[{"data":1,"prerenderedAt":760},["ShallowReactive",2],{"/en-us/blog/get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1":3,"navigation-en-us":38,"banner-en-us":465,"footer-en-us":482,"Fernando Diaz":726,"next-steps-en-us":739,"footer-source-/en-us/blog/get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1/":754},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":27,"_id":31,"_type":32,"title":33,"_source":34,"_file":35,"_stem":36,"_extension":37},"/en-us/blog/get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Get to know the security and governance updates in GitLab 17, 17.1","Dive deep into the new enhancements that can strengthen your organization's security posture, including how-to videos for SAST, DAST, API security, container registry, and more.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098858/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_282096522_securitycompliance.jpeg_1750098857843.jpg","https://about.gitlab.com/blog/get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Get to know the security and governance updates in GitLab 17, 17.1\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Fernando Diaz\"}],\n        \"datePublished\": \"2024-07-17\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Fernando Diaz","2024-07-17","With every GitLab release we enhance and optimize security and governance\nsolutions to ensure customers have the tools they need to produce secure and\ncompliant software. Our values of\n[iteration](https://handbook.gitlab.com/handbook/values/#iteration) and\n[results for\ncustomers](https://handbook.gitlab.com/handbook/values/#results) drive our\nrelease cycles, and GitLab 17 is no exception. We have been releasing every\nmonth for the past 153 months straight!\n\n\nIn this article, you'll learn my favorite security and governance\nenhancements released in GitLab 17 and 17.1 and how they can benefit your\norganization’s security requirements.\n\n\n- [SAST analyzer streamlining](#sast-analyzer-streamlining)\n\n- [Android dependency scanning](#android-dependency-scanning)\n\n- [Custom roles and granular security permissions\nupdates](#custom-roles-and-granular-security-permissions-updates)\n\n- [Secret detection updates](#secret-detection-updates)\n\n- [Container registry updates](#container-registry-updates)\n\n- [API security scanning updates](#api-security-scanning-updates)\n\n\n## SAST analyzer streamlining\n\n\nGitLab provides static application security testing\n([SAST](https://docs.gitlab.com/ee/user/application_security/sast/)) to\nexamine your source code for known vulnerabilities, detecting\nvulnerabilities such as SQL injections and cross-site scripting. When SAST\nkicks off, the programming language used is auto-detected and the\nappropriate scanner is loaded.\n\n\nIn GitLab 17, SAST scans the same languages, but now with fewer analyzers,\n[offering a simpler and more customizable\nexperience](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#streamlined-sast-analyzer-coverage-for-more-languages).\nLanguage-specific analyzers have been replaced with GitLab-managed rules in\nthe Semgrep-based analyzer for the following languages:\n\n\n- C/C++\n\n- Swift (iOS)\n\n- Java/Kotlin (Android)\n\n- Node.js\n\n- PHP\n\n- Ruby\n\n\nHaving one analyzer for many different languages makes configurations and\nwriting rules easier than ever. See the [supported languages and frameworks\ndocumentation](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks)\nfor more information.\n\n\nWatch this video to learn more:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/_80z6mZmzek?si=i9yPQttxuwVcb7Ye\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n## Android dependency scanning\n\n\nIn modern software development, many applications are built from multiple\ndependencies that are best at performing their intended function. For\nexample, rather than writing a YAML parser, a developer will use a library\nthat parses YAML. This allows developers to focus on the main goal of their\napplication, rather than spending time on utility functions.\n\n\nWhile the use of dependencies speeds up efficiency, they can be difficult to\nmanage and could introduce vulnerabilities to your application. For this,\nGitLab provides [dependency\nscanning](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/),\nwhich analyzes dependencies for known vulnerabilities.\n\n\nMany organizations are using dependencies even when creating native mobile\napplications. In GitLab 17, we introduced [Android dependency\nscanning](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#dependency-scanning-support-for-android)\nto bridge the gap. Android dependency scanning can be easily added as a\n[CI/CD catalog\ncomponent](https://gitlab.com/explore/catalog/components/android-dependency-scanning)\n– just include the following code in your `.gitlab-ci.yml`:\n\n\n```\n\ninclude:\n  - component: gitlab.com/components/android-dependency-scanning/component@1.0.0\n    inputs:\n      stage: test\n```\n\n\nThis job will also generate a CycloneDX software bill of materials\n([SBOM](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/))\nreport, which may be necessary for compliance. Make sure to scan your\nAndroid dependencies as soon as possible, as there are many CVEs out there.