Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
.gitlab-ci.yml
GitLab CI/CD pipeline configuration file
What an attacker could do
Reveals the full CI/CD pipeline including build/deploy commands, runner tags, container images, and references to CI/CD variables, helping an attacker map the deployment chain and target the GitLab runner environment.
How to defend it
Serve application code from a directory that excludes repository metadata, deny access to dotfiles via web-server rules, and keep credentials in masked/protected GitLab CI/CD variables.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation