[{"data":1,"prerenderedAt":755},["ShallowReactive",2],{"/en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard":3,"navigation-en-us":32,"banner-en-us":460,"footer-en-us":477,"Fernando Diaz":722,"next-steps-en-us":735,"footer-source-/en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard/":750},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":22,"_id":25,"_type":26,"title":27,"_source":28,"_file":29,"_stem":30,"_extension":31},"/en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Secure open source container infrastructure with GitLab and Chainguard","Learn how GitLab + Chainguard can help deliver secure containerized applications faster. This tutorial includes easy-to-follow code examples.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098693/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2823%29_2w6waL76KROjhJHM2vXet6_1750098693265.png","https://about.gitlab.com/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Secure open source container infrastructure with GitLab and Chainguard\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Fernando Diaz\"}],\n        \"datePublished\": \"2024-09-09\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21},[18],"Fernando Diaz","2024-09-09","Container technology, which creates consistent environments and streamlines\ndeployment processes, is incredibly beneficial for software development.\nContainers contribute to faster development cycles, more efficient resource\nutilization, and greater flexibility in application management.\n\n\nSome of that efficiency can be lost, though, if organizations reinvent the\nwheel with each software development project. Instead, a base image should\nserve as the starting point for building other container images. These base\nimages contain a bare minimum OS, essential tools, ensured compatibility,\nreduced image size, and other advantages.\n\n\nWhile base images provide a lot of value, they do have risks. It’s easy for\nyour application to be compromised due to:\n\n\n- __Large attack surface:__ Base images may include extraneous packages,\nwhich could increase the attack surface.\n\n- __Unmanaged dependencies:__ Many dependencies in container images are not\nfrequently updated and can be filled with vulnerabilities.\n\n- __Severe and unknown vulnerabilities:__ There's a high risk of severe and\nunknown vulnerabilities present in a base image, even in known public\nregistries.\n\n- __Misconfiguration:__ Base images may be misconfigured or contain a\nstandard configuration that contains hard-coded secrets and can lead to\nunauthorized access.\n\n\nGitLab and Chainguard provide several solutions to address these risks,\nincluding Hardened Base Images, Container Signing, and Vulnerability\nScanning and Management. In this article, you'll learn how these features\ncan be implemented to prevent breaches via containerized applications.\n\n\n## Chainguard’s minimal, hardened container images with low-to-no CVEs\n\n\nChainguard Images offer several key benefits that make them essential for\norganizations prioritizing security:\n\n\n- __Low-to-no vulnerabilities (out of the box and Day Two):__ Chainguard\nimages are the product of a Linux distro and toolchain purposely built from\nthe ground up to distribute patched open source software fast.\n\n- **Reduced attack surface:** Hardened images remove unnecessary components,\nlibraries, and tools, significantly reducing potential entry points for\nattackers. This minimization of the attack surface makes it more difficult\nfor malicious actors to exploit vulnerabilities.\n\n- __Improved compliance:__ Many industries have strict security regulations.\nHardened images, especially those designed to meet [FIPS hardening\nstandards](https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips)\nand to include a security technical implementation guide, or STIG, help\norganizations meet compliance requirements like\n[FedRAMP](https://about.gitlab.com/solutions/public-sector/fedramp/),\nPCI-DSS, etc., by adhering to security best practices and standards.\n\n- __Enhanced runtime security:__ Properly hardened images are less likely to\nbe compromised during runtime, providing better protection for the\napplications and data they contain.\n\n- __Increased operational efficiency:__ Minimal images are typically smaller\nin size, leading to faster deployment times and reduced resource\nconsumption.\n\n\nChainguard provides more than 833 minimal, hardened images that can be\neasily built, shipped, and run. Container images can all be stored and\nmanaged directly in GitLab Container Registry. These solutions greatly\nminimize container security complexity.\n\n\n## Chainguard image library\n\n\nThe [Chainguard](https://images.chainguard.dev/) directory provides\nhardened, minimal container images to help developers build software from\nthe onset. With 97.6% fewer vulnerabilities than the average image,\nChainguard Images help organizations swiftly reach container security\ncompliance goals like [NIST\n800-53](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final), FedRAMP, or\nPCI-DSS.\n\n\n![Chainguard minimal, hardened container images featured\nsection](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/1__1__aHR0cHM6_1750098702263.png)\n\n\n\u003Ccenter>\u003Ci>Chainguard minimal, hardened container images featured\nsection\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\n\nThese images can be accessed directly from the Chainguard Directory. All\nimages have the following features:\n\n- Build time-generated [software bill of\nmaterials](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/)\n\n- [Sigstore-powered attestation and\nprovenance](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html)\n\n- No vulnerabilities\n\n- Security advisory feed in\n[SecDB](https://www.goldmansachs.com/our-firm/history/moments/1993-secdb)\nand OSV formats\n\n\n## Using Chainguard container images in GitLab\n\n\nChainguard container images can be used in the following ways:\n\n- directly within GitLab to run jobs within a pipeline\n\n- stored in a Dockerfile in GitLab, which can be created, scanned for\nvulnerabilities, and pushed directly to the built-in container registry\n\n\n### Using Chainguard images in a GitLab job\n\n\nTo use a Chainguard image in a specific GitLab job, within your\n[`gitlab-ci.yml`](https://docs.gitlab.com/ee/ci/yaml/), simply set the\n`image` directive under the job definition to the image you wish to use. For\nexample, the following job named `unit-tests` uses\n`cgr.dev/chainguard/go:latest` as the container image to run the job.\n\n\n```yaml\n\nstages:\n  - test\n\nunit-tests:\n  image: cgr.dev/chainguard/go:latest\n  stage: test\n  before_script:\n    - go mod download\n  script:\n    - go test -coverprofile=coverage.out\n  artifacts:\n    paths:\n      - coverage.out\n```\n\n\n### Using Chainguard images in a Dockerfile\n\n\nTo use a Chainguard image within a Dockerfile, simply create a Dockerfile in\nthe root directory of your GitLab project. Then set the base image of the\nDockerfile to the Chainguard image you wish to use, and add any other\nrequired commands:\n\n\n```dockerfile\n\nFROM cgr.dev/chainguard/go:latest\n\n\nWORKDIR /app\n\nCOPY . .\n\n\nRUN go mod download\n\nRUN go build -o /main .\n\n\nCMD [“/main”]\n\n```\n\n\nThen, you can create a job in the\n[`.gitlab-ci.yml`](https://docs.gitlab.com/ee/ci/yaml/) to log in to the\n[built-in GitLab Container\nRegistry](https://docs.gitlab.com/ee/user/packages/container_registry/) and\npush the image:\n\n\n```yaml\n\nbuild-app-image:\n  stage: build\n  image: docker:latest\n  services:\n    - docker:dind\n  variables:\n    IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:latest\n  before_script:\n    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\n  script:\n    - docker build -t $IMAGE .\n    - docker push $IMAGE\n```\n\n\nOnce the job completes, you can see the pushed images in GitLab Container\nRegistry by selecting **Deploy > Container Registry** from your project’s\nside tab.\n\n\n![GitLab Container\nRegistry](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/2__1__aHR0cHM6_1750098702268.png)\n\n\n\u003Ccenter>\u003Ci>GitLab Container Registry\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\n\n**Note:** GitLab makes it easy to authenticate with the built-in container\nregistry via [reserved CI/CD\nvariables](https://docs.gitlab.com/ee/user/packages/container_registry/authenticate_with_container_registry.html#use-gitlab-cicd-to-authenticate)\nas seen above.\n\n\n## Container image signing\n\n\nSigning container images is a critical security measure to prevent tampering\nby verifying their authenticity, trust, and integrity:\n\n\n- **Authenticity:** Ensures the source of the image is trusted by verifying\nthe signature attached to an image with the public key from a trusted\ncertificate authority.\n\n- **Trust:** Image publishers and users can trust each other, allowing\nfrequent image sharing.\n\n- **Integrity:** The signature includes a hash that can be checked to ensure\nthe image has not been altered since the signing.\n\n\nThe Sigstore project provides a CLI called Cosign, which can be used for\nkeyless signing of container images. This eliminates the need to manage\nsafeguards and rotate the private key that will be signing the image. GitLab\nprovides\n[container-signing](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html)\nby allowing you to generate a private key via a token obtained from the\nGitLab server using the [OIDC\nidentity](https://docs.gitlab.com/ee/administration/auth/oidc.html) of the\nuser who ran the job. The token includes unique claims that certify that a\nCI/CD pipeline generated the token.\n\n\n![GitLab container image signature\ndetails](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/3__1__aHR0cHM6_1750098702270.png)\n\n\n\u003Ccenter>\u003Ci> GitLab container image signature details\u003C/i>\u003C/center>\n\n\n\u003Cp>\u003C/p>\n\n\nGitLab stores the container signature details in the container registry. A\njob can then be created to validate the signature against the certificate\nissuer using Cosign.\n\n\n# Vulnerability scanning and management\n\n\nAs you add more application dependencies to a hardened base image to achieve\nyour goals, over time you may introduce vulnerabilities. By enabling\nsecurity scanning provided by GitLab, you can address these risks as they\ncome and reduce them. Additionally, when these vulnerabilities arise,\nvulnerability management tools are crucial for managing your security\nposture.