[{"data":1,"prerenderedAt":1423},["ShallowReactive",2],{"/en-us/the-source/platform":3,"footer-en-us":35,"the-source-banner-en-us":378,"the-source-navigation-en-us":390,"the-source-newsletter-en-us":417,"footer-source-/en-us/the-source/platform/":428,"the-source-platform-resources-en-us":440,"authors-en-us":481,"categories-en-us":517,"platform-articles-list-en-us":518},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"type":8,"config":9,"seo":10,"content":14,"slug":28,"_id":29,"_type":30,"title":7,"_source":31,"_file":32,"_stem":33,"_extension":34},"/en-us/the-source/platform","the-source",false,"","category",{"layout":5},{"title":11,"description":12,"ogImage":13},"Platform & Infrastructure","Learn how to build a DevSecOps framework that sets your team up for success, from planning to delivery.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463263/bdz7hmhpbmgwvoybcaud.png",[15,20],{"componentName":16,"type":16,"componentContent":17},"TheSourceCategoryHero",{"title":11,"description":12,"image":18},{"config":19},{"src":13},{"componentName":21,"type":21,"componentContent":22},"TheSourceCategoryMainSection",{"config":23},{"sourceCTAs":24},[25,26,27],"source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams","source-lp-measuring-success-in-software-development-a-guide-for-leaders","source-lp-building-a-resilient-software-development-practice","platform","content:en-us:the-source:platform:index.yml","yaml","content","en-us/the-source/platform/index.yml","en-us/the-source/platform/index","yml",{"_path":36,"_dir":37,"_draft":6,"_partial":6,"_locale":7,"data":38,"_id":374,"_type":30,"title":375,"_source":31,"_file":376,"_stem":377,"_extension":34},"/shared/en-us/main-footer","en-us",{"text":39,"source":40,"edit":46,"contribute":51,"config":56,"items":61,"minimal":366},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":41,"config":42},"View page source",{"href":43,"dataGaName":44,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":47,"config":48},"Edit this page",{"href":49,"dataGaName":50,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":52,"config":53},"Please contribute",{"href":54,"dataGaName":55,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":57,"facebook":58,"youtube":59,"linkedin":60},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[62,120,177,236,304],{"title":63,"links":64,"subMenu":80},"Pricing",[65,70,75],{"text":66,"config":67},"View plans",{"href":68,"dataGaName":69,"dataGaLocation":45},"/pricing/","view plans",{"text":71,"config":72},"Why Premium?",{"href":73,"dataGaName":74,"dataGaLocation":45},"/pricing/premium/","why premium",{"text":76,"config":77},"Why Ultimate?",{"href":78,"dataGaName":79,"dataGaLocation":45},"/pricing/ultimate/","why ultimate",[81],{"title":82,"links":83},"Contact Us",[84,89,94,99,104,109,114],{"text":85,"config":86},"Contact sales",{"href":87,"dataGaName":88,"dataGaLocation":45},"/sales/","sales",{"text":90,"config":91},"Support portal",{"href":92,"dataGaName":93,"dataGaLocation":45},"https://support.gitlab.com","support portal",{"text":95,"config":96},"Customer portal",{"href":97,"dataGaName":98,"dataGaLocation":45},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":100,"config":101},"Status",{"href":102,"dataGaName":103,"dataGaLocation":45},"https://status.gitlab.com/","status",{"text":105,"config":106},"Terms of use",{"href":107,"dataGaName":108,"dataGaLocation":45},"/terms/","terms of use",{"text":110,"config":111},"Privacy statement",{"href":112,"dataGaName":113,"dataGaLocation":45},"/privacy/","privacy statement",{"text":115,"config":116},"Cookie preferences",{"dataGaName":117,"dataGaLocation":45,"id":118,"isOneTrustButton":119},"cookie preferences","ot-sdk-btn",true,{"title":121,"links":122,"subMenu":133},"Product",[123,128],{"text":124,"config":125},"DevSecOps platform",{"href":126,"dataGaName":127,"dataGaLocation":45},"/platform/","devsecops platform",{"text":129,"config":130},"AI-Assisted Development",{"href":131,"dataGaName":132,"dataGaLocation":45},"/gitlab-duo/","ai-assisted development",[134],{"title":135,"links":136},"Topics",[137,142,147,152,157,162,167,172],{"text":138,"config":139},"CICD",{"href":140,"dataGaName":141,"dataGaLocation":45},"/topics/ci-cd/","cicd",{"text":143,"config":144},"GitOps",{"href":145,"dataGaName":146,"dataGaLocation":45},"/topics/gitops/","gitops",{"text":148,"config":149},"DevOps",{"href":150,"dataGaName":151,"dataGaLocation":45},"/topics/devops/","devops",{"text":153,"config":154},"Version Control",{"href":155,"dataGaName":156,"dataGaLocation":45},"/topics/version-control/","version control",{"text":158,"config":159},"DevSecOps",{"href":160,"dataGaName":161,"dataGaLocation":45},"/topics/devsecops/","devsecops",{"text":163,"config":164},"Cloud Native",{"href":165,"dataGaName":166,"dataGaLocation":45},"/topics/cloud-native/","cloud native",{"text":168,"config":169},"AI for Coding",{"href":170,"dataGaName":171,"dataGaLocation":45},"/topics/devops/ai-for-coding/","ai for coding",{"text":173,"config":174},"Agentic AI",{"href":175,"dataGaName":176,"dataGaLocation":45},"/topics/agentic-ai/","agentic ai",{"title":178,"links":179},"Solutions",[180,184,189,194,199,203,208,211,216,221,226,231],{"text":181,"config":182},"Application Security Testing",{"href":183,"dataGaName":181,"dataGaLocation":45},"/solutions/application-security-testing/",{"text":185,"config":186},"Automated software delivery",{"href":187,"dataGaName":188,"dataGaLocation":45},"/solutions/delivery-automation/","automated software delivery",{"text":190,"config":191},"Agile development",{"href":192,"dataGaName":193,"dataGaLocation":45},"/solutions/agile-delivery/","agile delivery",{"text":195,"config":196},"SCM",{"href":197,"dataGaName":198,"dataGaLocation":45},"/solutions/source-code-management/","source code management",{"text":138,"config":200},{"href":201,"dataGaName":202,"dataGaLocation":45},"/solutions/continuous-integration/","continuous integration & delivery",{"text":204,"config":205},"Value stream management",{"href":206,"dataGaName":207,"dataGaLocation":45},"/solutions/value-stream-management/","value stream management",{"text":143,"config":209},{"href":210,"dataGaName":146,"dataGaLocation":45},"/solutions/gitops/",{"text":212,"config":213},"Enterprise",{"href":214,"dataGaName":215,"dataGaLocation":45},"/enterprise/","enterprise",{"text":217,"config":218},"Small business",{"href":219,"dataGaName":220,"dataGaLocation":45},"/small-business/","small business",{"text":222,"config":223},"Public sector",{"href":224,"dataGaName":225,"dataGaLocation":45},"/solutions/public-sector/","public sector",{"text":227,"config":228},"Education",{"href":229,"dataGaName":230,"dataGaLocation":45},"/solutions/education/","education",{"text":232,"config":233},"Financial services",{"href":234,"dataGaName":235,"dataGaLocation":45},"/solutions/finance/","financial services",{"title":237,"links":238},"Resources",[239,244,249,254,259,264,269,274,279,284,289,294,299],{"text":240,"config":241},"Install",{"href":242,"dataGaName":243,"dataGaLocation":45},"/install/","install",{"text":245,"config":246},"Quick start guides",{"href":247,"dataGaName":248,"dataGaLocation":45},"/get-started/","quick setup checklists",{"text":250,"config":251},"Learn",{"href":252,"dataGaName":253,"dataGaLocation":45},"https://university.gitlab.com/","learn",{"text":255,"config":256},"Product documentation",{"href":257,"dataGaName":258,"dataGaLocation":45},"https://docs.gitlab.com/","docs",{"text":260,"config":261},"Blog",{"href":262,"dataGaName":263,"dataGaLocation":45},"/blog/","blog",{"text":265,"config":266},"Customer success stories",{"href":267,"dataGaName":268,"dataGaLocation":45},"/customers/","customer success stories",{"text":270,"config":271},"Remote",{"href":272,"dataGaName":273,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":275,"config":276},"GitLab Services",{"href":277,"dataGaName":278,"dataGaLocation":45},"/services/","services",{"text":280,"config":281},"TeamOps",{"href":282,"dataGaName":283,"dataGaLocation":45},"/teamops/","teamops",{"text":285,"config":286},"Community",{"href":287,"dataGaName":288,"dataGaLocation":45},"/community/","community",{"text":290,"config":291},"Forum",{"href":292,"dataGaName":293,"dataGaLocation":45},"https://forum.gitlab.com/","forum",{"text":295,"config":296},"Events",{"href":297,"dataGaName":298,"dataGaLocation":45},"/events/","events",{"text":300,"config":301},"Partners",{"href":302,"dataGaName":303,"dataGaLocation":45},"/partners/","partners",{"title":305,"links":306},"Company",[307,312,317,322,327,332,337,341,346,351,356,361],{"text":308,"config":309},"About",{"href":310,"dataGaName":311,"dataGaLocation":45},"/company/","company",{"text":313,"config":314},"Jobs",{"href":315,"dataGaName":316,"dataGaLocation":45},"/jobs/","jobs",{"text":318,"config":319},"Leadership",{"href":320,"dataGaName":321,"dataGaLocation":45},"/company/team/e-group/","leadership",{"text":323,"config":324},"Team",{"href":325,"dataGaName":326,"dataGaLocation":45},"/company/team/","team",{"text":328,"config":329},"Handbook",{"href":330,"dataGaName":331,"dataGaLocation":45},"https://handbook.gitlab.com/","handbook",{"text":333,"config":334},"Investor relations",{"href":335,"dataGaName":336,"dataGaLocation":45},"https://ir.gitlab.com/","investor relations",{"text":338,"config":339},"Sustainability",{"href":340,"dataGaName":338,"dataGaLocation":45},"/sustainability/",{"text":342,"config":343},"Diversity, inclusion and belonging (DIB)",{"href":344,"dataGaName":345,"dataGaLocation":45},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":347,"config":348},"Trust Center",{"href":349,"dataGaName":350,"dataGaLocation":45},"/security/","trust center",{"text":352,"config":353},"Newsletter",{"href":354,"dataGaName":355,"dataGaLocation":45},"/company/contact/","newsletter",{"text":357,"config":358},"Press",{"href":359,"dataGaName":360,"dataGaLocation":45},"/press/","press",{"text":362,"config":363},"Modern Slavery Transparency Statement",{"href":364,"dataGaName":365,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":367},[368,370,372],{"text":105,"config":369},{"href":107,"dataGaName":108,"dataGaLocation":45},{"text":110,"config":371},{"href":112,"dataGaName":113,"dataGaLocation":45},{"text":115,"config":373},{"dataGaName":117,"dataGaLocation":45,"id":118,"isOneTrustButton":119},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":379,"_dir":380,"_draft":6,"_partial":6,"_locale":7,"visibility":119,"id":381,"title":382,"button":383,"_id":387,"_type":30,"_source":31,"_file":388,"_stem":389,"_extension":34},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":384,"text":386},{"href":385},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":391,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"logo":392,"subscribeLink":397,"navItems":401,"_id":413,"_type":30,"title":414,"_source":31,"_file":415,"_stem":416,"_extension":34},"/shared/en-us/the-source/navigation",{"altText":393,"config":394},"the source logo",{"src":395,"href":396},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":398,"config":399},"Subscribe",{"href":400},"#subscribe",[402,406,410],{"text":403,"config":404},"Artificial Intelligence",{"href":405},"/the-source/ai/",{"text":407,"config":408},"Security & Compliance",{"href":409},"/the-source/security/",{"text":11,"config":411},{"href":412},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":418,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":419,"description":420,"submitMessage":421,"formData":422,"_id":425,"_type":30,"_source":31,"_file":426,"_stem":427,"_extension":34},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":423},{"formId":424,"formName":355,"hideRequiredLabel":119},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"type":8,"config":429,"seo":430,"content":431,"slug":28,"_id":29,"_type":30,"title":7,"_source":31,"_file":32,"_stem":33,"_extension":34},{"layout":5},{"title":11,"description":12,"ogImage":13},[432,436],{"componentName":16,"type":16,"componentContent":433},{"title":11,"description":12,"image":434},{"config":435},{"src":13},{"componentName":21,"type":21,"componentContent":437},{"config":438},{"sourceCTAs":439},[25,26,27],[441,456,469],{"_path":442,"_dir":443,"_draft":6,"_partial":6,"_locale":7,"config":444,"title":445,"description":446,"link":447,"_id":453,"_type":30,"_source":31,"_file":454,"_stem":455,"_extension":34},"/shared/en-us/the-source/source-lp-ctas/source-lp-building-a-resilient-software-development-practice","source-lp-ctas",{"slug":27},"Building a resilient software development practice","Learn strategies to bolster your team's effectiveness amid shifts in the industry with a standardized approach to software development.",{"text":448,"config":449},"Read the guide",{"href":450,"dataGaName":451,"dataGaLocation":452},"/the-source/platform/building-a-resilient-software-development-practice/","Building a Resilient Software Development Practice","thesource","content:shared:en-us:the-source:source-lp-ctas:source-lp-building-a-resilient-software-development-practice.yml","shared/en-us/the-source/source-lp-ctas/source-lp-building-a-resilient-software-development-practice.yml","shared/en-us/the-source/source-lp-ctas/source-lp-building-a-resilient-software-development-practice",{"_path":457,"_dir":443,"_draft":6,"_partial":6,"_locale":7,"config":458,"title":459,"description":460,"link":461,"_id":466,"_type":30,"_source":31,"_file":467,"_stem":468,"_extension":34},"/shared/en-us/the-source/source-lp-ctas/source-lp-measuring-success-in-software-development-a-guide-for-leaders",{"slug":26},"Measuring success in software development: A guide for leaders","Discover how to measure software delivery performance with key metrics that optimize workflows, enhance team productivity, and drive better decisions.",{"text":462,"config":463},"Download the guide",{"href":464,"dataGaName":465,"dataGaLocation":452},"/the-source/platform/measuring-success-in-software-development-a-guide-for-leaders/","Measuring success in software development","content:shared:en-us:the-source:source-lp-ctas:source-lp-measuring-success-in-software-development-a-guide-for-leaders.yml","shared/en-us/the-source/source-lp-ctas/source-lp-measuring-success-in-software-development-a-guide-for-leaders.yml","shared/en-us/the-source/source-lp-ctas/source-lp-measuring-success-in-software-development-a-guide-for-leaders",{"_path":470,"_dir":443,"_draft":6,"_partial":6,"_locale":7,"config":471,"title":472,"description":473,"link":474,"_id":478,"_type":30,"_source":31,"_file":479,"_stem":480,"_extension":34},"/shared/en-us/the-source/source-lp-ctas/source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams",{"slug":25},"The ultimate playbook for high-performing DevSecOps teams ","Learn how to tackle issues like deployment slowdowns, lack of collaboration, and developer burnout.",{"text":475,"config":476},"Read the ebook",{"href":477,"dataGaName":472,"dataGaLocation":452},"/the-source/platform/the-ultimate-playbook-for-high-performing-devsecops-teams/","content:shared:en-us:the-source:source-lp-ctas:source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams.yml","shared/en-us/the-source/source-lp-ctas/source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams.yml","shared/en-us/the-source/source-lp-ctas/source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams",{"amanda-rueda":482,"andre-michael-braun":483,"andrew-haschka":484,"ayoub-fandi":485,"bob-stevens":486,"brian-wald":487,"bryan-ross":488,"chandler-gibbons":489,"dave-steer":490,"ddesanto":491,"derek-debellis":492,"emilio-salvador":493,"erika-feldman":494,"george-kichukov":495,"gitlab":496,"grant-hickman":497,"haim-snir":498,"iganbaruch":499,"jason-morgan":500,"jessie-young":501,"jlongo":502,"joel-krooswyk":503,"josh-lemos":504,"julie-griffin":505,"kristina-weis":506,"lee-faus":507,"nathen-harvey":508,"ncregan":509,"rob-smith":510,"rschulman":511,"sabrina-farmer":512,"sandra-gittlen":513,"sharon-gaudin":514,"stephen-walters":515,"taylor-mccaslin":516},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Jason Morgan","Jessie Young","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Nathen Harvey","Niall Cregan","Rob Smith","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"ai":403,"platform":11,"security":407},[519,558,594,614,648,683,721,740,760,799,836,874,913,954,995,1030,1048,1087,1123,1160,1179,1213,1245,1262,1297,1316,1334,1352,1386,1405],{"_path":520,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"slug":521,"type":522,"category":28,"config":523,"seo":527,"content":531,"_id":555,"_type":30,"title":528,"_source":31,"_file":556,"_stem":557,"_extension":34,"description":529,"date":532,"timeToRead":533,"heroImage":530,"keyTakeaways":534,"articleBody":538,"faq":539},"/en-us/the-source/platform/beyond-the-portal-hype-why-you-need-a-platform-first","beyond-the-portal-hype-why-you-need-a-platform-first","article",{"layout":5,"template":524,"featured":119,"author":525,"sourceCTA":526,"isHighlighted":6,"authorName":488},"TheSourceArticle","bryan-ross","source-lp-how-to-build-a-resilient-software-development-practice",{"title":528,"ogTitle":528,"description":529,"ogDescription":529,"ogImage":530},"Beyond the portal hype: Why you need a platform first","Discover why many internal developer portals fall short and why a platform-first approach is key to improving developer productivity.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1752086082/z2udikxenysukvroywvb.png",{"title":528,"description":529,"date":532,"timeToRead":533,"heroImage":530,"keyTakeaways":534,"articleBody":538,"faq":539},"2025-07-15T00:00:00.000Z","6 min read",[535,536,537],"Most portal initiatives struggle with adoption because organizations underestimate the product management effort required for successful implementation and ongoing maintenance.","Start by building a robust platform with streamlined workflows and automation before investing in a portal interface; the value of any portal is entirely dependent on the capabilities of the underlying platform.","Consider whether tool consolidation might be more effective than integration; end-to-end solutions can simplify your ecosystem and reduce the need for the complex integrations that portals attempt to solve.","When Spotify released Backstage as an open source project in 2020, it sparked a wave of enthusiasm across the platform engineering community. The promise was compelling: a unified dashboard where developers could discover, access, and consume everything they needed to build software efficiently. Who wouldn't want a sleek “shop front” to simplify the increasingly complex world of software development?\n\nFast forward to today, and the reality has proven more complicated. Despite the initial excitement, many organizations struggle to realize the promised benefits of internal developer portals. \n\n## Portals vs. platforms: What’s the difference?\nAn internal developer portal is a “front door” to your technical ecosystem. It sits atop your developer platform, which integrates different tools to provide standardized workflows and underlying infrastructure and helps enforce governance. While the platform handles the technical implementation of tooling and automation, the portal provides a single pane of glass that makes development resources discoverable and accessible.\n\nBefore we get to the challenges around portals, it’s worth acknowledging the very real challenges they aim to address:\n1. **Discovery obstacles**: Many organizations lack an API catalog, causing developers to struggle to find existing software components, documentation, best practices, and support channels. Portals attempt to solve this by creating a centralized catalog where developers can access these resources through a unified search and navigation experience.\n1. **Tool sprawl**: The modern software development lifecycle relies on numerous specialized tools, each with its own interface and learning curve. [GitLab research](https://about.gitlab.com/developer-survey/) found that 62% of teams use six or more separate tools for software development. Portals address this by integrating these disparate tools behind a consistent interface, reducing the cognitive load of context switching.\n1. **Siloed knowledge**: Teams focused on their specific challenges often create their own workflows and toolchains, hampering cross-team collaboration and leading to duplicated work. Portals aim to break down these silos by making team assets visible across the organization and promoting standardized workflows that encourage collaboration and reuse of existing solutions.\nThese challenges have a measurable business impact: According to the [2024 GitLab Global DevSecOps Report](https://about.gitlab.com/developer-survey/), 78% of developers spend at least a quarter of their time maintaining and integrating toolchains.\n\n## Why portal initiatives often fall short\nIf internal developer portals address genuine business problems, why do these initiatives regularly fail to gain traction? In my conversations with technical leaders at companies of all sizes, I’ve noticed several key factors:\n1. **Insufficient product management**: Many organizations underinvest in release announcements, internal enablement examples, training, and other adoption-fueling activities essential for portal success.\n1. **Dependency on platform capabilities**: A portal is only as valuable as its underlying platform. Without robust platform capabilities, a portal merely presents a unified view of dysfunction.\n1. **Technical complexity**: Organizations often underestimate that a portal is not simply a tool to install but a software development framework requiring significant engineering skills to build and maintain.\n1. **Ongoing investment requirements**: Building and maintaining a portal demands substantial continuous investment, which many organizations underestimate during initial planning stages.\n1. **Limited developer resonance**: Despite being highly discussed in platform engineering circles, a recent CNCF App Development Working Group survey revealed that many developers remain unaware of Backstage — suggesting it may not address problems developers consider material to their work.\n\nThese challenges are particularly acute when building the portal’s frontend interface. A portal essentially functions as a wrapper built around existing tools, aiming to become the single source of truth for developer interactions.\n\nBut here's the catch: If your portal doesn't mirror enough of the functionality of those underlying tools, developers will bypass it and go straight to the underlying tools, making your portal just another item in an already crowded toolchain. At the same time, trying to keep up with feature changes across a dozen backend tools requires a massive ongoing effort. Every time a backend system changes or releases a new capability, the portal team faces the same question: implement, integrate, or ignore?  Providing a single pane of glass is a significant, perpetual engineering investment that most organizations underestimate.\n\n[Netflix, which has deep experience in developer tooling, puts it bluntly](https://www.youtube.com/watch?v=qgFyb28NvlQ): “A common front door for existing tools is insufficient on its own to attract and keep a user base. Rather [it] needs end-to-end experiences not available in other tools to keep users coming back and discovering the additional features and capabilities.”\n\n## The platform-first approach\nOrganizations that have successfully improved developer productivity typically follow a platform-first approach rather than beginning with a portal. Here’s what this looks like in practice:\n1. **Start with developer needs**: Don’t assume what developers need. Speak directly with teams about their challenges and work closely with them to develop solutions that demonstrably improve their day-to-day experiences.\n1. **Focus on platform capabilities first**: Prioritize creating streamlined, automated workflows for regular tasks that incorporate best practices and corporate standards. Any future portal's value will entirely depend on these underlying capabilities.