[{"data":1,"prerenderedAt":758},["ShallowReactive",2],{"/en-us/blog/vulnerability-risk-prioritization-made-simple-with-gitlab":3,"navigation-en-us":36,"banner-en-us":463,"footer-en-us":480,"Fernando Diaz":724,"next-steps-en-us":737,"footer-source-/en-us/blog/vulnerability-risk-prioritization-made-simple-with-gitlab/":752},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":25,"_id":29,"_type":30,"title":31,"_source":32,"_file":33,"_stem":34,"_extension":35},"/en-us/blog/vulnerability-risk-prioritization-made-simple-with-gitlab","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Vulnerability risk prioritization made simple with GitLab","GitLab provides detailed vulnerability risk data to assess the potential impact of detected vulnerabilities. Learn how this enables teams to effectively prioritize remediation efforts.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674528/Blog/Hero%20Images/blog-image-template-1800x945__5_.png","https://about.gitlab.com/blog/vulnerability-risk-prioritization-made-simple-with-gitlab","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Vulnerability risk prioritization made simple with GitLab\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Fernando Diaz\"}],\n        \"datePublished\": \"2025-03-12\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Fernando Diaz","2025-03-12","Development and security teams are often overwhelmed by the number of\nvulnerabilities they need to remediate. Many organizations remediate [less\nthan 16%](https://arxiv.org/pdf/2302.14172) of their known vulnerabilities\nmonthly. Vulnerability management teams face a constant challenge: which\nsecurity flaws deserve immediate attention? Three key frameworks help answer\nthis question: Common Vulnerability Scoring System\n([CVSS](https://nvd.nist.gov/vuln-metrics/cvss)), Known Exploited\nVulnerabilities\n([KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)), and\nExploit Prediction Scoring System ([EPSS](https://www.first.org/epss/)). The\n[GitLab 17.9\nrelease](https://about.gitlab.com/releases/2025/02/20/gitlab-17-9-released/)\nadds support for these frameworks. In this article, you'll learn how to use\nthese frameworks within GitLab to efficiently prioritize risk across your\ndependency and container image vulnerabilities using this data.\n\n\n![Vulnerability risk assessment\ndata](https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674763/Blog/Content%20Images/vulnerability_data.png)\n\n\n\u003Ccenter>\u003Ci>Vulnerability risk assessment data\u003C/i>\u003C/center>\n\n\n## CVSS\n\n\nCVSS provides a standardized method for rating the severity of security\nvulnerabilities. Scores range from 0 to 10, with higher values indicating\ngreater severity.\n\n\nCVSS evaluates vulnerabilities across three dimension groups:\n\n\n* Base metrics: intrinsic qualities that don't change over time (attack\ncomplexity, privileges   required)\n\n* Temporal metrics: factors that evolve (exploit maturity, remediation\nlevel)\n\n* Environmental metrics: organization-specific impact considerations\n\n\nCVSS offers a consistent severity baseline and common language for security\nteams. Its comprehensive scoring methodology considers multiple aspects of a\nvulnerability's technical impact.\n\n\n## KEV\n\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) maintains the\nKEV catalog, which identifies vulnerabilities actively exploited in the\nwild.\n\n\nUnlike academic severity scores, KEV focuses on real-world threat\nintelligence. Each entry includes:\n\n\n* CVE identifier\n\n* Vulnerability name\n\n* Action required\n\n* Due date for remediation (for federal agencies)\n\n\nKEV provides actionable intelligence based on observed threat actor\nbehavior. It cuts through scoring complexity with a binary signal: \"This\nvulnerability is being actively exploited right now.\"\n\n\n## EPSS\n\n\nThe EPSS uses machine learning to predict the likelihood a vulnerability\nwill be exploited in the next 30 days. Scores range from 0 to 1 (or\n0%-100%), representing probability.\n\n\nEPSS analyzes hundreds of factors, including:\n\n* Technical characteristics\n\n* Social media mentions\n\n* Exploit availability\n\n* Vulnerability age\n\n\nEPSS brings risk-based prioritization to vulnerability management. Rather\nthan focusing solely on technical severity, it helps teams understand which\nvulnerabilities attackers are most likely to target.\n\n\n## Combining the frameworks for effective prioritization\n\n\nEach framework serves a unique purpose:\n\n\n* CVSS indicates how severe a vulnerability is technically.\n\n* KEV indicates which vulnerabilities are actively being exploited.\n\n* EPSS indicates which vulnerabilities are likely to be exploited soon.\n\n\nAn effective prioritization strategy leverages all three:\n\n\n1. Start with KEV-listed vulnerabilities as immediate priorities.\n\n2. Use EPSS to identify high-probability threats not yet on KEV.\n\n3. Consider CVSS for understanding technical impact.\n\n\nBy combining these complementary frameworks, security teams can focus\nlimited resources on the vulnerabilities that pose the greatest actual risk\nto their organizations. You can get started with prioritizing\nvulnerabilities with GitLab by:\n\n\n1. Adding security scanners to your pipeline\n\n2. Viewing vulnerability insights\n\n3. Setting the vulnerability status based metrics\n\n\nWatch this video to learn more:\n\n\n\u003C!-- blank line -->\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/7-dWwoKfCHw?si=iC73JCRsxPUEWKf-\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\u003C!-- blank line -->\n\n\n### Adding security scanners to your pipeline\n\n\nGitLab provides built-in security scanning tools through its templates that\ncan be integrated directly into your CI/CD pipeline. GitLab offers several\nsecurity scanners that address different aspects of your application\nsecurity:\n\n\n* **[Static Application Security Testing\n(SAST)](https://docs.gitlab.com/user/application_security/sast/):** Analyzes\nyour source code for known vulnerabilities\n\n* **[Dynamic Application Security Testing\n(DAST)](https://docs.gitlab.com/user/application_security/dast/):** Tests\nyour running application for vulnerabilities\n\n* **[Dependency\nScanning](https://docs.gitlab.com/user/application_security/dependency_scanning/):**\nChecks your dependencies for known vulnerabilities\n\n* **[Container\nScanning](https://docs.gitlab.com/user/application_security/container_scanning/):**\nIdentifies vulnerabilities in container images\n\n* **[Secret\nDetection](https://docs.gitlab.com/user/application_security/secret_detection/):**\nFinds secrets and credentials accidentally committed to your repository\n\n* **[Infrastructure as Code\nScanning](https://docs.gitlab.com/user/application_security/iac_scanning/):**\nDetects security issues in IaC files\n\n* **[Coverage-guided\nFuzzing](https://docs.gitlab.com/user/application_security/coverage_fuzzing/):**\nSends random inputs to an instrumented version of your application in an\neffort to detect bugs\n\n* **[Web API\nFuzzing](https://docs.gitlab.com/user/application_security/api_fuzzing/):**\nSets operation parameters to unexpected values in an effort to cause\nunexpected behavior and errors in the API backend\n\n\nTo add them to your pipeline, simply add the appropriate templates to\n`.gitlab-ci.yml` file. For example, adding SAST and Dependency Scanning to\nyour pipeline is as simple as:\n\n\n```yaml\n\ninclude:\n  - template: Security/SAST.gitlab-ci.yml\n  - template: Security/Dependency-Scanning.gitlab-ci.yml\n\nstages:\n  - test\n```\n\n\nOnce you commit the above changes, security scanners will begin to run.\nThese scanners can be further configured to meet the needs of your\norganization. To learn more about our various scanners, see the [GitLab\napplication security\ndocumentation](https://docs.gitlab.com/user/application_security/).\n\n\n**Note:** EPSS and KEV metrics are only provided for\n[dependency](https://docs.gitlab.com/user/application_security/dependency_scanning/)\nand [container\nimage](https://docs.gitlab.com/user/application_security/container_scanning/)\nvulnerabilities.\n\n\n### Viewing vulnerability insights\n\n\nOnce a pipeline with your security scanners is run on the default branch,\nyou can access the vulnerability report. The vulnerability report provides a\nconsolidated view of all security vulnerabilities detected across your\nproject by GitLab's security scanners. You can access it from your project\nby going to the side-tab and selecting **Secure > Vulnerability Report**.