[{"data":1,"prerenderedAt":760},["ShallowReactive",2],{"/en-us/blog/remediating-vulnerabilities-with-insights-and-ai":3,"navigation-en-us":36,"banner-en-us":464,"footer-en-us":481,"Fernando Diaz":726,"next-steps-en-us":739,"footer-source-/en-us/blog/remediating-vulnerabilities-with-insights-and-ai/":754},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":26,"_id":29,"_type":30,"title":31,"_source":32,"_file":33,"_stem":34,"_extension":35},"/en-us/blog/remediating-vulnerabilities-with-insights-and-ai","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Remediating vulnerabilities with GitLab's security insights and AI","Learn how to leverage vulnerability insights and the Explain this Vulnerability AI feature to not only resolve a vulnerability, but also understand it.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662877/Blog/Hero%20Images/security-cover-new.png","https://about.gitlab.com/blog/remediating-vulnerabilities-with-insights-and-ai","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Remediating vulnerabilities with GitLab's security insights and AI\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Fernando Diaz\"}],\n        \"datePublished\": \"2023-08-31\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Fernando Diaz","2023-08-31","We recently introduced [GitLab Duo](https://about.gitlab.com/gitlab-duo/), a\ncomplete suite of AI capabilities to power your DevSecOps workflows. GitLab\nDuo's AI features not only enable you to write secure code faster, but also\nenhance productivity by providing helpful explanations and insights into\nyour code. For instance, you can harness the power of AI to prevent security\nbreaches. In this tutorial, we will go over the Explain this Vulnerability\nAI feature, which is in beta, and how it can be used with vulnerability\ninsights to remediate vulnerabilities.\n\n\nYou will learn the following:\n\n* How the Explain this Vulnerability AI feature works\n\n* Prerequisites for Explain this Vulnerability and other GitLab AI features\n\n* How GitLab Vulnerability Insights assists in remediation\n\n* How to remediate a SQL-injection vulnerability using GitLab's\nvulnerability insights and Explain this Vulnerability\n\n* Additional GitLab AI capabilities (GitLab Duo currently requires\nconnectivity to access Google large language models (LLMs), however, there\nare plans to expand these features to limited-connectivity environments)\n\n\nSee the following video for a quick overview of Vulnerability Insights + AI\n\"Explain this Vulnerability\". \n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/1UagZx_CUks\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\nYou can also see a detailed walkthrough of [Leveraging GitLab Vulnerability\nInsights + AI to Remediate a\nSQL-Injection](https://youtu.be/EJXAIzXNAWQ?feature=shared) in the [Solving\na SQL injection using vulnerability insights and\nAI](#solving-a-sql-injection-using-vulnerability-insights-and-ai) section\nbelow.\n\n\n## What is the Explain this Vulnerability AI feature?\n\nThe [Explain this\nVulnerability](https://docs.gitlab.com/ee/user/ai_features.html#explain-this-vulnerability-in-the-web-ui)\nfeature\n\nleverages an LLM powered by Google AI to assist you in securing your\napplication by:\n\n* Summarizing detected vulnerabilities\n\n* Helping developers and security analysts understand the vulnerability and\nits implications\n\n* Showing how a vulnerability can be exploited with detailed example code\n\n* Providing in-depth solutions to the vulnerability\n\n* Providing suggested mitigation along with sample code tuned toward your\nproject's programming language\n\n\nTo begin using Explain this Vulnerability, you must have the following\nprerequisites configured:\n\n\n* [GitLab Ultimate](https://about.gitlab.com/pricing/ultimate/) SaaS\nsubscription\n\n* [Experiment features\nenabled](https://docs.gitlab.com/ee/user/group/manage.html#enable-experiment-features)\n\n* [Third-party AI features\nenabled](https://docs.gitlab.com/ee/user/group/manage.html#enable-third-party-ai-features)\n\n* Static application security testing\n([SAST](https://docs.gitlab.com/ee/user/application_security/sast/))\nvulnerability finding in the default branch of a project\n\n* [Maintainer](https://docs.gitlab.com/ee/user/permissions.html) or greater\nrole in the vulnerable project \n\n* [SAST scanner](https://docs.gitlab.com/ee/user/application_security/sast/)\nenabled in the vulnerable project\n\n* An active internet connection\n\n\nOnce the prerequisites have been configured, to begin using Explain this\nVulnerability, perform the following steps:  \n\n\n1) Navigate to the [Vulnerability\nReport](https://docs.gitlab.com/ee/user/application_security/vulnerability_report/).  \n\n2) Find a SAST vulnerability finding.  \n\n3) Scroll to the bottom of the [vulnerability\npage](https://docs.gitlab.com/ee/user/application_security/vulnerabilities/).  \n\n4) Press the **Try it out** button in \"Explain this Vulnerability and how to\nmitigate it with AI\" section.  \n\n\n![View of the \"Try it out\" button at bottom of\nscreen](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/ai_explain_this_vulnerability_try_it_out_dialog.png)\n\n\nOnce you click the button, GitLab will begin to generate the following:\n\n* **What is the vulnerability?