[{"data":1,"prerenderedAt":699},["ShallowReactive",2],{"/en-us/blog/software-supply-chain-security-guide-why-organizations-struggle/":3,"navigation-en-us":32,"banner-en-us":448,"footer-en-us":460,"Itzik Gan Baruch":671,"next-steps-en-us":684},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":11,"config":21,"_id":25,"_type":26,"title":27,"_source":28,"_file":29,"_stem":30,"_extension":31},"/en-us/blog/software-supply-chain-security-guide-why-organizations-struggle","blog",false,"",{"noIndex":6,"title":9,"description":10},"Software supply chain security guide: Why organizations struggle","Part 1 of this new series explores fundamental challenges, practical solutions, and emerging trends, including AI, that every development team needs to understand.",{"title":9,"description":10,"authors":12,"heroImage":14,"date":15,"body":16,"category":17,"tags":18},[13],"Itzik Gan Baruch","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097701/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%285%29_1iy516k40hwBDChKcUJ2zb_1750097700983.png","2025-07-24","Ask most development teams about supply chain security, and you'll get answers focused on vulnerability scanning or dependency management. While these are components of supply chain security, they represent a dangerously narrow view of a much broader challenge.\n\n**Supply chain security isn't just about scanning dependencies.** It encompasses the entire journey from code creation to production deployment, including:\n\n* **Source security:** protect code repositories, managing contributor access, ensuring code integrity  \n* **Build security:** secure build environments, preventing tampering during compilation and packaging  \n* **Artifact security:** ensure the integrity of containers, packages, and deployment artifacts  \n* **Deployment security:** secure the delivery mechanisms and runtime environments  \n* **Tool security:** harden the development tools and platforms themselves\n\nThe \"chain\" in supply chain security refers to this interconnected series of steps. A weakness anywhere in the chain can compromise the entire software delivery process.\n\nThe [2020 SolarWinds attack](https://www.cisa.gov/news-events/news/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure-security) illustrates this perfectly. In what became one of the largest supply chain attacks in history, state-sponsored attackers compromised the build pipeline of SolarWinds' Orion network management software. Rather than exploiting a vulnerable dependency or hacking the final application, they injected malicious code during the compilation process itself.\n\nThe result was devastating: More than 18,000 organizations, including multiple U.S. government agencies, unknowingly installed backdoored software through normal software updates. The source code was clean, the final application appeared legitimate, but the build process had been weaponized. This attack remained undetected for months, demonstrating how supply chain vulnerabilities can bypass traditional security measures.\n\n### Common misconceptions that leave organizations vulnerable\n\nDespite growing awareness of supply chain threats, many organizations remain exposed because they operate under fundamental misunderstandings about what software supply chain security actually entails. These misconceptions create dangerous blind spots:\n\n* Thinking software supply chain security equals dependency scanning  \n* Focusing only on open source components while ignoring proprietary code risks  \n* Believing that code signing alone provides sufficient protection  \n* Assuming that secure coding practices eliminate supply chain risks  \n* Treating it as a security team problem rather than a development workflow challenge\n\n![Software supply chain security dependency chart](https://res.cloudinary.com/about-gitlab-com/image/upload/v1753200077/kqndvlxyvncshdiq0xea.png)\n\n## How AI is changing the game\n\nJust as organizations are grappling with traditional software supply chain security challenges, artificial intelligence (AI)  is introducing entirely new attack vectors and amplifying existing ones in unprecedented ways.