\n\n\nWatch this video to learn more:\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/_80z6mZmzek?si=DdB7j4NAenl-UcrJ\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n> Learn more SBOMs and dependencies with [our ultimate guide to\nSBOMs](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/).\n\n\n## Custom roles and granular security permissions updates\n\n\nGitLab provides [custom\nroles](https://docs.gitlab.com/ee/user/custom_roles.html) to allow\norganizations to create user roles with the precise privileges and\npermissions to meet their needs. This enables organizations to [implement\nthe principle of least\nprivilege](https://about.gitlab.com/blog/the-ultimate-guide-to-least-privilege-access-with-gitlab/)\nto adhere to various compliance standards.\n\n\n![custom roles\nscreenshot](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098874/Blog/Content%20Images/Blog/Content%20Images/1_aHR0cHM6_1750098873857.png)\n\n\nIn GitLab 17, managing custom roles has become easier than ever. You can now\n[edit a custom role and its permissions directly from the\nUI](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#edit-a-custom-role-and-its-permissions),\nwhereas, in the past, the role needed to be recreated. Also, for those using\nGitLab self-managed, [custom roles are now managed at the instance\nlevel](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#manage-custom-roles-at-self-managed-instance-level),\nallowing administrators to create the roles, and group owners to assign\nthem.\n\n\nWatch this video to learn more:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/glvvCoc2hkc?si=dl_SwQ7tyVdzirH5\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\nThere have also been [several UX\nimprovements](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#ux-improvements-to-custom-roles)\nadded to this feature along with the introduction of the following\npermissions:\n\n\n- assign security policy links\n\n- manage and assign compliance frameworks\n\n- manage webhooks\n\n- manage push rules\n\n- manage merge request settings (17.1)\n\n- manage integrations (17.1)\n\n- manage deploy tokens (17.1)\n\n- read CRM contacts (17.1)\n\n\nGitLab releases usually include new permissions to further enable the\nimplementation of the principle of least privilege. To learn more about the\navailable granular security permissions, [visit the available custom\npermission\ndocumentation](https://docs.gitlab.com/ee/user/custom_roles/abilities.html).\n\n\n## Secret detection updates\n\n\nDevelopers may accidentally commit secrets like keys or API tokens to Git\nrepositories from time to time. After a sensitive value is pushed to a\nremote repository, anyone with access to the repository can impersonate the\nauthorized user of the secret and cause mayhem. When this occurs the exposed\nsecrets must be revoked and replaced to address this risk, which can cause\nsystem downtime.\n\n\nGitLab provides [secret\ndetection](https://docs.gitlab.com/ee/user/application_security/secret_detection/)\nto address this risk, and in GitLab 17 it’s gotten even better with the\nfollowing enhancements:\n\n\n- [Support for remote rulesets when overriding or disabling\nrules](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#secret-detection-now-supports-remote-rulesets-when-overriding-or-disabling-rules):\n- Allows you to override or disable rules via a remote configuration.\nTherefore, you can scale rule configurations across multiple projects using\nonly one [TOML](https://toml.io/en/) file.\n\n- [Advanced vulnerability\ntracking](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#introducing-advanced-vulnerability-tracking-for-secret-detection):\nDetects when the same secret has moved within a file due to refactoring or\nunrelated changes. This leads to reduced duplicate findings, simplifying\nvulnerability management.\n\n\nIn GitLab 17.1, [secret push\nprotection](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#secret-push-protection-available-in-beta)\nis now in Beta. Secret push protection checks the content of each commit\npushed to GitLab. If any secrets are detected, the push is blocked and\ndisplays information about the commit. Therefore, a developer does not need\nto do the extra work of removing and rotating secrets, since they are never\ncommitted upstream.\n\n\n![Push block eue to detected\nsecret](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098874/Blog/Content%20Images/Blog/Content%20Images/2_aHR0cHM6_1750098873858.png)\n\n\nWhen [push protection\noccurs](https://about.gitlab.com/blog/prevent-secret-leaks-in-source-code-with-gitlab-secret-push-protection/),\nyou can see it displays additional information on the commit, including:\n\n\n- the commit ID that contains the secret\n\n- the filename and line number that contains the secret\n\n- the type of secret\n\n\n**Note:**  [Enabling secret push\nprotection](https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection/#enable-secret-push-protection)\nis as easy as flipping a switch in GitLab Security Configuration.