**: Details on the vulnerability and how it\nmay affect your application\n\n* **How can an attacker take advantage of the vulnerability?**: Commands\nthat a malicious actor can use to exploit the vulnerability\n\n* **How can the vulnerability be fixed?**: Details on how the vulnerability\ncan be remediated\n\n* **Example of vulnerable code**: The actual vulnerable code in the language\nof your application\n\n* **Example of fixed code**: Code showing a fix that should be applied to\nremediate the vulnerability in the language of your application\n\n* **References**: Links providing details relevant to the vulnerability\n\n* **User rating request**: Allows for user input, which is used to improve\nthe model\n\n\n![AI response depicting the above\nlist](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/ai_explain_this_vulnerability_results.png)\n\n\nThis information can be used together with vulnerability insights to resolve\nthe vulnerability. Now let's discuss vulnerability insights.\n\n\n## Vulnerability insights\n\nVulnerability insights provide detailed information on a vulnerability and\nhow to resolve it. This detailed information\n\nincludes:\n\n\n* **Description**: A detailed description of the vulnerability and its\nimplications\n\n* **Severity**: The severity of the vulnerability based on the [CVSS\nrating](https://nvd.nist.gov/vuln-metrics/cvss)\n\n* **Project**: The project where the vulnerability was found\n\n* **Tool**: The type of scanner that found the vulnerability\n\n* **Scanner**: The specific name of the scanner that found the vulnerability\n\n* **Location**: The line of code where the vulnerability is present\n\n* **Identifiers**: Links that identify and provide additional information on\nthe vulnerability such as the CVE/CWE page\n\n* **Training**: Security training available from our partners to educate\ndevelopers on the vulnerability\n\n* **Solution**: Information on how to remediate the vulnerability\n\n* **Method**: The [REST API\nmethod](https://www.w3schools.in/restful-web-services/rest-methods) used to\nexploit the vulnerability (dynamic scanners only)\n\n* **URL**: The URL in which the vulnerability was detected (dynamic scanners\nonly)\n\n* **Request/response**: The request sent and response received when\nexploiting the vulnerability (dynamic scanners only)\n\n\n**Note**: Results may vary depending on the scanner used.\n\n\nHaving all this information not only allows you to resolve a vulnerability\nwith ease but also enhances your security\n\nknowledge. All these insights are provided as a single source of truth that\nboth developer and security teams can view and\n\ntake action on asynchronously.\n\n\nDevelopers can leverage insights within a merge request (MR). The MR\ninsights show the vulnerabilities in the diff\n\nbetween a feature branch and the branch you are merging into. This allows\nyou to continuously iterate until you have resolved\n\na vulnerability and then alert security engineers when approval is required,\ngiving developers the power to resolve\n\nvulnerabilities themselves.\n\n\n![MR insights\nsample](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/vulnerability_insights_mr_view.png)\n\n\nThe security team can leverage insights via the [vulnerability\nreport](https://docs.gitlab.com/ee/user/application_security/vulnerability_report/).\nThe vulnerability report shows vulnerabilities present in the `default`\nbranch, which is typically linked to production. From here, the security\nteam can collaborate on a resolution as well as triage and manage\nvulnerabilities.\n\n\n![Vulnerability report\nsample](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/vulnerability_insights_vulnerability_report.png)\n\n\n**Note**: Currently, the Explain this Vulnerability feature can only be seen\nin the Vulnerability Report view. It is currently\n\nbeing considered for the MR view, see [future iterations under\nconsideration](https://gitlab.com/groups/gitlab-org/-/epics/10284#future-iterations-under-consideration)\nfor more information.\n\n\n## Solving a SQL injection using vulnerability insights and AI\n\nBy leveraging both vulnerability insights and Explain this Vulnerability, we\nhave all the resources necessary to\n\nnot only resolve a vulnerability but also understand it. Let's see how we\ncan use these features to [solve a SQL\ninjection](https://gitlab-de.gitlab.io/tutorials/security-and-governance/devsecops/simply-vulnerable-notes/documentation/anatomy_of_a_vulnerability/). \n\n\nNow let's go over the steps to remediate a SQL injection. You can follow\nalong with the video:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/EJXAIzXNAWQ\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n**Privacy notice**: Explain this Vulnerability only uses `public repos` to\ntrain the LLM. Code in private repositories\n\nis not transferred to the LLM.\n\n\nI will be using the [Simple Notes\nproject](https://gitlab.com/gitlab-de/tutorials/security-and-governance/devsecops/simply-vulnerable-notes)\nto showcase this. You can set up DevSecOps within GitLab yourself by going\nover the following\n[tutorial](https://gitlab-de.gitlab.io/tutorials/security-and-governance/devsecops/simply-vulnerable-notes/).