\n\n### AI-powered attacks: More sophisticated, more scalable\n\nAttackers are using AI to automate vulnerability discovery, generate convincing social engineering attacks targeting developers, and systematically analyze public codebases for weaknesses. What once required manual effort can now be done at scale — with precision.\n\n### The AI development supply chain introduces new risks\n\nAI is reshaping the entire development lifecycle, but it's also introducing significant security blind spots:\n\n* **Model supply chain attacks:** Pre-trained models from sources like Hugging Face or GitHub may contain backdoors or poisoned training data.  \n* **Insecure AI-generated code:** Developers using AI coding assistants may unknowingly introduce vulnerable patterns or unsafe dependencies.  \n* **Compromised AI toolchains:** The infrastructure used to train, deploy, and manage AI models creates a new attack surface.  \n* **Automated reconnaissance:** AI enables attackers to scan entire ecosystems to identify high-impact supply chain targets.  \n* **Shadow AI and unsanctioned tools:** Developers may integrate external AI tools that haven't been vetted.\n\nThe result? AI doesn't just introduce new vulnerabilities, it amplifies the scale and impact of existing ones. Organizations can no longer rely on incremental improvements. The threat landscape is evolving faster than current security practices can adapt.\n\n![AI amplification effect](https://res.cloudinary.com/about-gitlab-com/image/upload/v1753200139/xuxezxld6ztlvjocgjlx.png)\n\n## Why most organizations still struggle\n\nEven organizations that understand supply chain security often fail to act effectively. The statistics reveal a troubling pattern of awareness without corresponding behavior change.\n\nWhen [Colonial Pipeline paid hackers $4.4 million](https://www.cnn.com/2021/05/19/politics/colonial-pipeline-ransom/index.html) in 2021 to restore operations, or when 18,000 organizations fell victim to the SolarWinds attack, the message was clear: Supply chain vulnerabilities can bring down critical infrastructure and compromise sensitive data at unprecedented scale.\n\nYet, despite this awareness, most organizations continue with business as usual. The real question isn't whether organizations care about supply chain security — it's why caring alone isn't translating into effective protection.\n\nThe answer lies in four critical barriers that prevent effective action:\n\n**1. The false economy mindset**\n\nOrganizations sometimes focus on the cost instead of \"what's the most effective approach?\" This cost-first thinking creates expensive downstream problems.\n\n**2. Skills shortage reality**\n\nWith [organizations averaging 4 security professionals per 100 developers](https://codific.com/bsimm-building-security-in-maturity-model-a-complete-guide/), according to BSIMM research, and [90% of organizations reporting critical cybersecurity skills gaps](https://www.isc2.org/Insights/2024/09/Employers-Must-Act-Cybersecurity-Workforce-Growth-Stalls-as-Skills-Gaps-Widen), according to ISC2, traditional approaches are mathematically impossible to scale.\n\n**3. Misaligned organizational incentives**\n\nDeveloper OKRs focus on feature velocity while security teams measure different outcomes. When C-suite priorities emphasize speed-to-market over security posture, friction becomes inevitable.\n\n**4. Tool complexity overload**\n\nThe [average enterprise uses 45 cybersecurity tools](https://www.gartner.com/en/newsroom/press-releases/2025-03-03-gartner-identifiesthe-top-cybersecurity-trends-for-2025), with [40% of security alerts being false positives](https://www.ponemon.org/news-updates/blog/security/new-ponemon-study-on-malware-detection-prevention-released.html) and must [coordinate across 19 tools on average for each incident](https://newsroom.ibm.com/2020-06-30-IBM-Study-Security-Response-Planning-on-the-Rise-But-Containing-Attacks-Remains-an-Issue).