\n\n\n## Vulnerability scanning and security guardrails\n\n\nIt's necessary to regularly run security scans to avoid data breaches,\nreduce service downtime, and prevent loss of brand reputation. Some benefits\nof running security scans before code is deployed to production include:\n\n\n- early detection and resolution\n\n- adherence to regulatory compliance\n\n- maintaining system uptime\n\n- building trust with customers\n\n- assessing and managing risk\n\n\nGitLab provides several analyzers to scan various parts of your application\nfor security vulnerabilities:\n\n\n| Scanner Type    | Description     |\n\n| ---------- | ---------- |\n\n| [Static Application Security Testing\n(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/) | Scans\nstatic source code for known vulnerabilities (C/C++, Java, Python, Go,\nJavaScript, and many more languages) |\n\n| [Dynamic Application Security Testing\n(DAST)](https://docs.gitlab.com/ee/user/application_security/dast/)       |\nRuns automated penetration tests to find vulnerabilities in your web\napplications and APIs as they are running       |\n\n| [Infrastructure as Code Scanning\n(IaC)](https://docs.gitlab.com/ee/user/application_security/iac_scanning/) |\nScans infrastructure definition files for known vulnerabilities (Terraform,\nAnsible, AWS Cloudformation, Kubernetes, and many more) |\n\n| [Container\nScanning](https://docs.gitlab.com/ee/user/application_security/container_scanning/)\n(including image dependencies and licenses)   | Scans container images for\nknown vulnerabilities, including GitLab Container Registry, external\ncontainer registries, Kubernetes cluster. Container image dependencies and\nlicenses are also scanned and compared to policy |\n\n| [Dependency Scanning and License\nCompliance](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/)\n| Scans your application’s dependencies for known vulnerabilities, including\nNuGet, Gradle, Maven, pip, npm, yarn, and more. Dependency licenses are also\nscanned and compared to policy. |\n\n| [Secret\nDetection](https://docs.gitlab.com/ee/user/application_security/secret_detection/)\n| Scans your repository for secrets, such as keys and passwords. Scans all\ntext files regardless of language or framework. Can be set to reject pushes\nif a secret is detected and can run in browser to warn if you are about to\npost a potential secret. |\n\n| [Web API\nFuzzing](https://docs.gitlab.com/ee/user/application_security/api_fuzzing/)\n| Sets operation parameters to unexpected values to cause unexpected\nbehavior and errors in the API backend  |\n\n| [Coverage-guided\nFuzzing](https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/)\n| Sends random inputs to an instrumented version of your application to\ncause unexpected behavior  |\n\n\nThese scanners can be easily added to your pipeline by simply importing the\nappropriate scanner template in your `.gitlab-ci.yml`. For example, to\n[enable\nSAST](https://docs.gitlab.com/ee/user/application_security/sast/#configure-sast-in-your-cicd-yaml),\nsimply add the following to your `.gitlab-ci.yml`:\n\n\n```yaml\n\nstages:\n  - test\n\ninclude:\n  - template: Jobs/SAST.gitlab-ci.yml\n```\n\n\nOnce you've enabled the scanners, whenever you create a merge request to\ncommit code from a feature branch into another branch, [scanner results will\ndisplay directly within the\nMR](https://docs.gitlab.com/ee/user/application_security/index.html#view-security-scan-information):\n\n\n![GitLab security scanner findings displayed in\nMR](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/4_aHR0cHM6_1750098702271.png)\n\n\n\u003Ccenter>\u003Ci>GitLab security scanner findings displayed in MR\u003C/i>\u003C/center>\n\n\n\u003Cp>\u003C/p>\n\n\nThese results allow developers to quickly assess, prioritize, and mitigate\nor remediate vulnerabilities by providing the following information:\n\n- description\n\n- severity\n\n- location\n\n- links and identifiers\n\n- training\n\n- solutions\n\n\n![GitLab security scanner vulnerability\ndetails](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/5_aHR0cHM6_1750098702272.png)\n\n\n\u003Ccenter>\u003Ci>GitLab security scanner vulnerability details\u003C/i>\u003C/center>\n\n\n\u003Cp>\u003C/p>\n\n\nAdditional actions can be taken on a vulnerability, such as:\n\n- dismissing the vulnerability and providing a reason to allow quicker\nreview from the security team\n\n- creating an issue to collaborate later on a resolution\n\n\n**Note:** Scanners can also be configured and/or extended using variables\nand pipeline directives, just like any other GitLab job.\n\n\n### Security guardrails\n\n\nThe scanners mentioned above can be used along with [security\npolicies](https://docs.gitlab.com/ee/user/application_security/policies/) to\nprevent insecure code from being merged into production and to ensure that\nthe scanners are run on every pipeline. GitLab provides the following\nsecurity policy types:\n\n\n- __Merge request approval policy:__  Create rules that check for security\nvulnerabilities and license compliance before merging a merge request.\n\n- __Scan execution policy:__ Create rules that enforce security scans for\nparticular branches at a certain time.\n\n- __Pipeline execution policy:__ Enforce a custom CI/CD configuration to run\nin project pipelines.