\nAfter you have done so, you can run through the following:\n\n\n1) Navigate to **Secure > Vulnerability Report**.\n\n\n2) Sort by **SAST** under **Scanner**.\n\n\n3) Find and select a SQL injection vulnerability. a SQL injection will be\ntitled something like\n\n`Improper Neutralization of Special Elements used in an SQL Command ('SQL\nInjection')`.\n\n\n4) Examine the vulnerability insights.\n\n\n* **Description**: Detected possible formatted SQL query.\n\n* **Location**: File:\n[notes/db.py:100](https://gitlab.com/gitlab-de/tutorials/security-and-governance/devsecops/simply-vulnerable-notes/-/blob/24ff1847aa70c4d51482fe28f019e3724b399aaf/notes/db.py#L100)\n\n* **Identifier**: [bandit.B608](https://semgrep.dev/r/gitlab.bandit.B608),\n[CWE-89](https://cwe.mitre.org/data/definitions/89.html)\n\n* **Solution**: Use parameterized queries instead=\n\n* **Training**: [Secure Code\nWarrior](https://portal.securecodewarrior.com/?utm_source=partner-integration:gitlab&partner_id=gitlab#/contextual-microlearning/web/injection/sql/python/vanilla),\n[SecureFlag](https://knowledge-base.secureflag.com/vulnerabilities/sql_injection/sql_injection_python.html),\nand\n[Kontra](https://application.security/gitlab/free-application-security-training/owasp-top-10-sql-injection)\n\n\n![SQL Injection Walkthrough -\nInsights](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/vulnerability_insights_vulnerability_report.png)\n\n\n5) Scroll down to the \"Explain this vulnerability and how to mitigate it\nwith AI** section and click the **Try it out** button.\n\n\n**Privacy notice**: If the **Send code to prompt** radio button is selected,\nresponse quality is improved. However, the actual code is\n\nused in a query to the LLM (even in private repositories).\n\n\n![SQL Injection Walkthrough - AI \"Try it out\"\nbutton](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/ai_explain_this_vulnerability_try_it_out_dialog.png)\n\n\n6) Examine the provided AI solutions.\n\n\n![SQL Injection Walkthrough - AI\nresponse](https://about.gitlab.com/images/blogimages/2023-08-31-solving-vulnerabilities-with-insights-and-ai/ai_explain_this_vulnerability_results.png)\n\n\n7) Exploit the vulnerability\n\nWe can use the information provided in the **AI response**, the samples in\nthe **vulnerability insight CWE identifier**,\n\nand the applications [API\nguide](https://gitlab-de.gitlab.io/tutorials/security-and-governance/devsecops/simply-vulnerable-notes/documentation/api_guide/)\nto generate a malicious curl command as follows:\n\n\n```bash\n\n# A REGULAR API-CALL\n\n$ curl http://{LOAD_BALANCER_IP}/{APPLICATION_PATH}/api\n\n\n{\"Note\":\"[(1, 'cat'), (2, 'dog'), (3, 'frog'), (4, 'hog')]\"}\n\n\n# API CALL PASSING '1 or 1=1' AS SHOWN IN AI RESPONSE AND DETAILED IN\nIDENTIFIERS\n\n# NOTE: `1%20or%201%3D1` IS URL ENCODED '1 or 1=1'\n\n$ curl http://{LOAD_BALANCER_IP}/{APPLICATION_PATH}/api\\?id\\=1%20or%201%3D1\n\n\n{\"Note\":\"[(1, 'cat'), (2, 'dog'), (3, 'frog'), (4, 'hog'), (5, 'meow'), (6,\n'bark'), (7, 'ribbit'), (8, 'grunt')]\"}\n\n```\n\n\nThis shows us that we can exploit the SQL injection since we exposed data we\nshould not have access to.\n\nExploiting a vulnerability is not always as simple, so it is important to\ncombine resources as noted above\n\nto figure out exploitability.\n\n\n8) Determine a fix.\n\n\nNow that we know this is a problem within our system, we can use the\nprovided information to create an merge request (MR) to resolve\n\nand then test the MR in a non-production environment. Reviewing the\nvulnerability insights and AI response, we know we can solve this\n\nin a variety of ways. For example, we can:\n  \n* Use parameterized queries rather than directly calling the query\n\n* Sanitize the input before passing it to the `execute()` method\n\n\nTo enhance our knowledge, we should read\n[CWE-89](https://cwe.mitre.org/data/definitions/89.html) provided in the\nIdentifiers.\n\n\n9) Open the [GitLab\nWebIDE](https://docs.gitlab.com/ee/user/project/web_ide/) or editor of your\nchoice.\n\n\n10) Open the vulnerable file and scroll to the affected line of code. We\nfound this using the information provided in the insights.\n\n\n11) Apply the suggested change by reviewing the vulnerability insights and\nAI response. I changed the following:\n\n\n```python\n\ntry:\n  query = \"SELECT id, data FROM notes WHERE (secret IS FALSE AND id = %s)\" % id\n  if admin:\n    query =\"SELECT id, data, secret FROM notes WHERE (id = %s)\" % id\n  # NOT USING A PARAMETERIZED QUERY - SQL INJECTION CAN BE PASSED IN (,id)\n  cur.execute(query)\nexcept Exception as e:\n  note.logger.error(\"Error: cannot select note by id - %s\" % e)\n```\n\n\nto \n\n\n```python\n\ntry:\n  query = \"SELECT id, data FROM notes WHERE (secret IS FALSE AND id = %s)\"\n  if admin:\n    query =\"SELECT id, data, secret FROM notes WHERE (id = %s)\"\n  # USING A PARAMETERIZED QUERY - SQL INJECTION CANNOT BE PASSED IN (,id)\n  cur.execute(query, (id,))\nexcept Exception as e:\n  note.logger.error(\"Error: cannot select note by id - %s\" % e)\n```\n\n\nWe know this is the solution because parameterized queries as explained do\nnot allow actual SQL\n\ncommands to be run. Therefore, a SQL injection cannot be passed as the `id`.\nAdding a parameterized\n\nquery is easy since it is built into the Python db library we are using.\n\n\nThere may be multiple solutions to a vulnerability. It is up to the user to\ndecide what is best\n\nfor their application and workflow. The AI response provides a typical\nsolution, but more can be\n\nexamined and applied. For example, the AI response said we can add the\nfollowing:\n\n\n```python\n\ncur.execute(query.replace(\"'\", \"''\"))\n\n```\n\n\nThis would escape the single quotes in the input, making it safe to pass to\nthe `execute()` method.\n\nIt is a valid solution with less code required. However, I wanted to\nrestructure my code, so I applied\n\nanother solution found in the vulnerability insights.\n\n\n12) Create an MR with the fix. In my environment, feature branches are\nautomatically deployed\n\nto a new environment independent from production so we can test our features\nbefore merging them\n\nto production.\n\n\n13) Test the change in a non-production environment.\n\n\nOnce we push the MR, we can see if the vulnerability has been resolved and\nwe can test in a non-production\n\nenvironment:\n\n\n```bash\n\n# A REGULAR API-CALL\n\n$ curl http://{LOAD_BALANCER_IP}/{NEW_BRANCH_FIXED_APPLICATION_PATH}/api\n\n\n{\"Note\":\"[(1, 'cat'), (2, 'dog'), (3, 'frog'), (4, 'hog')]\"}\n\n\n# API CALL PASSING '1 or 1=1' AS SHOWN IN AI RESPONSE AND DETAILED IN\nIDENTIFIERS\n\n# NOTE: `1%20or%201%3D1` IS URL ENCODED '1 or 1=1'\n\n$ curl\nhttp://{LOAD_BALANCER_IP}/{NEW_BRANCH_FIXED_APPLICATION_PATH}/api\\?id\\=1%20or%201%3D1\n\n\n{\"Note\":\"[(1, 'cat')]\"}\n\n```\n\n\nWe can see that now the additional query parameters `or 1=1` are ignored and\nonly the first element\n\nis returned, meaning only the `1` was passed. We can further test if we can\nget item `5` which we should\n\nnot have access to:\n\n\n```bash\n\n# API CALL PASSING '5 or 1=1' AS SHOWN IN AI RESPONSE AND DETAILED IN\nIDENTIFIERS\n\n# NOTE: `5%20or%201%3D1` IS URL ENCODED '5 or 1=1'\n\n$ curl\nhttp://{LOAD_BALANCER_IP}/{NEW_BRANCH_FIXED_APPLICATION_PATH}/api\\?id\\=5%20or%201%3D1\n\n{\"Note\":\"[]\"}\n\n```\n\n\nSuccess, the SQL injection is no longer present!\n\n\n14) Merge into production.\n\n\nNow that we know the vulnerability has been resolved we can go ahead and\nmerge our fix! This is how you can use vulnerability insights\n\nto help resolve your vulnerabilities. If you wish to test all this for\nyourself, check out the complete [GitLab DevSecOps\ntutorial](https://gitlab-de.gitlab.io/tutorials/security-and-governance/devsecops/simply-vulnerable-notes/).\n\n\n## Additional GitLab AI features\n\nAs we have seen above, Explain this Vulnerability assists you in remediating\nthe vulnerabilities within your\n\ndefault branch, but that's not the only AI feature GitLab has available!\nOther AI features to enhance your productivity include:\n\n\n* [Code\nSuggestions](https://docs.gitlab.com/ee/user/project/repository/code_suggestions.html):\nEnables you to write code more efficiently by viewing code suggestions as\nyou type\n\n* [Suggested\nReviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/#suggested-reviewers):\nHelps you receive faster and higher-quality reviews by automatically finding\nthe right people to review a merge request\n\n* [Value Stream\nForecasting](https://docs.gitlab.com/ee/user/analytics/value_streams_dashboard.html):\nPredicts productivity metrics and identifies anomalies across your software\ndevelopment lifecycle\n\n* [Summarize Issue\nComments](https://docs.gitlab.com/ee/user/ai_features.html#summarize-issue-discussions):\nQuickly gets everyone up to speed on lengthy conversations to ensure you are\nall on the same page\n\n* [Summarize Proposed Merge Request\nChanges](https://docs.gitlab.com/ee/user/ai_features.html#summarize-my-merge-request-review):\nHelps merge request authors drive alignment and action by efficiently\ncommunicating the impact of their changes\n\n* [Summarize Merge Request\nReview](https://docs.gitlab.com/ee/user/ai_features.html#summarize-merge-request-changes):\nEnables better handoffs between authors and reviewers and helps reviewers\nefficiently understand merge request suggestions\n\n* [Generate Tests in Merge\nRequests](https://docs.gitlab.com/ee/user/ai_features.html#generate-suggested-tests-in-merge-requests):\nAutomates repetitive tasks and helps you catch bugs early\n\n* [GitLab\nChat](https://docs.gitlab.com/ee/user/ai_features.html#gitlab-duo-chat):\nHelps you quickly identify useful information in large volumes of text, such\nas documentation\n\n* [Explain this\nCode](https://docs.gitlab.com/ee/user/ai_features.html#explain-selected-code-in-the-web-ui):\nAllows you to get up to speed quickly by explaining source code\n\n\nVisit our [GitLab Duo site](https://about.gitlab.com/gitlab-duo/) to learn\nmore about these features, GitLab's mission around AI, and our partnership\nwith Google.