\n\n\n![Vulnerability report grouped by\ntool](https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674763/Blog/Content%20Images/vulnerability_report__1_.png)\n\n\n\u003Ccenter>\u003Ci>Vulnerability report grouped by tool\u003C/i>\u003C/center>\n\n\u003Cbr>\u003C/br>\n\n\nFrom the vulnerability report, select a vulnerability to see its insights\npage, which includes the severity, EPSS, KEV, and CVSS along with the\nfollowing:\n\n\n* description\n\n* when it was detected\n\n* current status\n\n* available actions\n\n* linked issues\n\n* actions log\n\n* filename and line number of the vulnerability (if available)\n\n\nThis data can be used to effectively triage, remediate, or mitigate the\nvulnerability.\n\n\n__Note:__ From the insights page, you can also leverage GitLab Duo’s AI\ncapabilities to\n[explain](https://docs.gitlab.com/user/application_security/vulnerabilities/#vulnerability-explanation)\nand\n[auto-resolve](https://docs.gitlab.com/user/application_security/vulnerabilities/#vulnerability-resolution)\na vulnerability.\n\n\n### Setting the vulnerability status-based metrics\n\n\nAfter examining the provided data, we can go ahead and change the status of\nour vulnerability by clicking the **Change status** button:\n\n\n![Change vulnerability status from insights\npage](https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674764/Blog/Content%20Images/change_status.png)\n\n\n\u003Ccenter>\u003Ci>Change vulnerability status from insights page\u003C/i>\u003C/center>\n\n\u003Cbr>\u003C/br>\n\n\nThen we'll see a popup that will allow you to change the status of a\nvulnerability:\n\n\n![Change vulnerability status\noption](https://res.cloudinary.com/about-gitlab-com/image/upload/v1749674763/Blog/Content%20Images/change_status_2.png)\n\n\n\u003Ccenter>\u003Ci>Change vulnerability status option\u003C/i>\u003C/center>\n\n\n\u003Cbr>\u003C/br>\n\n\nWhen you dismiss a vulnerability you can choose one of the following reasons\nand optionally provide a comment:\n\n\n* **Acceptable risk:** The vulnerability is known, and has not been\nremediated or mitigated, but is considered to be an acceptable business\nrisk.\n\n* **False positive:** An error in reporting in which a test result\nincorrectly indicates the presence of a vulnerability in a system when the\nvulnerability is not present.\n\n* **Mitigating control:** The vulnerability’s risk is mitigated by a\nmanagement, operational, or technical control (that is, safeguard or\ncountermeasure) employed by an organization that provides equivalent or\ncomparable protection for an information system.\n\n* **Used in tests:** The finding is not a vulnerability because it is part\nof a test or is test data.\n\n* **Not applicable:** The vulnerability is known, and has not been\nremediated or mitigated, but is considered to be in a part of the\napplication that will not be updated.\n\n\nAnd there you have it, quick and easy vulnerability risk prioritization with\nGitLab!\n\n\n> Get started today with [a free trial of GitLab\nUltimate](https://about.gitlab.com/pricing/ultimate/)!\n\n\n## Learn more\n\n\nTo learn more about GitLab security and governance features and how we can\nhelp enhance your security posture, check out the following resources:\n\n\n* [GitLab Risk Assessment\nData](https://docs.gitlab.com/user/application_security/vulnerabilities/risk_assessment_data/)\n\n* [GitLab Security and Compliance\nSolutions](https://about.gitlab.com/solutions/application-security-testing/)\n\n* [GitLab Application Security\ndocumentation](https://docs.gitlab.com/ee/user/application_security/)\n\n* [GitLab Risk Assessment Data\nepic](https://gitlab.com/groups/gitlab-org/-/epics/11544)\n","security",[23,21,24],"tutorial","DevSecOps",{"slug":26,"featured":27,"template":28},"vulnerability-risk-prioritization-made-simple-with-gitlab",true,"BlogPost","content:en-us:blog:vulnerability-risk-prioritization-made-simple-with-gitlab.yml","yaml","Vulnerability Risk Prioritization Made Simple With