\n\n\nImplementing these policies ensures that when creating an MR, security scans\nand custom compliance jobs will be run, and that approval will be required\nif vulnerabilities or incompatible licenses are detected:\n\n\n![Merge request approval required due to vulnerabilities and incompatible\nlicenses](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/6_aHR0cHM6_1750098702273.png)\n\n\n\u003Ccenter>\u003Ci>Merge request approval required due to vulnerabilities and\nincompatible licenses\u003C/i>\u003C/center>\n\n\n## Vulnerability reports\n\n\nDetecting vulnerabilities before they make it to production is important,\nbut it is equally important to determine and manage vulnerabilities that\nmake their way into production, so that they can be mitigated accordingly.\n\n\n[GitLab Vulnerability\nReport](https://docs.gitlab.com/ee/user/application_security/vulnerability_report/)\nprovides information on all the detected vulnerabilities from scans of the\ndefault branch (which may be your staging or production branch):\n\n\n![Vulnerability report with filters\napplied](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/7_aHR0cHM6_1750098702274.png)\n\n\n\u003Ccenter>\u003Ci>Vulnerability report with filters applied\u003C/i>\u003C/center>\n\n\n\u003Cp>\u003C/p>\n\n\nIf you select a vulnerability, you’ll be taken to its vulnerability page,\nwhich displays the same vulnerability details as you would see in the MR\nview. You can use this view to quickly assess, prioritize, and mitigate or\nremediate vulnerabilities:\n\n\n![Vulnerability page for improper authorization\nvulnerability](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/8_aHR0cHM6_1750098702275.png)\n\n\n\u003Ccenter>\u003Ci>Vulnerability page for improper authorization\nvulnerability\u003C/i>\u003C/center>\n\n\n\u003Cp>\u003C/p>\n\n\nThe security team can manage vulnerabilities by setting their status to one\nof the following:\n\n\n- Detected: The default state for a newly discovered vulnerability.\n\n- Confirmed: A user has seen this vulnerability and confirmed it is\naccurate.\n\n- Dismissed: A user has seen this vulnerability and dismissed it because it\nis inaccurate or otherwise not to be resolved. Dismissed vulnerabilities are\nignored if detected in subsequent scans.\n\n- Resolved: The vulnerability has been fixed or is no longer present. If a\nresolved vulnerability is reintroduced and detected again, its record is\nreinstated and its status set to detected.\n\n\n## Software bill of materials\n\n\nA software bill of materials (SBOM) is a comprehensive inventory that lists\nall the components, dependencies, and associated metadata of a software\napplication. SBOMs are vital for organizations to effectively manage\nsoftware security, compliance, and supply chain risks.\n\n\nChainguard provides high-quality, [out-of-the-box\nSBOMs](https://images.chainguard.dev/directory/image/go/sbom) for their\ncontainer images in SPDX format. The SBOM can be converted into CycloneDX\nformat and loaded into or compared with the results of GitLab’s dependency\nlist. The [dependency\nlist](https://docs.gitlab.com/ee/user/application_security/dependency_list/)\nis an SBOM generated from an artifact or the results of the dependency,\ncontainer, and license scanners:\n\n\n![Dependency List with some components\nexpanded](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/9_aHR0cHM6_1750098702276.png)\n\n\n\u003Ccenter>\u003Ci>Dependency List with some components expanded\u003C/i>\u003C/center>\n\n\n\u003Cp>\u003C/p>\n\n\nChainguard images meet [SLSA Level 2\nrequirements](https://slsa.dev/spec/v0.1/levels?ref=fossa.com) and are\nverified, signed, and attested with signatures. Furthermore, GitLab CI can\n[generate and produce attestation/provenance\nmetadata](https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-provenance-metadata)\nfor all build artifacts. By using Chainguard with GitLab, you can prevent\ntampering and provide additional build integrity guarantees.\n\n\n## Learn more\n\n\nTo learn more about GitLab and Chainguard, and how we can help enhance your\nsecurity posture, check out the following resources:\n\n\n- [GitLab Security and Compliance\nSolutions](https://about.gitlab.com/solutions/application-security-testing/)\n\n- [GitLab Application Security\nDocumentation](https://docs.gitlab.com/ee/user/application_security/get-started-security.html)\n\n- [GitLab pricing](https://about.gitlab.com/pricing/)\n\n- [Chainguard Images](https://www.chainguard.dev/chainguard-images)\n\n- [Chainguard Compliance and Risk\nMitigation](https://www.chainguard.dev/solutions/compliance-and-risk-mitigation)\n\n- [Chainguard\nSales](https://www.chainguard.dev/contact?utm_source=blog&utm_medium=partner&utm_campaign=GitLab_announcement_blog&utm_content=article)\n","security",{"slug":23,"featured":6,"template":24},"secure-open-source-container-infrastructure-with-gitlab-and-chainguard","BlogPost","content:en-us:blog:secure-open-source-container-infrastructure-with-gitlab-and-chainguard.yml","yaml","Secure Open Source Container Infrastructure With Gitlab And Chainguard","content","en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard.yml","en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard","yml",{"_path":33,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":35,"_id":456,"_type":26,"title":457,"_source":28,"_file":458,"_stem":459,"_extension":31},"/shared/en-us/main-navigation","en-us",{"logo":36,"freeTrial":41,"sales":46,"login":51,"items":56,"search":387,"minimal":418,"duo":437,"pricingDeployment":446},{"config":37},{"href":38,"dataGaName":39,"dataGaLocation":40},"/","gitlab logo","header",{"text":42,"config":43},"Get free trial",{"href":44,"dataGaName":45,"dataGaLocation":40},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":47,"config":48},"Talk to sales",{"href":49,"dataGaName":50,"dataGaLocation":40},"/sales/","sales",{"text":52,"config":53},"Sign in",{"href":54,"dataGaName":55,"dataGaLocation":40},"https://gitlab.com/users/sign_in/","sign in",[57,101,198,203,308,368],{"text":58,"config":59,"cards":61,"footer":84},"Platform",{"dataNavLevelOne":60},"platform",[62,68,76],{"title":58,"description":63,"link":64},"The most comprehensive AI-powered DevSecOps Platform",{"text":65,"config":66},"Explore our Platform",{"href":67,"dataGaName":60,"dataGaLocation":40},"/platform/",{"title":69,"description":70,"link":71},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":72,"config":73},"Meet GitLab Duo",{"href":74,"dataGaName":75,"dataGaLocation":40},"/gitlab-duo/","gitlab duo ai",{"title":77,"description":78,"link":79},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":80,"config":81},"Learn more",{"href":82,"dataGaName":83,"dataGaLocation":40},"/why-gitlab/","why gitlab",{"title":85,"items":86},"Get started with",[87,92,97],{"text":88,"config":89},"Platform Engineering",{"href":90,"dataGaName":91,"dataGaLocation":40},"/solutions/platform-engineering/","platform engineering",{"text":93,"config":94},"Developer Experience",{"href":95,"dataGaName":96,"dataGaLocation":40},"/developer-experience/","Developer experience",{"text":98,"config":99},"MLOps",{"href":100,"dataGaName":98,"dataGaLocation":40},"/topics/devops/the-role-of-ai-in-devops/",{"text":102,"left":103,"config":104,"link":106,"lists":110,"footer":180},"Product",true,{"dataNavLevelOne":105},"solutions",{"text":107,"config":108},"View all Solutions",{"href":109,"dataGaName":105,"dataGaLocation":40},"/solutions/",[111,136,159],{"title":112,"description":113,"link":114,"items":119},"Automation","CI/CD and automation to accelerate deployment",{"config":115},{"icon":116,"href":117,"dataGaName":118,"dataGaLocation":40},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[120,124,128,132],{"text":121,"config":122},"CI/CD",{"href":123,"dataGaLocation":40,"dataGaName":121},"/solutions/continuous-integration/",{"text":125,"config":126},"AI-Assisted Development",{"href":74,"dataGaLocation":40,"dataGaName":127},"AI assisted development",{"text":129,"config":130},"Source Code Management",{"href":131,"dataGaLocation":40,"dataGaName":129},"/solutions/source-code-management/",{"text":133,"config":134},"Automated Software Delivery",{"href":117,"dataGaLocation":40,"dataGaName":135},"Automated software delivery",{"title":137,"description":138,"link":139,"items":144},"Security","Deliver code faster without compromising security",{"config":140},{"href":141,"dataGaName":142,"dataGaLocation":40,"icon":143},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[145,149,154],{"text":146,"config":147},"Application Security Testing",{"href":141,"dataGaName":148,"dataGaLocation":40},"Application security testing",{"text":150,"config":151},"Software Supply Chain Security",{"href":152,"dataGaLocation":40,"dataGaName":153},"/solutions/supply-chain/","Software supply chain security",{"text":155,"config":156},"Software Compliance",{"href":157,"dataGaName":158,"dataGaLocation":40},"/solutions/software-compliance/","software compliance",{"title":160,"link":161,"items":166},"Measurement",{"config":162},{"icon":163,"href":164,"dataGaName":165,"dataGaLocation":40},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[167,171,175],{"text":168,"config":169},"Visibility & Measurement",{"href":164,"dataGaLocation":40,"dataGaName":170},"Visibility and Measurement",{"text":172,"config":173},"Value Stream Management",{"href":174,"dataGaLocation":40,"dataGaName":172},"/solutions/value-stream-management/",{"text":176,"config":177},"Analytics & Insights",{"href":178,"dataGaLocation":40,"dataGaName":179},"/solutions/analytics-and-insights/","Analytics and insights",{"title":181,"items":182},"GitLab for",[183,188,193],{"text":184,"config":185},"Enterprise",{"href":186,"dataGaLocation":40,"dataGaName":187},"/enterprise/","enterprise",{"text":189,"config":190},"Small Business",{"href":191,"dataGaLocation":40,"dataGaName":192},"/small-business/","small business",{"text":194,"config":195},"Public Sector",{"href":196,"dataGaLocation":40,"dataGaName":197},"/solutions/public-sector/","public sector",{"text":199,"config":200},"Pricing",{"href":201,"dataGaName":202,"dataGaLocation":40,"dataNavLevelOne":202},"/pricing/","pricing",{"text":204,"config":205,"link":207,"lists":211,"feature":295},"Resources",{"dataNavLevelOne":206},"resources",{"text":208,"config":209},"View all resources",{"href":210,"dataGaName":206,"dataGaLocation":40},"/resources/",[212,245,267],{"title":213,"items":214},"Getting started",[215,220,225,230,235,240],{"text":216,"config":217},"Install",{"href":218,"dataGaName":219,"dataGaLocation":40},"/install/","install",{"text":221,"config":222},"Quick