\n\n\nWatch this video to learn more:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/ZNtwXVj3tA8?si=4xJ1rWdThpVjvebv\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n## Container registry updates\n\n\nGitLab provides a [built-in container\nregistry](https://docs.gitlab.com/ee/user/packages/container_registry/),\nmaking it easy for developers to store and manage container images for each\nGitLab project without context switching. GitLab 17.1 includes several\nfeatures to enhance the security and efficiency of using the registry:\n\n- [Container images linked to\nsignatures](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#container-images-linked-to-signatures):\nContainer images in the registry can now be signed and associated with the\nsignature. This can reduce image tampering by allowing developers to quickly\nfind and validate the signatures that are associated with a container image\n\n- [Display the last published date for container\nimages](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#display-the-last-published-date-for-container-images):\nThe container registry UI has been updated to include accurate\n`last_published_at timestamps`, putting critical data at the top of view.\n\n- [Sort container registry tags by publish\ndate](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#sort-container-registry-tags-by-publish-date):\nAllows developers to quickly find and validate the most recently published\ncontainer image.\n\n\n![Signed container\ndetails](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098874/Blog/Content%20Images/Blog/Content%20Images/3_aHR0cHM6_1750098873860.png)\n\n\nAdditionally we’ve introduced [container scanning for the\nregistry](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#container-scanning-for-registry).\nThe container images being used in your application may themselves be based\non other container images that contain known vulnerabilities. Since\ndevelopers heavily make use of the built-in container registry, it is a\nno-brainer to introduce [container\nscanning](https://docs.gitlab.com/ee/user/application_security/container_scanning/)\nfor the registry.\n\n\n[Container scanning for the\nregistry](https://docs.gitlab.com/ee/user/application_security/container_scanning/#container-scanning-for-registry)\ncan be easily enabled by flipping a switch in GitLab Security Configuration.\nOnce it’s enabled, whenever a container image is pushed to the container\nregistry in your project, GitLab checks its tag. If the tag is `latest`,\nthen GitLab creates a new pipeline that scans the image and even produces a\nCycloneDX SBOM.\n\n\n**Note:** At the moment, a vulnerability scan is only performed when a new\nadvisory is published. We are working to detract all vulnerabilities in the\nregistry itself in future iterations.\n\n\nWatch this video to learn more:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/Zuk7Axs-CRw?si=odlgT5HWv_KOnBtq\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n## API security scanning updates\n\n\nWhile SAST does a great job of finding vulnerabilities in static source\ncode, there can still be vulnerabilities present in the running application\nthat cannot be detected in source code, such as broken authentication and\nsecurity misconfigurations. For these reasons, GitLab provides dynamic\napplication security testing\n([DAST](https://docs.gitlab.com/ee/user/application_security/dast/)) and\n[Web API\nfuzzing](https://docs.gitlab.com/ee/user/application_security/api_fuzzing/index.html)\nto help discover bugs and potential security issues that other QA processes\nmay miss.\n\n\nIn GitLab 17, we’ve introduced [several\nenhancements](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#api-security-testing-analyzer-updates)\nto our [dynamic scanners which target Web\nAPIs](https://docs.gitlab.com/ee/user/application_security/api_security_testing/index.html),\nincluding:\n\n- system environment variables are now passed from the CI runner to the\ncustom Python scripts used for certain advanced scenarios (like request\nsigning)\n\n- API Security containers now run as a non-root user, which improves\nflexibility and compliance\n\n- support for servers that only offer TLSv1.3 ciphers, which enables more\ncustomers to adopt API security testing.