\n1. **Consider tool consolidation before integration**: Portals primarily solve integration issues between tools by abstracting authentication methods and bringing data sources together. Before investing in complex integrations, evaluate whether consolidating tools might simplify your ecosystem. End-to-end solutions across the software development lifecycle can reduce the need for extensive integration work.\n1. **Invest in product management**: Ensure strong product management to encourage platform adoption by new teams and drive new capability adoption by teams who have already embraced the platform.\n\n## When portals make sense\nThis isn’t to say that internal developer portals are inherently flawed. In fact, I’ve worked with several large, mature organizations that successfully use internal developer portals like Backstage, but with a crucial difference in approach and expectations.\n\nOne large financial institution I worked with recently has had tremendous feedback from their portal implementation. Rather than trying to create a single pane of glass for all development activities, their portal was built to serve two specific workflows: developer onboarding and new project scaffolding. When a developer joins a team, the portal guides them through account setup across six different systems, automatically provisioning access based on their team assignment. For new projects, the portal provides developers with an intuitive interface to select an appropriate template and configure it to their needs. The portal then triggers the necessary backend systems to build the required project scaffolding, including an initial code repository and a CI/CD pipeline with [policy-driven testing](https://about.gitlab.com/blog/how-to-use-gitlabs-custom-compliance-frameworks-in-your-devsecops/) and [infrastructure-as-code](https://about.gitlab.com/blog/using-ansible-and-gitlab-as-infrastructure-for-code/) to deploy the application.\n\nSuccessful implementations like this leverage portals for activities that genuinely benefit from a simplified point-and-click interface. The portal doesn't try to be the primary interface for all activity; developers still work directly in their IDEs, Git repositories, and monitoring dashboards.\nCritically, organizations with successful developer portals build solid, capable internal developer platforms first. They also have mature approaches to gathering developer feedback to direct their efforts to real-world points of friction.\n\n## The path forward\nThe message for technical leaders navigating the platform engineering landscape is clear: Start with a strong platform rather than focusing primarily on a portal. Prioritize creating tangible value for developers through automation, standardization, and simplified workflows. Once your platform capabilities mature and deliver measurable benefits, consider adding a portal as an enhancement if specific needs warrant it.\n\nBy taking this measured approach, you'll avoid the common pitfall of implementing a beautiful dashboard that sits atop dysfunction — and instead build developer tooling that genuinely improves productivity, reduces cognitive load, and accelerates innovation.",[540,543,546,549,552],{"header":541,"content":542},"What's the difference between an internal developer portal and a platform?","An internal developer portal is a \"front door\" interface that sits atop your developer platform. The platform handles technical implementation, tooling, and automation with standardized workflows, while the portal provides a single pane of glass that makes development resources discoverable and accessible.",{"header":544,"content":545},"How much time do developers spend on toolchain maintenance and integration?","According to the 2024 GitLab Global DevSecOps Report, 78% of developers spend at least a quarter of their time maintaining and integrating toolchains. GitLab research also found that 62% of teams use six or more separate tools for software development.",{"header":547,"content":548},"Why do internal developer portal initiatives often fail?","Portal initiatives fail due to insufficient product management, dependency on weak platform capabilities, underestimated technical complexity, ongoing investment requirements, and limited developer resonance. Many organizations underestimate that portals require significant continuous engineering investment to maintain feature parity with underlying tools.",{"header":550,"content":551},"What should organizations prioritize before building a developer portal?","Organizations should follow a platform-first approach: start with developer needs assessment, focus on platform capabilities with streamlined automated workflows, consider tool consolidation before integration, and invest in strong product management for adoption. Build robust platform capabilities before adding portal interfaces.",{"header":553,"content":554},"When do internal developer portals make sense to implement?","Portals work best for specific workflows like developer onboarding and new project scaffolding rather than trying to be a single pane of glass for all activities. Successful implementations focus on activities that genuinely benefit from simplified point-and-click interfaces while developers continue using specialized tools directly.","content:en-us:the-source:platform:beyond-the-portal-hype-why-you-need-a-platform-first.yml","en-us/the-source/platform/beyond-the-portal-hype-why-you-need-a-platform-first.yml","en-us/the-source/platform/beyond-the-portal-hype-why-you-need-a-platform-first",{"_path":559,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":560,"seo":562,"content":566,"type":522,"slug":590,"category":28,"_id":591,"_type":30,"title":563,"_source":31,"_file":592,"_stem":593,"_extension":34,"date":567,"description":564,"timeToRead":568,"heroImage":565,"keyTakeaways":569,"articleBody":573,"faq":574},"/en-us/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates",{"layout":5,"template":524,"author":525,"featured":119,"sourceCTA":561,"isHighlighted":6,"authorName":488},"source-lp-devsecops-the-key-to-modern-security-resilience",{"title":563,"description":564,"ogImage":565},"Transform your platform onboarding for higher adoption rates","Redesign your platform onboarding to boost adoption, reduce friction, and create seamless experiences for development teams.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463510/hm90bhwzptl1b2gwovhx.png",{"title":563,"date":567,"description":564,"timeToRead":568,"heroImage":565,"keyTakeaways":569,"articleBody":573,"faq":574},"2025-07-01","4 min read",[570,571,572],"A weak onboarding experience can significantly impact platform adoption, with research showing that one-third of users consider abandoning platforms after poor experiences.","Simple improvements like creating an intuitive landing page, writing clear documentation, and automating access processes can dramatically increase user adoption and satisfaction.","Building effective support systems across multiple channels (chat, email, ticketing) creates trust and ensures users can quickly overcome obstacles during their onboarding journey.","In my work with platform teams across industries, from startups to enterprises, I’ve noticed a consistent blind spot: the onboarding experience. While teams focus intensely on building robust features, they often neglect how new users first encounter their platform - and this oversight can severely limit adoption.\n\nAccording to the [diffusion of innovations theory](https://en.wikipedia.org/wiki/Diffusion_of_innovations), most platforms achieve about 16% adoption before stagnating. That's because innovators and early adopters - representing about 16% of an organization - are often willing to tolerate rough edges, motivated by novelty or vision. The early majority, comprising 34%, is key to going mainstream. They prioritize proven reliability, a clear value proposition, and ease of use. This shift in expectations is the chasm where many platform teams stumble. Your early adopters might forgive a clunky onboarding process, but the early majority won’t.\n\n![Diffusion of Innovation](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752176125/Blog/k6kxdtokv4laph4exsdt.png)\n\n## Start with a memorable, future-proof name\nThe platform's name is likely the first part of the platform that users will engage with. Choose something unique within your organization that’s easy to spell and not tied to specific technologies.\n\nEffective platform names often:\n\n**Reflect your value proposition** rather than the underlying technology. For example, try a name such as “Runway” that reflects the value proposition of helping teams launch faster instead of something more literal like “K8sPipeline.”\n\n**Use simple, memorable words** that evoke the platform’s purpose. Can someone easily understand and spell it after hearing it once? Choosing something simple and easy to remember, such as “Beacon,” will likely serve you better than a unique or creative option such as “Syzygy.”\n\nAvoid these common pitfalls:\n- **Version numbers in names** signal previous failures and raise doubts about longevity.\n- **Generic three-letter acronyms** become instantly forgettable in a sea of other TLAs.\n- **Technology-based names** suggest you prioritize tools over user needs.\n\n## Develop a multi-channel communication strategy\nEffective platform adoption requires deliberate communication planning across multiple channels, from a product website that clearly articulates your platform’s value proposition to user-centric documentation and email updates. Your communication strategy should also include a reliable health dashboard that gives users visibility into known issues and their resolution status. Remember that in enterprise environments, how you communicate about your platform often matters as much as the platform itself. Invest in communication with the same care you invest in your technical infrastructure.\n\n> [Learn more about building a comprehensive communication framework for platform engineering](https://about.gitlab.com/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams/).\n\n## Simplify the access process\nTeams often spend months perfecting platform features while neglecting the most basic step: making it easy to access the platform.\n\nI’ve seen many examples of this at organizations of all sizes, across every industry. Common barriers include:\n\n**Manual onboarding processes** for supposedly self-service platforms. If you can’t fully automate the process, do your best to perform human-in-the-loop tasks asynchronously.\n\n**Time-consuming approval steps** or other barriers that delay initial exploration. One great solution to this is to offer immediate, temporary access to your platform for free for 30 days. This is long enough for someone to decide if your platform helps them and raise the necessary request to gain full access.\n\n**Mandatory training requirements** before users can begin. Training is valuable, but it should be required within a period of joining the platform rather than being a prerequisite.\n\n## Don’t neglect design and tone\nFirst impressions are largely visual. An outdated or inconsistent interface can deter users even if your functionality is excellent. Pay attention to branding, color schemes, and the tone of your messaging. These details might seem trivial, but they set the tone for user engagement.\n\nAim for clear, human communication rather than technical jargon. A user-friendly tone makes your platform more approachable to diverse stakeholders.\n\n## Build responsive support systems\nEven the best platforms need support, and nothing builds trust faster than responsive help when users encounter problems. Your primary goal during support interactions should be minimizing user frustration.\n\nCreate an effective support framework by leveraging multiple channels:\n- **Support tickets** provide accountability and integration with other systems.\n- **Email communication** works well for complex topics requiring clarity.\n- **Chat systems** enable real-time problem-solving when users are “in the flow.”\n\nBe present where your users are, even if that means monitoring multiple communication tools. Aim to answer chat queries within 30-60 minutes, and always follow up publicly so others can benefit from solutions.\n\n## The path to successful platform adoption\nOrganizations that prioritize user experience from day one gain significant advantages in adoption rates and user satisfaction. By creating intuitive onboarding processes, clear documentation, and responsive support systems, you transform the user journey from frustration to delight.\n\nRemember that your platform users are making a critical decision: whether your solution deserves their time and trust. A thoughtful onboarding experience tells them you value that investment - and dramatically increases your chances of widespread adoption.",[575,578,581,584,587],{"header":576,"content":577},"Why is platform onboarding so important to user adoption?","Poor onboarding experiences are a leading cause of stalled platform adoption. Research shows that one-third of users consider abandoning platforms after a frustrating first encounter. A thoughtful, streamlined onboarding process helps build trust and accelerates user engagement.",{"header":579,"content":580},"What are the most common onboarding mistakes platform teams make?","Teams often over-engineer platform features while neglecting usability basics. Common mistakes include clunky access processes, mandatory training before usage, poor visual design, inconsistent messaging, and weak support channels, all of which discourage adoption.",{"header":582,"content":583},"How can platform teams improve onboarding access without sacrificing control?","Offer temporary, self-service access, such as a 30-day trial, to remove early friction. If full automation isn’t possible, use asynchronous human-in-the-loop onboarding and avoid approval-heavy workflows that delay initial exploration and testing.",{"header":585,"content":586},"What role does naming and communication play in platform success?","A clear, future-proof name and consistent multi-channel communication strategy help build platform recognition and trust. Names should reflect user value, not technology, while communication must include user-focused documentation, health dashboards, and regular updates.",{"header":588,"content":589},"How should platform support be structured during onboarding?","Support should be fast, responsive, and multi-modal. Use tickets for tracking, email for clarity, and chat for real-time help. Aim for quick response times and always share publicly resolved issues to benefit all users.","transform-your-platform-onboarding-for-higher-adoption-rates","content:en-us:the-source:platform:transform-your-platform-onboarding-for-higher-adoption-rates.yml","en-us/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates.yml","en-us/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates",{"_path":595,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"slug":596,"type":597,"category":28,"config":598,"seo":600,"content":604,"_id":611,"_type":30,"title":601,"_source":31,"_file":612,"_stem":613,"_extension":34,"description":602,"date":605,"heroImage":603,"keyTakeaways":606,"articleBody":610},"/en-us/the-source/platform/accelerate-embedded-development-in-software-defined-vehicles","accelerate-embedded-development-in-software-defined-vehicles","guide",{"layout":5,"template":524,"featured":6,"gatedAsset":599,"isHighlighted":6,"authorName":-1},"pf-accelerate-embedded-development-in-software-defined-vehicles",{"noIndex":6,"title":601,"ogTitle":601,"description":602,"ogDescription":602,"ogImage":603},"Accelerate embedded development in software-defined vehicles","Learn how DevSecOps transforms automotive embedded development. Reduce feedback cycles from weeks to hours while maintaining safety compliance.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1752239485/acehu4zl6nv8dntuafvx.png",{"title":601,"description":602,"date":605,"heroImage":603,"keyTakeaways":606,"articleBody":610},"2025-06-30T00:00:00.000Z",[607,608,609],"Modern automotive development faces unprecedented complexity with millions of lines of code across dozens of ECUs. Traditional approaches with weeks-long feedback cycles and manual processes cannot scale.","Leading manufacturers achieve dramatic improvements through DevSecOps: automated workflows reduce feedback from weeks to hours, integrated hardware testing eliminates bottlenecks, and compliance automation.","Real results include a reduction in feedback cycles from 4-6 weeks to 30 minutes, increased Linux build frequency, and simplified build systems.","The automotive industry is undergoing its most significant transformation since the assembly line. With the advent of electric vehicles (EVs) and software-defined vehicles (SDVs), software powers everything from advanced driver assistance to infotainment systems. However, the complexity of modern vehicles creates unprecedented development challenges that traditional approaches cannot address.\n\nToday's connected vehicles contain millions of lines of code across dozens of electronic control units. Autonomous vehicles push this complexity even further, requiring real-time processing, cybersecurity integration, and seamless coordination between hardware and software systems. Development teams struggle with feedback cycles measured in weeks, manual security testing processes, and disconnected compliance workflows that create bottlenecks and increase costs.\n\nForward-thinking automotive manufacturers are solving these challenges through comprehensive DevSecOps transformation. By integrating development, security, and operations into unified workflows, they're achieving remarkable results: feedback cycles reduced from weeks to hours, automated compliance with automotive cybersecurity standards, and development velocity that scales with business growth.\n\nThe transformation centers on end-to-end workflow automation that eliminates the inefficiencies of traditional embedded development. Instead of developers working in isolation with inconsistent build environments, leading companies implement automated pipelines that ensure consistency and reliability.\n\nCollaborative code review processes catch security vulnerabilities early when they're less expensive to fix — particularly critical for safety-critical vehicle security applications. And by codifying compliance requirements and enforcing them automatically through customizable frameworks, organizations can ensure compliance is built into the process rather than bolted on afterward.\n\nHardware testing integration represents another breakthrough. Unlike enterprise software, automotive embedded code must be tested on target hardware or accurate simulations. Innovative manufacturers are connecting cloud-based processors, virtual hardware simulators, and physical test benches directly to automated workflows. This eliminates manual scheduling bottlenecks and enables continuous testing, dramatically increasing utilization of expensive test hardware.\n\nThe results speak for themselves. With a comprehensive DevSecOps platform, one auto manufacturer is now able to process over 120,000 CI/CD jobs daily, supporting massive repositories while maintaining the rigorous security standards required for automotive industry applications.\n\nAs SDVs and EVs reshape the competitive landscape, software development capability becomes a strategic differentiator. Companies that successfully transform their embedded development practices through comprehensive DevSecOps approaches position themselves to lead in the software-defined future, while those that don't risk falling behind as the industry accelerates into its next chapter.\n\nDownload the complete guide to discover real-world implementations, detailed case studies, and proven strategies for transforming your automotive embedded development practices.","content:en-us:the-source:platform:accelerate-embedded-development-in-software-defined-vehicles.yml","en-us/the-source/platform/accelerate-embedded-development-in-software-defined-vehicles.yml","en-us/the-source/platform/accelerate-embedded-development-in-software-defined-vehicles",{"_path":615,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":616,"seo":617,"content":621,"type":522,"slug":644,"category":28,"_id":645,"_type":30,"title":618,"_source":31,"_file":646,"_stem":647,"_extension":34,"date":622,"description":619,"timeToRead":533,"heroImage":620,"keyTakeaways":623,"articleBody":627,"faq":628},"/en-us/the-source/platform/unlock-developer-potential-with-effective-platform-teams",{"layout":5,"template":524,"author":525,"featured":6,"sourceCTA":27,"isHighlighted":6,"authorName":488},{"title":618,"description":619,"ogImage":620},"Unlock developer potential with effective platform teams","Discover how successful platform teams drive innovation by focusing on collaboration and developer experience rather than just technology.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463569/go1j065dkmpxh5qiabh1.png",{"title":618,"date":622,"description":619,"timeToRead":533,"heroImage":620,"keyTakeaways":623,"articleBody":627,"faq":628},"2025-06-24",[624,625,626],"Platform teams thrive when they measure success through developer velocity and adoption rates, not by technical complexity or feature count—creating value by removing obstacles rather than adding layers.","Building strong feedback loops between platform teams and developers creates a virtuous cycle where platforms evolve based on real needs, fostering higher adoption and greater business impact.","The most successful platform teams focus on making the right way the easy way, reducing cognitive load for developers and allowing them to concentrate on building features that matter to customers.","Developers are drowning in complexity while delivery dates keep slipping. Everyone’s talking about platform teams as the solution, but if you build it, will they come? The harsh reality is that most platform initiatives fail not because of technology choices but because they miss what truly matters: genuine collaboration. The most powerful platforms aren’t technology stacks - they’re relationship accelerators that fundamentally change how teams work together.\n\n## What are platform teams and what do they do?\nThe [Team Topologies](https://www.amazon.co.uk/Team-Topologies-Organizing-Business-Technology/dp/1942788819) framework defined the four fundamental types of teams involved in software development:\n1. **Stream-aligned teams**, who focus on a single stream of work\n1. **Enabling teams**, who provide specialized skills and expertise to support stream-aligned teams\n1. **Complicated-subsystem teams**, who build and maintain backend systems that require specialist knowledge\n1. **Platform teams**, who enable stream-aligned teams to operate more quickly and autonomously.\n\nOf these, platform teams often get the most attention - and for good reason. When done right, they can transform how quickly an organization delivers software.\n\nPlatform teams make developers’ jobs easier by handling complex technical work for them. They give developers everything they need to build, test, and deploy applications without worrying about the underlying technology. Think of the platform team as a product team creating an internal product - and developers are their customers.\n\nA platform team’s core goal is simple: enable developers to deliver software faster by simplifying complexity. Rather than having each development team figure out how to set up monitoring, security controls, CI/CD pipelines, and cloud resources, the platform team creates [standardized, well-documented solutions that work seamlessly together](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/).\n\nBut here’s a nuance many leaders miss: The success of a platform team isn’t measured by the sophistication of its technology stack or the number of features it delivers - it’s measured by how effectively it enables other teams to deliver business value. Platform teams are defined by how they collaborate with the teams they serve.