start guides",{"href":223,"dataGaName":224,"dataGaLocation":40},"/get-started/","quick setup checklists",{"text":226,"config":227},"Learn",{"href":228,"dataGaLocation":40,"dataGaName":229},"https://university.gitlab.com/","learn",{"text":231,"config":232},"Product documentation",{"href":233,"dataGaName":234,"dataGaLocation":40},"https://docs.gitlab.com/","product documentation",{"text":236,"config":237},"Best practice videos",{"href":238,"dataGaName":239,"dataGaLocation":40},"/getting-started-videos/","best practice videos",{"text":241,"config":242},"Integrations",{"href":243,"dataGaName":244,"dataGaLocation":40},"/integrations/","integrations",{"title":246,"items":247},"Discover",[248,253,257,262],{"text":249,"config":250},"Customer success stories",{"href":251,"dataGaName":252,"dataGaLocation":40},"/customers/","customer success stories",{"text":254,"config":255},"Blog",{"href":256,"dataGaName":5,"dataGaLocation":40},"/blog/",{"text":258,"config":259},"Remote",{"href":260,"dataGaName":261,"dataGaLocation":40},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":263,"config":264},"TeamOps",{"href":265,"dataGaName":266,"dataGaLocation":40},"/teamops/","teamops",{"title":268,"items":269},"Connect",[270,275,280,285,290],{"text":271,"config":272},"GitLab Services",{"href":273,"dataGaName":274,"dataGaLocation":40},"/services/","services",{"text":276,"config":277},"Community",{"href":278,"dataGaName":279,"dataGaLocation":40},"/community/","community",{"text":281,"config":282},"Forum",{"href":283,"dataGaName":284,"dataGaLocation":40},"https://forum.gitlab.com/","forum",{"text":286,"config":287},"Events",{"href":288,"dataGaName":289,"dataGaLocation":40},"/events/","events",{"text":291,"config":292},"Partners",{"href":293,"dataGaName":294,"dataGaLocation":40},"/partners/","partners",{"backgroundColor":296,"textColor":297,"text":298,"image":299,"link":303},"#2f2a6b","#fff","Insights for the future of software development",{"altText":300,"config":301},"the source promo card",{"src":302},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":304,"config":305},"Read the latest",{"href":306,"dataGaName":307,"dataGaLocation":40},"/the-source/","the source",{"text":309,"config":310,"lists":312},"Company",{"dataNavLevelOne":311},"company",[313],{"items":314},[315,320,326,328,333,338,343,348,353,358,363],{"text":316,"config":317},"About",{"href":318,"dataGaName":319,"dataGaLocation":40},"/company/","about",{"text":321,"config":322,"footerGa":325},"Jobs",{"href":323,"dataGaName":324,"dataGaLocation":40},"/jobs/","jobs",{"dataGaName":324},{"text":286,"config":327},{"href":288,"dataGaName":289,"dataGaLocation":40},{"text":329,"config":330},"Leadership",{"href":331,"dataGaName":332,"dataGaLocation":40},"/company/team/e-group/","leadership",{"text":334,"config":335},"Team",{"href":336,"dataGaName":337,"dataGaLocation":40},"/company/team/","team",{"text":339,"config":340},"Handbook",{"href":341,"dataGaName":342,"dataGaLocation":40},"https://handbook.gitlab.com/","handbook",{"text":344,"config":345},"Investor relations",{"href":346,"dataGaName":347,"dataGaLocation":40},"https://ir.gitlab.com/","investor relations",{"text":349,"config":350},"Trust Center",{"href":351,"dataGaName":352,"dataGaLocation":40},"/security/","trust center",{"text":354,"config":355},"AI Transparency Center",{"href":356,"dataGaName":357,"dataGaLocation":40},"/ai-transparency-center/","ai transparency center",{"text":359,"config":360},"Newsletter",{"href":361,"dataGaName":362,"dataGaLocation":40},"/company/contact/","newsletter",{"text":364,"config":365},"Press",{"href":366,"dataGaName":367,"dataGaLocation":40},"/press/","press",{"text":369,"config":370,"lists":371},"Contact us",{"dataNavLevelOne":311},[372],{"items":373},[374,377,382],{"text":47,"config":375},{"href":49,"dataGaName":376,"dataGaLocation":40},"talk to sales",{"text":378,"config":379},"Support portal",{"href":380,"dataGaName":381,"dataGaLocation":40},"https://support.gitlab.com","support portal",{"text":383,"config":384},"Customer portal",{"href":385,"dataGaName":386,"dataGaLocation":40},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":388,"login":389,"suggestions":396},"Close",{"text":390,"link":391},"To search repositories and projects, login to",{"text":392,"config":393},"gitlab.com",{"href":54,"dataGaName":394,"dataGaLocation":395},"search login","search",{"text":397,"default":398},"Suggestions",[399,401,405,407,411,415],{"text":69,"config":400},{"href":74,"dataGaName":69,"dataGaLocation":395},{"text":402,"config":403},"Code Suggestions (AI)",{"href":404,"dataGaName":402,"dataGaLocation":395},"/solutions/code-suggestions/",{"text":121,"config":406},{"href":123,"dataGaName":121,"dataGaLocation":395},{"text":408,"config":409},"GitLab on AWS",{"href":410,"dataGaName":408,"dataGaLocation":395},"/partners/technology-partners/aws/",{"text":412,"config":413},"GitLab on Google Cloud",{"href":414,"dataGaName":412,"dataGaLocation":395},"/partners/technology-partners/google-cloud-platform/",{"text":416,"config":417},"Why GitLab?",{"href":82,"dataGaName":416,"dataGaLocation":395},{"freeTrial":419,"mobileIcon":424,"desktopIcon":429,"secondaryButton":432},{"text":420,"config":421},"Start free