Gitlab","content","en-us/blog/vulnerability-risk-prioritization-made-simple-with-gitlab.yml","en-us/blog/vulnerability-risk-prioritization-made-simple-with-gitlab","yml",{"_path":37,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"data":39,"_id":459,"_type":30,"title":460,"_source":32,"_file":461,"_stem":462,"_extension":35},"/shared/en-us/main-navigation","en-us",{"logo":40,"freeTrial":45,"sales":50,"login":55,"items":60,"search":390,"minimal":421,"duo":440,"pricingDeployment":449},{"config":41},{"href":42,"dataGaName":43,"dataGaLocation":44},"/","gitlab logo","header",{"text":46,"config":47},"Get free trial",{"href":48,"dataGaName":49,"dataGaLocation":44},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":51,"config":52},"Talk to sales",{"href":53,"dataGaName":54,"dataGaLocation":44},"/sales/","sales",{"text":56,"config":57},"Sign in",{"href":58,"dataGaName":59,"dataGaLocation":44},"https://gitlab.com/users/sign_in/","sign in",[61,105,201,206,311,371],{"text":62,"config":63,"cards":65,"footer":88},"Platform",{"dataNavLevelOne":64},"platform",[66,72,80],{"title":62,"description":67,"link":68},"The most comprehensive AI-powered DevSecOps Platform",{"text":69,"config":70},"Explore our Platform",{"href":71,"dataGaName":64,"dataGaLocation":44},"/platform/",{"title":73,"description":74,"link":75},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":76,"config":77},"Meet GitLab Duo",{"href":78,"dataGaName":79,"dataGaLocation":44},"/gitlab-duo/","gitlab duo ai",{"title":81,"description":82,"link":83},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":84,"config":85},"Learn more",{"href":86,"dataGaName":87,"dataGaLocation":44},"/why-gitlab/","why gitlab",{"title":89,"items":90},"Get started with",[91,96,101],{"text":92,"config":93},"Platform Engineering",{"href":94,"dataGaName":95,"dataGaLocation":44},"/solutions/platform-engineering/","platform engineering",{"text":97,"config":98},"Developer Experience",{"href":99,"dataGaName":100,"dataGaLocation":44},"/developer-experience/","Developer experience",{"text":102,"config":103},"MLOps",{"href":104,"dataGaName":102,"dataGaLocation":44},"/topics/devops/the-role-of-ai-in-devops/",{"text":106,"left":27,"config":107,"link":109,"lists":113,"footer":183},"Product",{"dataNavLevelOne":108},"solutions",{"text":110,"config":111},"View all Solutions",{"href":112,"dataGaName":108,"dataGaLocation":44},"/solutions/",[114,139,162],{"title":115,"description":116,"link":117,"items":122},"Automation","CI/CD and automation to accelerate deployment",{"config":118},{"icon":119,"href":120,"dataGaName":121,"dataGaLocation":44},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[123,127,131,135],{"text":124,"config":125},"CI/CD",{"href":126,"dataGaLocation":44,"dataGaName":124},"/solutions/continuous-integration/",{"text":128,"config":129},"AI-Assisted Development",{"href":78,"dataGaLocation":44,"dataGaName":130},"AI assisted development",{"text":132,"config":133},"Source Code Management",{"href":134,"dataGaLocation":44,"dataGaName":132},"/solutions/source-code-management/",{"text":136,"config":137},"Automated Software Delivery",{"href":120,"dataGaLocation":44,"dataGaName":138},"Automated software delivery",{"title":140,"description":141,"link":142,"items":147},"Security","Deliver code faster without compromising security",{"config":143},{"href":144,"dataGaName":145,"dataGaLocation":44,"icon":146},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[148,152,157],{"text":149,"config":150},"Application Security Testing",{"href":144,"dataGaName":151,"dataGaLocation":44},"Application security testing",{"text":153,"config":154},"Software Supply Chain Security",{"href":155,"dataGaLocation":44,"dataGaName":156},"/solutions/supply-chain/","Software supply chain security",{"text":158,"config":159},"Software Compliance",{"href":160,"dataGaName":161,"dataGaLocation":44},"/solutions/software-compliance/","software compliance",{"title":163,"link":164,"items":169},"Measurement",{"config":165},{"icon":166,"href":167,"dataGaName":168,"dataGaLocation":44},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[170,174,178],{"text":171,"config":172},"Visibility & Measurement",{"href":167,"dataGaLocation":44,"dataGaName":173},"Visibility and Measurement",{"text":175,"config":176},"Value Stream Management",{"href":177,"dataGaLocation":44,"dataGaName":175},"/solutions/value-stream-management/",{"text":179,"config":180},"Analytics & Insights",{"href":181,"dataGaLocation":44,"dataGaName":182},"/solutions/analytics-and-insights/","Analytics and insights",{"title":184,"items":185},"GitLab for",[186,191,196],{"text":187,"config":188},"Enterprise",{"href":189,"dataGaLocation":44,"dataGaName":190},"/enterprise/","enterprise",{"text":192,"config":193},"Small Business",{"href":194,"dataGaLocation":44,"dataGaName":195},"/small-business/","small business",{"text":197,"config":198},"Public Sector",{"href":199,"dataGaLocation":44,"dataGaName":200},"/solutions/public-sector/","public sector",{"text":202,"config":203},"Pricing",{"href":204,"dataGaName":205,"dataGaLocation":44,"dataNavLevelOne":205},"/pricing/","pricing",{"text":207,"config":208,"link":210,"lists":214,"feature":298},"Resources",{"dataNavLevelOne":209},"resources",{"text":211,"config":212},"View all resources",{"href":213,"dataGaName":209,"dataGaLocation":44},"/resources/",[215,248,270],{"title":216,"items":217},"Getting started",[218,223,228,233,238,243],{"text":219,"config":220},"Install",{"href":221,"dataGaName":222,"dataGaLocation":44},"/install/","install",{"text":224,"config":225},"Quick start guides",{"href":226,"dataGaName":227,"dataGaLocation":44},"/get-started/","quick setup checklists",{"text":229,"config":230},"Learn",{"href":231,"dataGaLocation":44,"dataGaName":232},"https://university.gitlab.com/","learn",{"text":234,"config":235},"Product documentation",{"href":236,"dataGaName":237,"dataGaLocation":44},"https://docs.gitlab.com/","product documentation",{"text":239,"config":240},"Best practice videos",{"href":241,"dataGaName":242,"dataGaLocation":44},"/getting-started-videos/","best practice videos",{"text":244,"config":245},"Integrations",{"href":246,"dataGaName":247,"dataGaLocation":44},"/integrations/","integrations",{"title":249,"items":250},"Discover",[251,256,260,265],{"text":252,"config":253},"Customer success stories",{"href":254,"dataGaName":255,"dataGaLocation":44},"/customers/","customer success stories",{"text":257,"config":258},"Blog",{"href":259,"dataGaName":5,"dataGaLocation":44},"/blog/",{"text":261,"config":262},"Remote",{"href":263,"dataGaName":264,"dataGaLocation":44},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":266,"config":267},"TeamOps",{"href":268,"dataGaName":269,"dataGaLocation":44},"/teamops/","teamops",{"title":271,"items":272},"Connect",[273,278,283,288,293],{"text":274,"config":275},"GitLab Services",{"href":276,"dataGaName":277,"dataGaLocation":44},"/services/","services",{"text":279,"config":280},"Community",{"href":281,"dataGaName":282,"dataGaLocation":44},"/community/","community",{"text":284,"config":285},"Forum",{"href":286,"dataGaName":287,"dataGaLocation":44},"https://forum.gitlab.com/","forum",{"text":289,"config":290},"Events",{"href":291,"dataGaName":292,"dataGaLocation":44},"/events/","events",{"text":294,"config":295},"Partners",{"href":296,"dataGaName":297,"dataGaLocation":44},"/partners/","partners",{"backgroundColor":299,"textColor":300,"text":301,"image":302,"link":306},"#2f2a6b","#fff","Insights for the future of software development",{"altText":303,"config":304},"the source promo card",{"src":305},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":307,"config":308},"Read the latest",{"href":309,"dataGaName":310,"dataGaLocation":44},"/the-source/","the source",{"text":312,"config":313,"lists":315},"Company",{"dataNavLevelOne":314},"company",[316],{"items":317},[318,323,329,331,336,341,346,351,356,361,366],{"text":319,"config":320},"About",{"href":321,"dataGaName":322,"dataGaLocation":44},"/company/","about",{"text":324,"config":325,"footerGa":328},"Jobs",{"href":326,"dataGaName":327,"dataGaLocation":44},"/jobs/","jobs",{"dataGaName":327},{"text":289,"config":330},{"href":291,"dataGaName":292,"dataGaLocation":44},{"text":332,"config":333},"Leadership",{"href":334,"dataGaName":335,"dataGaLocation":44},"/company/team/e-group/","leadership",{"text":337,"config":338},"Team",{"href":339,"dataGaName":340,"dataGaLocation":44},"/company/team/","team",{"text":342,"config":343},"Handbook",{"href":344,"dataGaName":345,"dataGaLocation":44},"https://handbook.gitlab.com/","handbook",{"text":347,"config":348},"Investor