Learn about the program's enhanced clarity and updated scope.

GitLab is a complete DevOps platform delivered as a single application, offering integrated tools for version control, CI/CD, issue tracking, and collaboration. Users can learn about GitLab's DevOps workflow, CI/CD pipelines, and collaboration features to streamline their software development lifecycle and accelerate delivery.

GitLab

GitLab has updated its HackerOne Bug Bounty program policy with several key changes. The program now strongly recommends using local GitLab Development Kit (GDK) for testing instead of production environments. Scope clarifications include: DoS vulnerabilities are generally out of scope except for persistent application-layer attacks via unauthenticated endpoints, standalone prompt injection is excluded unless it leads to broader security harm, and metadata enumeration remains out of scope while privacy breaches are in scope. Researchers with active investigations under the old policy will be grandfathered in. The changes aim to improve transparency, safety, and fairness while focusing resources on high-impact security issues.

GitLab Bug Bounty Program policy updates