Last Updated: May 16, 2019
Welcome to the GitLab, Inc. (“GitLab”) security alert database, which is made available via the website located at https://gitlab.com/gitlab-org/security-products/gemnasium-db (the “GitLab Security Alert Database”). Please read these terms and conditions (the “Security Alert Database Terms”) carefully because they govern your access to and use of the GitLab Security Alert Database, the security alert database, and all related information, data, and content made accessible via the GitLab Security Alert Database (collectively, the “Security Alert Database”).
By clicking “agree” or accessing or using the Security Alert Database, you agree to be bound by these Security Alert Database Terms. If you don’t agree to be bound by these Security Alert Database Terms, do not attempt to access or use the Security Alert Database. If you are accessing or using the Security Alert Database on behalf of a company (such as your employer) or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to these Security Alert Database Terms. In that case, “you” and “your” will refer to that company or other legal entity.
We may update the Security Alert Database Terms at any time, in our sole discretion. If we do so, we’ll let you know either by posting the updated Security Alert Database Terms on the Gitlab Security Alert Database or through other communications. It’s important that you review the Security Alert Database Terms whenever we update them or you use the Security Alert Database. If you continue to use the Security Alert Database after we have posted updated Security Alert Database Terms, you are agreeing to be bound by the updated Security Alert Database Terms. If you don’t agree to be bound by the updated Security Alert Database Terms, then you may not use the Security Alert Database anymore. Because our Security Alert Database is evolving over time we may change or discontinue all or any part of the Security Alert Database, at any time and without notice, at our sole discretion.
We allow contributions to the Security Alert Database by submitting a merge request (“Contribution”) to https://gitlab.com/gitlab-org/security-products/gemnasium-db. You grant to us a non-exclusive, transferable, worldwide, perpetual, irrevocable, fully-paid, royalty-free license, with the right to sublicense, under any and all intellectual property rights that you own or control to use, copy, modify, create derivative works based upon and otherwise exploit the Contribution for any purpose.
- (a) Definitions. For purposes of these Security Alert Database Terms: (i) “Content” means data, text, graphics, images, software, audio, video, works of authorship of any kind, and information or other materials that are posted, generated, provided or otherwise made available through the Security Alert Database; and (ii) “User Content” means any Content, including security alerts or related information, that Account holders or other users (including you) provide to be made available through the Security Alert Database.
- (b) Our Content Ownership. GitLab does not claim any ownership rights in any User Content and nothing in these Security Alert Database Terms will be deemed to restrict any rights that you may have to use and exploit your User Content. Subject to the foregoing, GitLab and its licensors exclusively own all right, title and interest in and to the Security Alert Database and Content, including all associated intellectual property rights. You acknowledge that the Security Alert Database and Content are protected by copyright, trademark, and other laws of the United States and foreign countries. You agree not to remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Security Alert Database or Content.
- (c) Rights in User Content Granted by You. By making any User Content available through the Security Alert Database you hereby grant to GitLab a perpetual, non-exclusive, transferable, worldwide, royalty-free license, with the right to sublicense, to integrate your User Content into the Security Alert Database and to use, copy, modify, create derivative works based upon, distribute, publicly display, and publicly perform your User Content in connection with operating and providing the Security Alert Database.
- (d) Your Responsibility for User Content. You are solely responsible for all your User Content. You represent and warrant that you own all your User Content or you have all rights that are necessary to grant us the license rights in your User Content under these Security Alert Database Terms. You also represent and warrant that neither your User Content, nor your use and provision of your User Content to be made available through the Security Alert Database, nor any use of your User Content by GitLab on or through the Security Alert Database will infringe, misappropriate or violate a third party’s intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.
- (e) Removal of User Content. Once posted, some or all of your User Content (such as posts or comments you make) may not be removed from the Security Alert Database, and copies of your User Content may continue to exist on or in the Security Alert Database. We are not responsible or liable for the removal or deletion of (or the failure to remove or delete) any of your User Content.