\n\nI’ve worked with organizations across industries, and the pattern is clear. When platform teams focus on reducing cognitive load for developers and creating self-service capabilities that feel effortless, everyone wins. The business delivers faster, developers stay focused on what matters, and customers get better products.\n\n## The restaurant model of platform excellence\nThink of a well-designed platform like a restaurant. The food might be excellent, but customers are unlikely to return if the service is slow, the staff is rude, and the environment lacks character.\n\nThe same applies to platform teams. The technology matters, but how it’s organized and presented to developers - the customers of the platform - matters just as much. Great platforms create an environment where software developers can focus on creating business value instead of wrestling with infrastructure concerns or reinventing workflows.\n\nJust as restaurant kitchens must evolve with changing culinary techniques and equipment, platform teams must continuously evolve their offerings to meet changing business requirements and development processes.\n\n## Three pillars of platform team success\n### Align priorities around outcomes\nThe most effective platform teams align their priorities with the outcomes developers need to achieve. This alignment isn’t always easy, especially when platform teams report through IT functions while development teams report through business units.\n\nBreaking this organizational pattern requires platform teams to focus on what developers truly need. The metrics that matter aren’t technical but outcome-based: How much faster can developers ship? How confidently can they release changes? Here are a few of the outcomes you should be measuring:\n\n- **Increasing adoption rates**: Teams choose your platform because it makes their lives easier\n- **Developer velocity**: Teams using your platform ship faster than those who don't\n- **Developer satisfaction**: Regular feedback shows developers enjoy using your platform\n- **Reduced support burden**: Support tickets decrease dramatically as developers can self-serve through well-designed interfaces and comprehensive documentation\n\nGreat platform leaders advocate upward to leadership about the direct connection between developer productivity and business outcomes, turning “developer experience” from a nice-to-have into a strategic imperative.\n\n### Build strong communication channels\nRemember, the platform is a product, and developers are the customers. This mindset shift changes everything.\n\nThe best platform teams create multiple channels for feedback:\n- Regular user research sessions\n- Developer experience surveys\n- “Office hours” where developers can get help\n- Champions programs that bring developer perspectives into platform planning\n\nEven the name matters. Teams with names like “Developer Enablement Platform” or “Developer Experience Team” send a clear signal about their purpose - they exist to serve developers, not to control them.\n\nDevelopers who feel heard and respected become collaborators rather than mere users. They bring insights that improve your platform because they know their needs will shape its evolution.\n\n> [Learn more about how to create a communication framework for platform engineering that increases adoption, builds trust, and shows value](https://about.gitlab.com/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams/).\n\n### Focus on developer delight\nDeveloper experience isn't just about reducing friction - it’s about creating delight. Think of your platform as a product that has to compete for mindshare. At one major media and telecommunications company I worked with, the platform team would theme their developer interfaces to celebrate key holidays and events throughout the year. These seasonal themes - whether for Halloween, major sporting events, or end-of-year celebrations - added no functional improvements yet consistently generated positive developer feedback. This simple touch demonstrated that the platform team cared about the human experience, not just the technical capabilities.\n\nThe best platforms don’t just build features; they craft experiences where:\n- Error messages guide rather than confuse\n- Documentation anticipates questions\n- Interfaces feel natural and intuitive\n- Common tasks require minimal cognitive load\n\nPlatform engineering excellence comes from making complex things appear simple. It’s not about building the most sophisticated system - it’s about hiding complexity so developers can focus on creating business value.\n\n## The path forward\nTeam Topologies provides a valuable framework for understanding how platform teams should function. But the real magic happens when you combine that framework with a relentless focus on the developer experience.\n\nMy advice for platform leaders:\n1. **Measure what matters**: Track developer velocity and platform adoption as your primary metrics.\n1. **Find champions**: Every feature should have a customer champion who helps shape it.\n1. **Make the right way the easy way**: Success comes when developers choose your platform because it's genuinely better than alternatives.\n\nThe most successful organizations I’ve worked with understand that platforms are collaborative ecosystems that succeed or fail based on human factors as much as technical ones.\n\nBy focusing on outcomes, communication, and experience, your platform team can become a force multiplier, transforming how your organization builds software.",[629,632,635,638,641],{"header":630,"content":631},"What is the main responsibility of a platform engineering team?","A platform engineering team's primary responsibility is to reduce complexity for developers by providing standardized tools, services, and workflows that enable faster, safer software delivery. Their role is to empower development teams, not control them.",{"header":633,"content":634},"How do successful platform teams measure their impact?","Impact is measured by developer outcomes, not technical features. Key metrics include adoption rates, developer velocity, satisfaction scores, and a reduced support burden. The best platforms help teams ship faster and more confidently.",{"header":636,"content":637},"Why is collaboration critical for platform engineering success?","Platforms succeed when built with developer input and feedback. Strong communication loops, including surveys, office hours, and developer champions, help ensure the platform evolves in response to real user needs, increasing adoption and trust.",{"header":639,"content":640},"What’s the “restaurant model” in platform engineering?","The restaurant model suggests that, like a good dining experience, a great platform needs more than good \"food\" (features). It also needs friendly service (support), clear signage (documentation), and a welcoming environment (developer experience).",{"header":642,"content":643},"How can platform teams boost developer engagement?","Beyond functionality, teams can create delight through intuitive interfaces, thoughtful error messaging, and even small cultural touches like themed dashboards. These elements show empathy and build stronger emotional connections with developers.","unlock-developer-potential-with-effective-platform-teams","content:en-us:the-source:platform:unlock-developer-potential-with-effective-platform-teams.yml","en-us/the-source/platform/unlock-developer-potential-with-effective-platform-teams.yml","en-us/the-source/platform/unlock-developer-potential-with-effective-platform-teams",{"_path":649,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":650,"seo":651,"content":656,"type":522,"slug":679,"category":28,"_id":680,"_type":30,"title":652,"_source":31,"_file":681,"_stem":682,"_extension":34,"date":657,"description":653,"timeToRead":533,"heroImage":654,"keyTakeaways":658,"articleBody":662,"faq":663},"/en-us/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams",{"layout":5,"template":524,"author":525,"featured":119,"sourceCTA":26,"isHighlighted":6,"authorName":488},{"title":652,"description":653,"ogImage":654,"config":655},"Building a communication strategy for platform engineering teams","Discover how to create a communication framework for platform engineering that increases adoption, builds trust, and shows value.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463500/aw80z4omecn1zduruwhi.png",{"ignoreTitleCharLimit":119},{"title":652,"date":657,"description":653,"timeToRead":533,"heroImage":654,"keyTakeaways":658,"articleBody":662,"faq":663},"2025-06-17",[659,660,661],"Effective communication is foundational to platform engineering success, directly impacting user adoption, satisfaction, and leadership support.","A multi-channel approach using product websites, blogs, health dashboards, documentation, emails, and chat platforms creates a comprehensive communication ecosystem.","Communication must be tailored to different audiences — from technical users needing implementation details to executives requiring value demonstrations.","Picture this: Your [platform engineering team](https://about.gitlab.com/the-source/platform/platform-engineering-its-about-culture-not-tools/) has spent months perfecting an internal solution that dramatically reduces deployment times and eliminates configuration errors. Yet three months after launch, adoption remains disappointingly low. The culprit? Not technical shortcomings but communication gaps.\n\nEven the most powerful internal developer platform will fail without effective communication. I consistently see technically sound platforms struggling with adoption because potential users don’t understand their value or how to use them.\n\nYour platform’s technical excellence means nothing if engineers don’t adopt it or leadership doesn’t fund its continuous improvement. Strategic communication bridges the gap between platform capability and business impact, transforming your technical innovation into measurable value that resonates with developers and executives.\n\n## Crafting effective rollout communications\nBefore diving into ongoing communication channels, we must address a crucial moment: your platform’s initial launch. Whether you’re communicating through email, Slack, or a real-time presentation, how you introduce your platform sets the foundation for adoption and engagement.\n\n**Start with the “why” behind your platform**. Engineers are naturally skeptical of new tools that appear to add complexity. Your communications should clearly explain how the platform reduces cognitive load, minimizes context switching, improves documentation access, and enables faster development cycles. Frame benefits as concrete improvements to daily workflows rather than abstract concepts. For example, highlight how automating environment setup can save each developer 5-7 hours weekly instead of simply claiming “increased productivity.”\n\n**Anticipate and address resistance points proactively**. Engineers often worry about how new platforms integrate with their preferred tools or disrupt established workflows. Your communications should acknowledge these concerns directly and explain integration capabilities, migration paths, and support options. Consider creating an FAQ document that addresses common objections before they arise. Being transparent about current limitations while sharing your roadmap builds credibility and sets appropriate expectations.\n\n**Recruit platform champions to amplify your message**. Identify respected technical colleagues who contributed to the platform’s development or successfully used early versions. Their authentic endorsements carry significantly more weight than official communications alone. Create opportunities for these champions to demonstrate the platform’s capabilities through lightning talks, recorded demos, or pair programming sessions. These peer-to-peer interactions allow potential users to see practical applications and ask candid questions in a low-pressure environment.\n\nOnce you’ve launched the platform, you’ll need to keep the communication with your users open. Let’s explore the five critical communication channels that should be part of every platform engineering team’s ongoing strategy.\n\n## The essential communication channels\n### Documentation\nGreat documentation - ideally in an editable wiki or intranet that everyone can contribute to - is transformative for platform adoption. It dramatically reduces support overhead and [accelerates user onboarding](https://about.gitlab.com/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates/). Intentionally recording your knowledge is one of the most selfless and positive changes you can make in a team.\n\nYour documentation needs to answer three questions concisely: What problem does your platform solve, what benefits can developers expect, and where can they find more information?\n\nEffective documentation puts users first, organizing information around their journey rather than system architecture. It should also include:\n- Straightforward \"Getting Started\" guides showing how easily basic use cases can be implemented\n- A comprehensive knowledge base for more complex scenarios\n- Clear examples and code snippets that users can adapt\n- Regular updates that keep pace with platform changes\n\nThe best documentation anticipates user questions rather than just documenting system capabilities.\n\n### Team blog\nConsider creating an internal blog for your platform engineering team where they can share ideas and solutions with the platform users. A dedicated blog space enables your team to share deeper context about your platform that wouldn’t fit in brief communications. Blog posts allow you to:\n- Provide technical deep dives with diagrams or videos\n- Give users insights into how your platform operates\n- Cultivate knowledgeable platform advocates\n- Build trust through transparency\n- Give team members practice with technical communication\n- Share success stories or interesting use cases for the platform\n\nBlog content helps users understand how to use your platform and why certain design decisions were made, making them more effective users and potential advocates.\n\n### Health dashboard\nWhen users encounter platform issues, nothing frustrates them more than silence. A health dashboard provides immediate visibility into known issues and their resolution status.\n\nAn effective dashboard serves multiple purposes in your communication strategy. First, it builds trust by acknowledging problems quickly rather than leaving users to wonder if issues will be addressed. During widespread outages, a dashboard significantly reduces duplicate support requests by providing a central source of truth about system status. Prospective users often review these dashboards to evaluate how reliably you operate before committing to your platform. Perhaps most importantly, a transparent health dashboard demonstrates your team’s commitment to openness and accountability, qualities that foster long-term trust with your user community.\n\nRemember that dashboards must be accurate to maintain credibility. A dashboard showing all green systems during a known outage will destroy user trust. Similarly, reported problems should always include resolution updates.\n\n### Email updates\nDespite inbox overload, email remains effective for periodic platform updates. Monthly newsletters help maintain awareness of your platform’s ongoing development and improvements.\n\nThese communications serve two purposes:\n- Informing users about new features, improvements, and upcoming changes\n- Demonstrating continuous momentum and investment in the platform\n\nRemember that most recipients will skim emails for just a few seconds. Make key points stand out with clear formatting, concise language, and visual hierarchy. The communication reinforces your team's active presence even if users don’t read every word.\n\n### Real-time messaging\nYour team should maintain a presence wherever your users naturally collaborate - which often means real-time chat platforms like Slack. Chat builds relationships with users through accessibility and responsiveness, creating a community around your platform. Here are a few golden rules teams can follow to ensure they’re building a good relationship with their users:\n\n**Respond to queries promptly**. Chat moves quickly. Teams should aim to respond to user questions within 30-60 minutes during business hours to maintain engagement and show users they’re valued. It’s not ideal if users are chatting in real time about your product and your team is nowhere to be found.\n\n**Present a consistent voice to users**. Think of your organization’s messaging systems as a “public” customer service channel. Maintain a separate “internal” channel where engineers can debate and discuss conflicting viewpoints. A user should never see two engineers debating with one another - they both lose credibility.\n\n**Document solutions publicly**. After resolving an inquiry, ensure that engineers update the channel with the outcome so other users can benefit from the knowledge.\n\n**Open support tickets for users**. Chat is great for quick questions, but more complicated requests should be tracked in issue management software. Instead of directing users to “open a ticket,” ensure your engineers can do this on behalf of the user.\n\n## Bringing it all together\n[Effective platform engineering](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) requires a holistic approach to communication that combines all these channels into a cohesive strategy. Each channel serves distinct purposes and reaches different segments of your audience.\n\nBy implementing this comprehensive framework, your platform team can build trust, demonstrate value, and drive adoption - ultimately ensuring that your technical capabilities translate into business impact.\n\nRemember that in enterprise environments, how you communicate about your platform often matters as much as the platform itself. Invest in communication with the same care you invest in your technical infrastructure.",[664,667,670,673,676],{"header":665,"content":666},"What role does communication play in successful platform engineering?","Communication is foundational to platform engineering success. Even the best technical platforms will fail if users don’t understand their value, know how to use them, or feel supported. Communication drives adoption, builds trust, and helps secure long-term investment.",{"header":668,"content":669},"Why do platform rollouts fail even when the tech is solid?","Rollouts often fail due to poor communication. If developers don’t see clear benefits, or if concerns around workflow disruption and tool integration aren't addressed, adoption stalls. Successful rollouts proactively explain value, anticipate objections, and include trusted advocates to build credibility.",{"header":671,"content":672},"What communication channels should every platform team use?","A strong communication strategy includes five core channels: detailed documentation, a team blog, a live platform health dashboard, periodic email updates, and real-time messaging on platforms like Slack. Each channel supports different user needs and helps ensure ongoing engagement.",{"header":674,"content":675},"How should platform teams communicate with technical vs. executive stakeholders?","Communication should be tailored to each audience. Developers need technical guidance and practical examples. Executives need clear demonstrations of platform impact, such as improved delivery speed or reduced support costs. One message rarely fits both groups.",{"header":677,"content":678},"What’s the benefit of having a health dashboard for your platform?","A transparent health dashboard builds trust by showing users what’s working and what’s not. It reduces support noise during issues, demonstrates accountability, and assures users that problems are known and being resolved.","building-a-communication-strategy-for-platform-engineering-teams","content:en-us:the-source:platform:building-a-communication-strategy-for-platform-engineering-teams.yml","en-us/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams.yml","en-us/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams",{"_path":684,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":685,"seo":686,"content":690,"type":522,"slug":717,"category":28,"_id":718,"_type":30,"title":687,"_source":31,"_file":719,"_stem":720,"_extension":34,"date":691,"description":688,"timeToRead":692,"heroImage":689,"keyTakeaways":693,"articleBody":697,"faq":698},"/en-us/the-source/platform/platform-engineering-its-about-culture-not-tools",{"layout":5,"template":524,"author":525,"featured":119,"sourceCTA":526,"isHighlighted":6,"authorName":488},{"title":687,"description":688,"ogImage":689},"Platform engineering: It’s about culture, not tools","Discover how platform engineering evolves beyond DevOps to foster collaboration across teams while balancing autonomy with governance.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463480/xeygsznqg7uo5cihn2oj.png",{"title":687,"date":691,"description":688,"timeToRead":692,"heroImage":689,"keyTakeaways":693,"articleBody":697,"faq":698},"2025-06-10","7 min read",[694,695,696],"Platform engineering is less about adding new tools and more about creating a collaborative approach that brings teams together with a product mindset focused on developer experience.","Successful platform teams prioritize empathy, treating internal developers as customers and making governance and security features rather than obstacles.","Measuring platform success requires balancing technical metrics with perception metrics, focusing on team-specific improvements rather than comparing teams against each other.","Over the past decade, we’ve seen significant changes in how development organizations structure their teams. Traditional operations teams gave way to Google’s Site Reliability Engineering (SRE) model, which aimed to modernize operations and better define interfaces with software developers. This was a move away from the “throw it over the wall” approach that often ended in blame contests when things went wrong.\n\n[DevOps](https://about.gitlab.com/topics/devops/) emerged as a slightly different approach to the same problem, bringing developers and operators into a single team focused on delivering business value. This model proved successful - bringing people together is always a good idea, and aligning them to business outcomes helped get features out the door faster.\n\nHowever, challenges emerged as organizations attempted to scale DevOps. Having developers and operators in every team became expensive. Teams also focused on local optimization, making their tools and processes efficient for their specific needs, sometimes at the expense of global organizational goals. Corporate policies, security requirements, and governance often got lost in the shuffle.\n\nEnter platform engineering: the next step in this evolution.\n\n## What is platform engineering?\n[Platform engineering](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) represents a balance between the structured interfaces of SRE and the collaborative spirit of DevOps. At its core, it involves creating a centralized platform team with a well-defined interface to decrease developers' cognitive load, approaching internal tooling as a product rather than a service.\n\nThe product mindset is central to platform engineering. Platform teams build services for consumption, treating them as products and the developers as customers. This means:\n- Engaging with developers to understand their needs and pain points\n- Designing the platform based on user research and feedback\n- \"Marketing\" the platform’s value to increase adoption\n- Continuously improving based on usage metrics and customer satisfaction\n- Creating documentation and enablement materials that speak to developer needs\n\nUnlike traditional IT service models built around tickets and wait times, platform engineering teams build self-service capabilities that development teams want to use. Their Internal Developer Platforms provide \"golden paths\" with all essential components for building reliable, secure software so developers can focus on writing code. That translates into more efficient software delivery and faster time to market.