[{"data":1,"prerenderedAt":701},["ShallowReactive",2],{"/en-us/blog/gitlab-security-twenty-twenty-one/":3,"navigation-en-us":33,"banner-en-us":450,"footer-en-us":462,"Johnathan Hunt":673,"next-steps-en-us":686},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":23,"_id":26,"_type":27,"title":28,"_source":29,"_file":30,"_stem":31,"_extension":32},"/en-us/blog/gitlab-security-twenty-twenty-one","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"GitLab Security in 2021: protect, enhance, certify and strengthen","Join our Security team as we review how we worked to keep GitLab, and our community, secure this past year.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670795/Blog/Hero%20Images/security-year-in-review-2021.png","https://about.gitlab.com/blog/gitlab-security-twenty-twenty-one","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"GitLab Security in 2021: protect, enhance, certify and strengthen\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Johnathan Hunt\"}],\n        \"datePublished\": \"2021-12-17\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Johnathan Hunt","2021-12-17","\n\n2021 has turned out to be another … interesting year, especially for those of us in the security industry.  Like so many software companies in the business, much of our recent focus has shifted to collective, cross-organizational research efforts to identify, mitigate and help resolve the threat posed by the Log4j vulnerability (See [our response](/blog/updates-and-actions-to-address-logj-in-gitlab/), as well as our post where we detail [how to use GitLab to detect Log4j vulnerabilities](/blog/use-gitlab-to-detect-vulnerabilities/)).  \n\nThankfully though, 2021 was also focused on growing the Security department and adding additional teams and roles, bolstering enterprise SaaS security, reducing our threat landscape with improvements to supply chain security and APT threat protection, and fulfilling our mission of working to enable GitLab to succeed in the most secure way possible (see our [vision and mission statements](/handbook/security/#-security-vision-and-mission)). We achieved impressive results through expansion of our security third-party certification and self-attestation portfolio, contribution of GitLab and customer impacting product security features and improved security across all teams and domains in our security program. Our security teams also focused on improving processes and programs that enable customers on their trust journey, educate and engage team members to contribute toward improving our security posture, and encourage and enable collaboration from our community to strengthen GitLab. These efforts have been successful due to the contributions of our talented and dedicated Security team members, as well as the groups and individuals we partner with each day; including our wider community. THANK YOU for making GitLab stronger! \n\n## Improving assurance for the GitLab community\n\nOur [Security Assurance sub-department](/handbook/security/security-assurance/) spent the last year working across our organization to pursue and complete certifications, test and strengthen governance, assess and manage risk, and provide overall support and enablement to GitLab teams and our customers through a number of initiatives.\n\n### Certification portfolio expansion \n\nOur Security Assurance team built on a [successful 2020](/blog/how-we-made-gitlab-more-secure-in-twenty-twenty/) by focusing on our ambitious pursuit of [compliance certifications](/handbook/security/security-assurance/security-compliance/certifications.html) with the issuance of GitLab’s first [SOC 2 Type 2/SOC 3 reports](https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/serviceorganization-smanagement) for the Security [Trust Service Criteria (TSC)](https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/trustdataintegritytaskforce) dated December 2020. Then, to support customers who need reports by the end of the calendar year, we adjusted our 2021 SOC reporting period to end on October 31st. For our most recent SOC reports we also added the [Confidentiality TSC](/blog/how-gitlab-successfully-expanded-our-soc-2-type-ii-trust-services-report-criteria/) to further highlight the maturity of our operating environment. \n\nIn addition, we delivered our very first [ISO/IEC 27001:2013 certification](https://www.globenewswire.com/en/news-release/2021/12/15/2352975/0/en/A-Compliance-Win-GitLab-Inc-Successfully-Achieves-ISO-IEC-27001-2013-Certification.html) in 2021. Certification against this highly-regarded baseline security standard recognizes our proven commitment to the highest level of information security management.