\n","ai-ml",[23,24,25],"AI/ML","security","tutorial",{"slug":27,"featured":6,"template":28},"remediating-vulnerabilities-with-insights-and-ai","BlogPost","content:en-us:blog:remediating-vulnerabilities-with-insights-and-ai.yml","yaml","Remediating Vulnerabilities With Insights And Ai","content","en-us/blog/remediating-vulnerabilities-with-insights-and-ai.yml","en-us/blog/remediating-vulnerabilities-with-insights-and-ai","yml",{"_path":37,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"data":39,"_id":460,"_type":30,"title":461,"_source":32,"_file":462,"_stem":463,"_extension":35},"/shared/en-us/main-navigation","en-us",{"logo":40,"freeTrial":45,"sales":50,"login":55,"items":60,"search":391,"minimal":422,"duo":441,"pricingDeployment":450},{"config":41},{"href":42,"dataGaName":43,"dataGaLocation":44},"/","gitlab logo","header",{"text":46,"config":47},"Get free trial",{"href":48,"dataGaName":49,"dataGaLocation":44},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":51,"config":52},"Talk to sales",{"href":53,"dataGaName":54,"dataGaLocation":44},"/sales/","sales",{"text":56,"config":57},"Sign in",{"href":58,"dataGaName":59,"dataGaLocation":44},"https://gitlab.com/users/sign_in/","sign in",[61,105,202,207,312,372],{"text":62,"config":63,"cards":65,"footer":88},"Platform",{"dataNavLevelOne":64},"platform",[66,72,80],{"title":62,"description":67,"link":68},"The most comprehensive AI-powered DevSecOps Platform",{"text":69,"config":70},"Explore our Platform",{"href":71,"dataGaName":64,"dataGaLocation":44},"/platform/",{"title":73,"description":74,"link":75},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":76,"config":77},"Meet GitLab Duo",{"href":78,"dataGaName":79,"dataGaLocation":44},"/gitlab-duo/","gitlab duo ai",{"title":81,"description":82,"link":83},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":84,"config":85},"Learn more",{"href":86,"dataGaName":87,"dataGaLocation":44},"/why-gitlab/","why gitlab",{"title":89,"items":90},"Get started with",[91,96,101],{"text":92,"config":93},"Platform Engineering",{"href":94,"dataGaName":95,"dataGaLocation":44},"/solutions/platform-engineering/","platform engineering",{"text":97,"config":98},"Developer Experience",{"href":99,"dataGaName":100,"dataGaLocation":44},"/developer-experience/","Developer experience",{"text":102,"config":103},"MLOps",{"href":104,"dataGaName":102,"dataGaLocation":44},"/topics/devops/the-role-of-ai-in-devops/",{"text":106,"left":107,"config":108,"link":110,"lists":114,"footer":184},"Product",true,{"dataNavLevelOne":109},"solutions",{"text":111,"config":112},"View all Solutions",{"href":113,"dataGaName":109,"dataGaLocation":44},"/solutions/",[115,140,163],{"title":116,"description":117,"link":118,"items":123},"Automation","CI/CD and automation to accelerate deployment",{"config":119},{"icon":120,"href":121,"dataGaName":122,"dataGaLocation":44},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[124,128,132,136],{"text":125,"config":126},"CI/CD",{"href":127,"dataGaLocation":44,"dataGaName":125},"/solutions/continuous-integration/",{"text":129,"config":130},"AI-Assisted Development",{"href":78,"dataGaLocation":44,"dataGaName":131},"AI assisted development",{"text":133,"config":134},"Source Code Management",{"href":135,"dataGaLocation":44,"dataGaName":133},"/solutions/source-code-management/",{"text":137,"config":138},"Automated Software Delivery",{"href":121,"dataGaLocation":44,"dataGaName":139},"Automated software delivery",{"title":141,"description":142,"link":143,"items":148},"Security","Deliver code faster without compromising security",{"config":144},{"href":145,"dataGaName":146,"dataGaLocation":44,"icon":147},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[149,153,158],{"text":150,"config":151},"Application Security Testing",{"href":145,"dataGaName":152,"dataGaLocation":44},"Application security testing",{"text":154,"config":155},"Software Supply Chain Security",{"href":156,"dataGaLocation":44,"dataGaName":157},"/solutions/supply-chain/","Software supply chain security",{"text":159,"config":160},"Software Compliance",{"href":161,"dataGaName":162,"dataGaLocation":44},"/solutions/software-compliance/","software compliance",{"title":164,"link":165,"items":170},"Measurement",{"config":166},{"icon":167,"href":168,"dataGaName":169,"dataGaLocation":44},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[171,175,179],{"text":172,"config":173},"Visibility & Measurement",{"href":168,"dataGaLocation":44,"dataGaName":174},"Visibility and Measurement",{"text":176,"config":177},"Value Stream Management",{"href":178,"dataGaLocation":44,"dataGaName":176},"/solutions/value-stream-management/",{"text":180,"config":181},"Analytics & Insights",{"href":182,"dataGaLocation":44,"dataGaName":183},"/solutions/analytics-and-insights/","Analytics and insights",{"title":185,"items":186},"GitLab for",[187,192,197],{"text":188,"config":189},"Enterprise",{"href":190,"dataGaLocation":44,"dataGaName":191},"/enterprise/","enterprise",{"text":193,"config":194},"Small Business",{"href":195,"dataGaLocation":44,"dataGaName":196},"/small-business/","small business",{"text":198,"config":199},"Public Sector",{"href":200,"dataGaLocation":44,"dataGaName":201},"/solutions/public-sector/","public sector",{"text":203,"config":204},"Pricing",{"href":205,"dataGaName":206,"dataGaLocation":44,"dataNavLevelOne":206},"/pricing/","pricing",{"text":208,"config":209,"link":211,"lists":215,"feature":299},"Resources",{"dataNavLevelOne":210},"resources",{"text":212,"config":213},"View all resources",{"href":214,"dataGaName":210,"dataGaLocation":44},"/resources/",[216,249,271],{"title":217,"items":218},"Getting started",[219,224,229,234,239,244],{"text":220,"config":221},"Install",{"href":222,"dataGaName":223,"dataGaLocation":44},"/install/","install",{"text":225,"config":226},"Quick start guides",{"href":227,"dataGaName":228,"dataGaLocation":44},"/get-started/","quick setup checklists",{"text":230,"config":231},"Learn",{"href":232,"dataGaLocation":44,"dataGaName":233},"https://university.gitlab.com/","learn",{"text":235,"config":236},"Product documentation",{"href":237,"dataGaName":238,"dataGaLocation":44},"https://docs.gitlab.com/","product documentation",{"text":240,"config":241},"Best practice videos",{"href":242,"dataGaName":243,"dataGaLocation":44},"/getting-started-videos/","best practice videos",{"text":245,"config":246},"Integrations",{"href":247,"dataGaName":248,"dataGaLocation":44},"/integrations/","integrations",{"title":250,"items":251},"Discover",[252,257,261,266],{"text":253,"config":254},"Customer success stories",{"href":255,"dataGaName":256,"dataGaLocation":44},"/customers/","customer success stories",{"text":258,"config":259},"Blog",{"href":260,"dataGaName":5,"dataGaLocation":44},"/blog/",{"text":262,"config":263},"Remote",{"href":264,"dataGaName":265,"dataGaLocation":44},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":267,"config":268},"TeamOps",{"href":269,"dataGaName":270,"dataGaLocation":44},"/teamops/","teamops",{"title":272,"items":273},"Connect",[274,279,284,289,294],{"text":275,"config":276},"GitLab Services",{"href":277,"dataGaName":278,"dataGaLocation":44},"/services/","services",{"text":280,"config":281},"Community",{"href":282,"dataGaName":283,"dataGaLocation":44},"/community/","community",{"text":285,"config":286},"Forum",{"href":287,"dataGaName":288,"dataGaLocation":44},"https://forum.gitlab.com/","forum",{"text":290,"config":291},"Events",{"href":292,"dataGaName":293,"dataGaLocation":44},"/events/","events",{"text":295,"config":296},"Partners",{"href":297,"dataGaName":298,"dataGaLocation":44},"/partners/","partners",{"backgroundColor":300,"textColor":301,"text":302,"image":303,"link":307},"#2f2a6b","#fff","Insights for the future of software development",{"altText":304,"config":305},"the source promo card",{"src":306},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":308,"config":309},"Read the latest",{"href":310,"dataGaName":311,"dataGaLocation":44},"/the-source/","the source",{"text":313,"config":314,"lists":316},"Company",{"dataNavLevelOne":315},"company",[317],{"items":318},[319,324,330,332,337,342,347,352,357,362,367],{"text":320,"config":321},"About",{"href":322,"dataGaName":323,"dataGaLocation":44},"/company/","about",{"text":325,"config":326,"footerGa":329},"Jobs",{"href":327,"dataGaName":328,"dataGaLocation":44},"/jobs/","jobs",{"dataGaName":328},{"text":290,"config":331},{"href":292,"dataGaName":293,"dataGaLocation":44},{"text":333,"config":334},"Leadership",{"href":335,"dataGaName":336,"dataGaLocation":44},"/company/team/e-group/","leadership",{"text":338,"config":339},"Team",{"href":340,"dataGaName":341,"dataGaLocation":44},"/company/team/","team",{"text":343,"config":344},"Handbook",{"href":345,"dataGaName":346,"dataGaLocation":44},"https://handbook.gitlab.com/","handbook",{"text":348,"config":349},"Investor relations",{"href":350,"dataGaName":351,"dataGaLocation":44},"https://ir.gitlab.com/","investor relations",{"text":353,"config":354},"Trust Center",{"href":355,"dataGaName":356,"dataGaLocation":44},"/security/","trust center",{"text":358,"config":359},"AI Transparency Center",{"href":360,"dataGaName":361,"dataGaLocation":44},"/ai-transparency-center/","ai transparency center",{"text":363,"config":364},"Newsletter",{"href":365,"dataGaName":366,"dataGaLocation":44},"/company/contact/","newsletter",{"text":368,"config":369},"Press",{"href":370,"dataGaName":371,"dataGaLocation":44},"/press/","press",{"text":373,"config":374,"lists":375},"Contact us",{"dataNavLevelOne":315},[376],{"items":377},[378,381,386],{"text":51,"config":379},{"href":53,"dataGaName":380,"dataGaLocation":44},"talk to sales",{"text":382,"config":383},"Support portal",{"href":384,"dataGaName":385,"dataGaLocation":44},"https://support.gitlab.com","support portal",{"text":387,"config":388},"Customer portal",{"href":389,"dataGaName":390,"dataGaLocation":44},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":392,"login":393,"suggestions":400},"Close",{"text":394,"link":395},"To search repositories and projects, login to",{"text":396,"config":397},"gitlab.com",{"href":58,"dataGaName":398,"dataGaLocation":399},"search login","search",{"text":401,"default":402},"Suggestions",[403,405,409,411,415,419],{"text":73,"config":404},{"href":78,"dataGaName":73,"dataGaLocation":399},{"text":406,"config":407},"Code Suggestions (AI)",{"href":408,"dataGaName":406,"dataGaLocation":399},"/solutions/code-suggestions/",{"text":125,"config":410},{"href":127,"dataGaName":125,"dataGaLocation":399},{"text":412,"config":413},"GitLab on AWS",{"href":414,"dataGaName":412,"dataGaLocation":399},"/partners/technology-partners/aws/",{"text":416,"config":417},"GitLab on Google Cloud",{"href":418,"dataGaName":416,"dataGaLocation":399},"/partners/technology-partners/google-cloud-platform/",{"text":420,"config":421},"Why GitLab?",{"href":86,"dataGaName":420,"dataGaLocation":399},{"freeTrial":423,"mobileIcon":428,"desktopIcon":433,"secondaryButton":436},{"text":424,"config":425},"Start free trial",{"href":426,"dataGaName":49,"dataGaLocation":427},"https://gitlab.com/-/trials/new/","nav",{"altText":429,"config":430},"Gitlab Icon",{"src":431,"dataGaName":432,"dataGaLocation":427},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":429,"config":434},{"src":435,"dataGaName":432,"dataGaLocation":427},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":437,"config":438},"Get Started",{"href":439,"dataGaName":440,"dataGaLocation":427},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":442,"mobileIcon":446,"desktopIcon":448},{"text":443,"config":444},"Learn more about GitLab Duo",{"href":78,"dataGaName":445,"dataGaLocation":427},"gitlab duo",{"altText":429,"config":447},{"src":431,"dataGaName":432,"dataGaLocation":427},{"altText":429,"config":449},{"src":435,"dataGaName":432,"dataGaLocation":427},{"freeTrial":451,"mobileIcon":456,"desktopIcon":458},{"text":452,"config":453},"Back to pricing",{"href":205,"dataGaName":454,"dataGaLocation":427,"icon":455},"back to pricing","GoBack",{"altText":429,"config":457},{"src":431,"dataGaName":432,"dataGaLocation":427},{"altText":429,"config":459},{"src":435,"dataGaName":432,"dataGaLocation":427},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":465,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"title":466,"button":467,"image":472,"config":476,"_id":478,"_type":30,"_source":32,"_file":479,"_stem":480,"_extension":35},"/shared/en-us/banner","is now in public beta!",{"text":468,"config":469},"Try the Beta",{"href":470,"dataGaName":471,"dataGaLocation":44},"/gitlab-duo/agent-platform/","duo banner",{"altText":473,"config":474},"GitLab Duo Agent Platform",{"src":475},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":477},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":482,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"data":483,"_id":722,"_type":30,"title":723,"_source":32,"_file":724,"_stem":725,"_extension":35},"/shared/en-us/main-footer",{"text":484,"source":485,"edit":491,"contribute":496,"config":501,"items":506,"minimal":714},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":486,"config":487},"View page source",{"href":488,"dataGaName":489,"dataGaLocation":490},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":492,"config":493},"Edit this page",{"href":494,"dataGaName":495,"dataGaLocation":490},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":497,"config":498},"Please contribute",{"href":499,"dataGaName":500,"dataGaLocation":490},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":502,"facebook":503,"youtube":504,"linkedin":505},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[507,554,607,651,680],{"title":203,"links":508,"subMenu":523},[509,513,518],{"text":510,"config":511},"View plans",{"href":205,"dataGaName":512,"dataGaLocation":490},"view plans",{"text":514,"config":515},"Why Premium?",{"href":516,"dataGaName":517,"dataGaLocation":490},"/pricing/premium/","why premium",{"text":519,"config":520},"Why Ultimate?",{"href":521,"dataGaName":522,"dataGaLocation":490},"/pricing/ultimate/","why ultimate",[524],{"title":525,"links":526},"Contact Us",[527,530,532,534,539,544,549],{"text":528,"config":529},"Contact sales",{"href":53,"dataGaName":54,"dataGaLocation":490},{"text":382,"config":531},{"href":384,"dataGaName":385,"dataGaLocation":490},{"text":387,"config":533},{"href":389,"dataGaName":390,"dataGaLocation":490},{"text":535,"config":536},"Status",{"href":537,"dataGaName":538,"dataGaLocation":490},"https://status.gitlab.com/","status",{"text":540,"config":541},"Terms of use",{"href":542,"dataGaName":543,"dataGaLocation":490},"/terms/","terms of use",{"text":545,"config":546},"Privacy statement",{"href":547,"dataGaName":548,"dataGaLocation":490},"/privacy/","privacy statement",{"text":550,"config":551},"Cookie preferences",{"dataGaName":552,"dataGaLocation":490,"id":553,"isOneTrustButton":107},"cookie preferences","ot-sdk-btn",{"title":106,"links":555,"subMenu":563},[556,560],{"text":557,"config":558},"DevSecOps platform",{"href":71,"dataGaName":559,"dataGaLocation":490},"devsecops platform",{"text":129,"config":561},{"href":78,"dataGaName":562,"dataGaLocation":490},"ai-assisted development",[564],{"title":565,"links":566},"Topics",[567,572,577,582,587,592,597,602],{"text":568,"config":569},"CICD",{"href":570,"dataGaName":571,"dataGaLocation":490},"/topics/ci-cd/","cicd",{"text":573,"config":574},"GitOps",{"href":575,"dataGaName":576,"dataGaLocation":490},"/topics/gitops/","gitops",{"text":578,"config":579},"DevOps",{"href":580,"dataGaName":581,"dataGaLocation":490},"/topics/devops/","devops",{"text":583,"config":584},"Version Control",{"href":585,"dataGaName":586,"dataGaLocation":490},"/topics/version-control/","version control",{"text":588,"config":589},"DevSecOps",{"href":590,"dataGaName":591,"dataGaLocation":490},"/topics/devsecops/","devsecops",{"text":593,"config":594},"Cloud Native",{"href":595,"dataGaName":596,"dataGaLocation":490},"/topics/cloud-native/","cloud native",{"text":598,"config":599},"AI for Coding",{"href":600,"dataGaName":601,"dataGaLocation":490},"/topics/devops/ai-for-coding/","ai for coding",{"text":603,"config":604},"Agentic AI",{"href":605,"dataGaName":606,"dataGaLocation":490},"/topics/agentic-ai/","agentic