\n\nThese barriers create a vicious cycle: Organizations recognize the threat, invest in security solutions, but implement them in ways that don't drive the desired outcomes.\n\n## The true price of supply chain insecurity\n\nSupply chain attacks create risk and expenses that extend far beyond initial remediation. Understanding these hidden multipliers helps explain why prevention is not just preferable – it's essential for business continuity.\n\n**Time becomes the enemy**\n\n* Average time to identify and contain a supply chain breach: [277 days](https://keepnetlabs.com/blog/171-cyber-security-statistics-2024-s-updated-trends-and-data)  \n* Customer trust rebuilding period: [2-3+ years](https://www.bcg.com/publications/2024/rebuilding-corporate-trust)   \n* Engineering hours diverted from product development to security remediation\n\n**Reputation damage compounds** \n\nWhen attackers compromise your supply chain, they don't just steal data – they undermine the foundation of customer trust. [Customer churn rates typically increase 33% post-breach](https://www.metacompliance.com/blog/data-breaches/5-damaging-consequences-of-a-data-breach), while partner relationships require costly re-certification processes. Competitive positioning suffers as prospects choose alternatives perceived as \"safer.\"\n\n**Regulatory reality bites** \n\nThe regulatory landscape has fundamentally shifted. [GDPR fines now average over $50 million for significant data breache](https://www.skillcast.com/blog/20-biggest-gdpr-fines)s. The EU's new [Cyber Resilience Act](https://about.gitlab.com/blog/gitlab-supports-banks-in-navigating-regulatory-challenges/#european-cyber-resilience-act-\\(cra\\)) mandates supply chain transparency. U.S. federal contractors must provide software bills of materials ([SBOMs](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/)) for all software purchases — a requirement that's rapidly spreading to private sector procurement.\n\n**Operational disruption multiplies** \n\nBeyond the direct costs, supply chain attacks create operational chaos such as platform downtime during attack remediation, emergency security audits across entire technology stacks, and legal costs from customer lawsuits and regulatory investigations.\n\n## What's wrong with current approaches\n\nMost organizations confuse security activity with security impact. They deploy scanners, generate lengthy reports, and chase teams to address through manual follow-ups. But these efforts often backfire — creating more problems than they solve.\n\n### Massive scanning vs. effective protection\n\nEnterprises generate over [10,000 security alerts each month, with the most active generating roughly 150,000 events per day.](https://www.securityweek.com/enterprises-generate-10000-security-events-day-average-report/) [But 63%](https://panther.com/blog/identifying-and-mitigating-false-positive-alerts) of these are false positives or low-priority noise. Security teams become overwhelmed and turn into bottlenecks instead of enablers.\n\n### The collaboration breakdown\n\nThe most secure organizations don't have the most tools; they have the strongest DevSecOps collaboration. But most current setups make this harder by splitting workflows across incompatible tools, failing to show developers security results in their environment, and offering no shared visibility into risk and business impact.\n\n## The path forward\n\nUnderstanding these challenges is the first step toward building effective supply chain security. The organizations that succeed don't just add more security tools, they fundamentally rethink how security integrates with development workflows. They also review end-to-end software delivery workflows to simplify processes, reduce tools and improve collaboration.\n\nAt GitLab, we've seen how integrated DevSecOps platforms can address these challenges by bringing security directly into the development workflow. In our next article in this series, we'll explore how leading organizations are transforming their approach to supply chain security through developer-native solutions, AI-powered automation, and platforms that make security a natural part of building great software.