\n\nLastly, in alignment with our continued commitment to transparency we publish all of our security certifications and attestation as part of GitLab’s [Customer Assurance Package](/security/cap/) (learn more below). \n\n### True, continuous control monitoring  \n\nOur [Security Compliance team](/handbook/security/security-assurance/security-compliance/) upgraded our [GitLab Control Framework (GCF)](/handbook/security/security-assurance/security-compliance/sec-controls.html) in 2021 by adopting the Secure Control Framework (SCF) and moving into a [new GRC tool: ZenGRC](/handbook/business-technology/tech-stack/#zengrc). This upgraded control framework has increased testing efficiency and allowed GitLab to achieve our external compliance and regulatory obligations with minimized impact to our teams. This, along with our system/profile-based approach to testing, enabled us to achieve [successful external audits](/handbook/security/security-assurance/security-compliance/certifications.html) and the implementation of strong [IT general controls (ITGCs) for SOX](/handbook/business-technology/it-compliance/ITGC.html) with a small [team of highly-skilled compliance engineers](/company/team/?department=security-assurance).\n\nWe believe our approach to control monitoring has a natural bias towards automation which allows our program to scale, along with GitLab. We’ve continued automating our compliance and regulatory workflows and, where possible, testing evidence as we work towards true continuous control monitoring with proactive alerting of control risks.\n\n### Next generation customer assurance services \n\nOur [Field Security team](/handbook/security/security-assurance/field-security/) deployed [GitLab’s Trust Center](/security/) and next generation Customer Assurance Package to further support our customers on their GitLab trust journey. As part of this effort we expanded our Customer Assurance Package to include the [Standard Information Gathering (SIG) Lite](https://sharedassessments.org/sig/) pre-completed questionnaire, completed an [ISO 20243 Self-Assessment](https://certification.opengroup.org/register/ottps-certification) for both our SaaS and Self-Managed service offerings, and became a [CSA STAR Trusted Cloud Service Provider](https://cloudsecurityalliance.org/star/registry/gitlab/). To support this program internally we dogfooded GitLab’s [Service Desk module](https://docs.gitlab.com/ee/user/project/service_desk.html) to deliver a more efficient way of monitoring, completing and responding to customer assurance requests. \n\nFor this group, 2022 will bring a heavy focus on tooling and automation in support of continued control monitoring, certification expansion and regulated market specialization. \n\n**Note:** Shout out to [@mmaneval20](/company/team/#mmaneval20), [@jburrows001](/company/team/#jburrows001), [@tdilbeck](/company/team/#tdilbeck) and [@julia.lake](/company/team/#Julia.Lake) who provided content for this section!\n{: .note} \n\n## Shoring up our defenses\n\nOur team of [“breakers, builders, and defenders”](/handbook/security/security-operations/#mission) in our [Security Operations sub-department](/handbook/security/#protect-the-company---the-security-operations-sub-department) were *quite* busy this year identifying, preventing, detecting and responding to risks and security events targeting GitLab, our users and the business.\n\n### Identify, analyze and minimize the threat\n\nTo enhance visibility and increase protection of our ever-growing laptop fleet, our [Security Incident Response Team(SIRT)](/handbook/security/security-operations/sirt/) completed early testing of multiple endpoint detection and response platforms this year. After our [IT Ops team](/handbook/business-technology/team-member-enablement/#sts=IT%20Ops) successfully deployed our solution, our SIRT team took over support for the tool and owns the endpoint incident response lifecycle. Alerts from the platform have helped to identify possible issues and allow us to respond quickly to keep GitLab secure. Future plans currently include proactive threat hunting and creating advanced detection mechanisms based on available data points.\n\n### Security automation to address that ever-increasing threat landscape \n\nTo ensure our team’s ongoing incident response efforts are effective against the expanded attack surface and threat landscape that comes with our continued growth and expansion, we’re onboarding incident response automation. This solution has enabled us to automate the handling of reported phishing emails, user attestation on GCP documents access, and the assignment of appropriate response priority level via an incident severity calculator. These enhancements allow our engineers to focus on incident response and devising solutions to more complex issues and incidents.   \n\n### Strengthening GitLab’s security in the shadows\n\nAs for our [Red Team](/handbook/security/threat-management/red-team/), they continued toeing the line of that ever-present balancing act between their stealth, exploratory testing and their commitment to GitLab’s value of transparency; all while helping GitLab implement effective cyber defenses. They held an external-facing [AMA this year in which they answered many questions from our community](/blog/you-asked-and-our-red-team-answered/) and [shared tips on how developers can secure themselves against RCE drive-by attacks](/blog/why-are-developers-vulnerable-to-driveby-attacks/); including details on a real-life disclosure on the GitLab GDK and shared our expertise surrounding offensive and defensive perspectives of attacks hiding malicious code in #OSS contributions at BlackHat Europe with [\"Picking Lockfiles: Attacking & Defending Your Supply Chain\"](https://www.blackhat.com/eu-21/briefings/schedule/#picking-lockfiles--attacking--defending-your-supply-chain-24844). And, much more … which we can’t talk about 😉 😎 .\n\n**Note:** Shout out to [@hasharma](/company/team/#hasharma), [@mjozenazemian](/company/team/#mjozenazemian), [@smanzuik](/company/team/#smanzuik), [@vmairet ](/company/team/#vmairet) and [@blutz1 ](/company/team/#blutz1) who provided content for this section! \n{: .note} \n\n## Strengthening and securing GitLab the product\n\nOur [Security Engineering sub-department](/handbook/security/security-engineering/) endeavors to ensure all aspects of GitLab that are exposed to customers or that host customer data are held to the highest security standards, and to be proactive and responsive to ensure the security of anything GitLab offers. Throughout the year, this group collaborates with teams across the organization, and beyond with the GitLab community, to support our business and their bid to ensure that all GitLab products securely manage customer data.\n\n### Enhance the product with new tooling: Spamcheck and Package Hunter\n\nLast year we blogged about [how we work to detect and mitigate spam on GitLab.com](/blog/how-we-work-to-detect-and-mitigate-spam/). This year our [Security Automation team](/handbook/security/security-engineering/automation/) worked closely with the GitLab Trust and Safety team to [introduce Spamcheck](/blog/introducing-spamcheck-data-driven-anti-abuse/), our new anti-spam engine that has been enabled for all projects on GitLab.com and we're targeting inclusion of Spamcheck in the [14.6 release for our GitLab self-managed customers](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6259). By allowing us to better detect and prevent spam, we believe Spamcheck has significantly improved GitLab’s resilience to it. We recently blogged about the [technical decisions behind Spamcheck](/blog/deep-dive-tech-stack-behind-spamcheck/), as well as some of the early performance data points. You can also check out the [code behind Spamcheck](https://gitlab.com/gitlab-org/spamcheck).\n\nIn July 2021, the GitLab [Security Research team](/handbook/security/security-engineering/security-research/) [released Package Hunter](/blog/announcing-package-hunter/), a tool that helps identify malicious dependencies via runtime monitoring. Powered by [Falco](https://falco.org/), Package Hunter installs a program’s dependencies in a sandbox environment and analyzes system calls for malicious code and other unexpected behavior. Testing of NodeJS and Ruby Gems is currently supported. The project is [open source](https://gitlab.com/gitlab-org/security-products/package-hunter) and we are continually working to improve upon it. Community contributions and feedback are very much welcome!\n\n### Risk reduction and vulnerability management\n\nScaling our [Application Security](/handbook/security/security-engineering/application-security/) efforts has been a big priority for our teams. Again, the key to [doing so successfully is thru automation](/handbook/security/security-engineering/application-security/inventory/), particularly when it comes to keeping track of a growing list of codebases that are constantly changing, adding new components, and relying on different dependencies. For this reason we’re very excited about the progress that has been made on the [GitLab Inventory Builder](https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib/), a very handy tool capable of generating and maintaining a complete list of projects and their dependencies hosted on GitLab.com or self-hosted instances. This is also our first iteration of using policy-as-code to monitor and control various aspects of our projects. Not only can we track where security scans are not well configured, but we believe we can also spot project configuration issues precisely. With the automatic creation of violation issues in GitLab, we can organize, track, and scale the work of our Security Engineers more efficiently. Take a look at this [live action demo](https://gitlab-com.gitlab.io/gl-security/engineering-and-research/inventory-example/) and view the [example code supporting it](https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example) for more information!