\n\n- scanner image upgraded to Alpine 3.19, which addresses security\nvulnerabilities\n\n\nIn GitLab 17.1, additional configuration variables were added to [API\nsecurity\nscanning](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#api-security-testing-analyzer-updates)\nand [API\nfuzzing](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#fuzz-testing-analyzer-updates)\nto allow:\n\n- creation of a comma-separated list of HTTP success status codes that\ndefine whether the job has passed\n\n- disabling of waiting for the target API to become available before\nscanning begins\n\n- specifying the expected status code for the API target availability check\n\n\nWatch this video to learn more:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/CcyOoBgSPUU?si=hAMQfmUTlLRKhPSg\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n## Learn more about other enhancements\n\n\nGitLab 17 and 17.1 also introduced several other security and governance\nfeatures and enhancements, too many to cover in this blog. Some of these\nfeatures include:\n\n\n- [Updated filtering on the Vulnerability\nReport](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#updated-filtering-on-the-vulnerability-report):\nYou can now use the filtered search component to filter the Vulnerability\nReport by any combination of status, severity, tool, or activity.\n\n- [Toggle merge request approval policies to fail open or fail\nclosed](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#toggle-merge-request-approval-policies-to-fail-open-or-fail-closed):\nA new fail open option for merge request approval policies to offer\nflexibility to teams who want to ease the transition to policy enforcement\nas they roll out controls in their organization.\n\n- [Optional configuration for policy bot\ncomment](https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/#optional-configuration-for-policy-bot-comment):\nThe security policy bot posts a comment on merge requests when they violate\na policy to help users understand when policies are enforced on their\nproject, when evaluation is completed, and if there are any violations\nblocking an MR, with guidance to resolve them.\n\n- [Merge request approval policies fail open/closed (policy\neditor)](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#merge-request-approval-policies-fail-openclosed-policy-editor):\nWithin the policy editor users can now toggle security policies to fail open\nor fail closed. This enhancement extends the YAML support to allow for\nsimpler configuration within the policy editor view.\n\n- [Project owners receive expiring access token\nnotifications](https://about.gitlab.com/releases/2024/06/20/gitlab-17-1-released/#project-owners-receive-expiring-access-token-notifications):\nBoth project owners and maintainers with direct membership now receive email\nnotifications when their project access tokens are close to expiring. This\nhelps keep more people informed about upcoming token expiration.\n\n\nThese are some of the newest security and compliance enhancements provided\nin GitLab 17 and 17.1 that can be applied to strengthen your organization's\nsecurity posture! To learn more about GitLab and the other ways we can\nstrengthen your organization's security throughout all parts of the software\ndevelopment lifecycle, check out the following links:\n\n\n- [GitLab Security and\nCompliance](https://about.gitlab.com/solutions/application-security-testing/)\n\n- [GitLab Application Security\ndocumentation](https://docs.gitlab.com/ee/user/application_security/)\n\n- [GitLab security and governance overview\nvideo](https://youtu.be/Y4RC-SW8Ric)\n\n- [GitLab Complete DevSecOps\ndemo](https://gitlab.com/gitlab-da/tutorials/security-and-governance/devsecops/simply-vulnerable-notes)\n\n- [GitLab Complete DevSecOps\ntutorial](https://gitlab-da.gitlab.io/tutorials/security-and-governance/devsecops/simply-vulnerable-notes/)\n\n- [Ultimate guide to the principle of least\nprivilege](https://about.gitlab.com/blog/the-ultimate-guide-to-least-privilege-access-with-gitlab/)\n","security",[21,23,24,25,26],"product","tutorial","DevSecOps platform","features",{"slug":28,"featured":29,"template":30},"get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1",true,"BlogPost","content:en-us:blog:get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1.yml","yaml","Get To Know The Security And Governance Updates In Gitlab 17 17 1","content","en-us/blog/get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1.yml","en-us/blog/get-to-know-the-security-and-governance-updates-in-gitlab-17-17-1","yml",{"_path":39,"_dir":40,"_draft":6,"_partial":6,"_locale":7,"data":41,"_id":461,"_type":32,"title":462,"_source":34,"_file":463,"_stem":464,"_extension":37},"/shared/en-us/main-navigation","en-us",{"logo":42,"freeTrial":47,"sales":52,"login":57,"items":62,"search":392,"minimal":423,"duo":442,"pricingDeployment":451},{"config":43},{"href":44,"dataGaName":45,"dataGaLocation":46},"/","gitlab logo","header",{"text":48,"config":49},"Get free trial",{"href":50,"dataGaName":51,"dataGaLocation":46},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":53,"config":54},"Talk to sales",{"href":55,"dataGaName":56,"dataGaLocation":46},"/sales/","sales",{"text":58,"config":59},"Sign in",{"href":60,"dataGaName":61,"dataGaLocation":46},"https://gitlab.com/users/sign_in/","sign in",[63,107,203,208,313,373],{"text":64,"config":65,"cards":67,"footer":90},"Platform",{"dataNavLevelOne":66},"platform",[68,74,82],{"title":64,"description":69,"link":70},"The most