\n> Learn more about [GitLab's software supply chain security capabilities](https://about.gitlab.com/solutions/supply-chain/).","security",[17,19,20],"product","tutorial",{"featured":22,"template":23,"slug":24},true,"BlogPost","software-supply-chain-security-guide-why-organizations-struggle","content:en-us:blog:software-supply-chain-security-guide-why-organizations-struggle.yml","yaml","Software Supply Chain Security Guide Why Organizations Struggle","content","en-us/blog/software-supply-chain-security-guide-why-organizations-struggle.yml","en-us/blog/software-supply-chain-security-guide-why-organizations-struggle","yml",{"_path":33,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":35,"_id":444,"_type":26,"title":445,"_source":28,"_file":446,"_stem":447,"_extension":31},"/shared/en-us/main-navigation","en-us",{"logo":36,"freeTrial":41,"sales":46,"login":51,"items":56,"search":385,"minimal":416,"duo":435},{"config":37},{"href":38,"dataGaName":39,"dataGaLocation":40},"/","gitlab logo","header",{"text":42,"config":43},"Get free trial",{"href":44,"dataGaName":45,"dataGaLocation":40},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":47,"config":48},"Talk to sales",{"href":49,"dataGaName":50,"dataGaLocation":40},"/sales/","sales",{"text":52,"config":53},"Sign in",{"href":54,"dataGaName":55,"dataGaLocation":40},"https://gitlab.com/users/sign_in/","sign in",[57,101,196,201,306,366],{"text":58,"config":59,"cards":61,"footer":84},"Platform",{"dataNavLevelOne":60},"platform",[62,68,76],{"title":58,"description":63,"link":64},"The most comprehensive AI-powered DevSecOps Platform",{"text":65,"config":66},"Explore our Platform",{"href":67,"dataGaName":60,"dataGaLocation":40},"/platform/",{"title":69,"description":70,"link":71},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":72,"config":73},"Meet GitLab Duo",{"href":74,"dataGaName":75,"dataGaLocation":40},"/gitlab-duo/","gitlab duo ai",{"title":77,"description":78,"link":79},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":80,"config":81},"Learn more",{"href":82,"dataGaName":83,"dataGaLocation":40},"/why-gitlab/","why gitlab",{"title":85,"items":86},"Get started with",[87,92,97],{"text":88,"config":89},"Platform Engineering",{"href":90,"dataGaName":91,"dataGaLocation":40},"/solutions/platform-engineering/","platform engineering",{"text":93,"config":94},"Developer Experience",{"href":95,"dataGaName":96,"dataGaLocation":40},"/developer-experience/","Developer experience",{"text":98,"config":99},"MLOps",{"href":100,"dataGaName":98,"dataGaLocation":40},"/topics/devops/the-role-of-ai-in-devops/",{"text":102,"left":22,"config":103,"link":105,"lists":109,"footer":178},"Product",{"dataNavLevelOne":104},"solutions",{"text":106,"config":107},"View all Solutions",{"href":108,"dataGaName":104,"dataGaLocation":40},"/solutions/",[110,135,157],{"title":111,"description":112,"link":113,"items":118},"Automation","CI/CD and automation to accelerate deployment",{"config":114},{"icon":115,"href":116,"dataGaName":117,"dataGaLocation":40},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[119,123,127,131],{"text":120,"config":121},"CI/CD",{"href":122,"dataGaLocation":40,"dataGaName":120},"/solutions/continuous-integration/",{"text":124,"config":125},"AI-Assisted Development",{"href":74,"dataGaLocation":40,"dataGaName":126},"AI assisted development",{"text":128,"config":129},"Source Code Management",{"href":130,"dataGaLocation":40,"dataGaName":128},"/solutions/source-code-management/",{"text":132,"config":133},"Automated Software Delivery",{"href":116,"dataGaLocation":40,"dataGaName":134},"Automated software delivery",{"title":136,"description":137,"link":138,"items":143},"Security","Deliver code faster without compromising security",{"config":139},{"href":140,"dataGaName":141,"dataGaLocation":40,"icon":142},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[144,147,152],{"text":145,"config":146},"Security & Compliance",{"href":140,"dataGaLocation":40,"dataGaName":145},{"text":148,"config":149},"Software Supply Chain Security",{"href":150,"dataGaLocation":40,"dataGaName":151},"/solutions/supply-chain/","Software supply chain security",{"text":153,"config":154},"Compliance & Governance",{"href":155,"dataGaLocation":40,"dataGaName":156},"/solutions/continuous-software-compliance/","Compliance and governance",{"title":158,"link":159,"items":164},"Measurement",{"config":160},{"icon":161,"href":162,"dataGaName":163,"dataGaLocation":40},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[165,169,173],{"text":166,"config":167},"Visibility & Measurement",{"href":162,"dataGaLocation":40,"dataGaName":168},"Visibility and Measurement",{"text":170,"config":171},"Value Stream Management",{"href":172,"dataGaLocation":40,"dataGaName":170},"/solutions/value-stream-management/",{"text":174,"config":175},"Analytics & Insights",{"href":176,"dataGaLocation":40,"dataGaName":177},"/solutions/analytics-and-insights/","Analytics and insights",{"title":179,"items":180},"GitLab for",[181,186,191],{"text":182,"config":183},"Enterprise",{"href":184,"dataGaLocation":40,"dataGaName":185},"/enterprise/","enterprise",{"text":187,"config":188},"Small Business",{"href":189,"dataGaLocation":40,"dataGaName":190},"/small-business/","small business",{"text":192,"config":193},"Public Sector",{"href":194,"dataGaLocation":40,"dataGaName":195},"/solutions/public-sector/","public sector",{"text":197,"config":198},"Pricing",{"href":199,"dataGaName":200,"dataGaLocation":40,"dataNavLevelOne":200},"/pricing/","pricing",{"text":202,"config":203,"link":205,"lists":209,"feature":293},"Resources",{"dataNavLevelOne":204},"resources",{"text":206,"config":207},"View all resources",{"href":208,"dataGaName":204,"dataGaLocation":40},"/resources/",[210,243,265],{"title":211,"items":212},"Getting started",[213,218,223,228,233,238],{"text":214,"config":215},"Install",{"href":216,"dataGaName":217,"dataGaLocation":40},"/install/","install",{"text":219,"config":220},"Quick start guides",{"href":221,"dataGaName":222,"dataGaLocation":40},"/get-started/","quick setup checklists",{"text":224,"config":225},"Learn",{"href":226,"dataGaLocation":40,"dataGaName":227},"https://university.gitlab.com/","learn",{"text":229,"config":230},"Product documentation",{"href":231,"dataGaName":232,"dataGaLocation":40},"https://docs.gitlab.com/","product documentation",{"text":234,"config":235},"Best practice videos",{"href":236,"dataGaName":237,"dataGaLocation":40},"/getting-started-videos/","best practice videos",{"text":239,"config":240},"Integrations",{"href":241,"dataGaName":242,"dataGaLocation":40},"/integrations/","integrations",{"title":244,"items":245},"Discover",[246,251,255,260],{"text":247,"config":248},"Customer success stories",{"href":249,"dataGaName":250,"dataGaLocation":40},"/customers/","customer success stories",{"text":252,"config":253},"Blog",{"href":254,"dataGaName":5,"dataGaLocation":40},"/blog/",{"text":256,"config":257},"Remote",{"href":258,"dataGaName":259,"dataGaLocation":40},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":261,"config":262},"TeamOps",{"href":263,"dataGaName":264,"dataGaLocation":40},"/teamops/","teamops",{"title":266,"items":267},"Connect",[268,273,278,283,288],{"text":269,"config":270},"GitLab Services",{"href":271,"dataGaName":272,"dataGaLocation":40},"/services/","services",{"text":274,"config":275},"Community",{"href":276,"dataGaName":277,"dataGaLocation":40},"/community/","community",{"text":279,"config":280},"Forum",{"href":281,"dataGaName":282,"dataGaLocation":40},"https://forum.gitlab.com/","forum",{"text":284,"config":285},"Events",{"href":286,"dataGaName":287,"dataGaLocation":40},"/events/","events",{"text":289,"config":290},"Partners",{"href":291,"dataGaName":292,"dataGaLocation":40},"/partners/","partners",{"backgroundColor":294,"textColor":295,"text":296,"image":297,"link":301},"#2f2a6b","#fff","Insights for the future of software development",{"altText":298,"config":299},"the source promo