\n\nA key difference from DevOps is that platform engineering [acknowledges how large organizations tend to be structured](https://about.gitlab.com/the-source/platform/unlock-developer-potential-with-effective-platform-teams/). Rather than trying to put operators on every team (which becomes expensive and creates inconsistency), it creates a specialized team that serves the broader organization - but with a product mindset rather than a service desk approach.\n\n## The human side of platform engineering\nThe secret to platform engineering success isn’t choosing the right technology stack - it’s rooted in empathy. Effective platform teams deeply understand what a day in the life of a developer, security engineer, or operations specialist looks like. They know the pressures these teams face, their performance metrics, and the challenges that frustrate them most.\n\nThis empathy leads to a core principle: **make the right thing the easiest thing**. We are all fundamentally drawn to the path of least resistance. If security scanning is painful and slow, developers will try to work around it. If deployment pipelines are cumbersome, teams will build their own.\n\nSecurity and compliance should be features of your business, not obstacles. This mindset shift changes everything. Think of it like car brakes - they aren’t there to slow you down; they’re there so you can confidently drive faster. You’d drive much more cautiously without good brakes or avoid driving altogether.\n\n> [Learn steps to take to transform your onboarding for higher platform adoption rates](https://about.gitlab.com/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates/).\n\n## Optimizing process through collaboration\nWhen I’m helping a platform team consider the process behind their platform, I like to look at their approval steps and ask, “When was the last time this approval step resulted in a rejection?” I’m always blown away by how many approval steps never result in a rejection. This is a clear sign of a process that’s not adding value.\n\nSo, how can organizations start to critically examine existing development processes with an eye toward optimization?\n\nOne of the most powerful tools in platform engineering isn’t a tool at all - it’s a workshop. Path to Production (or [value stream](https://about.gitlab.com/the-source/platform/optimize-value-stream-efficiency-to-do-more-with-less-faster/)) workshops bring together everyone involved in releasing software, from developers and security specialists to compliance and product teams.\n\nThe format is simple: Get representatives from each team in a room with sticky notes and an empty wall. Chart out exactly what happens to go from an idea to production code. Understand what each team does, how handoffs work, and how long each step takes.\n\nFor many organizations, this might be the first time these teams have all been in the same room discussing how they work together. Good things happen when people come together - this time helps everyone understand functional requirements and emotional pain points in the process.\n\nThis collaborative approach should extend to your platform team’s day-to-day work. Successful platform teams regularly engage with finance to help them understand technology investments. They build relationships with security teams to automate compliance rather than block progress and create feedback loops with platform users to continually improve the platform based on real needs.\n\n> [Learn how to build an effective communication strategy for platform engineering teams](https://about.gitlab.com/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams/).\n\n## Measuring success beyond adoption rates\nFor most organizations, one of the top priorities of a platform engineering initiative is improving developer experience. However, developer experience is subjective, so how can organizations measure the success of their platform teams? Adoption rates are a good start, but you’ll need to dig deeper to get a complete picture.\n\nGood metrics should be:\n1. Tied to business outcomes, not just technical capabilities\n1. Small in number but broad in what they measure\n1. Used to understand trends within teams, not compare across teams\n1. Clear about why they’re being measured\n\nOrganizations often jump straight to [frameworks like DORA](https://about.gitlab.com/the-source/ai/dora-insights-where-is-ai-really-driving-developer-productivity/) when measuring platform engineering success. DORA is a great place to start because it boils everything down to four metrics: deployment frequency, lead time for changes, change failure rate, and time to restore service. However, one thing to be mindful of when using DORA metrics is to avoid comparing metrics across teams. For any metric to be useful, you need to consider it in the context of a specific team with specific goals. For example, deploying many times a day might be great for a web application, but less desirable for a complex backend finance tool.\n\nMore importantly, metrics should always be used to measure teams' performance, not individuals’ performance. The very act of recording metrics will change behavior. Software engineers are problem solvers by nature - if you measure their performance based solely on deployment frequency, they’ll find ways to deploy more frequently, whether or not that’s beneficial to the organization.\n\nAlso, keep in mind that perception matters as much as reality. A deployment process might only take 15 minutes, but developers will perceive it as slow if it feels painful and frustrating. User interfaces that are unresponsive, require duplicate data entry, or demand unnecessary approvals create a perception of friction even if the actual time impact is minimal, so a high-performing platform team should always be looking for ways to understand whether they need to change the speed of the system or change the perception of the system.\n\n> [Read more about how to unlock developer potential with effective platform teams](https://about.gitlab.com/the-source/platform/unlock-developer-potential-with-effective-platform-teams/).\n\n## A cultural shift, not just a technical one\nPlatform engineering represents an evolution of DevOps that acknowledges both the value of bringing people together and the reality of how large organizations operate. However, its greatest potential lies not in its technical approach but in its cultural impact.\n\nBy fostering collaboration across teams, treating developers as customers, and making security and governance features rather than obstacles, platform engineering helps organizations deliver better software faster - not by adding new tools, but by helping people work better together.\n\nThe most successful platform teams understand they’re building bridges, not just tools. They focus on making the right thing the easiest thing, balancing developer autonomy with organizational governance, and measuring success in ways that drive positive behavior.\n\nAs you evaluate your organization’s approach to internal platforms, ask what technologies you’re using and how you’re bringing people together around them. That’s where the true power of platform engineering lies.",[699,702,705,708,711,714],{"header":700,"content":701},"What is platform engineering and how is it different from DevOps?","Platform engineering focuses on creating centralized, self-service platforms that treat internal developers as customers. Unlike traditional DevOps, which often embeds operators into each team, platform engineering balances autonomy and governance by scaling enablement through productized tooling.",{"header":703,"content":704},"Why is empathy important in platform engineering?","Empathy helps platform teams understand the real needs and frustrations of their users — developers, security engineers, and others. This perspective enables the team to create platforms that reduce friction, support team goals, and encourage adoption.",{"header":706,"content":707},"How does platform engineering improve developer experience?","By reducing cognitive load through golden paths, self-service interfaces, and better documentation, platform engineering makes secure, compliant workflows easier to follow. This improves developer satisfaction and enables faster software delivery.",{"header":709,"content":710},"How should platform engineering teams measure success?","While adoption rates are useful, success is best measured by a combination of business-aligned metrics, user perception, and trend analysis within teams. Frameworks like DORA can help, but should be used thoughtfully and not for team-to-team comparison.",{"header":712,"content":713},"What role do workshops play in platform engineering?","Workshops like “Path to Production” help break down silos by bringing together all stakeholders involved in software delivery. These collaborative sessions identify inefficiencies, improve handoffs, and foster shared ownership of platform improvements.",{"header":715,"content":716},"Why is platform engineering described as a cultural shift?","It goes beyond tooling by changing how teams collaborate. Platform engineering encourages cross-functional empathy, values governance as a feature (not a blocker), and builds systems that prioritize ease-of-use and shared responsibility across the organization.","platform-engineering-its-about-culture-not-tools","content:en-us:the-source:platform:platform-engineering-its-about-culture-not-tools.yml","en-us/the-source/platform/platform-engineering-its-about-culture-not-tools.yml","en-us/the-source/platform/platform-engineering-its-about-culture-not-tools",{"_path":722,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":723,"seo":725,"content":729,"type":597,"slug":736,"category":28,"_id":737,"_type":30,"title":726,"_source":31,"_file":738,"_stem":739,"_extension":34,"date":730,"description":727,"heroImage":728,"keyTakeaways":731,"articleBody":735},"/en-us/the-source/platform/transform-automotive-devops-secure-fast-future-ready",{"layout":5,"template":524,"featured":6,"gatedAsset":724,"isHighlighted":6,"authorName":-1},"pf-transform-automotive-devops-secure-fast-future-ready",{"title":726,"description":727,"ogImage":728},"Transform automotive DevOps: Secure, fast, future-ready","Discover how embedded DevOps practices are reshaping automotive software development, enabling faster delivery cycles with integrated security.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463713/gelqfjmbdqaschyh5ban.png",{"title":726,"date":730,"description":727,"heroImage":728,"keyTakeaways":731,"articleBody":735},"2025-06-04",[732,733,734],"The automotive industry is undergoing massive transformation, creating new imperatives for security integration throughout the software development lifecycle and requiring collaboration between development teams and security teams.","Implementing DevSecOps practices in automotive embedded systems accelerates development cycles while maintaining rigorous compliance with safety standards, enabling organizations to detect security vulnerabilities earlier in the development pipeline.","Shift-left security principles integrated with continuous integration help automotive manufacturers build robust security measures into the earliest stages of development, reducing costs and providing a competitive edge in the rapidly evolving market.","The automotive industry stands at a pivotal moment as software becomes the key differentiator in modern vehicles. With the software-defined vehicle market projected to reach $1.24 trillion by 2030, automotive companies face unprecedented pressure to modernize their embedded systems development practices while maintaining rigorous security standards.\n\nTraditional development approaches that worked for hardware-centric vehicles are inadequate for today’s complex software environments. Modern vehicles now contain 200-300 million lines of code - a staggering 30-fold increase from just a decade ago. This exponential growth creates complex security challenges that require fundamentally new approaches.\n\nEmbedded DevOps transforms how automotive teams develop, test, and deploy software by enabling collaboration across previously siloed functions. By integrating security considerations throughout the entire product lifecycle - from initial design through integration and beyond - manufacturers can identify potential vulnerabilities at every stage of development.\n\nDevSecOps bridges the gap between development and operations teams while embedding security into the development pipeline. This guide explains how automotive development teams can implement DevSecOps practices to accelerate innovation without compromising safety.\n\nFor automotive manufacturers, security issues discovered late in development can be catastrophically expensive and damage customer trust. Shifting security left in the development process allows teams to detect potential threats and security vulnerabilities when they're most cost-effective to fix, often saving millions in remediation costs while reducing time to market.\n\nThe DevSecOps approach replaces manual processes with automated security checks throughout the software development workflow. This automation enables automotive software developers to maintain high-quality, secure products while meeting accelerated development cycles demanded by today's market.\n\nLeading vehicle manufacturers are already seeing remarkable results with this approach. Jaguar Land Rover, for example, transformed their infotainment system development by implementing embedded DevOps practices, reducing feedback loops from 4-6 weeks to just 30 minutes - dramatically accelerating development velocity while enhancing their security posture.\n\nAs vehicles increasingly become software platforms on wheels, DevSecOps is an essential framework for future success. Organizations that modernize their development processes gain significant competitive advantages: faster delivery cycles, improved code quality, enhanced security integration, and greater team productivity.\n\nDownload the complete guide to discover how your organization can implement embedded DevOps practices that transform automotive software development while maintaining the highest security standards required for today's connected vehicles.","transform-automotive-devops-secure-fast-future-ready","content:en-us:the-source:platform:transform-automotive-devops-secure-fast-future-ready.yml","en-us/the-source/platform/transform-automotive-devops-secure-fast-future-ready.yml","en-us/the-source/platform/transform-automotive-devops-secure-fast-future-ready",{"_path":741,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":742,"seo":744,"content":749,"type":597,"slug":756,"category":28,"_id":757,"_type":30,"title":745,"_source":31,"_file":758,"_stem":759,"_extension":34,"date":750,"description":746,"heroImage":747,"keyTakeaways":751,"articleBody":755},"/en-us/the-source/platform/financial-services-firms-innovation-starts-with-your-toolchain",{"layout":5,"template":524,"featured":6,"gatedAsset":743,"isHighlighted":6,"authorName":-1},"pf-financial-services-firms-innovation-starts-with-your-toolchain",{"title":745,"description":746,"ogImage":747,"config":748},"Financial services firms: Innovation starts with your toolchain","Transform your software delivery lifecycle and accelerate time to market with a unified approach to DevOps processes.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463827/mdbof0hv3j6cf5rul4j0.jpg",{"ignoreTitleCharLimit":119},{"title":745,"date":750,"description":746,"heroImage":747,"keyTakeaways":751,"articleBody":755},"2025-05-20",[752,753,754],"Beyond licensing expenses, disjointed DevOps tools create significant operational overhead, with each tool upgrade causing up to 100 hours of developer downtime monthly and severely impacting deployment cycles.","Organizations implementing end-to-end DevOps processes report improved product quality, greater efficiency, lower costs, and more effective collaboration between development and operations teams.","Financial institutions struggle with developer retention when using fragmented systems, as technical talent spends up to 80% of their time maintaining toolchains rather than building valuable capabilities for customers.","For banks and financial institutions, digital innovation determines market leadership. Yet many organizations continue to rely on fragmented DevOps toolchains often consisting of more than 10 disconnected tools, each requiring separate maintenance, integration, and expertise.\n\nThis fragmentation creates significant challenges. When even minor updates occur, entire pipelines break, causing extensive downtime.  A leading digital financial services company came to us after they experienced 100 hours of developer downtime monthly due to toolchain integration issues, drastically slowing their software delivery and undermining their business objectives.\n\nBeyond the visible licensing costs, the true \"toolchain tax\" includes hidden expenses: integration effort, maintenance overhead, and, most critically, the opportunity cost of delayed innovation. In a financial services industry where speed defines competitive advantage, these delays directly impact business performance.\n\nThe consequences extend to talent retention. Today's top developers seek environments where they can create value, not maintain infrastructure. When technical talent discovers they'll spend 80% of their time managing toolchain complexity rather than building capabilities, they migrate to competitors who allow them to focus on innovative projects.\n\nThe path forward requires rethinking traditional approaches. While point solutions once seemed optimal, 99% of organizations now report advantages from integrated, end-to-end platforms. Modern unified DevOps platforms enable:\n- Streamlined software development lifecycle processes\n- Built-in security checks and compliance controls\n- Elimination of integration bottlenecks\n- Accelerated feedback loops\n- Reduction in manual processes\n\nFinancial services organizations face unique modernization challenges: maintaining stringent regulatory compliance, preserving customer trust, and attracting engineering talent - all while transforming legacy systems. Those who succeed see dramatic improvements in operational costs, talent retention, compliance risk management, and innovation capacity.\n\nThe transformation requires a methodical approach. Begin with a comprehensive assessment of your current DevOps toolchain, evaluate integration pain points, and analyze security gaps. Understand the benefits of a unified data model, standardized API framework, and end-to-end workflow automation. Then implement a phased migration strategy with clear success metrics focused on developer productivity, deployment frequency, security incident reduction, and cost savings.\n\nFor financial institutions ready to accelerate innovation while maintaining security and compliance standards, the time to act is now. Every day spent maintaining fragmented toolchains represents lost opportunity in an increasingly competitive landscape.\n\nGet our complete guide now to see how leading banks and financial institutions are transforming their software delivery practices and gaining measurable advantages.","financial-services-firms-innovation-starts-with-your-toolchain","content:en-us:the-source:platform:financial-services-firms-innovation-starts-with-your-toolchain.yml","en-us/the-source/platform/financial-services-firms-innovation-starts-with-your-toolchain.yml","en-us/the-source/platform/financial-services-firms-innovation-starts-with-your-toolchain",{"_path":761,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":762,"seo":764,"content":768,"type":522,"slug":795,"category":28,"_id":796,"_type":30,"title":765,"_source":31,"_file":797,"_stem":798,"_extension":34,"date":769,"description":766,"timeToRead":770,"heroImage":767,"keyTakeaways":771,"articleBody":775,"faq":776},"/en-us/the-source/platform/why-now-is-the-time-for-industrialized-software-development",{"layout":5,"template":524,"author":763,"featured":6,"sourceCTA":526,"isHighlighted":6,"authorName":483},"andre-michael-braun",{"title":765,"description":766,"ogImage":767},"Why now is the time for industrialized software development","Software needs to change: See how DevSecOps and AI are turning software creation from individual craft to organized manufacturing for better results.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463896/lkrvwaxgdy02shdda2uy.png",{"title":765,"date":769,"description":766,"timeToRead":770,"heroImage":767,"keyTakeaways":771,"articleBody":775,"faq":776},"2025-05-13","5 min read",[772,773,774],"While software has changed many industries, software creation itself is in many ways old-fashioned, with developers using a variety of different tools. This causes problems that cost companies billions and shows why we need standard methods.","Using DevSecOps and AI to industrialize software won’t replace developers. Instead, it will organize how software is made, making the process more productive — just like the Industrial Revolution did for making physical products.","Companies that adopt industrial software practices — using standard tools, simpler processes, and tracking all components — will get ahead. Those that don’t change may become outdated within ten years.","Recently, I received a letter from my car's manufacturer alerting me to a recall. They had discovered a defect caused by one of the parts they used and wanted to replace it.\n\nIt was easily fixed, and I might have forgotten all about it. But it’s precisely the banality of that recall that got me thinking about my field, which is software. Car manufacturers know exactly what they put into their cars and can notify every affected customer if they discover a problem.\n\nThis level of precision in manufacturing raises a key question for software: Why can it be challenging to trace and notify customers about issues within software components, regardless of their origin?\n\nTo understand the difference between software production and manufacturing, consider the lessons of the Industrial Revolution. In the late 1800s, factories with power tools and repeatable processes replaced the work of individual craftspeople. In the early 20th century, this revolution proceeded with the creation of the assembly line, the birth of industrial process engineering, and the systematic elimination of inefficiencies. Along with that came the ability to document and audit every step in the process.\n\nThen, in the late 20th and early 21st centuries, a [third revolution](https://www.insightpartners.com/ideas/the-next-industrial-revolution-how-software-is-shaping-the-future-of-production/) transformed businesses worldwide. Computers, particularly the code running on them, became one of the most significant factors affecting the production and distribution of goods. Software “ate the world,” to use [Marc Andreessen's words](https://a16z.com/why-software-is-eating-the-world/).\n\nJust compare the first [Vorwerk mixer](https://www.facebook.com/thermomixusa/photos/tbt-to-1961-when-the-vkm5-debuted-here-in-a-beautiful-vintage-advertisement-this/1912837678932485/?_rdr) from 1961, which had a single control dial, with the equivalent model today, which has a Wi-Fi connection, allows you to download recipes from the Internet, and can coach you through making those recipes.\n\nThe fact is, the vast majority of product innovations today come from software. Software rules how all products, not just digital ones, get distributed and purchased. Code is now at least as important as capital, labor, land, and knowledge - the classic production factors. It’s no exaggeration to say that modern industry would simply stop without software.