comprehensive AI-powered DevSecOps Platform",{"text":71,"config":72},"Explore our Platform",{"href":73,"dataGaName":66,"dataGaLocation":46},"/platform/",{"title":75,"description":76,"link":77},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":78,"config":79},"Meet GitLab Duo",{"href":80,"dataGaName":81,"dataGaLocation":46},"/gitlab-duo/","gitlab duo ai",{"title":83,"description":84,"link":85},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":86,"config":87},"Learn more",{"href":88,"dataGaName":89,"dataGaLocation":46},"/why-gitlab/","why gitlab",{"title":91,"items":92},"Get started with",[93,98,103],{"text":94,"config":95},"Platform Engineering",{"href":96,"dataGaName":97,"dataGaLocation":46},"/solutions/platform-engineering/","platform engineering",{"text":99,"config":100},"Developer Experience",{"href":101,"dataGaName":102,"dataGaLocation":46},"/developer-experience/","Developer experience",{"text":104,"config":105},"MLOps",{"href":106,"dataGaName":104,"dataGaLocation":46},"/topics/devops/the-role-of-ai-in-devops/",{"text":108,"left":29,"config":109,"link":111,"lists":115,"footer":185},"Product",{"dataNavLevelOne":110},"solutions",{"text":112,"config":113},"View all Solutions",{"href":114,"dataGaName":110,"dataGaLocation":46},"/solutions/",[116,141,164],{"title":117,"description":118,"link":119,"items":124},"Automation","CI/CD and automation to accelerate deployment",{"config":120},{"icon":121,"href":122,"dataGaName":123,"dataGaLocation":46},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[125,129,133,137],{"text":126,"config":127},"CI/CD",{"href":128,"dataGaLocation":46,"dataGaName":126},"/solutions/continuous-integration/",{"text":130,"config":131},"AI-Assisted Development",{"href":80,"dataGaLocation":46,"dataGaName":132},"AI assisted development",{"text":134,"config":135},"Source Code Management",{"href":136,"dataGaLocation":46,"dataGaName":134},"/solutions/source-code-management/",{"text":138,"config":139},"Automated Software Delivery",{"href":122,"dataGaLocation":46,"dataGaName":140},"Automated software delivery",{"title":142,"description":143,"link":144,"items":149},"Security","Deliver code faster without compromising security",{"config":145},{"href":146,"dataGaName":147,"dataGaLocation":46,"icon":148},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[150,154,159],{"text":151,"config":152},"Application Security Testing",{"href":146,"dataGaName":153,"dataGaLocation":46},"Application security testing",{"text":155,"config":156},"Software Supply Chain Security",{"href":157,"dataGaLocation":46,"dataGaName":158},"/solutions/supply-chain/","Software supply chain security",{"text":160,"config":161},"Software Compliance",{"href":162,"dataGaName":163,"dataGaLocation":46},"/solutions/software-compliance/","software compliance",{"title":165,"link":166,"items":171},"Measurement",{"config":167},{"icon":168,"href":169,"dataGaName":170,"dataGaLocation":46},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[172,176,180],{"text":173,"config":174},"Visibility & Measurement",{"href":169,"dataGaLocation":46,"dataGaName":175},"Visibility and Measurement",{"text":177,"config":178},"Value Stream Management",{"href":179,"dataGaLocation":46,"dataGaName":177},"/solutions/value-stream-management/",{"text":181,"config":182},"Analytics & Insights",{"href":183,"dataGaLocation":46,"dataGaName":184},"/solutions/analytics-and-insights/","Analytics and insights",{"title":186,"items":187},"GitLab for",[188,193,198],{"text":189,"config":190},"Enterprise",{"href":191,"dataGaLocation":46,"dataGaName":192},"/enterprise/","enterprise",{"text":194,"config":195},"Small Business",{"href":196,"dataGaLocation":46,"dataGaName":197},"/small-business/","small business",{"text":199,"config":200},"Public Sector",{"href":201,"dataGaLocation":46,"dataGaName":202},"/solutions/public-sector/","public sector",{"text":204,"config":205},"Pricing",{"href":206,"dataGaName":207,"dataGaLocation":46,"dataNavLevelOne":207},"/pricing/","pricing",{"text":209,"config":210,"link":212,"lists":216,"feature":300},"Resources",{"dataNavLevelOne":211},"resources",{"text":213,"config":214},"View all resources",{"href":215,"dataGaName":211,"dataGaLocation":46},"/resources/",[217,250,272],{"title":218,"items":219},"Getting started",[220,225,230,235,240,245],{"text":221,"config":222},"Install",{"href":223,"dataGaName":224,"dataGaLocation":46},"/install/","install",{"text":226,"config":227},"Quick start guides",{"href":228,"dataGaName":229,"dataGaLocation":46},"/get-started/","quick setup checklists",{"text":231,"config":232},"Learn",{"href":233,"dataGaLocation":46,"dataGaName":234},"https://university.gitlab.com/","learn",{"text":236,"config":237},"Product documentation",{"href":238,"dataGaName":239,"dataGaLocation":46},"https://docs.gitlab.com/","product documentation",{"text":241,"config":242},"Best practice videos",{"href":243,"dataGaName":244,"dataGaLocation":46},"/getting-started-videos/","best practice