relations",{"href":349,"dataGaName":350,"dataGaLocation":44},"https://ir.gitlab.com/","investor relations",{"text":352,"config":353},"Trust Center",{"href":354,"dataGaName":355,"dataGaLocation":44},"/security/","trust center",{"text":357,"config":358},"AI Transparency Center",{"href":359,"dataGaName":360,"dataGaLocation":44},"/ai-transparency-center/","ai transparency center",{"text":362,"config":363},"Newsletter",{"href":364,"dataGaName":365,"dataGaLocation":44},"/company/contact/","newsletter",{"text":367,"config":368},"Press",{"href":369,"dataGaName":370,"dataGaLocation":44},"/press/","press",{"text":372,"config":373,"lists":374},"Contact us",{"dataNavLevelOne":314},[375],{"items":376},[377,380,385],{"text":51,"config":378},{"href":53,"dataGaName":379,"dataGaLocation":44},"talk to sales",{"text":381,"config":382},"Support portal",{"href":383,"dataGaName":384,"dataGaLocation":44},"https://support.gitlab.com","support portal",{"text":386,"config":387},"Customer portal",{"href":388,"dataGaName":389,"dataGaLocation":44},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":391,"login":392,"suggestions":399},"Close",{"text":393,"link":394},"To search repositories and projects, login to",{"text":395,"config":396},"gitlab.com",{"href":58,"dataGaName":397,"dataGaLocation":398},"search login","search",{"text":400,"default":401},"Suggestions",[402,404,408,410,414,418],{"text":73,"config":403},{"href":78,"dataGaName":73,"dataGaLocation":398},{"text":405,"config":406},"Code Suggestions (AI)",{"href":407,"dataGaName":405,"dataGaLocation":398},"/solutions/code-suggestions/",{"text":124,"config":409},{"href":126,"dataGaName":124,"dataGaLocation":398},{"text":411,"config":412},"GitLab on AWS",{"href":413,"dataGaName":411,"dataGaLocation":398},"/partners/technology-partners/aws/",{"text":415,"config":416},"GitLab on Google Cloud",{"href":417,"dataGaName":415,"dataGaLocation":398},"/partners/technology-partners/google-cloud-platform/",{"text":419,"config":420},"Why GitLab?",{"href":86,"dataGaName":419,"dataGaLocation":398},{"freeTrial":422,"mobileIcon":427,"desktopIcon":432,"secondaryButton":435},{"text":423,"config":424},"Start free trial",{"href":425,"dataGaName":49,"dataGaLocation":426},"https://gitlab.com/-/trials/new/","nav",{"altText":428,"config":429},"Gitlab Icon",{"src":430,"dataGaName":431,"dataGaLocation":426},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":428,"config":433},{"src":434,"dataGaName":431,"dataGaLocation":426},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":436,"config":437},"Get Started",{"href":438,"dataGaName":439,"dataGaLocation":426},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":441,"mobileIcon":445,"desktopIcon":447},{"text":442,"config":443},"Learn more about GitLab Duo",{"href":78,"dataGaName":444,"dataGaLocation":426},"gitlab duo",{"altText":428,"config":446},{"src":430,"dataGaName":431,"dataGaLocation":426},{"altText":428,"config":448},{"src":434,"dataGaName":431,"dataGaLocation":426},{"freeTrial":450,"mobileIcon":455,"desktopIcon":457},{"text":451,"config":452},"Back to pricing",{"href":204,"dataGaName":453,"dataGaLocation":426,"icon":454},"back to pricing","GoBack",{"altText":428,"config":456},{"src":430,"dataGaName":431,"dataGaLocation":426},{"altText":428,"config":458},{"src":434,"dataGaName":431,"dataGaLocation":426},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":464,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"title":465,"button":466,"image":471,"config":475,"_id":477,"_type":30,"_source":32,"_file":478,"_stem":479,"_extension":35},"/shared/en-us/banner","is now in public beta!",{"text":467,"config":468},"Try the Beta",{"href":469,"dataGaName":470,"dataGaLocation":44},"/gitlab-duo/agent-platform/","duo banner",{"altText":472,"config":473},"GitLab Duo Agent Platform",{"src":474},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":476},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":481,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"data":482,"_id":720,"_type":30,"title":721,"_source":32,"_file":722,"_stem":723,"_extension":35},"/shared/en-us/main-footer",{"text":483,"source":484,"edit":490,"contribute":495,"config":500,"items":505,"minimal":712},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":485,"config":486},"View page source",{"href":487,"dataGaName":488,"dataGaLocation":489},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":491,"config":492},"Edit this page",{"href":493,"dataGaName":494,"dataGaLocation":489},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":496,"config":497},"Please contribute",{"href":498,"dataGaName":499,"dataGaLocation":489},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":501,"facebook":502,"youtube":503,"linkedin":504},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[506,553,605,649,678],{"title":202,"links":507,"subMenu":522},[508,512,517],{"text":509,"config":510},"View plans",{"href":204,"dataGaName":511,"dataGaLocation":489},"view plans",{"text":513,"config":514},"Why Premium?",{"href":515,"dataGaName":516,"dataGaLocation":489},"/pricing/premium/","why premium",{"text":518,"config":519},"Why Ultimate?",{"href":520,"dataGaName":521,"dataGaLocation":489},"/pricing/ultimate/","why ultimate",[523],{"title":524,"links":525},"Contact Us",[526,529,531,533,538,543,548],{"text":527,"config":528},"Contact sales",{"href":53,"dataGaName":54,"dataGaLocation":489},{"text":381,"config":530},{"href":383,"dataGaName":384,"dataGaLocation":489},{"text":386,"config":532},{"href":388,"dataGaName":389,"dataGaLocation":489},{"text":534,"config":535},"Status",{"href":536,"dataGaName":537,"dataGaLocation":489},"https://status.gitlab.com/","status",{"text":539,"config":540},"Terms of use",{"href":541,"dataGaName":542,"dataGaLocation":489},"/terms/","terms of use",{"text":544,"config":545},"Privacy statement",{"href":546,"dataGaName":547,"dataGaLocation":489},"/privacy/","privacy statement",{"text":549,"config":550},"Cookie preferences",{"dataGaName":551,"dataGaLocation":489,"id":552,"isOneTrustButton":27},"cookie preferences","ot-sdk-btn",{"title":106,"links":554,"subMenu":562},[555,559],{"text":556,"config":557},"DevSecOps platform",{"href":71,"dataGaName":558,"dataGaLocation":489},"devsecops platform",{"text":128,"config":560},{"href":78,"dataGaName":561,"dataGaLocation":489},"ai-assisted development",[563],{"title":564,"links":565},"Topics",[566,571,576,581,586,590,595,600],{"text":567,"config":568},"CICD",{"href":569,"dataGaName":570,"dataGaLocation":489},"/topics/ci-cd/","cicd",{"text":572,"config":573},"GitOps",{"href":574,"dataGaName":575,"dataGaLocation":489},"/topics/gitops/","gitops",{"text":577,"config":578},"DevOps",{"href":579,"dataGaName":580,"dataGaLocation":489},"/topics/devops/","devops",{"text":582,"config":583},"Version Control",{"href":584,"dataGaName":585,"dataGaLocation":489},"/topics/version-control/","version control",{"text":24,"config":587},{"href":588,"dataGaName":589,"dataGaLocation":489},"/topics/devsecops/","devsecops",{"text":591,"config":592},"Cloud Native",{"href":593,"dataGaName":594,"dataGaLocation":489},"/topics/cloud-native/","cloud native",{"text":596,"config":597},"AI for Coding",{"href":598,"dataGaName":599,"dataGaLocation":489},"/topics/devops/ai-for-coding/","ai for coding",{"text":601,"config":602},"Agentic AI",{"href":603,"dataGaName":604,"dataGaLocation":489},"/topics/agentic-ai/","agentic ai",{"title":606,"links":607},"Solutions",[608,610,612,617,621,624,628,631,633,636,639,644],{"text":149,"config":609},{"href":144,"dataGaName":149,"dataGaLocation":489},{"text":138,"config":611},{"href":120,"dataGaName":121,"dataGaLocation":489},{"text":613,"config":614},"Agile development",{"href":615,"dataGaName":616,"dataGaLocation":489},"/solutions/agile-delivery/","agile delivery",{"text":618,"config":619},"SCM",{"href":134,"dataGaName":620,"dataGaLocation":489},"source code management",{"text":567,"config":622},{"href":126,"dataGaName":623,"dataGaLocation":489},"continuous integration & delivery",{"text":625,"config":626},"Value stream management",{"href":177,"dataGaName":627,"dataGaLocation":489},"value stream management",{"text":572,"config":629},{"href":630,"dataGaName":575,"dataGaLocation":489},"/solutions/gitops/",{"text":187,"config":632},{"href":189,"dataGaName":190,"dataGaLocation":489},{"text":634,"config":635},"Small business",{"href":194,"dataGaName":195,"dataGaLocation":489},{"text":637,"config":638},"Public sector",{"href":199,"dataGaName":200,"dataGaLocation":489},{"text":640,"config":641},"Education",{"href":642,"dataGaName":643,"dataGaLocation":489},"/solutions/education/","education",{"text":645,"config":646},"Financial services",{"href":647,"dataGaName":648,"dataGaLocation":489},"/solutions/finance/","financial services",{"title":207,"links":650},[651,653,655,657,660,662,664,666,668,670,672,674,676],{"text":219,"config":652},{"href":221,"dataGaName":222,"dataGaLocation":489},{"text":224,"config":654},{"href":226,"dataGaName":227,"dataGaLocation":489},{"text":229,"config":656},{"href":231,"dataGaName":232,"dataGaLocation":489},{"text":234,"config":658},{"href":236,"dataGaName":659,"dataGaLocation":489},"docs",{"text":257,"config":661},{"href":259,"dataGaName":5,"dataGaLocation":489},{"text":252,"config":663},{"href":254,"dataGaName":255,"dataGaLocation":489},{"text":261,"config":665},{"href":263,"dataGaName":264,"dataGaLocation":489},{"text":274,"config":667},{"href":276,"dataGaName":277,"dataGaLocation":489},{"text":266,"config":669},{"href":268,"dataGaName":269,"dataGaLocation":489},{"text":279,"config":671},{"href":281,"dataGaName":282,"dataGaLocation":489},{"text":284,"config":673},{"href":286,"dataGaName":287,"dataGaLocation":489},{"text":289,"config":675},{"href":291,"dataGaName":292,"dataGaLocation":489},{"text":294,"config":677},{"href":296,"dataGaName":297,"dataGaLocation":489},{"title":312,"links":679},[680,682,684,686,688,690,692,696,701,703,705,707],{"text":319,"config":681},{"href":321,"dataGaName":314,"dataGaLocation":489},{"text":324,"config":683},{"href":326,"dataGaName":327,"dataGaLocation":489},{"text":332,"config":685},{"href":334,"dataGaName":335,"dataGaLocation":489},{"text":337,"config":687},{"href":339,"dataGaName":340,"dataGaLocation":489},{"text":342,"config":689},{"href":344,"dataGaName":345,"dataGaLocation":489},{"text":347,"config":691},{"href":349,"dataGaName":350,"dataGaLocation":489},{"text":693,"config":694},"Sustainability",{"href":695,"dataGaName":693,"dataGaLocation":489},"/sustainability/",{"text":697,"config":698},"Diversity, inclusion and belonging (DIB)",{"href":699,"dataGaName":700,"dataGaLocation":489},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":352,"config":702},{"href":354,"dataGaName":355,"dataGaLocation":489},{"text":362,"config":704},{"href":364,"dataGaName":365,"dataGaLocation":489},{"text":367,"config":706},{"href":369,"dataGaName":370,"dataGaLocation":489},{"text":708,"config":709},"Modern Slavery Transparency Statement",{"href":710,"dataGaName":711,"dataGaLocation":489},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":713},[714,716,718],{"text":539,"config":715},{"href":541,"dataGaName":542,"dataGaLocation":489},{"text":544,"config":717},{"href":546,"dataGaName":547,"dataGaLocation":489},{"text":549,"config":719},{"dataGaName":551,"dataGaLocation":489,"id":552,"isOneTrustButton":27},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[725],{"_path":726,"_dir":727,"_draft":6,"_partial":6,"_locale":7,"content":728,"config":732,"_id":734,"_type":30,"title":18,"_source":32,"_file":735,"_stem":736,"_extension":35},"/en-us/blog/authors/fernando-diaz","authors",{"name":18,"config":729},{"headshot":730,"ctfId":731},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659556/Blog/Author%20Headshots/fern_diaz.png","fjdiaz",{"template":733},"BlogAuthor","content:en-us:blog:authors:fernando-diaz.yml","en-us/blog/authors/fernando-diaz.yml","en-us/blog/authors/fernando-diaz",{"_path":738,"_dir":38,"_draft":6,"_partial":6,"_locale":7,"header":739,"eyebrow":740,"blurb":741,"button":742,"secondaryButton":746,"_id":748,"_type":30,"title":749,"_source":32,"_file":750,"_stem":751,"_extension":35},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":46,"config":743},{"href":744,"dataGaName":49,"dataGaLocation":745},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":51,"config":747},{"href":53,"dataGaName":54,"dataGaLocation":745},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":753,"content":754,"config":757,"_id":29,"_type":30,"title":31,"_source":32,"_file":33,"_stem":34,"_extension":35},{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},{"title":9,"description":10,"authors":755,"heroImage":11,"date":19,"body":20,"category":21,"tags":756},[18],[23,21,24],{"slug":26,"featured":27,"template":28},1761814439470]