GitHub, Bitbucket or GitLab? How to make the decision about a proper version control hosting platform? What to take into account? Well, you can compare it by features, integrations, pricing, UI and more criteria but one you should definitely consider is security. In this article we will check how secure GitLab is.
GitLab application security
There will be no surprise here – to start using the platform, you need to create an account with login and password. You should treat it as the first line of your GitLab security. Consider unique, abstract login – it is public so everybody will know you by this name – hackers also. Don’t use nicknames used in your passwords (we hope you don’t do this anyway) or the names you use on other services – you increase the possibility of your credentials being unveiled.
How about a password? Make sure it’s unique, strong and randomized. Use abstract strings of small and capital letters, numbers and special characters. If you are sure you have all the security measures in place in your Google account – login with single sign-on (SSO). GitLab supports SSO of Google, Twitter or even Bitbucket and GitHub. What is the goal? To limit the risk of using weak, repeatable passwords and decrease the number of credentials you need to keep in mind.
General advice – please make sure you have two-factor authentication enabled everywhere it’s possible, not only when it comes to your GitLab account security. It provides you an additional layer of account and access security. The company itself recommends using the 2FA application in official GitLab’s documentation.
GitLab backup – why do you need it?
As you can see, the above-mentioned authentication methods can not provide you with a 100% guarantee of security. Use it best, but always be prepared for the worst. Make sure you have an appropriate backup and recovery plan.
Why do you need GitLab backup? Simply imagine any possible human error – HEAD overwrite, branch deletion, malicious act of your ex-employee. Add GitLab’s data center on fire, GitLab down and your source code wiped out irreversibly. How long will it take to restore your source code to the state before an error or natural disaster? Is it even possible? Of course GitLab server status shows us that long-lasting failures are not so common but for some companies even one hour-long disruption might bring horrendous operational and financial losses.
To avoid this scenario, better consider GitLab backup like GitProtect.io. It protects all your GitLab projects with related metadata. All you need to do is to add your GitLab account.io to run automatic backups (full, incremental or differential – it’s up to you and your preferred rotation scheme). You have control over schedule, retention (even unlimited), compression, AES encryption and more. Of course you can manage it centrally and check advanced audit logs or just sit, chill and only monitor email or slack notifications to make sure your GitLab security is on the highest level possible.