trial",{"href":422,"dataGaName":45,"dataGaLocation":423},"https://gitlab.com/-/trials/new/","nav",{"altText":425,"config":426},"Gitlab Icon",{"src":427,"dataGaName":428,"dataGaLocation":423},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":425,"config":430},{"src":431,"dataGaName":428,"dataGaLocation":423},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":433,"config":434},"Get Started",{"href":435,"dataGaName":436,"dataGaLocation":423},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":438,"mobileIcon":442,"desktopIcon":444},{"text":439,"config":440},"Learn more about GitLab Duo",{"href":74,"dataGaName":441,"dataGaLocation":423},"gitlab duo",{"altText":425,"config":443},{"src":427,"dataGaName":428,"dataGaLocation":423},{"altText":425,"config":445},{"src":431,"dataGaName":428,"dataGaLocation":423},{"freeTrial":447,"mobileIcon":452,"desktopIcon":454},{"text":448,"config":449},"Back to pricing",{"href":201,"dataGaName":450,"dataGaLocation":423,"icon":451},"back to pricing","GoBack",{"altText":425,"config":453},{"src":427,"dataGaName":428,"dataGaLocation":423},{"altText":425,"config":455},{"src":431,"dataGaName":428,"dataGaLocation":423},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":461,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"title":462,"button":463,"image":468,"config":472,"_id":474,"_type":26,"_source":28,"_file":475,"_stem":476,"_extension":31},"/shared/en-us/banner","is now in public beta!",{"text":464,"config":465},"Try the Beta",{"href":466,"dataGaName":467,"dataGaLocation":40},"/gitlab-duo/agent-platform/","duo banner",{"altText":469,"config":470},"GitLab Duo Agent Platform",{"src":471},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":473},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":478,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":479,"_id":718,"_type":26,"title":719,"_source":28,"_file":720,"_stem":721,"_extension":31},"/shared/en-us/main-footer",{"text":480,"source":481,"edit":487,"contribute":492,"config":497,"items":502,"minimal":710},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":482,"config":483},"View page source",{"href":484,"dataGaName":485,"dataGaLocation":486},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":488,"config":489},"Edit this page",{"href":490,"dataGaName":491,"dataGaLocation":486},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":493,"config":494},"Please contribute",{"href":495,"dataGaName":496,"dataGaLocation":486},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":498,"facebook":499,"youtube":500,"linkedin":501},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[503,550,603,647,676],{"title":199,"links":504,"subMenu":519},[505,509,514],{"text":506,"config":507},"View plans",{"href":201,"dataGaName":508,"dataGaLocation":486},"view plans",{"text":510,"config":511},"Why Premium?",{"href":512,"dataGaName":513,"dataGaLocation":486},"/pricing/premium/","why premium",{"text":515,"config":516},"Why Ultimate?",{"href":517,"dataGaName":518,"dataGaLocation":486},"/pricing/ultimate/","why ultimate",[520],{"title":521,"links":522},"Contact Us",[523,526,528,530,535,540,545],{"text":524,"config":525},"Contact sales",{"href":49,"dataGaName":50,"dataGaLocation":486},{"text":378,"config":527},{"href":380,"dataGaName":381,"dataGaLocation":486},{"text":383,"config":529},{"href":385,"dataGaName":386,"dataGaLocation":486},{"text":531,"config":532},"Status",{"href":533,"dataGaName":534,"dataGaLocation":486},"https://status.gitlab.com/","status",{"text":536,"config":537},"Terms of use",{"href":538,"dataGaName":539,"dataGaLocation":486},"/terms/","terms of use",{"text":541,"config":542},"Privacy statement",{"href":543,"dataGaName":544,"dataGaLocation":486},"/privacy/","privacy statement",{"text":546,"config":547},"Cookie preferences",{"dataGaName":548,"dataGaLocation":486,"id":549,"isOneTrustButton":103},"cookie preferences","ot-sdk-btn",{"title":102,"links":551,"subMenu":559},[552,556],{"text":553,"config":554},"DevSecOps platform",{"href":67,"dataGaName":555,"dataGaLocation":486},"devsecops platform",{"text":125,"config":557},{"href":74,"dataGaName":558,"dataGaLocation":486},"ai-assisted development",[560],{"title":561,"links":562},"Topics",[563,568,573,578,583,588,593,598],{"text":564,"config":565},"CICD",{"href":566,"dataGaName":567,"dataGaLocation":486},"/topics/ci-cd/","cicd",{"text":569,"config":570},"GitOps",{"href":571,"dataGaName":572,"dataGaLocation":486},"/topics/gitops/","gitops",{"text":574,"config":575},"DevOps",{"href":576,"dataGaName":577,"dataGaLocation":486},"/topics/devops/","devops",{"text":579,"config":580},"Version Control",{"href":581,"dataGaName":582,"dataGaLocation":486},"/topics/version-control/","version control",{"text":584,"config":585},"DevSecOps",{"href":586,"dataGaName":587,"dataGaLocation":486},"/topics/devsecops/","devsecops",{"text":589,"config":590},"Cloud Native",{"href":591,"dataGaName":592,"dataGaLocation":486},"/topics/cloud-native/","cloud native",{"text":594,"config":595},"AI for Coding",{"href":596,"dataGaName":597,"dataGaLocation":486},"/topics/devops/ai-for-coding/","ai for coding",{"text":599,"config":600},"Agentic AI",{"href":601,"dataGaName":602,"dataGaLocation":486},"/topics/agentic-ai/","agentic