\n\n## The software paradox\nDespite all the transformative changes that software has brought about in the last 50 years, the creation of software itself is still primarily done in pre-industrial ways by individual craftspeople [working with a wide variety of tools](https://about.gitlab.com/the-source/ai/devops-leaders-fix-this-productivity-blocker-before-adding-ai/).\n\nDevelopers, like craftspeople, have varying skill levels. The software “production line” is a tangled web of dependencies, resulting in brittleness and inefficiency. And the tools? Imagine Lego bricks, each with a unique and incompatible stud configuration. That’s the chaotic landscape we’re working in, creating unbelievable stress, costs, and confusion.\n\nThis environment fuels delays. A single bottleneck, like a developer’s absence or a team’s slow testing, can halt an entire project. Consider a major German bank’s digital transformation from 2016 to 2019. Its legacy systems required extensive security testing cycles of 3-4 months for each update, while competitors released updates every few days. This disparity in development speed cost the bank significant market share in digital banking.\n\nThese delays compound existing inefficiencies. For instance, according to [GitLab’s 2024 Global DevSecOps Report](https://about.gitlab.com/developer-survey/), 63% of developers report using six or more different tools, highlighting a widespread desire for toolchain consolidation.\n\nThe financial consequences of these inefficiencies are substantial. For example, a major car manufacturer shipped a new model before its software was completely ready. While early buyers received discounts, the company ultimately spent billions on a recall to upgrade the vehicles after the software was finalized.\n\n## It’s time to industrialize software production\nFortunately, the advent of artificial intelligence and DevSecOps (a combined approach to developing, securing, and operating software assets) is revolutionizing software production. This revolution won’t replace software developers, but it will [systematize software creation and make it far more productive and efficient](https://about.gitlab.com/the-source/ai/reducing-software-development-complexity-with-ai/), just as the Industrial Revolution did with the creation of physical goods.\n\nIn the same way manufacturers have standardized the tools, techniques, and workflows they use to create products, we now need to use DevSecOps to standardize the tools, techniques, and workflows we use to develop software.\n\nMany processes invented and optimized over a century of industry apply to modern, industrialized software development needs. Applying these principles will help us identify and remove inefficiencies, create streamlined processes, reduce dependencies, and boost developer productivity.\n\nIt will also give software creators greater end-to-end visibility into their product’s components, enhancing security for the entire software supply chain. Just as every manufacturer today has an audit trail for the parts that go into their product, tomorrow’s software developers can account for every component of their software products.\n\nWe can adapt lessons from predecessors' efforts to optimize industrial production to the new era of industrialized software development.\n\n> [Learn how software logistics enables operations teams to efficiently support developers and accelerate delivery](https://about.gitlab.com/the-source/platform/why-software-logistics-is-key-to-accelerating-innovation/).\n\n## Evolution vs. revolution\nWhile many business leaders talk about disruption, revolutions are challenging precisely because they are disruptive. Most companies prefer a more evolutionary approach, which gives employees time to adjust and lowers the risk of failure. However, evolution is slow.\n\nOur most successful customers aren’t merely evolving; they are fundamentally reshaping their software development and reaping significant returns in record time.\n\nJust as the Industrial Revolution transformed physical production, the 2020s will witness a seismic shift in software development. Companies that hesitate or resist this industrialization of software will face obsolescence within the decade. The stakes are high.\n\nBegin preparing for the transition today. Automate ruthlessly, rationalize your processes, and organize software production with the precision of a modern assembly line. Embracing this software revolution is the only way to safeguard your enterprise's future.",[777,780,783,786,789,792],{"header":778,"content":779},"What does “industrialized software development” mean?","Industrialized software development refers to systematizing how software is built, using standardized tools, processes, and automation, to increase efficiency, traceability, and quality, similar to how physical goods are manufactured in modern factories.",{"header":781,"content":782},"How does industrialized software development differ from traditional development?","Traditional development often relies on individual craftsmanship and disconnected tools. Industrialized development, in contrast, emphasizes consistency, automation, visibility, and end-to-end governance across the entire software supply chain.",{"header":784,"content":785},"Will industrializing software development replace developers?","No. This approach doesn’t replace developers, it empowers them. By automating repetitive tasks and enforcing standards, developers can focus on innovation and solving business problems instead of battling complexity or process bottlenecks.",{"header":787,"content":788},"Why is toolchain fragmentation a problem in software creation?","Fragmented toolchains create inefficiencies, increase risk, and make processes harder to audit or scale. They limit visibility across the software lifecycle, resulting in delays, duplicated effort, and missed vulnerabilities.",{"header":790,"content":791},"What role do DevSecOps and AI play in industrialized software?","DevSecOps and AI are foundational enablers. DevSecOps integrates development, security, and operations into one workflow. AI accelerates code creation, automates quality checks, and helps detect issues early, bringing predictability and speed to the process.",{"header":793,"content":794},"What’s the risk of not evolving toward industrialized software practices?","Companies that continue using fragmented, manual approaches risk falling behind. Inefficiencies, delayed updates, and insecure processes can lead to lost market share, higher costs, and even obsolescence in a competitive digital-first economy.","why-now-is-the-time-for-industrialized-software-development","content:en-us:the-source:platform:why-now-is-the-time-for-industrialized-software-development.yml","en-us/the-source/platform/why-now-is-the-time-for-industrialized-software-development.yml","en-us/the-source/platform/why-now-is-the-time-for-industrialized-software-development",{"_path":800,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":801,"seo":804,"content":808,"type":522,"slug":832,"category":28,"_id":833,"_type":30,"title":805,"_source":31,"_file":834,"_stem":835,"_extension":34,"date":809,"description":806,"timeToRead":810,"heroImage":807,"keyTakeaways":811,"articleBody":815,"faq":816},"/en-us/the-source/platform/the-hidden-risk-for-apac-financial-institutions",{"layout":5,"template":524,"author":802,"featured":6,"sourceCTA":803,"isHighlighted":6,"authorName":484},"andrew-haschka","source-lp-whats-next-in-devsecops-for-financial-services",{"title":805,"description":806,"ogImage":807},"The hidden risk for APAC financial institutions","APAC financial institutions face hidden threats from fragmented DevSecOps toolchains. Learn how consolidation strengthens security and innovation.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464004/j1b7xmzlq91xp1lqw1lw.png",{"title":805,"date":809,"description":806,"timeToRead":810,"heroImage":807,"keyTakeaways":811,"articleBody":815,"faq":816},"2025-04-17","3 min read",[812,813,814],"Asia-Pacific financial services institutions face higher cybersecurity risks than the global average. Their scattered security tools create blind spots, making it harder to follow the region’s complex regulations.","As financial services institutions adopt AI for security, they need unified data to spot threats. Current fragmented systems prevent AI from finding complex attacks or giving useful security alerts.","By combining security tools into one platform, institutions can see all threats, meet regulations across different countries, and create new products faster without weakening security.","**Your security may be compromised - not by hackers, but by your own fragmented DevOps toolchain.**\n\nFinancial services institutions across the Asia-Pacific region face a unique security puzzle. While institutions are investing in numerous security tools, many have inadvertently created architectures that undermine their security posture through fragmentation and disconnection. This fragmentation is particularly concerning given that cybersecurity investments in Asia-Pacific are failing to keep pace with the region's rapid economic and digital growth - [Asia-Pacific financial institutions are twice as vulnerable to cyberattacks as the global average](https://economictimes.indiatimes.com/industry/banking/finance/low-investments-in-cybersecurity-expose-financial-sector-to-threats-experts/articleshow/118428695.cms?from=mdr#:~:text=Cyberattack%20vulnerability%20in%20Asia,need%20for%20robust%20cybersecurity%20measures). And as organizations rapidly adopt AI and new technologies, these already fragmented systems become even more vulnerable.\n\nI consistently hear from CISOs across Asia-Pacific's financial sector a growing concern about their ability to maintain security visibility as their delivery pipelines accelerate. They're struggling with a fundamental contradiction - they need to innovate faster while simultaneously strengthening security controls, and their fragmented toolchains are making both objectives harder to achieve.\n\nThe uniquely complex regulatory landscape of Asia-Pacific magnifies this risk exponentially. CISOs face the formidable challenge of navigating multiple jurisdiction-specific compliance frameworks - from [MAS TRM guidelines](https://www.mas.gov.sg/regulation/guidelines/technology-risk-management-guidelines#:~:text=The%20guidelines%20set%20out%20risk,Notice%20on%20TRM%20(481.8%20KB)) in Singapore and [HKMA requirements](https://www.hkma.gov.hk/eng/regulatory-resources/regulatory-guides/guidelines/) in Hong Kong to [APRA Prudential Standards](https://www.apra.gov.au/) (especially [CPS 234](https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf)) in Australia and [FSA regulations](https://www.fsa.go.jp/en/laws_regulations/index.html) in Japan. This regulatory landscape often drives institutions to implement separate tools for each compliance domain, compounding an already dangerous technical fragmentation with regulatory complexity.\n\nThe most successful financial institutions adopt a platform approach. The organizations seeing the best results aren't just consolidating tools; they're fundamentally reimagining how security integrates across the entire software delivery lifecycle. When security shifts from a collection of point solutions to a consistent platform capability, security posture and delivery velocity improve dramatically.\n\n## Beyond tool sprawl\nFor industry CISOs, the challenge extends beyond mere tool sprawl. The rapid pace of digital transformation in this region has created security architectures that have evolved reactively rather than strategically. This has resulted in critical visibility gaps between tools, inconsistent policy enforcement, and challenges in maintaining comprehensive security governance.\n\nWhen security tools don't communicate effectively with each other, vulnerabilities can slip through the cracks. In Asia-Pacific's intensely regulated financial environment, these gaps represent regulatory, economic, and reputational risks that can devastate even the most established banks.\n\n## AI adoption and security integration challenges\nAsia-Pacific financial institutions are increasingly adopting AI for security and fraud detection, with [Singapore](https://www.legalbusinessonline.com/features/singapore-leads-principles-based-approach-ai-financial-services) and [China](https://www.sas.com/en_sg/news/press-releases/2024/october/data-and-ai-pulse-asia-pacific.html) emerging as innovation leaders. However, this technological advancement has exposed a fundamental incompatibility: [Fragmented DevSecOps toolchains](https://about.gitlab.com/the-source/ai/overcome-ai-sprawl-with-a-value-stream-management-approach/) cannot effectively support modern AI-driven security approaches.\n\nAI systems require consolidated, normalized data to detect patterns and anomalies effectively. When security information remains siloed across disparate tools, AI systems cannot identify sophisticated threat patterns or deliver actionable security intelligence. This limitation becomes increasingly problematic as threats grow in sophistication and volume across the region.\n\n## Why consolidation is key\nFinancial institutions across the Asia-Pacific region are beginning to recognize that toolchain consolidation is non-negotiable regarding security. By unifying their DevSecOps infrastructure into a cohesive platform, banks can achieve:\n- Comprehensive visibility that satisfies diverse regional regulatory requirements\n- Consistent security governance across all Asia-Pacific operations\n- Streamlined compliance reporting for multiple jurisdictions\n- Enhanced ability to detect region-specific threats through consolidated analysis\n\nMost importantly, this consolidation enables banks and financial institutions to [accelerate innovation while strengthening their security posture](https://about.gitlab.com/the-source/platform/3-steps-to-modernizing-software-delivery-in-financial-services/), turning what was once a painful tradeoff into a competitive advantage.\n\n## Transform your DevSecOps strategy or fall behind\nAs Asia-Pacific financial institutions push for innovation leadership, an uncomfortable truth emerges: your DevSecOps toolchain may significantly threaten security and innovation velocity.\n\nForward-thinking CISOs at financial institutions are addressing this challenge through strategic consolidation and unified security governance. By transforming fragmented toolchains into cohesive platforms, these security leaders are reducing complexity and fundamentally strengthening their security posture while enabling their institutions to innovate at the pace the competitive Asia-Pacific market demands.\n\nThe era of disconnected, tool-by-tool security is over. Those who fail to consolidate will find themselves more vulnerable to threats and increasingly unable to compete in a marketplace where integrated security has become the price of admission.\n\nBy consolidating their toolchains on a [unified DevSecOps platform](https://about.gitlab.com/solutions/finance/), these organizations reduce security risk while accelerating innovation cycles, creating the operational resilience and delivery efficiency that defines leadership in Asia-Pacific's competitive financial marketplace. If you’re attending [CISO FSI Singapore](https://ciso-fsi-sg.coriniumintelligence.com/agenda), I invite you to join my colleague Josh Carroll to explore practical strategies for unifying security governance across your entire software delivery lifecycle. We look forward to discussing how leading financial organizations are turning unified DevSecOps into measurable business outcomes in today’s challenging market.",[817,820,823,826,829],{"header":818,"content":819},"Why are APAC financial institutions at higher risk from fragmented toolchains?","Due to rapid digital growth and complex regulatory requirements across the region, many institutions have adopted disconnected security tools. This fragmentation leads to visibility gaps and inconsistent enforcement, weakening overall security posture.",{"header":821,"content":822},"What challenges does AI adoption face in fragmented DevSecOps environments?","AI systems require centralized, consistent data to detect security threats effectively. Fragmented toolchains prevent AI from accessing the full context it needs, limiting its ability to identify complex attack patterns and deliver actionable insights.",{"header":824,"content":825},"How can consolidating DevSecOps tools improve both security and innovation?","Unifying tools into a single platform provides end-to-end visibility, consistent governance, and faster compliance across jurisdictions. This reduces security risks while enabling teams to innovate quickly without compromising safety.",{"header":827,"content":828},"What is the business impact of not consolidating security tools?","Organizations with fragmented toolchains risk falling behind in both innovation and regulatory readiness. They face higher exposure to breaches, slower product delivery, and mounting inefficiencies that ultimately hinder competitiveness in the region.",{"header":830,"content":831},"What steps can APAC institutions take to consolidate their toolchains effectively?","Adopting a platform-based DevSecOps model is key. This involves integrating code, testing, security, and compliance functions into a unified system, reducing complexity, improving risk visibility, and enhancing operational resilience across all markets.","the-hidden-risk-for-apac-financial-institutions","content:en-us:the-source:platform:the-hidden-risk-for-apac-financial-institutions.yml","en-us/the-source/platform/the-hidden-risk-for-apac-financial-institutions.yml","en-us/the-source/platform/the-hidden-risk-for-apac-financial-institutions",{"_path":837,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":838,"seo":840,"content":844,"type":522,"slug":870,"category":28,"_id":871,"_type":30,"title":841,"_source":31,"_file":872,"_stem":873,"_extension":34,"date":845,"description":842,"timeToRead":568,"heroImage":843,"keyTakeaways":846,"articleBody":850,"faq":851},"/en-us/the-source/platform/why-software-logistics-is-key-to-accelerating-innovation",{"layout":5,"template":524,"author":839,"featured":119,"sourceCTA":27,"isHighlighted":6,"authorName":507},"lee-faus",{"title":841,"description":842,"ogImage":843},"Why software logistics is key to accelerating innovation","Transform deployment processes with software logistics, enabling your operations team to efficiently support developers and accelerate delivery.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463545/nomdlhvlawqmncg0g1p8.png",{"title":841,"date":845,"description":842,"timeToRead":568,"heroImage":843,"keyTakeaways":846,"articleBody":850,"faq":851},"2025-04-15",[847,848,849],"Software logistics focuses on what happens after code is packaged — provisioning, deployment, configuration, monitoring, and maintenance — optimizing the crucial second half of the software supply chain.","With typically only 1% of technical staff in operations roles, organizations need a “logistics mindset” to automate deployment processes and create better developer experiences.","Implementing a platform-as-a-product approach to software logistics enables standardization while maintaining flexibility, reducing security risks and accelerating deployment cycles.","Software isn’t just powering your business - it is your business. However, while organizations invest heavily in development capabilities, they often overlook a critical component: software logistics.\n\nSoftware logistics encompasses everything that happens after code is packaged for delivery: provisioning, deployment, configuration, monitoring, and maintenance. Think of it as the crucial second half of the software supply chain, where even the most brilliantly engineered solutions can falter without proper execution.\n\nThe challenge is clear: For every 100 developers in your organization, statistics show you likely have just one operations person. Those resources typically focus on network engineering, database administration, platform engineering, and site reliability. As generative AI is poised to dramatically increase the amount of code developers produce, this creates an unsustainable bottleneck in your software delivery execution.\n\n## Why traditional approaches fall short\n**Traditional approaches to this imbalance typically fall into two categories: overburdening operations teams or forcing developers to become operations experts. Neither works well.**\n\nWhen operations teams become overwhelmed, they create restrictive processes that slow down delivery. When developers are forced to handle operations, they spend less time on their core strength - solving business problems through code. Our [research shows](https://about.gitlab.com/developer-survey/2024/ai/) developers typically spend only 21% of their time writing new code, with the rest consumed by meetings, maintenance, and administrative tasks.\n\nThis inefficiency is frustrating and expensive. Every day, your innovations sit waiting for deployment, which is lost business value.\n\n## The premium delivery model for software\nWhat if you could bring guaranteed reliability and predictability to your software delivery? That’s the promise of effective software logistics.\n\nJust as modern logistics companies revolutionized retail by streamlining the supply chain - getting products from warehouses to customers efficiently - organizations must move software from package registries to production environments smoothly.\n\nMore and more organizations are investing in [platform engineering](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) to accelerate software development by standardizing best practices and components for development teams. However, if your platform engineering initiatives are focused only on developer experience, you’re missing a critical piece of the puzzle. While improving developer experience is important, efficiency gains in code creation are meaningless if your organization lacks the operational maturity to deploy, configure, monitor, and maintain that code effectively.\n\nThat’s where software logistics comes in: ensuring that increased code velocity translates to actual business value rather than creating deployment bottlenecks or operational chaos.\n\n## The competitive advantage of software logistics\nAn effective software logistics strategy offers several key advantages:\n- **Accelerated delivery cycles**: Reduce the time from code completion to production deployment from weeks to days or even hours.\n- **Enhanced security posture**: Build security into development pipelines rather than treating it as a final gate, reducing vulnerabilities while maintaining velocity.\n- **Improved operational efficiency**: Enable your limited operations staff to support more developers through automation and self-service capabilities.\n- **Better resource utilization**: Focus your expensive development talent on creating business value rather than wrestling with deployment complexities.\n\n## Optimizing for effective software logistics\nIn conversations with technical leaders at organizations of all sizes, I’ve observed several consistent patterns that distinguish successful software logistics implementations. Here are three steps you can take to optimize your software logistics:\n\n### Build an enterprise application delivery framework\nModern software delivery requires sophisticated orchestration across diverse environments, deployment strategies, and operational concerns. An effective framework should include aspects such as **release orchestration** to coordinate the deployment of interdependent services across environments; **progressive delivery strategies** such as canary releases and feature flags that allow controlled rollouts with automated verification; and **provisioning automation** that creates the underlying infrastructure through policy-controlled interfaces while enforcing security guardrails and compliance requirements. By generating attestations at each stage, this framework creates a verifiable record of the entire delivery process and enables real-time risk assessment and compliance validation.