\n\nDuring 2021 we bootstrapped our [Infrastructure Security team](/handbook/security/security-engineering/infrastructure-security/) and program. This new team works as a stable counterpart to the Infrastructure team and collaborates across Infrastructure and Security to help identify and mitigate security issues, vulnerabilities, and misconfigurations by applying their in-depth knowledge of operating systems, infrastructure, and cloud providers. With this new team and program we’ve bolstered our security observability, added an operating system instrumentation platform, enhanced monitoring, and created an analytics framework for our hosts; all of which help give us insight into all aspects of our production systems. We’ve also deployed an intuitive security graph tool across our cloud platforms that inventories all of our assets and shows the connections between them, but also enables querying based on various metadata. We believe these efforts have already resulted in significant security risk reduction, enhanced vulnerability management, increased observability, and granular monitoring capabilities. \n\nTo help team members understand the security implications of the systems and features they design and work on, this year our team formalized and integrated a [threat modeling process](/handbook/security/threat_modeling/) here at GitLab. Building upon the [evidence driven threat modeling approach that we started working towards adopting last year](/handbook/security/threat_modeling/#the-framework), we’ve iterated on the threat modeling processes and tooling in order to increase adoption, usage, and understanding across GitLab teams. We’ve also added [issue templates](https://docs.gitlab.com/ee/user/project/description_templates.html#create-an-issue-template) to our internal threat modeling repository and improved upon our [threat modeling runbook](/handbook/security/security-engineering/application-security/runbooks/threat-modeling.html). We talk about some of the basics of threat modeling and [how we’ve developed a framework that will work for GitLab in our blog](/blog/creating-a-threat-model-that-works-for-gitlab/).\n\n### Strengthening our product through global expertise and contributions\nThis past year we received 752 reports from 404 talented bug bounty reporters from all across the globe who helped us to strengthen our product through the identification of security vulnerabilities. \n\nIn February, we moved to a managed bug bounty program with [HackerOne](https://hackerone.com/gitlab). This enables us to scale our report triage process, filter out the noise, and ultimately present the most important reports to our development teams faster. In November, we kicked off, [“Our 3rd annual bug bounty contest: the swagtastic sequel to the sequel“](/blog/3rd-annual-bug-bounty-contest), announced a near double in [bounty rewards and detailed our move to standardize bounty payments by using CVSS along with a [nifty CVSS calculator](https://gitlab-com.gitlab.io/gl-security/appsec/cvss-calculator/#). This program, and the amazing bug bounty hunters who contribute to it, continue to raise GitLab’s security bar and reduce risk for our customers. You can read more about what happened in our bug bounty program this past year in [“2021: Smashing bugs and dropping names”](https://about.gitlab.com/blog/smashing-bugs-and-dropping-names-in-2021/).\n\n**Note:** Shout out to [@ankelly](/company/team/#ankelly), [@jritchey](/company/team/#jritchey), [@plafoucriere](/company/team/#plafoucriere), [@heather ](/company/team/#heather) and [@laurence.bierner](/company/team/#laurence.bierner) who provided content for this section! \n{: .note} \n\n## Everyone can contribute…to Security\n\nWhen we say that [Security is a team effort](https://about.gitlab.com/direction/security/#security-is-a-team-effort), we mean it.  These three sub departments, and the 12 teams that sit within them work collaboratively (and sometimes tirelessly) with dozens of teams across GitLab, and community members, to keep GitLab secure and protect our company, the community and our customers.   Thank you to everyone who contributes here and best wishes for a safe, healthy and happy 2022! 