In this post we’ll be talking about an explanation to a previous post regarding exposed repositories via version control platforms. This will be related to use of self-hosted product of the cloud-hosted platform.


First, let’s do a quick recap. The use of public repositories is good, which is a good way to collaborate.  However, there must be some verification before there is a commit made, as the code getting committed could potentially contain information which may have been needed in development but wasn’t meant to be included within the commit. This information could be easily searchable via the platform search function.


Ultimately, this situation can happen even on a cloud platform, which requires no maintenance from the company hosting their code on it. GitLab, another version control platform, provides a self-host version of their product for usage internally. Being self-hosted, this requires the implementation and configuration needed to ensure it is setup and accessible for any authorised users.


The use of this internally and not public facing could slightly decrease the risk of an issue occurring but could be reversed if this was publicly accessible. The self-host version control is chosen for the protection of Intellectual Property (IP), as this is usually a company’s most precious asset (data-wise). However, having repositories publicly accessible and misconfigured could have far more consequences.


An example of this is where a security researcher discovered some exposed files via a development lab used by Samsung engineers. The reason for this was due to an exposed GitLab instance which wasn’t adequately protected.


Although the reason around the use of self-hosted products can be debated, their use will allow the code to stay within the company itself. However, not ensuring that all checks and balances have been carried out and have been setup correctly could lead to potential issues.

Join us in a partnership founded in research, education and execution

Our success is built on protecting our clients’ success. We have a distinguished track record of supporting our clients in building secure by design environments. Our consultants have successfully ushered in new security practices in leading pharmaceutical, energy and retail institutions. Bramfitt has over 50 specialists around the world and we are committed to forging long-term relationships with our clients, providing them with genuine insight and practical advice, and supporting them as they navigate the everchanging security landscape.

Let us be your partner for the next phase of your security journey.

EMEA Headquarters
Tower 42, 25 Old Broad Street London, EC2N 1HN
+44 (0) 208 187 4234
AMER Headquarters
45 Rockefeller Plaza, 20th Floor New York, NY 10111
+1 (800) 468-6046
APAC Headquarters
96 Wanneroo Rd, Yokine WA 6060, Australia
iasme consortium
iasme consortium
cyber essentials
cyber essentials plus
iot security assured
ukas iso 9001ukas iso 27001
Back to top
Get in touch