\n\n### Adopt a platform with a unified data store\nTop-performing organizations need comprehensive metrics across their entire delivery pipeline, from code commit to production performance. You can’t manage what you don't measure - and the best teams measure everything from development velocity to operational stability to security posture. A unified data fabric serves as the nervous system for effective software logistics, connecting previously siloed information across the entire software delivery lifecycle and enabling intelligent decision-making and automation.\n\n### Boost developer autonomy through golden pipelines\nIntuitive interfaces that allow developers to initiate deployments without understanding underlying complexity, with appropriate guardrails built in, reduce the burden on operations teams while accelerating delivery cycles. As one platform engineering leader told me, “Our job is to make the platform so easy to use that teams can run themselves.”\n\n## Software logistics: The competitive differentiator for digital-first organizations\nAs competitive pressures accelerate, the ability to efficiently move software from testing to production becomes a critical competitive differentiator. Adopting a software logistics mindset can help your limited operations staff effectively support your development organization, accelerating innovation while maintaining security and reliability.",[852,855,858,861,864,867],{"header":853,"content":854},"What is software logistics in the context of software development?","Software logistics refers to the processes that occur after code is packaged, including provisioning, deployment, configuration, monitoring, and maintenance. It represents the second half of the software supply chain, ensuring reliable, secure, and efficient delivery to production.",{"header":856,"content":857},"Why is software logistics becoming more important now?","As generative AI accelerates the rate of code creation, organizations face growing pressure to deploy and maintain this code efficiently. With limited operations resources, effective software logistics is essential to prevent bottlenecks and turn development speed into business value.",{"header":859,"content":860},"How does poor software logistics affect delivery cycles?","Without optimized logistics, organizations experience deployment delays, inconsistent operations, and over-reliance on either stretched operations teams or developers doing ops work. This undermines innovation velocity and increases operational risk.",{"header":862,"content":863},"What role do “golden pipelines” play in software logistics?","Golden pipelines offer pre-configured, automated deployment workflows that developers can use independently. These pipelines enhance developer autonomy while embedding security and compliance guardrails, reducing reliance on operations teams.",{"header":865,"content":866},"How can a unified data store improve software logistics?","A unified data store connects metrics across the software delivery lifecycle, from code commit to production. This enables real-time insights, performance tracking, and automation, allowing organizations to manage delivery risk and optimize outcomes.",{"header":868,"content":869},"Why should platform engineering include a logistics focus?","While many platform engineering efforts focus on improving developer experience, the logistics side ensures that increased coding velocity translates into actual deployment efficiency. Without logistics capabilities, development speed does not equal business agility.","why-software-logistics-is-key-to-accelerating-innovation","content:en-us:the-source:platform:why-software-logistics-is-key-to-accelerating-innovation.yml","en-us/the-source/platform/why-software-logistics-is-key-to-accelerating-innovation.yml","en-us/the-source/platform/why-software-logistics-is-key-to-accelerating-innovation",{"_path":875,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":876,"seo":878,"content":883,"type":522,"slug":909,"category":28,"_id":910,"_type":30,"title":879,"_source":31,"_file":911,"_stem":912,"_extension":34,"date":884,"description":880,"timeToRead":770,"heroImage":881,"keyTakeaways":885,"articleBody":889,"faq":890},"/en-us/the-source/platform/3-steps-to-modernizing-software-delivery-in-financial-services",{"layout":5,"template":524,"author":877,"featured":119,"sourceCTA":803,"isHighlighted":6,"authorName":495},"george-kichukov",{"title":879,"description":880,"ogImage":881,"config":882},"3 steps to modernizing software delivery in financial services","Discover why financial institutions must modernize their software delivery to maintain a competitive advantage in today’s rapidly evolving market.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464105/b0sltyrnkzt8yzgikqgl.jpg",{"ignoreTitleCharLimit":119},{"title":879,"date":884,"description":880,"timeToRead":770,"heroImage":881,"keyTakeaways":885,"articleBody":889,"faq":890},"2025-03-25",[886,887,888],"Traditional DevSecOps implementations in financial services face critical gaps that reduce speed and increase risk: manual governance, limited visibility, fragmented developer experience, and integration complexity.","Modern integrated platforms deliver measurable business impact and strategic advantages in the form of agility, efficiency, and talent retention.","Begin your DevSecOps transformation journey with three strategic steps: assess current capabilities, define the target architecture, and create an implementation roadmap to unlock innovation, security, and efficiency.","Through my 20 years of experience in financial services, most recently at Citi and now as Financial Services Field CTO at GitLab, I’ve gained a unique perspective on software delivery in the industry. My conversations with leaders at global financial services organizations reveal a consistent truth: software is a critical driver of competitive differentiation. However, mature software delivery practices and integrated developer experience are still an elusive goal.\n\nThis comes against the backdrop of rapid change in financial services, driven by intense competition from digital-first players who can deploy new features and products at remarkable speed. Meanwhile, many established organizations struggle with disconnected tools, manual processes, and poor developer experience - obstacles that organizations can no longer ignore.\n\nThe most forward-thinking financial institutions see software delivery - and DevSecOps - as a core business capability that directly affects their market position. However, to realize the full benefits of DevSecOps, organizations need to move from disconnected tools to integrated platforms that seamlessly unite teams and processes as customer demands evolve and digital transformation accelerates.\n\n## The implementation gap in financial services\nDespite significant investments in DevSecOps, I’ve observed a clear gap between promise and reality at many banks and financial services providers:\n- **Manual governance**: Security and compliance validation still involves significant manual processes, creating bottlenecks.\n- **Limited visibility**: Decision makers lack comprehensive insight into the software development lifecycle, making identifying constraints and optimizing processes difficult.\n- **Fragmented developer experience**: Developers must navigate a complex maze of disconnected tools that hamper productivity and innovation.\n- **Integration complexity**: DevSecOps implementations that rely on dozens of tools cobbled together with custom integrations result in less efficient development processes.\n\nThese challenges reflect the limitations of tools available when institutions began their DevSecOps journeys. The best way for organizations to catch up is to adopt a single DevSecOps platform, bringing built-in security, compliance controls, and end-to-end metrics into a unified developer experience.\n\n## The modern platform advantage\n[Modern DevSecOps platforms](https://about.gitlab.com/platform/) provide a comprehensive approach to software delivery that further advances traditional implementations. The core advantages can be seen in three critical areas:\n\n**Integrated security and compliance**: Unified platforms embed security directly into delivery infrastructure through automated policy enforcement. Teams benefit from [real-time vulnerability detection during development rather than after release](https://about.gitlab.com/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design/). Continuous compliance validation eliminates manual steps and helps to ensure supply chain security, reducing risk across the organization.\n\n**Unified developer experience**: Where developers once navigated disconnected tools, modern platforms provide consistent interfaces that [minimize context switching](https://about.gitlab.com/the-source/ai/devops-leaders-fix-this-productivity-blocker-before-adding-ai/). Self-service capabilities eliminate provisioning delays, while standardized workflows enforce best practices by default, improving quality and consistency.\n\n**Comprehensive operational intelligence**: End-to-end metrics connect technical activities to business outcomes, and predictive analytics identify potential issues before they impact customers. Modern platforms also automate compliance reporting - eliminating tedious manual documentation - and provide [value stream visualization](https://about.gitlab.com/the-source/platform/optimize-value-stream-efficiency-to-do-more-with-less-faster/) to help teams quickly identify and resolve bottlenecks.\n\n## The results: Measurable business impact\nFor financial services providers, the benefits of modernizing software delivery platforms extend far beyond technical improvements. According to [Forrester's Total Economic Impact study of GitLab Ultimate](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/), a composite organization representative of interviewed customers with experience using GitLab Ultimate achieved:\n- 483% ROI over three years\n- 50% more feature deliveries\n- 75% faster developer onboarding\n- 535 hours saved per developer annually\n\nBeyond operational metrics, modernization also creates strategic advantages, such as:\n- **Innovation velocity**: Financial institutions with modernized delivery platforms can [rapidly develop and launch](https://about.gitlab.com/customers/goldman-sachs/) customer-centric features, significantly reducing time-to-market and enabling personalized experiences.\n- **Talent retention**: Leading financial institutions report [47% higher retention rates for technical talent](https://www.mckinsey.com/~/media/mckinsey/industries/technology%20media%20and%20telecommunications/high%20tech/our%20insights/developer%20velocity%20how%20software%20excellence%20fuels%20business%20performance/developer-velocity-how-software-excellence-fuels-business-performance-v4.pdf?shouldIndex=false) after modernizing their delivery platforms.\n- **Regulatory agility**: Financial services institutions with modern delivery platforms [adapt to regulatory changes faster than those with legacy approaches](https://www.mckinsey.com/industries/financial-services/our-insights/unlocking-value-from-technology-in-banking-an-investor-lens), transforming compliance from a burden to a potential advantage.\n- **More efficient mergers and acquisitions**: Modern platforms reduce technology integration timelines, [significantly increasing the success rate of acquisitions and partnerships](https://www.deloitte.com/uk/en/services/financial-advisory/perspectives/realising-deal-value-through-digital-transformation.html).\n- **Geographic expansion**: Standardized delivery capabilities [enable faster adaptation of core digital services to local requirements without compromising global standards](https://aws.amazon.com/isv/resources/why-software-companies-must-prioritize-international-expansion/).\n\nEach of these outcomes directly contributes to shareholder value and competitive positioning.\n\n## Taking action: The path forward\nFor those setting the strategy, the path to modernizing software delivery requires strategic vision and pragmatic execution. Here are three steps you can take to begin your transformation journey:\n\n### Assess current state and build organizational alignment\nBegin with an objective assessment of your current delivery capabilities and develop a comprehensive vision for where you need to go:\n- Map existing tools and workflows across the entire software development lifecycle\n- Identify integration gaps and manual handoffs that create bottlenecks\n- Measure current performance using industry-standard metrics\n- Establish security and compliance requirements for automated enforcement\n\n### Define the target architecture\nDevelop a comprehensive vision for modern software delivery that addresses your specific needs:\n- Design a unified platform strategy that eliminates fragmentation\n- Establish security and compliance requirements for automated enforcement\n- Define role-based experiences for developers, operators, and business stakeholders\n- Create clear governance models that balance innovation with control\n- Set measurable performance targets aligned with business objectives\n- Establish executive sponsors and organizational alignment\n\n### Create an implementation roadmap\nBuild a pragmatic approach to transformation that delivers continuous value:\n- Identify high-impact areas for initial implementation\n- Design a phased approach with clear milestones\n- Develop evolution strategies for existing applications and workloads\n- Define success metrics for each phase\n- Create feedback mechanisms to refine the approach based on results\n\n## The natural evolution of your DevSecOps journey\nToday’s tools offer capabilities that simply didn’t exist five years ago, directly addressing the financial services sector’s most pressing challenges. Modern DevSecOps tools enable secure software releases while providing the agility to meet evolving market demands.\n\nSuccessful financial services firms approach this as an evolution of targeted enhancements that compound over time, building on existing foundations to unlock new possibilities for innovation, application security, and efficiency.\n\nThe next phase of your DevSecOps journey starts now.",[891,894,897,900,903,906],{"header":892,"content":893},"Why is modernizing software delivery essential for financial services organizations?","In a fast-evolving market, financial institutions must compete with digital-native companies that deploy updates rapidly. Modernizing software delivery allows traditional firms to accelerate product innovation, improve security, and enhance compliance agility, all of which are essential to maintaining a competitive edge.",{"header":895,"content":896},"What are the primary obstacles financial institutions face in DevSecOps adoption?","Common challenges include fragmented toolchains, manual compliance processes, limited visibility into development pipelines, and a disjointed developer experience. These issues slow down delivery cycles and reduce the impact of DevSecOps initiatives.",{"header":898,"content":899},"How does a unified DevSecOps platform improve the developer experience?","By replacing disconnected tools with an integrated platform, developers benefit from streamlined workflows, reduced context switching, and self-service capabilities. This improves productivity, fosters innovation, and contributes to better job satisfaction and retention.",{"header":901,"content":902},"Can modern DevSecOps platforms support regulatory compliance?","Yes. Automated compliance checks and real-time reporting allow institutions to embed policy enforcement into daily workflows. This transforms compliance from a reactive burden into a continuous, auditable process that aligns with regulatory expectations.",{"header":904,"content":905},"What kind of business impact can financial institutions expect from DevSecOps modernization?","Modernizing software delivery has measurable effects, including faster onboarding, greater development output, and higher ROI. Strategic advantages like increased innovation velocity, improved acquisition efficiency, and better global scalability also contribute to long-term value.",{"header":907,"content":908},"How should financial institutions begin the modernization journey?","The first step is to assess current software delivery capabilities and identify key pain points. From there, organizations can design a unified platform strategy and implement it in phases, focusing on continuous improvement and alignment with business goals.","3-steps-to-modernizing-software-delivery-in-financial-services","content:en-us:the-source:platform:3-steps-to-modernizing-software-delivery-in-financial-services.yml","en-us/the-source/platform/3-steps-to-modernizing-software-delivery-in-financial-services.yml","en-us/the-source/platform/3-steps-to-modernizing-software-delivery-in-financial-services",{"_path":914,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":915,"seo":917,"content":921,"type":522,"slug":950,"category":28,"_id":951,"_type":30,"title":918,"_source":31,"_file":952,"_stem":953,"_extension":34,"date":922,"description":919,"timeToRead":770,"heroImage":920,"keyTakeaways":923,"articleBody":927,"faq":928},"/en-us/the-source/platform/high-performing-development-teams-your-business-advantage",{"layout":5,"template":524,"author":916,"featured":6,"sourceCTA":27,"isHighlighted":6,"authorName":487},"brian-wald",{"title":918,"description":919,"ogImage":920},"High-performing development teams: Your business advantage","Building high-performance software development teams accelerates delivery, improves code quality, and drives innovation to meet key business objectives.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463980/zj2aimb3oznkxhkh9l2a.png",{"title":918,"date":922,"description":919,"timeToRead":770,"heroImage":920,"keyTakeaways":923,"articleBody":927,"faq":928},"2025-03-13",[924,925,926],"High-performing software engineering teams drive innovation by producing quality code while navigating complex organizational challenges, balancing priorities, and adapting to new technologies.","Teams with autonomy and ownership deliver more value faster, accelerating progress toward business objectives while fostering engagement that places them at the forefront of innovation.","Beyond creating software, these teams become models of excellence, spreading best practices that raise performance standards across the entire organization.","What’s the difference between organizations that consistently outpace competitors and those that struggle to keep up? The answer often lies not in their technology stack or market strategy, but in the caliber of their teams.\n\nHigh-performing teams are the driving force behind innovation and efficiency in any software organization. Their success comes from creating quality software while effectively working within complex company structures. They balance competing needs, adapt to changing technologies, and work well with the organization's diverse, often siloed parts.\n\nWhen given more responsibility and freedom, high-performing teams deliver better results in less time, helping the organization reach its goals faster. Increased ownership makes team members more engaged and motivated, often putting them at the front of innovation and leading the development of new features and products.\n\nThe benefits of these teams go beyond just the software they build. They serve as examples for other teams, sharing best practices and improving the organization’s overall performance.\n\n## Creating excellence in software teams\nThese teams don’t just happen by chance; they are built through careful planning, strong leadership, and a culture that values excellence. Engineering leaders can develop high-performing teams by following these essential strategies:\n\n### Identify your star performers\nTrack which development teams consistently exceed performance standards. Spend time with their leaders to learn how they’ve improved their processes. This also builds relationships with these teams, setting them up as examples for other teams.\n\n### Set clear, achievable team goals\nHigh-performing teams thrive when they have clear, achievable goals aligned with the organization’s vision. These goals should be specific, measurable, attainable, relevant, and time-bound.\n\n### Give teams decision-making power\nEmpowered teams are more flexible and adaptable. Give them control over decision-making processes that directly impact their work, such as choosing tools, designing workflows, and setting priorities. This creates a more effective development environment and significantly improves the overall developer experience.\n\n### Build psychological safety and accountability\nTrust is the foundation of any high-performing team, and honest communication is essential for creating a strong sense of trust among team members. Foster a culture where team members feel comfortable sharing ideas, providing feedback, and holding each other accountable. Regular team meetings and feedback sessions help teams reflect on their performance and find ways to improve.\n\n### Invest in continuous learning\nHigh-performing teams are always looking for ways to improve. Help team members develop their technical skills by providing access to ongoing training, certifications, and other learning resources. This creates valuable opportunities for team members to grow professionally, even for experienced developers who want to expand their skill sets.\n\n### Foster a collaborative environment\nCollaboration within and between teams is crucial for success. Project management tools and real-time communication platforms facilitate teamwork, document sharing, and project tracking. A collaborative environment brings together diverse perspectives to solve complex problems, fostering innovation through combining human creativity and modern technology. The most forward-thinking teams are now exploring how generative AI tools can enhance collaboration and [boost productivity in thoughtful, strategic ways](https://about.gitlab.com/the-source/ai/devops-leaders-fix-this-productivity-blocker-before-adding-ai/#-thoughtfully-incorporate-ai-into-workflows).\n\n### Recognize and reward excellence\nHigh-performing teams thrive in environments where their efforts are recognized. Establish a system for acknowledging achievements, both big and small. This could include formal recognition programs, performance bonuses, or simply public acknowledgment of a job well done. Recognizing excellence motivates teams and reinforces the behaviors and practices that lead to success.\n\n## Why high-performing teams are a strategic imperative\n[Research shows](https://about.gitlab.com/developer-survey/) that organizations that have taken steps to build high-performing software teams - such as by adopting a DevSecOps platform - see benefits ranging from faster developer onboarding to more streamlined vulnerability resolution. And all of that translates into a competitive advantage for the business.\n\nThe strategic value goes beyond immediate productivity gains. Cross-functional teams with diverse perspectives become innovation engines that solve complex problems, often identifying new market opportunities that more siloed approaches miss. Perhaps most compelling for the C-suite is the multiplier effect: when you invest in creating one high-performing engineering team, you establish a blueprint that scales as effective team practices become templates that elevate performance organization-wide.