in an instant. I like it way better upon first review except for the small list of things I wrote in there.
comment in response to
post
It seems like if GitLab could fix just a couple of things they would be the clear choice. Unfortunately none of the platforms are a complete solution from a security perspective.
comment in response to
post
GitLab has some pretty cool features and one missing from GitHub, plus some nice to haves that CodeCommit did not have. GitLab is more like Azure DevOps which also lacks core security features as I wrote about in my blog. The network requirements for Azure DevOps are too broad.
comment in response to
post
Plus you have to pay extra for AI features which I don’t want anyway as they don’t align with my current use case.
comment in response to
post
Since the price of Ultimate, which doesn’t look cool, far exceeds GitHub already, the cost of dedicated which is how you get the IP AllowList is probably far too much. They don’t even list a price. I found out that ultimate is $99 per month.
comment in response to
post
Static? 😆
comment in response to
post
At least they hopefully do it! 😆
comment in response to
post
In addition, the gateway ip used as the Ubiquiti gateway was changed. Take a screenshot of your rules and monitor for changes. Trying to sort this out