videos",{"text":246,"config":247},"Integrations",{"href":248,"dataGaName":249,"dataGaLocation":46},"/integrations/","integrations",{"title":251,"items":252},"Discover",[253,258,262,267],{"text":254,"config":255},"Customer success stories",{"href":256,"dataGaName":257,"dataGaLocation":46},"/customers/","customer success stories",{"text":259,"config":260},"Blog",{"href":261,"dataGaName":5,"dataGaLocation":46},"/blog/",{"text":263,"config":264},"Remote",{"href":265,"dataGaName":266,"dataGaLocation":46},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":268,"config":269},"TeamOps",{"href":270,"dataGaName":271,"dataGaLocation":46},"/teamops/","teamops",{"title":273,"items":274},"Connect",[275,280,285,290,295],{"text":276,"config":277},"GitLab Services",{"href":278,"dataGaName":279,"dataGaLocation":46},"/services/","services",{"text":281,"config":282},"Community",{"href":283,"dataGaName":284,"dataGaLocation":46},"/community/","community",{"text":286,"config":287},"Forum",{"href":288,"dataGaName":289,"dataGaLocation":46},"https://forum.gitlab.com/","forum",{"text":291,"config":292},"Events",{"href":293,"dataGaName":294,"dataGaLocation":46},"/events/","events",{"text":296,"config":297},"Partners",{"href":298,"dataGaName":299,"dataGaLocation":46},"/partners/","partners",{"backgroundColor":301,"textColor":302,"text":303,"image":304,"link":308},"#2f2a6b","#fff","Insights for the future of software development",{"altText":305,"config":306},"the source promo card",{"src":307},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":309,"config":310},"Read the latest",{"href":311,"dataGaName":312,"dataGaLocation":46},"/the-source/","the source",{"text":314,"config":315,"lists":317},"Company",{"dataNavLevelOne":316},"company",[318],{"items":319},[320,325,331,333,338,343,348,353,358,363,368],{"text":321,"config":322},"About",{"href":323,"dataGaName":324,"dataGaLocation":46},"/company/","about",{"text":326,"config":327,"footerGa":330},"Jobs",{"href":328,"dataGaName":329,"dataGaLocation":46},"/jobs/","jobs",{"dataGaName":329},{"text":291,"config":332},{"href":293,"dataGaName":294,"dataGaLocation":46},{"text":334,"config":335},"Leadership",{"href":336,"dataGaName":337,"dataGaLocation":46},"/company/team/e-group/","leadership",{"text":339,"config":340},"Team",{"href":341,"dataGaName":342,"dataGaLocation":46},"/company/team/","team",{"text":344,"config":345},"Handbook",{"href":346,"dataGaName":347,"dataGaLocation":46},"https://handbook.gitlab.com/","handbook",{"text":349,"config":350},"Investor relations",{"href":351,"dataGaName":352,"dataGaLocation":46},"https://ir.gitlab.com/","investor relations",{"text":354,"config":355},"Trust Center",{"href":356,"dataGaName":357,"dataGaLocation":46},"/security/","trust center",{"text":359,"config":360},"AI Transparency Center",{"href":361,"dataGaName":362,"dataGaLocation":46},"/ai-transparency-center/","ai transparency center",{"text":364,"config":365},"Newsletter",{"href":366,"dataGaName":367,"dataGaLocation":46},"/company/contact/","newsletter",{"text":369,"config":370},"Press",{"href":371,"dataGaName":372,"dataGaLocation":46},"/press/","press",{"text":374,"config":375,"lists":376},"Contact us",{"dataNavLevelOne":316},[377],{"items":378},[379,382,387],{"text":53,"config":380},{"href":55,"dataGaName":381,"dataGaLocation":46},"talk to sales",{"text":383,"config":384},"Support portal",{"href":385,"dataGaName":386,"dataGaLocation":46},"https://support.gitlab.com","support portal",{"text":388,"config":389},"Customer portal",{"href":390,"dataGaName":391,"dataGaLocation":46},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":393,"login":394,"suggestions":401},"Close",{"text":395,"link":396},"To search repositories and projects, login to",{"text":397,"config":398},"gitlab.com",{"href":60,"dataGaName":399,"dataGaLocation":400},"search login","search",{"text":402,"default":403},"Suggestions",[404,406,410,412,416,420],{"text":75,"config":405},{"href":80,"dataGaName":75,"dataGaLocation":400},{"text":407,"config":408},"Code Suggestions (AI)",{"href":409,"dataGaName":407,"dataGaLocation":400},"/solutions/code-suggestions/",{"text":126,"config":411},{"href":128,"dataGaName":126,"dataGaLocation":400},{"text":413,"config":414},"GitLab on AWS",{"href":415,"dataGaName":413,"dataGaLocation":400},"/partners/technology-partners/aws/",{"text":417,"config":418},"GitLab on Google Cloud",{"href":419,"dataGaName":417,"dataGaLocation":400},"/partners/technology-partners/google-cloud-platform/",{"text":421,"config":422},"Why GitLab?",{"href":88,"dataGaName":421,"dataGaLocation":400},{"freeTrial":424,"mobileIcon":429,"desktopIcon":434,"secondaryButton":437},{"text":425,"config":426},"Start free trial",{"href":427,"dataGaName":51,"dataGaLocation":428},"https://gitlab.com/-/trials/new/","nav",{"altText":430,"config":431},"Gitlab Icon",{"src":432,"dataGaName":433,"dataGaLocation":428},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":430,"config":435},{"src":436,"dataGaName":433,"dataGaLocation":428},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":438,"config":439},"Get Started",{"href":440,"dataGaName":441,"dataGaLocation":428},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":443,"mobileIcon":447,"desktopIcon":449},{"text":444,"config":445},"Learn