\n\nCompany culture that supports excellence and provides the right resources is the foundation upon which all high-performing software teams are built. When the entire team shares a common goal and has the autonomy to achieve it, remarkable results follow.",[929,932,935,938,941,944,947],{"header":930,"content":931},"What defines a high-performing software development team?","A high-performing development team consistently delivers quality software efficiently while adapting to complex organizational needs. These teams are characterized by strong collaboration, clear goals, empowered decision-making, continuous learning, and a shared commitment to improvement and accountability.",{"header":933,"content":934},"How do high-performing teams contribute to business growth?","These teams accelerate product delivery, improve code quality, and foster innovation, all of which directly impact time-to-market and customer satisfaction. Their ability to solve complex problems and drive continuous improvement gives organizations a competitive edge.",{"header":936,"content":937},"What role does team empowerment play in performance?","Empowering teams to make decisions about their tools, workflows, and priorities fosters autonomy and accountability. This leads to higher engagement, faster problem-solving, and more effective development cycles.",{"header":939,"content":940},"How can companies identify high-performing teams?","Organizations can track performance metrics and look for teams that consistently exceed expectations. Engaging with these teams provides insight into best practices that can be replicated across other teams to elevate organizational performance.",{"header":942,"content":943},"Why is psychological safety important for team success?","Psychological safety enables open communication, honest feedback, and shared learning. When team members feel safe to express ideas or raise concerns, it strengthens collaboration and drives innovation.",{"header":945,"content":946},"What is the connection between DevSecOps and high-performing teams?","DevSecOps platforms streamline workflows, automate security checks, and promote collaboration across development, security, and operations. This improves developer productivity and creates an environment conducive to high performance.",{"header":948,"content":949},"How can companies scale high-performance team practices?","Once a high-performing team is established, its processes and cultural habits can be shared as templates for others. This multiplier effect helps embed a culture of excellence across the engineering organization.","high-performing-development-teams-your-business-advantage","content:en-us:the-source:platform:high-performing-development-teams-your-business-advantage.yml","en-us/the-source/platform/high-performing-development-teams-your-business-advantage.yml","en-us/the-source/platform/high-performing-development-teams-your-business-advantage",{"_path":955,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":956,"seo":958,"content":962,"type":522,"slug":991,"category":28,"_id":992,"_type":30,"title":959,"_source":31,"_file":993,"_stem":994,"_extension":34,"date":963,"description":960,"timeToRead":770,"heroImage":961,"keyTakeaways":964,"articleBody":968,"faq":969},"/en-us/the-source/platform/from-toolchain-chaos-to-business-roi-a-5-step-roadmap",{"layout":5,"template":524,"author":916,"featured":119,"sourceCTA":957,"isHighlighted":6,"authorName":487},"transform-your-software-development",{"title":959,"description":960,"ogImage":961},"From toolchain chaos to business ROI: A 5-step roadmap","Reduce complexity by standardizing tools, processes, and practices and aligning every team with broader business objectives.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463923/joqzi3uwfbqptjynlkbs.jpg",{"title":959,"date":963,"description":960,"timeToRead":770,"heroImage":961,"keyTakeaways":964,"articleBody":968,"faq":969},"2025-03-11",[965,966,967],"Standardizing your software development platform reduces operational costs while increasing delivery speed and security, transforming tech from a cost center to a competitive advantage.","The five-step standardization process (assess, set standards, leverage AI, centralize, and train) creates a framework for sustainable innovation without the burden of technical debt.","A unified development platform doesn't just streamline operations — it enables faster market response, better decision-making, and future-proofed technology investments.","As companies grow, teams often rush to deliver software quickly, which can lead to a mix of different software development tools and methods. Each team might develop custom solutions for quick fixes, creating a [messy work setup](https://about.gitlab.com/the-source/platform/devops-teams-want-to-shake-off-diy-toolchains-a-platform-is-the-answer/). The hidden costs add up quickly: duplicate tooling licenses, increased maintenance overhead, security vulnerabilities from inconsistent practices, and countless hours lost to integration challenges between disparate systems. All of this isn’t just inefficient - it could directly impact your organization’s bottom line.\n\nA [standardized development platform](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) eliminates these inefficiencies. You can align technology investments with broader business goals by creating a unified workspace where all software development teams operate with consistent tools and processes. The result: reduced costs, accelerated delivery, improved security, and a clear competitive advantage.\n\n## Benefits of a standardized development platform\n**Save money**: A standardized platform can significantly cut costs. You’ll spend less on licenses, upkeep, and connecting different systems by using one system instead of many separate tools. You’ll also depend less on outside vendors and spend less time and effort training teams on multiple tools.\n\n**Launch faster**: A centralized platform also speeds up your development process. By streamlining the entire process and bringing tools and workflows together, you can remove the delays you’d find when using many different tools.\n\n**Improve security and compliance**: When applying the same safety measures across the whole platform, you can reduce vulnerabilities and simplify following regulations.\n\n**Get better insights**: With a platform approach, you can get precise, accurate data about the entire software development lifecycle, enabling you to improve your teams’ workflows and make data-driven decisions that help the business.\n\n**Future-proof your business**: Finally, a standardized software development approach ensures you can grow and adapt for the future. As your organization expands, this framework allows teams to grow smoothly without disruption.\n\n> Read more: [How to accelerate developer onboarding (and why it matters)](https://about.gitlab.com/the-source/platform/how-to-accelerate-developer-onboarding-and-why-it-matters/)\n\n## 5 steps to creating a standardized software platform\nCreating a standard software platform is possible for almost any company, but it takes careful planning. Here are five steps leaders can follow to successfully standardize their tools and workflows.\n\n### 1. Assess your existing tools\nFirst, take a good look at your existing tools and processes. This review should include input from everyone involved, including developers, security experts, and [platform engineering teams](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/). The goal is to find areas where tools overlap or don’t work well together, and identify ways to improve the development processes for your customers.\n\n### 2. Create clear standards and goals\nBased on your review, create a set of internal standards and best practices. These should include coding rules, deployment pipelines, and security policies. Make sure these standards support your company’s main goals and that all teams can easily follow them. This is also the time to decide what you want to achieve, like improving teamwork, cutting costs, or making it easier to grow.\n\n### 3. Use AI to work smarter\nAI tools are becoming key to modern software development. Developers can focus on more strategic work by automating routine tasks with AI. AI can also improve security by checking code throughout development, catching problems early before they reach production environments.\n\n### 4. Create one central system\nOnce you have standards, you need a place to keep them. A centralized platform can store all documentation, code, and project management tools. With everything in one place, everyone works from the same standards, reducing friction and improving collaboration.\n\n### 5. Invest in training\nStandardization only works if teams know how to follow the standards. Invest in thorough training programs covering all aspects of your standard processes. Ongoing education is key to keeping teams updated with the latest practices across different programming languages, practices, and technologies.\n\n## The ROI of platform standardization\nThe transition to a standardized software development platform is more than a technical improvement - it’s a strategic business investment with measurable returns. Organizations that successfully implement this approach can see up to a [483% overall return on investment](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/), 400% improvement in developer productivity, and 25% savings in software toolchain costs. The result is a more unified, agile, and secure software development process with less technical debt.\n\nAs you consider this transformation, remember that the most significant costs often lie in maintaining the status quo. The question isn’t whether you can afford to standardize your development platform, but whether you can afford not to in a market where software capabilities increasingly determine competitive positioning. Begin with a focused assessment of your current environment, build stakeholder alignment around clear goals, and approach implementation as a strategic initiative rather than a technical project.",[970,973,976,979,982,985,988],{"header":971,"content":972},"What is a standardized software development platform?","A standardized software development platform brings together all tools, workflows, and processes into a unified environment. It eliminates fragmentation across teams by promoting consistent practices, reducing tool overlap, and enabling collaboration across departments, all while aligning development efforts with overarching business goals.",{"header":974,"content":975},"Why do companies face toolchain chaos as they scale?","As organizations grow, different teams often adopt their own sets of tools and custom workflows to solve immediate problems. This leads to duplication, inconsistent processes, and integration issues that not only create inefficiencies but also introduce higher costs and security risks.",{"header":977,"content":978},"What are the business benefits of platform standardization?","Standardizing development tools and processes helps reduce software licensing and integration costs, accelerate delivery times, improve security posture, and simplify compliance. It also makes it easier to scale development operations while maintaining control and alignment with business objectives.",{"header":980,"content":981},"How does platform standardization improve developer productivity?","By eliminating redundant tools and streamlining workflows, developers spend less time switching contexts or resolving integration issues. A centralized platform supports self-service and consistent processes, enabling developers to focus more on innovation and value delivery.",{"header":983,"content":984},"Can AI enhance platform standardization?","Yes. AI helps by automating repetitive tasks, improving security with real-time code scanning, and providing intelligent insights across the software lifecycle. This reduces operational overhead and enhances development velocity while aligning with standardized practices.",{"header":986,"content":987},"What steps should companies take to begin standardizing their platform?","Organizations should begin by assessing their current tools and identifying overlaps. From there, they can define clear internal standards, implement a centralized platform to enforce them, and invest in training programs to ensure consistent adoption across teams.",{"header":989,"content":990},"Is standardizing development tools only for large enterprises?","No. Any organization, regardless of size, can benefit from standardizing its development platform. In fact, smaller companies may see faster returns due to simpler toolsets and more agile implementation. Over time, the approach supports growth and reduces technical debt at scale.","from-toolchain-chaos-to-business-roi-a-5-step-roadmap","content:en-us:the-source:platform:from-toolchain-chaos-to-business-roi-a-5-step-roadmap.yml","en-us/the-source/platform/from-toolchain-chaos-to-business-roi-a-5-step-roadmap.yml","en-us/the-source/platform/from-toolchain-chaos-to-business-roi-a-5-step-roadmap",{"_path":996,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":997,"seo":999,"content":1003,"type":522,"slug":1026,"category":28,"_id":1027,"_type":30,"title":1000,"_source":31,"_file":1028,"_stem":1029,"_extension":34,"date":1004,"description":1001,"timeToRead":770,"heroImage":1002,"keyTakeaways":1005,"articleBody":1009,"faq":1010},"/en-us/the-source/platform/how-to-accelerate-developer-onboarding-and-why-it-matters",{"layout":5,"template":524,"author":877,"featured":6,"sourceCTA":998,"isHighlighted":6,"authorName":495},"source-lp-getting-started-with-ai-in-software-development-a-guide-for-leaders",{"title":1000,"description":1001,"ogImage":1002},"How to accelerate developer onboarding (and why it matters)","Overcome common onboarding challenges, get to productivity faster, and drive long-term retention with these proven strategies.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464587/ozatfyk9hr3hwl1ssfxv.png",{"title":1000,"date":1004,"description":1001,"timeToRead":770,"heroImage":1002,"keyTakeaways":1005,"articleBody":1009,"faq":1010},"2025-01-30",[1006,1007,1008],"Poor developer onboarding can lead to poor performance, disengagement, and low retention, so cutting corners when welcoming new employees is simply not a path leaders can afford to take.","Accelerating onboarding time takes a multifaceted approach that requires communication with your teams, assessing your current tools and processes, and an open mind for change.","Integrating AI, using built-in documentation, taking advantage of standardized environments, and using a single platform to centralize your workflows are just a few strategies that can help simplify the onboarding process.","You've hired a new developer for a crucial role on your team. You'd likely prefer not to wait months for that person to become productive - but [GitLab research](https://about.gitlab.com/developer-survey/) shows this is precisely the situation many leaders face today. Nearly half (44%) of organizations say onboarding new developers takes more than two months.\n\nOf course, getting a new developer up to speed requires more than just providing credentials.  They’ll need to learn about project goals, processes, how your applications integrate, and your collaboration culture.\n\nCutting corners with onboarding can negatively impact your business across the board. It can lead to poor performance, disengagement, and low retention - which means you'll have to start the whole process all over again.\n\nSo, how can leaders get it right the first time?\n\n## Why developer onboarding takes so long: A closer look\n### Setup time\nWhen a developer arrives on their first day, there’s a lot they’ll need to learn. Setup can include some or all of these processes:\n\n- Installing and configuring development environments\n- Getting user access to server-side tools, like version control, issue tracking, CI/CD, and security tools\n- Getting user access to relevant deployment targets and infrastructure resources, including dev, test, and production\n- Taking time to understand project goals, architecture, conventions, processes, and team culture\n\nDeveloper onboarding time is often called “time to first commit” - how quickly a developer can get up and running and start contributing valuable work. So, what are some of the reasons it’s taking more time for developers to get to their first commit?\n\n### Process and systems hurdles\nFrom setting up an ever-growing number of tools to training, developer onboarding can waste significant time and resources, reducing your team’s productivity and output. What’s more, there are a lot of organization- and team-wide inefficiencies that can make this process even slower. If you’re looking to improve your onboarding time, these are the hurdles that may be standing in your way:\n\n- Too many tools to learn\n- Complex or difficult-to-follow processes\n- Limited visibility into applications and environments\n- Poor documentation of onboarding processes\n- Difficult-to-locate (or nonexistent) application documentation\n- Difficult-to-access deployment environments\n\nThese challenges can slow any team down and be especially problematic when ramping up a new employee.\n\n## The hidden costs of poor developer onboarding\nThe ripple effects of slow onboarding are often overlooked. Take security, for example. CISOs need to ensure new developers understand and can apply the organization’s security standards to their work so they don’t inadvertently release applications with vulnerabilities. Do these new hires know all the regulations? The ins and outs of your organization’s licensing? You’ll want to ensure your organization avoids any cybersecurity breach - even if it’s accidental.\n\nThis impact extends beyond technical concerns. According to _[Forbes](https://www.forbes.com/councils/forbesbusinesscouncil/2022/08/25/how-to-get-the-most-out-of-your-onboarding-process/#:~:text=The%20success%20and%20efficiency%20of,increased%20productivity%20and%20decreased%20turnover.)_, efficient onboarding directly influences a company’s growth and long-term viability through employee engagement, increased productivity, and decreased turnover. And the stakes are significant: [Gallup’s State of the Global Workplace: 2024 report estimates](https://www.gallup.com/workplace/349484/state-of-the-global-workplace.aspx?thank-you-report-form=1) that low employee engagement costs the global economy US$8.9 trillion, or 9% of global GDP.\n\nPoor onboarding doesn’t just delay productivity - it creates organizational vulnerabilities that can last long after a developer’s first commit.\n\n## How to accelerate onboarding\nImproving onboarding time takes a multifaceted approach that requires communication with your teams, assessing your tools and processes, and an open mind for change. While the initial time it takes to address these challenges might slow you down momentarily, the return of acceleration - the better retention, developer experience, productivity, and innovative ideas - will be worth it.\n\nHere’s where to start:\n\n### Identify the bottlenecks\nMany of the challenges mentioned above arise from complexities in tools and processes, so the first thing you’ll need to do is find them. Where are the bottlenecks? Meet with your team to ask where they’re feeling the pressure, or conduct a survey to understand what’s slowing them down. Consider mapping out the complete value stream from idea to production deployment.\n\n### Find a platform that simplifies your processes\nFinding [one integrated application for the entire software development lifecycle](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) means developers don’t need to learn different user interfaces with different idiosyncrasies and data models. This standardization and tool consolidation significantly simplifies onboarding.\n\n### Adopt organization-level standards\nUsing a standards-based approach to engineering projects is beneficial for onboarding as well as when developers transition between teams and projects. Project and issue templates keep projects consistent, and [CI/CD catalogs](https://about.gitlab.com/blog/ci-cd-catalog-goes-ga-no-more-building-pipelines-from-scratch/) encourage developers to reuse approved and tested components.\n\nMany regulated industries have specific requirements for developer workstations that can make installing or customizing tools difficult. This can be even more challenging for third-party contractors and non-employees. A self-service approach to standardized environment creation and/or access to a pre-configured remote development environment makes it much easier to overcome this issue without compromising your security initiatives.\n\n### Establish quality and security guardrails\nFrom implementing code reviews from code owners to testing in lower dev environments, ensure code produced by new developers is free of issues or vulnerabilities before deploying to production.\n\n### Use built-in documentation\nIt’s easy for documentation to become outdated, especially with Wiki tools, since they’re often disconnected from the projects they support. By including Wiki and static pages as part of your projects - keeping documentation close to your code - you can ensure that team members have easy access to the latest information when needed.\n\n### Facilitate knowledge sharing, cross-team collaboration, and mentoring\nThere are many ways to integrate learning-friendly features into your processes. From code reviews to merge requests, these checkpoints keep your teams collaborating, learning from one another, and shipping high-quality code. Research proves that organizations that foster [psychological safety](https://www.forbes.com/councils/forbesbusinesscouncil/2022/10/12/psychological-safety-building-high-performing-teams/) have better-performing teams, so the more you trust you can build from the beginning, the better output you can expect.\n\n### Use AI\nGitLab research has shown that AI can [speed developer onboarding](https://about.gitlab.com/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey/). If AI can improve productivity and introduce efficiencies across the entire software development lifecycle, it follows that AI can help developers get up to speed faster. **In fact, survey respondents currently using AI for software development (43%) were much more likely than those not using AI (20%) to say that developer onboarding typically takes less than a month.**\n\nHere are just a few ways AI can help you get developers onboarded faster:\n\n- AI assistants can [process a lot of information easily](https://about.gitlab.com/blog/gitlab-duo-chat-now-generally-available/#get-up-to-speed-fast), helping new developers quickly find answers to common questions.\n- AI tools can [summarize long discussions in issues or code reviews](https://about.gitlab.com/blog/supercharge-productivity-with-gitlab-duo/#issue-comment-summary), helping new developers catch up on conversations and decisions that happened before they started.\n- AI can also [explain unfamiliar code snippets in natural language](https://about.gitlab.com/blog/supercharge-productivity-with-gitlab-duo/#code-explanations), helping new developers get used to working with a new code base.\n- AI can troubleshoot and explain errors, identify their root causes, and propose solutions, helping new developers better understand applications and systems.