Security audit of a GitLab instance