🥂\n\n","security",[21],{"slug":24,"featured":6,"template":25},"gitlab-security-twenty-twenty-one","BlogPost","content:en-us:blog:gitlab-security-twenty-twenty-one.yml","yaml","Gitlab Security Twenty Twenty One","content","en-us/blog/gitlab-security-twenty-twenty-one.yml","en-us/blog/gitlab-security-twenty-twenty-one","yml",{"_path":34,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":36,"_id":446,"_type":27,"title":447,"_source":29,"_file":448,"_stem":449,"_extension":32},"/shared/en-us/main-navigation","en-us",{"logo":37,"freeTrial":42,"sales":47,"login":52,"items":57,"search":387,"minimal":418,"duo":437},{"config":38},{"href":39,"dataGaName":40,"dataGaLocation":41},"/","gitlab logo","header",{"text":43,"config":44},"Get free trial",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":48,"config":49},"Talk to sales",{"href":50,"dataGaName":51,"dataGaLocation":41},"/sales/","sales",{"text":53,"config":54},"Sign in",{"href":55,"dataGaName":56,"dataGaLocation":41},"https://gitlab.com/users/sign_in/","sign in",[58,102,198,203,308,368],{"text":59,"config":60,"cards":62,"footer":85},"Platform",{"dataNavLevelOne":61},"platform",[63,69,77],{"title":59,"description":64,"link":65},"The most comprehensive AI-powered DevSecOps Platform",{"text":66,"config":67},"Explore our Platform",{"href":68,"dataGaName":61,"dataGaLocation":41},"/platform/",{"title":70,"description":71,"link":72},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":73,"config":74},"Meet GitLab Duo",{"href":75,"dataGaName":76,"dataGaLocation":41},"/gitlab-duo/","gitlab duo ai",{"title":78,"description":79,"link":80},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":81,"config":82},"Learn more",{"href":83,"dataGaName":84,"dataGaLocation":41},"/why-gitlab/","why gitlab",{"title":86,"items":87},"Get started with",[88,93,98],{"text":89,"config":90},"Platform Engineering",{"href":91,"dataGaName":92,"dataGaLocation":41},"/solutions/platform-engineering/","platform engineering",{"text":94,"config":95},"Developer Experience",{"href":96,"dataGaName":97,"dataGaLocation":41},"/developer-experience/","Developer experience",{"text":99,"config":100},"MLOps",{"href":101,"dataGaName":99,"dataGaLocation":41},"/topics/devops/the-role-of-ai-in-devops/",{"text":103,"left":104,"config":105,"link":107,"lists":111,"footer":180},"Product",true,{"dataNavLevelOne":106},"solutions",{"text":108,"config":109},"View all Solutions",{"href":110,"dataGaName":106,"dataGaLocation":41},"/solutions/",[112,137,159],{"title":113,"description":114,"link":115,"items":120},"Automation","CI/CD and automation to accelerate deployment",{"config":116},{"icon":117,"href":118,"dataGaName":119,"dataGaLocation":41},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[121,125,129,133],{"text":122,"config":123},"CI/CD",{"href":124,"dataGaLocation":41,"dataGaName":122},"/solutions/continuous-integration/",{"text":126,"config":127},"AI-Assisted Development",{"href":75,"dataGaLocation":41,"dataGaName":128},"AI assisted development",{"text":130,"config":131},"Source Code Management",{"href":132,"dataGaLocation":41,"dataGaName":130},"/solutions/source-code-management/",{"text":134,"config":135},"Automated Software Delivery",{"href":118,"dataGaLocation":41,"dataGaName":136},"Automated software delivery",{"title":138,"description":139,"link":140,"items":145},"Security","Deliver code faster without compromising security",{"config":141},{"href":142,"dataGaName":143,"dataGaLocation":41,"icon":144},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[146,149,154],{"text":147,"config":148},"Security & Compliance",{"href":142,"dataGaLocation":41,"dataGaName":147},{"text":150,"config":151},"Software Supply Chain Security",{"href":152,"dataGaLocation":41,"dataGaName":153},"/solutions/supply-chain/","Software supply chain security",{"text":155,"config":156},"Compliance & Governance",{"href":157,"dataGaLocation":41,"dataGaName":158},"/solutions/continuous-software-compliance/","Compliance and governance",{"title":160,"link":161,"items":166},"Measurement",{"config":162},{"icon":163,"href":164,"dataGaName":165,"dataGaLocation":41},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[167,171,175],{"text":168,"config":169},"Visibility & Measurement",{"href":164,"dataGaLocation":41,"dataGaName":170},"Visibility and Measurement",{"text":172,"config":173},"Value Stream Management",{"href":174,"dataGaLocation":41,"dataGaName":172},"/solutions/value-stream-management/",{"text":176,"config":177},"Analytics & Insights",{"href":178,"dataGaLocation":41,"dataGaName":179},"/solutions/analytics-and-insights/","Analytics and insights",{"title":181,"items":182},"GitLab for",[183,188,193],{"text":184,"config":185},"Enterprise",{"href":186,"dataGaLocation":41,"dataGaName":187},"/enterprise/","enterprise",{"text":189,"config":190},"Small Business",{"href":191,"dataGaLocation":41,"dataGaName":192},"/small-business/","small business",{"text":194,"config":195},"Public Sector",{"href":196,"dataGaLocation":41,"dataGaName":197},"/solutions/public-sector/","public