- (f) Rights in Content Granted by GitLab; No Downloads or Copying. Subject to your compliance with these Security Alert Database Terms, GitLab grants you a limited, non-exclusive, non-transferable license, with no right to sublicense, to access, view and use the Content solely in connection with your Permitted Use of the Security Alert Database. "Permitted Use" shall mean any use of the Security Alert Database that is not expressly prohibited under Section 5, below. GitLab grants you no right to and you expressly agree not to download, copy, or otherwise store in electronic or other form any of the Content.
You agree not to do any of the following:
- (a) Post, upload, publish, submit or transmit any Content that: (i) infringes, misappropriates or violates a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (iii) is fraudulent, false, misleading or deceptive; (iv) is defamatory, obscene, pornographic, vulgar or offensive; (v) promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (vi) is violent or threatening or promotes violence or actions that are threatening to any person or entity; or (vii) promotes illegal or harmful activities or substances;
- (b) Use, display, mirror or frame the Security Alert Database or any individual element within the Security Alert Database, GitLab’s name, any GitLab trademark, logo or other proprietary information, or the layout and design of any page or form contained on a page, without GitLab’s express written consent;
- (c) Access, tamper with, or use non-public areas of the Security Alert Database, GitLab’s computer systems, or the technical delivery systems of GitLab’s providers;
- (d) Attempt to probe, scan or test the vulnerability of any GitLab system or network or breach any security or authentication measures;
- (e) Avoid, bypass, remove, deactivate, impair, descramble or otherwise circumvent any technological measure implemented by GitLab or any of GitLab’s providers or any other third party (including another user) to protect the Security Alert Database or Content;
- (f) Attempt to access or search the Security Alert Database or Content or download Content from the Security Alert Database through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers, data mining tools or the like) other than the software and/or search agents provided by GitLab or other generally available third-party web browsers;
- (g) Send any unsolicited or unauthorized advertising, promotional materials, email, junk mail, spam, chain letters or other form of solicitation;
- (h) Use any meta tags or other hidden text or metadata utilizing a GitLab trademark, logo URL or product name without GitLab’s express written consent;
- (i) Use the Security Alert Database or Content, or any portion thereof, in any manner not permitted by these Security Alert Database Terms;
- (j) Forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Security Alert Database or Content to send altered, deceptive or false source-identifying information;
- (k) Attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the Security Alert Database or Content;
- (l) Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the Security Alert Database;
- (m) Collect or store any personally identifiable information from the Security Alert Database from other users of the Security Alert Database without their express permission;
- (n) Impersonate or misrepresent your affiliation with any person or entity;
- (o) Violate any applicable law or regulation; or
- (p) Encourage or enable any other individual to do any of the foregoing.
Although GitLab is not obligated to monitor access to or use of the Security Alert Database or Content or to review or edit any Content, we have the right to do so for the purpose of operating the Security Alert Database, to ensure compliance with these Security Alert Database Terms and to comply with applicable law or other legal requirements. We reserve the right, but are not obligated, to remove or disable access to any Content, at any time and without notice, including, but not limited to, if we, at our sole discretion, consider any Content to be objectionable or in violation of these Security Alert Database Terms. We have the right to investigate violations of these Security Alert Database Terms or conduct that affects the Security Alert Database. We may also consult and cooperate with law enforcement authorities to prosecute users who violate the law.
GitLab respects copyright law and expects its users to do the same. It is GitLab’s policy to terminate in appropriate circumstances Account holders who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see GitLab’s DMCA Policy at https://about.gitlab.com/handbook/dmca/ for further information.
The Security Alert Database may contain links to third-party websites or resources. We provide these links only as a convenience and are not responsible for the content, products or Security Alert Database on or available from those websites or resources or links displayed on such websites. You acknowledge sole responsibility for and assume all risk arising from your use of any third-party websites or resources.
We may terminate your access to and use of the Security Alert Database, at our sole discretion, at any time and without notice to you. Upon any termination, discontinuation or cancellation of the Security Alert Database or your Account, the following Sections will survive: 4, 5, 9, 10, 11, and 12.