card",{"src":300},"/images/navigation/the-source-promo-card.svg",{"text":302,"config":303},"Read the latest",{"href":304,"dataGaName":305,"dataGaLocation":40},"/the-source/","the source",{"text":307,"config":308,"lists":310},"Company",{"dataNavLevelOne":309},"company",[311],{"items":312},[313,318,324,326,331,336,341,346,351,356,361],{"text":314,"config":315},"About",{"href":316,"dataGaName":317,"dataGaLocation":40},"/company/","about",{"text":319,"config":320,"footerGa":323},"Jobs",{"href":321,"dataGaName":322,"dataGaLocation":40},"/jobs/","jobs",{"dataGaName":322},{"text":284,"config":325},{"href":286,"dataGaName":287,"dataGaLocation":40},{"text":327,"config":328},"Leadership",{"href":329,"dataGaName":330,"dataGaLocation":40},"/company/team/e-group/","leadership",{"text":332,"config":333},"Team",{"href":334,"dataGaName":335,"dataGaLocation":40},"/company/team/","team",{"text":337,"config":338},"Handbook",{"href":339,"dataGaName":340,"dataGaLocation":40},"https://handbook.gitlab.com/","handbook",{"text":342,"config":343},"Investor relations",{"href":344,"dataGaName":345,"dataGaLocation":40},"https://ir.gitlab.com/","investor relations",{"text":347,"config":348},"Trust Center",{"href":349,"dataGaName":350,"dataGaLocation":40},"/security/","trust center",{"text":352,"config":353},"AI Transparency Center",{"href":354,"dataGaName":355,"dataGaLocation":40},"/ai-transparency-center/","ai transparency center",{"text":357,"config":358},"Newsletter",{"href":359,"dataGaName":360,"dataGaLocation":40},"/company/contact/","newsletter",{"text":362,"config":363},"Press",{"href":364,"dataGaName":365,"dataGaLocation":40},"/press/","press",{"text":367,"config":368,"lists":369},"Contact us",{"dataNavLevelOne":309},[370],{"items":371},[372,375,380],{"text":47,"config":373},{"href":49,"dataGaName":374,"dataGaLocation":40},"talk to sales",{"text":376,"config":377},"Get help",{"href":378,"dataGaName":379,"dataGaLocation":40},"/support/","get help",{"text":381,"config":382},"Customer portal",{"href":383,"dataGaName":384,"dataGaLocation":40},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":386,"login":387,"suggestions":394},"Close",{"text":388,"link":389},"To search repositories and projects, login to",{"text":390,"config":391},"gitlab.com",{"href":54,"dataGaName":392,"dataGaLocation":393},"search login","search",{"text":395,"default":396},"Suggestions",[397,399,403,405,409,413],{"text":69,"config":398},{"href":74,"dataGaName":69,"dataGaLocation":393},{"text":400,"config":401},"Code Suggestions (AI)",{"href":402,"dataGaName":400,"dataGaLocation":393},"/solutions/code-suggestions/",{"text":120,"config":404},{"href":122,"dataGaName":120,"dataGaLocation":393},{"text":406,"config":407},"GitLab on AWS",{"href":408,"dataGaName":406,"dataGaLocation":393},"/partners/technology-partners/aws/",{"text":410,"config":411},"GitLab on Google Cloud",{"href":412,"dataGaName":410,"dataGaLocation":393},"/partners/technology-partners/google-cloud-platform/",{"text":414,"config":415},"Why GitLab?",{"href":82,"dataGaName":414,"dataGaLocation":393},{"freeTrial":417,"mobileIcon":422,"desktopIcon":427,"secondaryButton":430},{"text":418,"config":419},"Start free trial",{"href":420,"dataGaName":45,"dataGaLocation":421},"https://gitlab.com/-/trials/new/","nav",{"altText":423,"config":424},"Gitlab Icon",{"src":425,"dataGaName":426,"dataGaLocation":421},"/images/brand/gitlab-logo-tanuki.svg","gitlab icon",{"altText":423,"config":428},{"src":429,"dataGaName":426,"dataGaLocation":421},"/images/brand/gitlab-logo-type.svg",{"text":431,"config":432},"Get Started",{"href":433,"dataGaName":434,"dataGaLocation":421},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":436,"mobileIcon":440,"desktopIcon":442},{"text":437,"config":438},"Learn more about GitLab Duo",{"href":74,"dataGaName":439,"dataGaLocation":421},"gitlab duo",{"altText":423,"config":441},{"src":425,"dataGaName":426,"dataGaLocation":421},{"altText":423,"config":443},{"src":429,"dataGaName":426,"dataGaLocation":421},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":449,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"title":450,"button":451,"config":455,"_id":457,"_type":26,"_source":28,"_file":458,"_stem":459,"_extension":31},"/shared/en-us/banner","GitLab