sector",{"text":199,"config":200},"Pricing",{"href":201,"dataGaName":202,"dataGaLocation":41,"dataNavLevelOne":202},"/pricing/","pricing",{"text":204,"config":205,"link":207,"lists":211,"feature":295},"Resources",{"dataNavLevelOne":206},"resources",{"text":208,"config":209},"View all resources",{"href":210,"dataGaName":206,"dataGaLocation":41},"/resources/",[212,245,267],{"title":213,"items":214},"Getting started",[215,220,225,230,235,240],{"text":216,"config":217},"Install",{"href":218,"dataGaName":219,"dataGaLocation":41},"/install/","install",{"text":221,"config":222},"Quick start guides",{"href":223,"dataGaName":224,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":226,"config":227},"Learn",{"href":228,"dataGaLocation":41,"dataGaName":229},"https://university.gitlab.com/","learn",{"text":231,"config":232},"Product documentation",{"href":233,"dataGaName":234,"dataGaLocation":41},"https://docs.gitlab.com/","product documentation",{"text":236,"config":237},"Best practice videos",{"href":238,"dataGaName":239,"dataGaLocation":41},"/getting-started-videos/","best practice videos",{"text":241,"config":242},"Integrations",{"href":243,"dataGaName":244,"dataGaLocation":41},"/integrations/","integrations",{"title":246,"items":247},"Discover",[248,253,257,262],{"text":249,"config":250},"Customer success stories",{"href":251,"dataGaName":252,"dataGaLocation":41},"/customers/","customer success stories",{"text":254,"config":255},"Blog",{"href":256,"dataGaName":5,"dataGaLocation":41},"/blog/",{"text":258,"config":259},"Remote",{"href":260,"dataGaName":261,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":263,"config":264},"TeamOps",{"href":265,"dataGaName":266,"dataGaLocation":41},"/teamops/","teamops",{"title":268,"items":269},"Connect",[270,275,280,285,290],{"text":271,"config":272},"GitLab Services",{"href":273,"dataGaName":274,"dataGaLocation":41},"/services/","services",{"text":276,"config":277},"Community",{"href":278,"dataGaName":279,"dataGaLocation":41},"/community/","community",{"text":281,"config":282},"Forum",{"href":283,"dataGaName":284,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":286,"config":287},"Events",{"href":288,"dataGaName":289,"dataGaLocation":41},"/events/","events",{"text":291,"config":292},"Partners",{"href":293,"dataGaName":294,"dataGaLocation":41},"/partners/","partners",{"backgroundColor":296,"textColor":297,"text":298,"image":299,"link":303},"#2f2a6b","#fff","Insights for the future of software development",{"altText":300,"config":301},"the source promo card",{"src":302},"/images/navigation/the-source-promo-card.svg",{"text":304,"config":305},"Read the latest",{"href":306,"dataGaName":307,"dataGaLocation":41},"/the-source/","the source",{"text":309,"config":310,"lists":312},"Company",{"dataNavLevelOne":311},"company",[313],{"items":314},[315,320,326,328,333,338,343,348,353,358,363],{"text":316,"config":317},"About",{"href":318,"dataGaName":319,"dataGaLocation":41},"/company/","about",{"text":321,"config":322,"footerGa":325},"Jobs",{"href":323,"dataGaName":324,"dataGaLocation":41},"/jobs/","jobs",{"dataGaName":324},{"text":286,"config":327},{"href":288,"dataGaName":289,"dataGaLocation":41},{"text":329,"config":330},"Leadership",{"href":331,"dataGaName":332,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":334,"config":335},"Team",{"href":336,"dataGaName":337,"dataGaLocation":41},"/company/team/","team",{"text":339,"config":340},"Handbook",{"href":341,"dataGaName":342,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":344,"config":345},"Investor relations",{"href":346,"dataGaName":347,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":349,"config":350},"Trust Center",{"href":351,"dataGaName":352,"dataGaLocation":41},"/security/","trust center",{"text":354,"config":355},"AI Transparency Center",{"href":356,"dataGaName":357,"dataGaLocation":41},"/ai-transparency-center/","ai transparency center",{"text":359,"config":360},"Newsletter",{"href":361,"dataGaName":362,"dataGaLocation":41},"/company/contact/","newsletter",{"text":364,"config":365},"Press",{"href":366,"dataGaName":367,"dataGaLocation":41},"/press/","press",{"text":369,"config":370,"lists":371},"Contact us",{"dataNavLevelOne":311},[372],{"items":373},[374,377,382],{"text":48,"config":375},{"href":50,"dataGaName":376,"dataGaLocation":41},"talk to sales",{"text":378,"config":379},"Get help",{"href":380,"dataGaName":381,"dataGaLocation":41},"/support/","get help",{"text":383,"config":384},"Customer portal",{"href":385,"dataGaName":386,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":388,"login":389,"suggestions":396},"Close",{"text":390,"link":391},"To search repositories and projects, login to",{"text":392,"config":393},"gitlab.com",{"href":55,"dataGaName":394,"dataGaLocation":395},"search login","search",{"text":397,"default":398},"Suggestions",[399,401,405,407,411,415],{"text":70,"config":400},{"href":75,"dataGaName":70,"dataGaLocation":395},{"text":402,"config":403},"Code