ai",{"title":604,"links":605},"Solutions",[606,608,610,615,619,622,626,629,631,634,637,642],{"text":146,"config":607},{"href":141,"dataGaName":146,"dataGaLocation":486},{"text":135,"config":609},{"href":117,"dataGaName":118,"dataGaLocation":486},{"text":611,"config":612},"Agile development",{"href":613,"dataGaName":614,"dataGaLocation":486},"/solutions/agile-delivery/","agile delivery",{"text":616,"config":617},"SCM",{"href":131,"dataGaName":618,"dataGaLocation":486},"source code management",{"text":564,"config":620},{"href":123,"dataGaName":621,"dataGaLocation":486},"continuous integration & delivery",{"text":623,"config":624},"Value stream management",{"href":174,"dataGaName":625,"dataGaLocation":486},"value stream management",{"text":569,"config":627},{"href":628,"dataGaName":572,"dataGaLocation":486},"/solutions/gitops/",{"text":184,"config":630},{"href":186,"dataGaName":187,"dataGaLocation":486},{"text":632,"config":633},"Small business",{"href":191,"dataGaName":192,"dataGaLocation":486},{"text":635,"config":636},"Public sector",{"href":196,"dataGaName":197,"dataGaLocation":486},{"text":638,"config":639},"Education",{"href":640,"dataGaName":641,"dataGaLocation":486},"/solutions/education/","education",{"text":643,"config":644},"Financial services",{"href":645,"dataGaName":646,"dataGaLocation":486},"/solutions/finance/","financial services",{"title":204,"links":648},[649,651,653,655,658,660,662,664,666,668,670,672,674],{"text":216,"config":650},{"href":218,"dataGaName":219,"dataGaLocation":486},{"text":221,"config":652},{"href":223,"dataGaName":224,"dataGaLocation":486},{"text":226,"config":654},{"href":228,"dataGaName":229,"dataGaLocation":486},{"text":231,"config":656},{"href":233,"dataGaName":657,"dataGaLocation":486},"docs",{"text":254,"config":659},{"href":256,"dataGaName":5,"dataGaLocation":486},{"text":249,"config":661},{"href":251,"dataGaName":252,"dataGaLocation":486},{"text":258,"config":663},{"href":260,"dataGaName":261,"dataGaLocation":486},{"text":271,"config":665},{"href":273,"dataGaName":274,"dataGaLocation":486},{"text":263,"config":667},{"href":265,"dataGaName":266,"dataGaLocation":486},{"text":276,"config":669},{"href":278,"dataGaName":279,"dataGaLocation":486},{"text":281,"config":671},{"href":283,"dataGaName":284,"dataGaLocation":486},{"text":286,"config":673},{"href":288,"dataGaName":289,"dataGaLocation":486},{"text":291,"config":675},{"href":293,"dataGaName":294,"dataGaLocation":486},{"title":309,"links":677},[678,680,682,684,686,688,690,694,699,701,703,705],{"text":316,"config":679},{"href":318,"dataGaName":311,"dataGaLocation":486},{"text":321,"config":681},{"href":323,"dataGaName":324,"dataGaLocation":486},{"text":329,"config":683},{"href":331,"dataGaName":332,"dataGaLocation":486},{"text":334,"config":685},{"href":336,"dataGaName":337,"dataGaLocation":486},{"text":339,"config":687},{"href":341,"dataGaName":342,"dataGaLocation":486},{"text":344,"config":689},{"href":346,"dataGaName":347,"dataGaLocation":486},{"text":691,"config":692},"Sustainability",{"href":693,"dataGaName":691,"dataGaLocation":486},"/sustainability/",{"text":695,"config":696},"Diversity, inclusion and belonging (DIB)",{"href":697,"dataGaName":698,"dataGaLocation":486},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":349,"config":700},{"href":351,"dataGaName":352,"dataGaLocation":486},{"text":359,"config":702},{"href":361,"dataGaName":362,"dataGaLocation":486},{"text":364,"config":704},{"href":366,"dataGaName":367,"dataGaLocation":486},{"text":706,"config":707},"Modern Slavery Transparency Statement",{"href":708,"dataGaName":709,"dataGaLocation":486},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":711},[712,714,716],{"text":536,"config":713},{"href":538,"dataGaName":539,"dataGaLocation":486},{"text":541,"config":715},{"href":543,"dataGaName":544,"dataGaLocation":486},{"text":546,"config":717},{"dataGaName":548,"dataGaLocation":486,"id":549,"isOneTrustButton":103},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[723],{"_path":724,"_dir":725,"_draft":6,"_partial":6,"_locale":7,"content":726,"config":730,"_id":732,"_type":26,"title":18,"_source":28,"_file":733,"_stem":734,"_extension":31},"/en-us/blog/authors/fernando-diaz","authors",{"name":18,"config":727},{"headshot":728,"ctfId":729},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659556/Blog/Author%20Headshots/fern_diaz.png","fjdiaz",{"template":731},"BlogAuthor","content:en-us:blog:authors:fernando-diaz.yml","en-us/blog/authors/fernando-diaz.yml","en-us/blog/authors/fernando-diaz",{"_path":736,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"header":737,"eyebrow":738,"blurb":739,"button":740,"secondaryButton":744,"_id":746,"_type":26,"title":747,"_source":28,"_file":748,"_stem":749,"_extension":31},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":42,"config":741},{"href":742,"dataGaName":45,"dataGaLocation":743},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":47,"config":745},{"href":49,"dataGaName":50,"dataGaLocation":743},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":751,"content":752,"config":754,"_id":25,"_type":26,"title":27,"_source":28,"_file":29,"_stem":30,"_extension":31},{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},{"title":9,"description":10,"authors":753,"heroImage":11,"date":19,"body":20,"category":21},[18],{"slug":23,"featured":6,"template":24},1761814437331]