Duo Agent Platform is now in public beta!",{"text":80,"config":452},{"href":453,"dataGaName":454,"dataGaLocation":40},"/gitlab-duo/agent-platform/","duo banner",{"layout":456},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":461,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":462,"_id":667,"_type":26,"title":668,"_source":28,"_file":669,"_stem":670,"_extension":31},"/shared/en-us/main-footer",{"text":463,"source":464,"edit":470,"contribute":475,"config":480,"items":485,"minimal":659},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":465,"config":466},"View page source",{"href":467,"dataGaName":468,"dataGaLocation":469},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":471,"config":472},"Edit this page",{"href":473,"dataGaName":474,"dataGaLocation":469},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":476,"config":477},"Please contribute",{"href":478,"dataGaName":479,"dataGaLocation":469},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":481,"facebook":482,"youtube":483,"linkedin":484},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[486,509,566,595,629],{"title":58,"links":487,"subMenu":492},[488],{"text":489,"config":490},"DevSecOps platform",{"href":67,"dataGaName":491,"dataGaLocation":469},"devsecops platform",[493],{"title":197,"links":494},[495,499,504],{"text":496,"config":497},"View plans",{"href":199,"dataGaName":498,"dataGaLocation":469},"view plans",{"text":500,"config":501},"Why Premium?",{"href":502,"dataGaName":503,"dataGaLocation":469},"/pricing/premium/","why premium",{"text":505,"config":506},"Why Ultimate?",{"href":507,"dataGaName":508,"dataGaLocation":469},"/pricing/ultimate/","why ultimate",{"title":510,"links":511},"Solutions",[512,517,520,522,527,532,536,539,543,548,550,553,556,561],{"text":513,"config":514},"Digital transformation",{"href":515,"dataGaName":516,"dataGaLocation":469},"/topics/digital-transformation/","digital transformation",{"text":145,"config":518},{"href":140,"dataGaName":519,"dataGaLocation":469},"security & compliance",{"text":134,"config":521},{"href":116,"dataGaName":117,"dataGaLocation":469},{"text":523,"config":524},"Agile development",{"href":525,"dataGaName":526,"dataGaLocation":469},"/solutions/agile-delivery/","agile delivery",{"text":528,"config":529},"Cloud transformation",{"href":530,"dataGaName":531,"dataGaLocation":469},"/topics/cloud-native/","cloud transformation",{"text":533,"config":534},"SCM",{"href":130,"dataGaName":535,"dataGaLocation":469},"source code management",{"text":120,"config":537},{"href":122,"dataGaName":538,"dataGaLocation":469},"continuous integration & delivery",{"text":540,"config":541},"Value stream management",{"href":172,"dataGaName":542,"dataGaLocation":469},"value stream management",{"text":544,"config":545},"GitOps",{"href":546,"dataGaName":547,"dataGaLocation":469},"/solutions/gitops/","gitops",{"text":182,"config":549},{"href":184,"dataGaName":185,"dataGaLocation":469},{"text":551,"config":552},"Small business",{"href":189,"dataGaName":190,"dataGaLocation":469},{"text":554,"config":555},"Public sector",{"href":194,"dataGaName":195,"dataGaLocation":469},{"text":557,"config":558},"Education",{"href":559,"dataGaName":560,"dataGaLocation":469},"/solutions/education/","education",{"text":562,"config":563},"Financial services",{"href":564,"dataGaName":565,"dataGaLocation":469},"/solutions/finance/","financial