Suggestions (AI)",{"href":404,"dataGaName":402,"dataGaLocation":395},"/solutions/code-suggestions/",{"text":122,"config":406},{"href":124,"dataGaName":122,"dataGaLocation":395},{"text":408,"config":409},"GitLab on AWS",{"href":410,"dataGaName":408,"dataGaLocation":395},"/partners/technology-partners/aws/",{"text":412,"config":413},"GitLab on Google Cloud",{"href":414,"dataGaName":412,"dataGaLocation":395},"/partners/technology-partners/google-cloud-platform/",{"text":416,"config":417},"Why GitLab?",{"href":83,"dataGaName":416,"dataGaLocation":395},{"freeTrial":419,"mobileIcon":424,"desktopIcon":429,"secondaryButton":432},{"text":420,"config":421},"Start free trial",{"href":422,"dataGaName":46,"dataGaLocation":423},"https://gitlab.com/-/trials/new/","nav",{"altText":425,"config":426},"Gitlab Icon",{"src":427,"dataGaName":428,"dataGaLocation":423},"/images/brand/gitlab-logo-tanuki.svg","gitlab icon",{"altText":425,"config":430},{"src":431,"dataGaName":428,"dataGaLocation":423},"/images/brand/gitlab-logo-type.svg",{"text":433,"config":434},"Get Started",{"href":435,"dataGaName":436,"dataGaLocation":423},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":438,"mobileIcon":442,"desktopIcon":444},{"text":439,"config":440},"Learn more about GitLab Duo",{"href":75,"dataGaName":441,"dataGaLocation":423},"gitlab duo",{"altText":425,"config":443},{"src":427,"dataGaName":428,"dataGaLocation":423},{"altText":425,"config":445},{"src":431,"dataGaName":428,"dataGaLocation":423},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":451,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"title":452,"button":453,"config":457,"_id":459,"_type":27,"_source":29,"_file":460,"_stem":461,"_extension":32},"/shared/en-us/banner","GitLab Duo Agent Platform is now in public beta!",{"text":81,"config":454},{"href":455,"dataGaName":456,"dataGaLocation":41},"/gitlab-duo/agent-platform/","duo banner",{"layout":458},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":463,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":464,"_id":669,"_type":27,"title":670,"_source":29,"_file":671,"_stem":672,"_extension":32},"/shared/en-us/main-footer",{"text":465,"source":466,"edit":472,"contribute":477,"config":482,"items":487,"minimal":661},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":467,"config":468},"View page source",{"href":469,"dataGaName":470,"dataGaLocation":471},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":473,"config":474},"Edit this page",{"href":475,"dataGaName":476,"dataGaLocation":471},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":478,"config":479},"Please contribute",{"href":480,"dataGaName":481,"dataGaLocation":471},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":483,"facebook":484,"youtube":485,"linkedin":486},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[488,511,568,597,631],{"title":59,"links":489,"subMenu":494},[490],{"text":491,"config":492},"DevSecOps platform",{"href":68,"dataGaName":493,"dataGaLocation":471},"devsecops platform",[495],{"title":199,"links":496},[497,501,506],{"text":498,"config":499},"View plans",{"href":201,"dataGaName":500,"dataGaLocation":471},"view plans",{"text":502,"config":503},"Why Premium?",{"href":504,"dataGaName":505,"dataGaLocation":471},"/pricing/premium/","why premium",{"text":507,"config":508},"Why Ultimate?",{"href":509,"dataGaName":510,"dataGaLocation":471},"/pricing/ultimate/","why ultimate",{"title":512,"links":513},"Solutions",[514,519,522,524,529,534,538,541,545,550,552,555,558,563],{"text":515,"config":516},"Digital transformation",{"href":517,"dataGaName":518,"dataGaLocation":471},"/topics/digital-transformation/","digital transformation",{"text":147,"config":520},{"href":142,"dataGaName":521,"dataGaLocation":471},"security & compliance",{"text":136,"config":523},{"href":118,"dataGaName":119,"dataGaLocation":471},{"text":525,"config":526},"Agile development",{"href":527,"dataGaName":528,"dataGaLocation":471},"/solutions/agile-delivery/","agile delivery",{"text":530,"config":531},"Cloud transformation",{"href":532,"dataGaName":533,"dataGaLocation":471},"/topics/cloud-native/","cloud transformation",{"text":535,"config":536},"SCM",{"href":132,"dataGaName":537,"dataGaLocation":471},"source code management",{"text":122,"config":539},{"href":124,"dataGaName":540,"dataGaLocation":471},"continuous integration & delivery",{"text":542,"config":543},"Value stream management",{"href":174,"dataGaName":544,"dataGaLocation":471},"value stream management",{"text":546,"config":547},"GitOps",{"href":548,"dataGaName":549,"dataGaLocation":471},"/solutions/gitops/","gitops",{"text":184,"config":551},{"href":186,"dataGaName":187,"dataGaLocation":471},{"text":553,"config":554},"Small business",{"href":191,"dataGaName":192,"dataGaLocation":471},{"text":556,"config":557},"Public