ai",{"title":608,"links":609},"Solutions",[610,612,614,619,623,626,630,633,635,638,641,646],{"text":150,"config":611},{"href":145,"dataGaName":150,"dataGaLocation":490},{"text":139,"config":613},{"href":121,"dataGaName":122,"dataGaLocation":490},{"text":615,"config":616},"Agile development",{"href":617,"dataGaName":618,"dataGaLocation":490},"/solutions/agile-delivery/","agile delivery",{"text":620,"config":621},"SCM",{"href":135,"dataGaName":622,"dataGaLocation":490},"source code management",{"text":568,"config":624},{"href":127,"dataGaName":625,"dataGaLocation":490},"continuous integration & delivery",{"text":627,"config":628},"Value stream management",{"href":178,"dataGaName":629,"dataGaLocation":490},"value stream management",{"text":573,"config":631},{"href":632,"dataGaName":576,"dataGaLocation":490},"/solutions/gitops/",{"text":188,"config":634},{"href":190,"dataGaName":191,"dataGaLocation":490},{"text":636,"config":637},"Small business",{"href":195,"dataGaName":196,"dataGaLocation":490},{"text":639,"config":640},"Public sector",{"href":200,"dataGaName":201,"dataGaLocation":490},{"text":642,"config":643},"Education",{"href":644,"dataGaName":645,"dataGaLocation":490},"/solutions/education/","education",{"text":647,"config":648},"Financial services",{"href":649,"dataGaName":650,"dataGaLocation":490},"/solutions/finance/","financial services",{"title":208,"links":652},[653,655,657,659,662,664,666,668,670,672,674,676,678],{"text":220,"config":654},{"href":222,"dataGaName":223,"dataGaLocation":490},{"text":225,"config":656},{"href":227,"dataGaName":228,"dataGaLocation":490},{"text":230,"config":658},{"href":232,"dataGaName":233,"dataGaLocation":490},{"text":235,"config":660},{"href":237,"dataGaName":661,"dataGaLocation":490},"docs",{"text":258,"config":663},{"href":260,"dataGaName":5,"dataGaLocation":490},{"text":253,"config":665},{"href":255,"dataGaName":256,"dataGaLocation":490},{"text":262,"config":667},{"href":264,"dataGaName":265,"dataGaLocation":490},{"text":275,"config":669},{"href":277,"dataGaName":278,"dataGaLocation":490},{"text":267,"config":671},{"href":269,"dataGaName":270,"dataGaLocation":490},{"text":280,"config":673},{"href":282,"dataGaName":283,"dataGaLocation":490},{"text":285,"config":675},{"href":287,"dataGaName":288,"dataGaLocation":490},{"text":290,"config":677},{"href":292,"dataGaName":293,"dataGaLocation":490},{"text":295,"config":679},{"href":297,"dataGaName":298,"dataGaLocation":490},{"title":313,"links":681},[682,684,686,688,690,692,694,698,703,705,707,709],{"text":320,"config":683},{"href":322,"dataGaName":315,"dataGaLocation":490},{"text":325,"config":685},{"href":327,"dataGaName":328,"dataGaLocation":490},{"text":333,"config":687},{"href":335,"dataGaName":336,"dataGaLocation":490},{"text":338,"config":689},{"href":340,"dataGaName":341,"dataGaLocation":490},{"text":343,"config":691},{"href":345,"dataGaName":346,"dataGaLocation":490},{"text":348,"config":693},{"href":350,"dataGaName":351,"dataGaLocation":490},{"text":695,"config":696},"Sustainability",{"href":697,"dataGaName":695,"dataGaLocation":490},"/sustainability/",{"text":699,"config":700},"Diversity, inclusion and belonging (DIB)",{"href":701,"dataGaName":702,"dataGaLocation":490},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":353,"config":704},{"href":355,"dataGaName":356,"dataGaLocation":490},{"text":363,"config":706},{"href":365,"dataGaName":366,"dataGaLocation":490},{"text":368,"config":708},{"href":370,"dataGaName":371,"dataGaLocation":490},{"text":710,"config":711},"Modern Slavery Transparency Statement",{"href":712,"dataGaName":713,"dataGaLocation":490},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":715},[716,718,720],{"text":540,"config":717},{"href":542,"dataGaName":543,"dataGaLocation":490},{"text":545,"config":719},{"href":547,"dataGaName":548,"dataGaLocation":490},{"text":550,"config":721},{"dataGaName":552,"dataGaLocation":490,"id":553,"isOneTrustButton":107},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[727],{"_path":728,"_dir":729,"_draft":6,"_partial":6,"_locale":7,"content":730,"config":734,"_id":736,"_type":30,"title":18,"_source":32,"_file":737,"_stem":738,"_extension":35},"/en-us/blog/authors/fernando-diaz","authors",{"name":18,"config":731},{"headshot":732,"ctfId":733},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659556/Blog/Author%20Headshots/fern_diaz.png","fjdiaz",{"template":735},"BlogAuthor","content:en-us:blog:authors:fernando-diaz.yml","en-us/blog/authors/fernando-diaz.yml","en-us/blog/authors/fernando-diaz",{"_path":740,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"header":741,"eyebrow":742,"blurb":743,"button":744,"secondaryButton":748,"_id":750,"_type":30,"title":751,"_source":32,"_file":752,"_stem":753,"_extension":35},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":46,"config":745},{"href":746,"dataGaName":49,"dataGaLocation":747},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":51,"config":749},{"href":53,"dataGaName":54,"dataGaLocation":747},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":755,"content":756,"config":759,"_id":29,"_type":30,"title":31,"_source":32,"_file":33,"_stem":34,"_extension":35},{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},{"title":9,"description":10,"authors":757,"heroImage":11,"date":19,"body":20,"category":21,"tags":758},[18],[23,24,25],{"slug":27,"featured":6,"template":28},1761814413801]