THE SECURITY ALERT DATABASE AND CONTENT ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, WE EXPLICITLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF THE COURSE OF DEALING OR USAGE OF TRADE. We make no warranty that the Security Alert Database will meet your requirements or be available on an uninterrupted, secure, or error-free basis. We make no warranty regarding the quality, accuracy, timeliness, truthfulness, completeness or reliability of any Content. You acknowledge and agree that the Security Alert Database is based in part on information and alerts made available by third parties, and that GitLab is not responsible for and will have no liability related to the accuracy or completeness of any security alerts, data, or other Content made available through the Security Alert Database. THE SECURITY ALERT DATABASE IS NOT A COMPLETE SOURCE OF ALL POTENTIAL SECURITY THREATS AND/OR VULNERABILITIES AND SHOULD NOT BE RELIED UPON OR USED AS A SUBSTITUTE FOR THE ADVICE AND RECOMMENDATIONS OF YOUR OWN SECURITY PROFESSIONALS FOR IMPLEMENTING A COMPREHENSIVE SECURITY PLAN.
- (a) NEITHER GITLAB NOR ANY OTHER PARTY INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SECURITY ALERT DATABASE OR CONTENT WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST SAVINGS, LOST BUSINESS OPPORTUNITY, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE SECURITY ALERT DATABASE OF ANY KIND ARISING OUT OF OR IN CONNECTION WITH THESE SECURITY ALERT DATABASE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SECURITY ALERT DATABASE OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT GITLAB OR ANY OTHER PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
- (b) IN NO EVENT WILL GITLAB’S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE SECURITY ALERT DATABASE TERMS OR FROM THE USE OF OR INABILITY TO USE THE SECURITY ALERT DATABASE OR CONTENT EXCEED THE AMOUNTS YOU HAVE PAID TO GITLAB FOR USE OF THE SECURITY ALERT DATABASE OR CONTENT OR ONE HUNDRED DOLLARS ($100), IF YOU HAVE NOT HAD ANY PAYMENT OBLIGATIONS TO GITLAB, AS APPLICABLE.
- (c) THE EXCLUSIONS AND LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN GITLAB AND YOU.
These Security Alert Database Terms will be governed by the laws of the State of California, U.S.A. without regard to its conflict of laws provisions. The federal and state courts sitting in San Francisco County, California, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement.
- (a) Entire Agreement; Other Terms. These Security Alert Database Terms constitute the entire and exclusive understanding and agreement between GitLab and you regarding the Security Alert Database and Content, and these Security Alert Database Terms supersede and replace any and all prior oral or written understandings or agreements between GitLab and you regarding the Security Alert Database and Content. Without limiting the foregoing, these Security Alert Database Terms supplement and are in addition to any other Terms posted at https://about.gitlab.com/terms/, or on any other GitLab website, and any other agreement between you and GitLab or any of its affiliates (collectively, the “Other Terms”). In the event of any conflict between these Security Alert Database Terms and any of the Other Terms with respect to your access to or use of the Security Alert Database, these Security Alert Database Terms will control and govern. If any provision of these Security Alert Database Terms is held invalid or unenforceable by a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible and the other provisions of these Security Alert Database Terms will remain in full force and effect. You may not assign or transfer these Security Alert Database Terms, by operation of law or otherwise, without GitLab’s prior written consent. Any attempt by you to assign or transfer these Security Alert Database Terms, without such consent, will be null. GitLab may freely assign or transfer these Security Alert Database Terms without restriction. Subject to the foregoing, these Security Alert Database Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
- (b) Notices. Any notices or other communications provided by GitLab under these Security Alert Database Terms, including those regarding modifications to these Security Alert Database Terms, will be given: (i) via email; or (ii) by posting to the Security Alert Database. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
- (c) Waiver of Rights. GitLab’s failure to enforce any right or provision of these Security Alert Database Terms will not be considered a waiver of such right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of GitLab. Except as expressly set forth in these Security Alert Database Terms, the exercise by either party of any of its remedies under these Security Alert Database Terms will be without prejudice to its other remedies under these Security Alert Database Terms or otherwise.