more about GitLab Duo",{"href":80,"dataGaName":446,"dataGaLocation":428},"gitlab duo",{"altText":430,"config":448},{"src":432,"dataGaName":433,"dataGaLocation":428},{"altText":430,"config":450},{"src":436,"dataGaName":433,"dataGaLocation":428},{"freeTrial":452,"mobileIcon":457,"desktopIcon":459},{"text":453,"config":454},"Back to pricing",{"href":206,"dataGaName":455,"dataGaLocation":428,"icon":456},"back to pricing","GoBack",{"altText":430,"config":458},{"src":432,"dataGaName":433,"dataGaLocation":428},{"altText":430,"config":460},{"src":436,"dataGaName":433,"dataGaLocation":428},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":466,"_dir":40,"_draft":6,"_partial":6,"_locale":7,"title":467,"button":468,"image":473,"config":477,"_id":479,"_type":32,"_source":34,"_file":480,"_stem":481,"_extension":37},"/shared/en-us/banner","is now in public beta!",{"text":469,"config":470},"Try the Beta",{"href":471,"dataGaName":472,"dataGaLocation":46},"/gitlab-duo/agent-platform/","duo banner",{"altText":474,"config":475},"GitLab Duo Agent Platform",{"src":476},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":478},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":483,"_dir":40,"_draft":6,"_partial":6,"_locale":7,"data":484,"_id":722,"_type":32,"title":723,"_source":34,"_file":724,"_stem":725,"_extension":37},"/shared/en-us/main-footer",{"text":485,"source":486,"edit":492,"contribute":497,"config":502,"items":507,"minimal":714},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":487,"config":488},"View page source",{"href":489,"dataGaName":490,"dataGaLocation":491},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":493,"config":494},"Edit this page",{"href":495,"dataGaName":496,"dataGaLocation":491},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":498,"config":499},"Please contribute",{"href":500,"dataGaName":501,"dataGaLocation":491},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":503,"facebook":504,"youtube":505,"linkedin":506},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[508,555,607,651,680],{"title":204,"links":509,"subMenu":524},[510,514,519],{"text":511,"config":512},"View plans",{"href":206,"dataGaName":513,"dataGaLocation":491},"view plans",{"text":515,"config":516},"Why Premium?",{"href":517,"dataGaName":518,"dataGaLocation":491},"/pricing/premium/","why premium",{"text":520,"config":521},"Why Ultimate?",{"href":522,"dataGaName":523,"dataGaLocation":491},"/pricing/ultimate/","why ultimate",[525],{"title":526,"links":527},"Contact Us",[528,531,533,535,540,545,550],{"text":529,"config":530},"Contact sales",{"href":55,"dataGaName":56,"dataGaLocation":491},{"text":383,"config":532},{"href":385,"dataGaName":386,"dataGaLocation":491},{"text":388,"config":534},{"href":390,"dataGaName":391,"dataGaLocation":491},{"text":536,"config":537},"Status",{"href":538,"dataGaName":539,"dataGaLocation":491},"https://status.gitlab.com/","status",{"text":541,"config":542},"Terms of use",{"href":543,"dataGaName":544,"dataGaLocation":491},"/terms/","terms of use",{"text":546,"config":547},"Privacy statement",{"href":548,"dataGaName":549,"dataGaLocation":491},"/privacy/","privacy statement",{"text":551,"config":552},"Cookie preferences",{"dataGaName":553,"dataGaLocation":491,"id":554,"isOneTrustButton":29},"cookie preferences","ot-sdk-btn",{"title":108,"links":556,"subMenu":563},[557,560],{"text":25,"config":558},{"href":73,"dataGaName":559,"dataGaLocation":491},"devsecops platform",{"text":130,"config":561},{"href":80,"dataGaName":562,"dataGaLocation":491},"ai-assisted development",[564],{"title":565,"links":566},"Topics",[567,572,577,582,587,592,597,602],{"text":568,"config":569},"CICD",{"href":570,"dataGaName":571,"dataGaLocation":491},"/topics/ci-cd/","cicd",{"text":573,"config":574},"GitOps",{"href":575,"dataGaName":576,"dataGaLocation":491},"/topics/gitops/","gitops",{"text":578,"config":579},"DevOps",{"href":580,"dataGaName":581,"dataGaLocation":491},"/topics/devops/","devops",{"text":583,"config":584},"Version Control",{"href":585,"dataGaName":586,"dataGaLocation":491},"/topics/version-control/","version control",{"text":588,"config":589},"DevSecOps",{"href":590,"dataGaName":591,"dataGaLocation":491},"/topics/devsecops/","devsecops",{"text":593,"config":594},"Cloud Native",{"href":595,"dataGaName":596,"dataGaLocation":491},"/topics/cloud-native/","cloud native",{"text":598,"config":599},"AI for Coding",{"href":600,"dataGaName":601,"dataGaLocation":491},"/topics/devops/ai-for-coding/","ai for coding",{"text":603,"config":604},"Agentic AI",{"href":605,"dataGaName":606,"dataGaLocation":491},"/topics/agentic-ai/","agentic ai",{"title":608,"links":609},"Solutions",[610,612,614,619,623,626,630,633,635,638,641,646],{"text":151,"config":611},{"href":146,"dataGaName":151,"dataGaLocation":491},{"text":140,"config":613},{"href":122,"dataGaName":123,"dataGaLocation":491},{"text":615,"config":616},"Agile development",{"href":617,"dataGaName":618,"dataGaLocation":491},"/solutions/agile-delivery/","agile