You are hacking on: GitLab

Powered by:

Allows bounty splitting:

Average time to first program response: 7

Average time to bounty awarded null: 417

Average time to report resolved: 1160

Handle gitlab

Managed program: true

Name: GitLab

Offers bounties: true

Offers swag: false

Response efficiency percentage: 93

Submission state: open

Url: https://hackerone.com/gitlab

Website: https://about.gitlab.com

In scope:

Asset identifier: *.gitlab.net

Asset type: URL

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: Hosts owned and operated by GitLab.

Integrity requirements: low

Max severity: medium

Asset identifier: *.gitlab.org

Asset type: URL

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: Hosts owned and operated by GitLab.

Integrity requirements: low

Max severity: medium

Asset identifier: *.gitlap.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: Hosts owned and operated by GitLab. gitla**p** with a p!

Integrity requirements: low

Max severity: medium

Asset identifier: Other non-production infrastructure

Asset type: OTHER

Availability requirement: low

Confidentiality requirement: low

Eligible for bounty: true

Eligible for submissions: true

Instruction: Hosts owned and operated by GitLab other than gitlab.com itself and our static websites.

Integrity requirements: low

Max severity: medium

Asset identifier: Your Own GitLab Instance

Asset type: OTHER

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: about.gitlab.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: none

Eligible for bounty: true

Eligible for submissions: true

Instruction: There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable.

Integrity requirements: low

Max severity: medium

Asset identifier: advisories.gitlab.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: none

Eligible for bounty: true

Eligible for submissions: true

Instruction: There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable.

Integrity requirements: low

Max severity: medium

Asset identifier: customers.gitlab.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction: Server-side Denial of Service is out of scope as per our Policy.

Integrity requirements:

Max severity: critical

Asset identifier: design.gitlab.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: none

Eligible for bounty: true

Eligible for submissions: true

Instruction: There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable.

Integrity requirements: low

Max severity: medium

Asset identifier: docs.gitlab.com

Asset type: URL

Availability requirement: low

Confidentiality requirement: none

Eligible for bounty: true

Eligible for submissions: true

Instruction: There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable.

Integrity requirements: low

Max severity: medium

Asset identifier: gitlab.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: https://gitlab.com/gitlab-org/gitaly

Asset type: SOURCE_CODE

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: https://gitlab.com/gitlab-org/gitlab

Asset type: SOURCE_CODE

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: https://gitlab.com/gitlab-org/gitlab-pages

Asset type: SOURCE_CODE

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: https://gitlab.com/gitlab-org/gitlab-runner

Asset type: SOURCE_CODE

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: https://gitlab.com/gitlab-org/gitlab-shell

Asset type: SOURCE_CODE

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: https://gitlab.com/gitlab-org/gitlab-vscode-extension

Asset type: SOURCE_CODE

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical

Asset identifier: registry.gitlab.com

Asset type: URL

Availability requirement:

Confidentiality requirement:

Eligible for bounty: true

Eligible for submissions: true

Instruction:

Integrity requirements:

Max severity: critical