services",{"title":202,"links":567},[568,570,572,574,577,579,581,583,585,587,589,591,593],{"text":214,"config":569},{"href":216,"dataGaName":217,"dataGaLocation":469},{"text":219,"config":571},{"href":221,"dataGaName":222,"dataGaLocation":469},{"text":224,"config":573},{"href":226,"dataGaName":227,"dataGaLocation":469},{"text":229,"config":575},{"href":231,"dataGaName":576,"dataGaLocation":469},"docs",{"text":252,"config":578},{"href":254,"dataGaName":5,"dataGaLocation":469},{"text":247,"config":580},{"href":249,"dataGaName":250,"dataGaLocation":469},{"text":256,"config":582},{"href":258,"dataGaName":259,"dataGaLocation":469},{"text":269,"config":584},{"href":271,"dataGaName":272,"dataGaLocation":469},{"text":261,"config":586},{"href":263,"dataGaName":264,"dataGaLocation":469},{"text":274,"config":588},{"href":276,"dataGaName":277,"dataGaLocation":469},{"text":279,"config":590},{"href":281,"dataGaName":282,"dataGaLocation":469},{"text":284,"config":592},{"href":286,"dataGaName":287,"dataGaLocation":469},{"text":289,"config":594},{"href":291,"dataGaName":292,"dataGaLocation":469},{"title":307,"links":596},[597,599,601,603,605,607,609,613,618,620,622,624],{"text":314,"config":598},{"href":316,"dataGaName":309,"dataGaLocation":469},{"text":319,"config":600},{"href":321,"dataGaName":322,"dataGaLocation":469},{"text":327,"config":602},{"href":329,"dataGaName":330,"dataGaLocation":469},{"text":332,"config":604},{"href":334,"dataGaName":335,"dataGaLocation":469},{"text":337,"config":606},{"href":339,"dataGaName":340,"dataGaLocation":469},{"text":342,"config":608},{"href":344,"dataGaName":345,"dataGaLocation":469},{"text":610,"config":611},"Sustainability",{"href":612,"dataGaName":610,"dataGaLocation":469},"/sustainability/",{"text":614,"config":615},"Diversity, inclusion and belonging (DIB)",{"href":616,"dataGaName":617,"dataGaLocation":469},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":347,"config":619},{"href":349,"dataGaName":350,"dataGaLocation":469},{"text":357,"config":621},{"href":359,"dataGaName":360,"dataGaLocation":469},{"text":362,"config":623},{"href":364,"dataGaName":365,"dataGaLocation":469},{"text":625,"config":626},"Modern Slavery Transparency Statement",{"href":627,"dataGaName":628,"dataGaLocation":469},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":630,"links":631},"Contact Us",[632,635,637,639,644,649,654],{"text":633,"config":634},"Contact an expert",{"href":49,"dataGaName":50,"dataGaLocation":469},{"text":376,"config":636},{"href":378,"dataGaName":379,"dataGaLocation":469},{"text":381,"config":638},{"href":383,"dataGaName":384,"dataGaLocation":469},{"text":640,"config":641},"Status",{"href":642,"dataGaName":643,"dataGaLocation":469},"https://status.gitlab.com/","status",{"text":645,"config":646},"Terms of use",{"href":647,"dataGaName":648,"dataGaLocation":469},"/terms/","terms of use",{"text":650,"config":651},"Privacy statement",{"href":652,"dataGaName":653,"dataGaLocation":469},"/privacy/","privacy statement",{"text":655,"config":656},"Cookie preferences",{"dataGaName":657,"dataGaLocation":469,"id":658,"isOneTrustButton":22},"cookie preferences","ot-sdk-btn",{"items":660},[661,663,665],{"text":645,"config":662},{"href":647,"dataGaName":648,"dataGaLocation":469},{"text":650,"config":664},{"href":652,"dataGaName":653,"dataGaLocation":469},{"text":655,"config":666},{"dataGaName":657,"dataGaLocation":469,"id":658,"isOneTrustButton":22},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[672],{"_path":673,"_dir":674,"_draft":6,"_partial":6,"_locale":7,"content":675,"config":679,"_id":681,"_type":26,"title":13,"_source":28,"_file":682,"_stem":683,"_extension":31},"/en-us/blog/authors/itzik-gan-baruch","authors",{"name":13,"config":676},{"headshot":677,"ctfId":678},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749658921/Blog/Author%20Headshots/iganbaruch-headshot.jpg","iganbaruch",{"template":680},"BlogAuthor","content:en-us:blog:authors:itzik-gan-baruch.yml","en-us/blog/authors/itzik-gan-baruch.yml","en-us/blog/authors/itzik-gan-baruch",{"_path":685,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"header":686,"eyebrow":687,"blurb":688,"button":689,"secondaryButton":693,"_id":695,"_type":26,"title":696,"_source":28,"_file":697,"_stem":698,"_extension":31},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":42,"config":690},{"href":691,"dataGaName":45,"dataGaLocation":692},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":47,"config":694},{"href":49,"dataGaName":50,"dataGaLocation":692},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1753475364189]