delivery",{"text":620,"config":621},"SCM",{"href":136,"dataGaName":622,"dataGaLocation":491},"source code management",{"text":568,"config":624},{"href":128,"dataGaName":625,"dataGaLocation":491},"continuous integration & delivery",{"text":627,"config":628},"Value stream management",{"href":179,"dataGaName":629,"dataGaLocation":491},"value stream management",{"text":573,"config":631},{"href":632,"dataGaName":576,"dataGaLocation":491},"/solutions/gitops/",{"text":189,"config":634},{"href":191,"dataGaName":192,"dataGaLocation":491},{"text":636,"config":637},"Small business",{"href":196,"dataGaName":197,"dataGaLocation":491},{"text":639,"config":640},"Public sector",{"href":201,"dataGaName":202,"dataGaLocation":491},{"text":642,"config":643},"Education",{"href":644,"dataGaName":645,"dataGaLocation":491},"/solutions/education/","education",{"text":647,"config":648},"Financial services",{"href":649,"dataGaName":650,"dataGaLocation":491},"/solutions/finance/","financial services",{"title":209,"links":652},[653,655,657,659,662,664,666,668,670,672,674,676,678],{"text":221,"config":654},{"href":223,"dataGaName":224,"dataGaLocation":491},{"text":226,"config":656},{"href":228,"dataGaName":229,"dataGaLocation":491},{"text":231,"config":658},{"href":233,"dataGaName":234,"dataGaLocation":491},{"text":236,"config":660},{"href":238,"dataGaName":661,"dataGaLocation":491},"docs",{"text":259,"config":663},{"href":261,"dataGaName":5,"dataGaLocation":491},{"text":254,"config":665},{"href":256,"dataGaName":257,"dataGaLocation":491},{"text":263,"config":667},{"href":265,"dataGaName":266,"dataGaLocation":491},{"text":276,"config":669},{"href":278,"dataGaName":279,"dataGaLocation":491},{"text":268,"config":671},{"href":270,"dataGaName":271,"dataGaLocation":491},{"text":281,"config":673},{"href":283,"dataGaName":284,"dataGaLocation":491},{"text":286,"config":675},{"href":288,"dataGaName":289,"dataGaLocation":491},{"text":291,"config":677},{"href":293,"dataGaName":294,"dataGaLocation":491},{"text":296,"config":679},{"href":298,"dataGaName":299,"dataGaLocation":491},{"title":314,"links":681},[682,684,686,688,690,692,694,698,703,705,707,709],{"text":321,"config":683},{"href":323,"dataGaName":316,"dataGaLocation":491},{"text":326,"config":685},{"href":328,"dataGaName":329,"dataGaLocation":491},{"text":334,"config":687},{"href":336,"dataGaName":337,"dataGaLocation":491},{"text":339,"config":689},{"href":341,"dataGaName":342,"dataGaLocation":491},{"text":344,"config":691},{"href":346,"dataGaName":347,"dataGaLocation":491},{"text":349,"config":693},{"href":351,"dataGaName":352,"dataGaLocation":491},{"text":695,"config":696},"Sustainability",{"href":697,"dataGaName":695,"dataGaLocation":491},"/sustainability/",{"text":699,"config":700},"Diversity, inclusion and belonging (DIB)",{"href":701,"dataGaName":702,"dataGaLocation":491},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":354,"config":704},{"href":356,"dataGaName":357,"dataGaLocation":491},{"text":364,"config":706},{"href":366,"dataGaName":367,"dataGaLocation":491},{"text":369,"config":708},{"href":371,"dataGaName":372,"dataGaLocation":491},{"text":710,"config":711},"Modern Slavery Transparency Statement",{"href":712,"dataGaName":713,"dataGaLocation":491},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":715},[716,718,720],{"text":541,"config":717},{"href":543,"dataGaName":544,"dataGaLocation":491},{"text":546,"config":719},{"href":548,"dataGaName":549,"dataGaLocation":491},{"text":551,"config":721},{"dataGaName":553,"dataGaLocation":491,"id":554,"isOneTrustButton":29},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[727],{"_path":728,"_dir":729,"_draft":6,"_partial":6,"_locale":7,"content":730,"config":734,"_id":736,"_type":32,"title":18,"_source":34,"_file":737,"_stem":738,"_extension":37},"/en-us/blog/authors/fernando-diaz","authors",{"name":18,"config":731},{"headshot":732,"ctfId":733},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659556/Blog/Author%20Headshots/fern_diaz.png","fjdiaz",{"template":735},"BlogAuthor","content:en-us:blog:authors:fernando-diaz.yml","en-us/blog/authors/fernando-diaz.yml","en-us/blog/authors/fernando-diaz",{"_path":740,"_dir":40,"_draft":6,"_partial":6,"_locale":7,"header":741,"eyebrow":742,"blurb":743,"button":744,"secondaryButton":748,"_id":750,"_type":32,"title":751,"_source":34,"_file":752,"_stem":753,"_extension":37},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":48,"config":745},{"href":746,"dataGaName":51,"dataGaLocation":747},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":53,"config":749},{"href":55,"dataGaName":56,"dataGaLocation":747},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":755,"content":756,"config":759,"_id":31,"_type":32,"title":33,"_source":34,"_file":35,"_stem":36,"_extension":37},{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},{"title":9,"description":10,"authors":757,"heroImage":11,"date":19,"body":20,"category":21,"tags":758},[18],[21,23,24,25,26],{"slug":28,"featured":29,"template":30},1761814422624]