sector",{"href":196,"dataGaName":197,"dataGaLocation":471},{"text":559,"config":560},"Education",{"href":561,"dataGaName":562,"dataGaLocation":471},"/solutions/education/","education",{"text":564,"config":565},"Financial services",{"href":566,"dataGaName":567,"dataGaLocation":471},"/solutions/finance/","financial services",{"title":204,"links":569},[570,572,574,576,579,581,583,585,587,589,591,593,595],{"text":216,"config":571},{"href":218,"dataGaName":219,"dataGaLocation":471},{"text":221,"config":573},{"href":223,"dataGaName":224,"dataGaLocation":471},{"text":226,"config":575},{"href":228,"dataGaName":229,"dataGaLocation":471},{"text":231,"config":577},{"href":233,"dataGaName":578,"dataGaLocation":471},"docs",{"text":254,"config":580},{"href":256,"dataGaName":5,"dataGaLocation":471},{"text":249,"config":582},{"href":251,"dataGaName":252,"dataGaLocation":471},{"text":258,"config":584},{"href":260,"dataGaName":261,"dataGaLocation":471},{"text":271,"config":586},{"href":273,"dataGaName":274,"dataGaLocation":471},{"text":263,"config":588},{"href":265,"dataGaName":266,"dataGaLocation":471},{"text":276,"config":590},{"href":278,"dataGaName":279,"dataGaLocation":471},{"text":281,"config":592},{"href":283,"dataGaName":284,"dataGaLocation":471},{"text":286,"config":594},{"href":288,"dataGaName":289,"dataGaLocation":471},{"text":291,"config":596},{"href":293,"dataGaName":294,"dataGaLocation":471},{"title":309,"links":598},[599,601,603,605,607,609,611,615,620,622,624,626],{"text":316,"config":600},{"href":318,"dataGaName":311,"dataGaLocation":471},{"text":321,"config":602},{"href":323,"dataGaName":324,"dataGaLocation":471},{"text":329,"config":604},{"href":331,"dataGaName":332,"dataGaLocation":471},{"text":334,"config":606},{"href":336,"dataGaName":337,"dataGaLocation":471},{"text":339,"config":608},{"href":341,"dataGaName":342,"dataGaLocation":471},{"text":344,"config":610},{"href":346,"dataGaName":347,"dataGaLocation":471},{"text":612,"config":613},"Sustainability",{"href":614,"dataGaName":612,"dataGaLocation":471},"/sustainability/",{"text":616,"config":617},"Diversity, inclusion and belonging (DIB)",{"href":618,"dataGaName":619,"dataGaLocation":471},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":349,"config":621},{"href":351,"dataGaName":352,"dataGaLocation":471},{"text":359,"config":623},{"href":361,"dataGaName":362,"dataGaLocation":471},{"text":364,"config":625},{"href":366,"dataGaName":367,"dataGaLocation":471},{"text":627,"config":628},"Modern Slavery Transparency Statement",{"href":629,"dataGaName":630,"dataGaLocation":471},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":632,"links":633},"Contact Us",[634,637,639,641,646,651,656],{"text":635,"config":636},"Contact an expert",{"href":50,"dataGaName":51,"dataGaLocation":471},{"text":378,"config":638},{"href":380,"dataGaName":381,"dataGaLocation":471},{"text":383,"config":640},{"href":385,"dataGaName":386,"dataGaLocation":471},{"text":642,"config":643},"Status",{"href":644,"dataGaName":645,"dataGaLocation":471},"https://status.gitlab.com/","status",{"text":647,"config":648},"Terms of use",{"href":649,"dataGaName":650,"dataGaLocation":471},"/terms/","terms of use",{"text":652,"config":653},"Privacy statement",{"href":654,"dataGaName":655,"dataGaLocation":471},"/privacy/","privacy statement",{"text":657,"config":658},"Cookie preferences",{"dataGaName":659,"dataGaLocation":471,"id":660,"isOneTrustButton":104},"cookie preferences","ot-sdk-btn",{"items":662},[663,665,667],{"text":647,"config":664},{"href":649,"dataGaName":650,"dataGaLocation":471},{"text":652,"config":666},{"href":654,"dataGaName":655,"dataGaLocation":471},{"text":657,"config":668},{"dataGaName":659,"dataGaLocation":471,"id":660,"isOneTrustButton":104},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[674],{"_path":675,"_dir":676,"_draft":6,"_partial":6,"_locale":7,"content":677,"config":681,"_id":683,"_type":27,"title":18,"_source":29,"_file":684,"_stem":685,"_extension":32},"/en-us/blog/authors/johnathan-hunt","authors",{"name":18,"config":678},{"headshot":679,"ctfId":680},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","JohnathanHunt",{"template":682},"BlogAuthor","content:en-us:blog:authors:johnathan-hunt.yml","en-us/blog/authors/johnathan-hunt.yml","en-us/blog/authors/johnathan-hunt",{"_path":687,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"header":688,"eyebrow":689,"blurb":690,"button":691,"secondaryButton":695,"_id":697,"_type":27,"title":698,"_source":29,"_file":699,"_stem":700,"_extension":32},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":43,"config":692},{"href":693,"dataGaName":46,"dataGaLocation":694},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":48,"config":696},{"href":50,"dataGaName":51,"dataGaLocation":694},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1753475378832]