I work for a huge government owned telco and our networking guys are the best. They keep us server guys in line. So even though they did expose our Gitlab to an extent, for certain external projects and consultants, you still can't visit it from the internet freely.
And also we manage users in AD so there is no SMTP connection to even do password resets.
But we really need to enforce more 2FA, we've left it up to each project to enforce their own rules on 2FA.
I work for a huge government owned telco and our networking guys are the best. They keep us server guys in line. So even though they did expose our Gitlab to an extent, for certain external projects and consultants, you still can't visit it from the internet freely.
And also we manage users in AD so there is no SMTP connection to even do password resets.
But we really need to enforce more 2FA, we've left it up to each project to enforce their own rules on 2FA.