\n\n## Speed is only one piece of the puzzle\nTo build a team that collaborates well and easily welcomes new teammates as they come aboard, you need clear and efficient processes, easy-to-find process and application documentation, and a platform that centralizes your development tools. Put together, this forms a machine that turns ideas into innovative products - and an environment where developers (both new and veteran) will feel like they can do their best work.",[1011,1014,1017,1020,1023],{"header":1012,"content":1013},"What steps can teams take to improve long-term retention after onboarding?","Organizations should foster knowledge-sharing through mentoring, cross-team collaboration, and continuous feedback loops. Investing in psychological safety, skill development, and AI-driven efficiency tools ensures developers remain engaged, productive, and committed long after onboarding.",{"header":1015,"content":1016},"How can organizations streamline developer onboarding without sacrificing security?","Companies can accelerate onboarding by adopting standardized workflows, consolidating tools into a single DevSecOps platform, and automating environment setup. Providing pre-configured access controls and enforcing security guardrails ensures compliance without slowing down productivity.",{"header":1018,"content":1019},"What are the hidden costs of inefficient developer onboarding?","Slow onboarding leads to reduced productivity, higher turnover rates, and potential security risks. Developers who struggle to get up to speed may become disengaged, increasing the likelihood of attrition. Additionally, without proper security training, new hires may inadvertently introduce vulnerabilities.",{"header":1021,"content":1022},"How does AI improve the onboarding process for developers?","AI-powered tools can summarize documentation, assist in code reviews, explain unfamiliar code, and troubleshoot errors. This allows new developers to find answers faster, understand project history, and ramp up without constant manual guidance from senior engineers.",{"header":1024,"content":1025},"Why does developer onboarding take longer than expected in many organizations?","Developer onboarding often takes longer due to complex setup processes, fragmented toolchains, poor documentation, and unclear security protocols. Many new hires struggle to navigate multiple systems, obtain necessary permissions, and understand project architectures before contributing meaningfully.","how-to-accelerate-developer-onboarding-and-why-it-matters","content:en-us:the-source:platform:how-to-accelerate-developer-onboarding-and-why-it-matters.yml","en-us/the-source/platform/how-to-accelerate-developer-onboarding-and-why-it-matters.yml","en-us/the-source/platform/how-to-accelerate-developer-onboarding-and-why-it-matters",{"_path":1031,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1032,"seo":1034,"content":1037,"type":597,"slug":1044,"category":28,"_id":1045,"_type":30,"title":459,"_source":31,"_file":1046,"_stem":1047,"_extension":34,"date":1038,"description":460,"heroImage":1035,"keyTakeaways":1039,"articleBody":1043},"/en-us/the-source/platform/measuring-success-in-software-development-a-guide-for-leaders",{"layout":5,"template":524,"featured":6,"gatedAsset":1033,"isHighlighted":6,"authorName":-1},"pf-measuring-success-in-software-development-a-guide-for-leaders",{"title":459,"description":460,"ogImage":1035,"config":1036},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464209/h1bmvvc7e8pfqqkbibyf.png",{"ignoreTitleCharLimit":119},{"title":459,"date":1038,"description":460,"heroImage":1035,"keyTakeaways":1039,"articleBody":1043},"2025-01-23",[1040,1041,1042],"Modern software teams face complex challenges in measuring success, from fragmented toolchains to resource constraints. Effective measurement frameworks help balance speed, security, and quality while providing visibility across the supply chain.","The right metrics enable teams to optimize workflows, resolve bottlenecks, speed up time to market, and improve developer experience. Leaders need reliable data to compare performance across teams and benchmark against industry standards.","Implementation strategies for measurement frameworks should focus on long-term operational efficiency, from initial code development through production, while adapting to new challenges like AI-generated code.","In order for organizations in any industry to be successful today, they need to balance a host of responsibilities: providing high-quality digital experiences, keeping up with the latest tech, delivering value efficiently, and maintaining customer satisfaction, all while shipping secure, vulnerability-free code.\n\nTo manage this huge task, leaders need a reliable, scalable way to measure their success - because accurate metrics can lead to actionable insights. Tracking the right metrics can help software development teams optimize workflows, minimize disruptions, identify and resolve bottlenecks, enhance productivity, and improve developer experience. Put together, these pieces can ultimately help you make better, more informed decisions and meet your business goals.\n\nBut with all the challenges facing today’s software teams, how do you know which metrics to track? And how can you implement these measurement frameworks without adding even more bottlenecks to your team’s workflow?\n\n## Common challenges in SDLC measurement\nThere are numerous challenges when it comes to software development lifecycle (SDLC) measurement. From a leadership standpoint, reliably measuring the business value of the software development process requires better visibility across the software supply chain and a deeper understanding of business metrics.\n\nFrom a development team perspective, there are even more day-to-day hurdles:\n\n- The complexity of fragmented toolchains and processes, siloed work environments, and lack of team collaboration often get in the way of making lasting improvements in software delivery.\n- Delays in the code review process - despite the fact that code reviews help teams identify bugs, maintain compliance, and improve security - make it difficult for teams to find the right balance of speed and security.\n- Shrinking IT budgets mean teams have fewer resources to put toward measurement.\n- Teams are still trying to identify if their AI investments are worth it, while also grappling with issues related to AI-generated code, such as code quality and security concerns.\n- They simply don’t know which key performance indicators are worth measuring and how individual metrics are connected.\n\nRead the full ebook to learn how engineering leaders can overcome these challenges and effectively measure the value of their team’s software delivery. Explore industry-wide metrics such as deployment frequency and change failure rate, individual team performance stats, and strategies on how to best implement these measurement frameworks for long-term operational efficiency and continuous improvement, from the first line of code to production and beyond.","measuring-success-in-software-development-a-guide-for-leaders","content:en-us:the-source:platform:measuring-success-in-software-development-a-guide-for-leaders.yml","en-us/the-source/platform/measuring-success-in-software-development-a-guide-for-leaders.yml","en-us/the-source/platform/measuring-success-in-software-development-a-guide-for-leaders",{"_path":1049,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1050,"seo":1053,"content":1057,"type":522,"slug":1083,"category":28,"_id":1084,"_type":30,"title":1054,"_source":31,"_file":1085,"_stem":1086,"_extension":34,"date":1058,"description":1055,"timeToRead":770,"heroImage":1056,"keyTakeaways":1059,"articleBody":1063,"faq":1064},"/en-us/the-source/platform/why-your-development-team-should-plan-small-to-deliver-big",{"layout":5,"template":524,"author":1051,"featured":6,"sourceCTA":1052,"isHighlighted":6,"authorName":482},"amanda-rueda","source-lp-navigating-a-smooth-transition-to-agile-planning",{"title":1054,"description":1055,"ogImage":1056},"Why your development team should plan small to deliver big","Discover how strategic quarterly product planning can drive meaningful progress toward long-term goals and maximize your organization's success.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464024/paqecyxpszplzdwohg9d.png",{"title":1054,"date":1058,"description":1055,"timeToRead":770,"heroImage":1056,"keyTakeaways":1059,"articleBody":1063,"faq":1064},"2025-01-22",[1060,1061,1062],"Strategic quarterly planning is key to achieving organizational objectives. It aligns resources, focuses teams on high-impact work, and drives meaningful progress toward long-term goals.","Successful quarterly planning involves aligning goals with the company's vision, incorporating diverse insights, breaking down large projects into smaller increments, and continually tying execution to long-term success metrics.","Effective planning practices include employing the Hoshin Kanri framework for goal alignment, championing iterative planning, leveraging early team involvement, prioritizing customer feedback, and measuring success with the right metrics.","_Plan smaller than you think you can deliver._\n\nThis counterintuitive advice might seem to contradict everything you know about ambitious goal-setting. Yet when it comes to planning your software development roadmap, this principle often leads to greater success. Why? Because effective quarterly planning isn't about cramming in more features or technical objectives - it's about strategically connecting daily engineering execution to long-term product vision.\n\nWhen organizations transform quarterly planning from a routine exercise into a powerful driver of progress, they discover proven approaches: breaking down ambitious goals into achievable steps, tying execution to company vision, and keeping customer feedback at the core of every decision.\n\n## What makes quarterly planning truly strategic?\nQuarterly planning is more than just setting goals and priorities for the next few months. It’s about aligning those goals and priorities with the overall vision and strategy of the organization. Quarterly planning should be guided by a clear understanding of the company’s long-term objectives and how each team’s work contributes to those objectives. To that end, strategic quarterly planning should:\n\n- Link daily tasks to high-impact business outcomes\n- Break large projects into smaller increments that all deliver value\n- Incorporate insights from teams with diverse expertise\n- Be rooted in the needs of actual users and customers\n- Connect day-to-day execution with long-term success metrics\n\nThis approach makes it easier to track progress, adapt to changes dynamically, and celebrate successes that align with the company's vision. **At the end of a successful quarterly planning cycle, teams should have a clear set of outcomes and artifacts, such as well-defined objectives, a prioritized roadmap, assigned tasks, and agreed-upon metrics for success**. Now, let’s explore how to build and implement strategic quarterly planning that drives results and keeps teams motivated and aligned.\n\n## Tips for successful quarterly planning\nThrough conversations with leaders and peers across industries, I’ve identified some key practices to help organizations of all sizes unlock their full potential during the quarterly planning process.\n\n### Align quarterly goals with the bigger picture\nA recurring theme in my conversations with Product Managers (PMs) is the need to tie quarterly objectives back to the broader company goals. If you can see how your work fits into the grand scheme, it’s easier to prioritize what matters most. One PM told me, _“Quarterly planning isn’t just about getting stuff done; it’s about making sure we’re still heading toward our North Star.”_\n\nThat’s where a framework like _[Hoshin Kanri](https://www.leanproduction.com/hoshin-kanri/)_ can come in handy. Originating from Japanese management practices, Hoshin Kanri ensures every part of the organization is aligned with the company’s most critical goals. It breaks down big-picture objectives into actionable, measurable steps and cascades them across teams. By linking daily tasks to strategic outcomes, the framework gives everyone on the team a clearer sense of purpose and an understanding of how their work contributes to organizational success.\n\n_**Pro tip**: Utilize a platform that connects company [objectives and key results (OKRs)](https://docs.gitlab.com/ee/user/okrs.html) to your product roadmap as a powerful way to create alignment and focus across teams and highlight connections between development tasks and big-picture goals directly within the tool._\n\n### Plan less to accomplish more: The art of iteration\nRemember that counterintuitive advice from earlier about planning smaller? Here’s why it works: Inevitably, work always expands. Even the most detailed quarterly plans can’t anticipate every challenge, opportunity, or shifted priority. That's why planning smaller delivers bigger results. For teams to succeed, leaders must champion a culture that encourages incremental planning. Empowering teams to think [iteratively](https://handbook.gitlab.com/handbook/values/#iteration) - breaking down ambitious goals into smaller, achievable steps without fear of falling short - fosters a mindset of learning and adapting to rapid feedback.\n\nConsider _[vertical slicing](https://careers.webjet.com.au/category/agile/)_: breaking a project into smaller pieces that deliver end-to-end value. Let’s say your team is building a dashboard for tracking product metrics. Optimize your plan to deliver small vertical slices that provide user value in each iteration:\n\n1. Build the data pipeline to collect and display one key metric, such as user engagement.\n1. Add functionality for filtering and sorting the data.\n1. Introduce visualizations for trends over time.\n1. Extend the dashboard with customization options based on user feedback.\n\nBy delivering functional increments, you allow for smaller reviews, early testing, faster feedback, and incremental value delivery, all while staying aligned with larger goals.\n\n_**Pro tip**: Use your tool's nested work item framework to create clear workstreams and enable efficient progress tracking. For example, in GitLab, this translates to using epics, issues, and tasks to maintain alignment with overarching objectives._\n\n### Bring in the entire team early\nPlanning in isolation - failing to involve contributors early in the process - is a common mistake I see customers make during their planning cycles. Engineers, designers, and other key stakeholders bring unique insights that can shape better solutions and prevent surprises later.\n\n[Experts](https://www.producttalk.org/2024/06/product-trios/) indicate that teams with diverse expertise are more likely to generate innovative ideas. Engineers can flag technical constraints or opportunities early, while designers ensure the user experience remains central to decision-making. Early collaboration reduces downstream friction, keeps the team focused on the problem to solve, and accelerates delivery.\n\n_**Pro tip**: A single end-to-end software development platform with real-time visibility helps teams avoid siloed decisions, collaborate effectively, and ensure alignment from day one._\n\n### Keep customer feedback at the heart of planning\nWithout listening to your customers, you’re navigating based on assumptions. Product owners who regularly engage customers stay closer to what really matters, ensuring that planning decisions are rooted in actual user needs.\n\nThis is where another key planning method, _[Dual-Track Agile](https://medium.com/@daviddenham07/dual-track-agile-the-secret-sauce-to-outcome-based-development-601f6003ea73)_, really shines. Dual-Track Agile separates product development into two parallel tracks:\n\n- **Discovery**, where teams gather insights, validate ideas, and explore potential solutions\n- **Delivery**, where teams build and ship validated solutions\n\nDual-Track Agile allows teams to focus on gathering insights from users and customers without stopping or slowing down the process. For example, while one team interviews customers and prototypes ideas, another can work on developing features based on validated needs - ensuring that teams are always working on the right problems while maintaining a steady delivery cadence.\n\n_**Pro tip**: Use a tool that supports [seamless collaboration, prioritization, and insight-sharing across workstreams](https://about.gitlab.com/solutions/visibility-measurement/) so your teams can use customer feedback to inform every decision, keeping work aligned with user needs and business goals._\n\n### Measure success with the right metrics\nMetrics are more than just numbers - they guide how closely your quarterly objectives remain aligned with your company’s strategic goals.\n\nFor development teams, _[DORA metrics](https://about.gitlab.com/solutions/value-stream-management/dora/)_ offer powerful insights into efficiency and reliability. Teams can identify bottlenecks, improve workflows, and ensure delivery aligns with planned timelines. When paired with business indicators, such as customer satisfaction and feature adoption, these operational metrics connect day-to-day execution with long-term success.\n\nAdopting a reliable measurement practice helps you course-correct during the quarter and informs the retrospective process. By reflecting on what worked and what didn’t, you can continuously improve your approach to quarterly planning and maintain focus on strategic objectives.\n\n_**Pro tip**: By surfacing DORA metrics and other value stream analytics in a [comprehensive insights dashboard](https://about.gitlab.com/blog/data-driven-devsecops-exploring-gitlab-insights-dashboards/), you can easily track the time it takes to go from an idea to production with customizable, data-driven views._\n\n## Wrapping up: Make quarterly planning work for you\nQuarterly planning isn’t just about organizing tasks or hitting deadlines - it’s about aligning your team’s efforts with your company’s most strategic goals.\n\nBy tying goals to the bigger picture, embracing customer insights, and creating a culture of collaboration, you position your organization to meet quarterly objectives and drive long-term growth and success.",[1065,1068,1071,1074,1077,1080],{"header":1066,"content":1067},"Why should development teams plan smaller than they think they can deliver?","Planning smaller allows teams to remain adaptable and focused on delivering incremental value. While it may feel counterintuitive, smaller plans leave room for unforeseen changes and allow teams to iterate more effectively. This approach encourages continuous learning, fosters a culture of agility, and ultimately leads to bigger, more sustainable outcomes.",{"header":1069,"content":1070},"What makes quarterly planning truly strategic for software development teams?","Strategic quarterly planning aligns day-to-day work with long-term business goals. It connects team execution to company vision, prioritizes customer needs, and breaks down ambitious goals into manageable tasks. Successful quarterly planning results in clearly defined objectives, prioritized roadmaps, and meaningful metrics that reflect real progress.",{"header":1072,"content":1073},"How can development teams stay aligned with company objectives during planning?","Teams can stay aligned by using frameworks like Hoshin Kanri, which break down top-level goals into actionable steps. Linking individual tasks to broader business outcomes ensures that all team efforts contribute to the organization's success and allows for better prioritization and focus across projects.",{"header":1075,"content":1076},"Why is it important to involve the entire team early in the planning process?","Involving engineers, designers, and stakeholders from the beginning brings diverse expertise to the table and leads to better planning outcomes. Early collaboration helps surface technical limitations, informs user experience considerations, and reduces friction later in the development cycle.",{"header":1078,"content":1079},"How does customer feedback enhance quarterly planning?","Regular customer engagement ensures that planning decisions reflect real user needs. By adopting methods like Dual-Track Agile, which separates discovery from delivery, teams can continuously validate ideas while maintaining development momentum. This keeps teams focused on solving the right problems and delivering solutions that matter.",{"header":1081,"content":1082},"What role do metrics play in successful quarterly planning?","Metrics help track progress and ensure alignment with strategic goals. Operational metrics like DORA provide insight into delivery efficiency, while customer-centric metrics such as satisfaction and feature adoption offer a broader perspective on impact. Together, they enable continuous improvement and informed decision-making throughout the quarter.","why-your-development-team-should-plan-small-to-deliver-big","content:en-us:the-source:platform:why-your-development-team-should-plan-small-to-deliver-big.yml","en-us/the-source/platform/why-your-development-team-should-plan-small-to-deliver-big.yml","en-us/the-source/platform/why-your-development-team-should-plan-small-to-deliver-big",{"_path":1088,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1089,"seo":1091,"content":1096,"type":522,"slug":1119,"category":28,"_id":1120,"_type":30,"title":1092,"_source":31,"_file":1121,"_stem":1122,"_extension":34,"date":1097,"description":1093,"timeToRead":770,"heroImage":1094,"keyTakeaways":1098,"articleBody":1102,"faq":1103},"/en-us/the-source/platform/devops-teams-want-to-shake-off-diy-toolchains-a-platform-is-the-answer",{"layout":5,"template":524,"author":1090,"featured":6,"isHighlighted":6,"authorName":514},"sharon-gaudin",{"title":1092,"description":1093,"ogImage":1094,"config":1095},"DevOps teams want to shake off DIY toolchains. A platform is the answer","According to GitLab research, 64% of DevSecOps professionals say they want to consolidate creeping toolchains.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463678/r0gawsvh4vcmgblpra58.png",{"ignoreTitleCharLimit":119},{"title":1092,"date":1097,"description":1093,"timeToRead":770,"heroImage":1094,"keyTakeaways":1098,"articleBody":1102,"faq":1103},"2025-01-14",[1099,1100,1101],"DevOps teams face \"toolchain tax\" as multiple development tools create hidden costs. More than 78% of teams spend up to 100% of their time maintaining tools instead of coding, with most managing 6+ tools.","Nearly 64% of DevOps teams want to consolidate their toolchains due to monitoring issues and delays. The push is strongest in automotive (76.5%) and manufacturing (72%) sectors.","A single DevSecOps platform helps teams focus on code, rather than tool maintenance. Companies report improved efficiency, reduced costs, and better developer experience through consolidated toolchains.","A DevOps team’s biggest problem can start innocently enough: maybe one person wants to add a tool to automate deployment, and then someone else wants to add a tool for code review. More tools keep being added until suddenly teams are dealing with a tangled and complicated toolchain that is wasting more time and money than it was intended to save.\n\nThis [\"toolchain tax\"](https://about.gitlab.com/blog/avoiding-devops-tax-webcast/) - the hidden and insidious cost of using multiple development tools - begins gradually, but it can lead to serious bottlenecks in software production. Tools accumulate until teams find themselves managing a complicated chain that wastes more time and money than it saves, affecting their ability to meet customer needs and stay ahead of competitors.\n\nThat problem is becoming clear to DevOps professionals who are looking to shake off the shackles of a toolchain. [GitLab’s 2024 Global DevSecOps Survey](https://about.gitlab.com/developer-survey/) reveals the scale of this challenge and the pain point it’s creating. More than half of DevOps teams are juggling six or more tools in their development chain - and 13% of them are managing up to 14 different tools.\n\nThe workday cost of this complexity? DevOps professionals are spending up to three-quarters of their time just maintaining and integrating these tools instead of developing software. More than 78% report wasting between 25% to 100% of their time keeping their toolchain running.\n\nRespondents say that’s a problem.\n\nThe study showed that nearly 64% want to consolidate their (sometimes sprawling) toolchains because of challenges with monitoring, development delays, and unhappy developers. That percentage ticks up for a few industries. Respondents in the automotive industry clocked in at 76.5%, while more than 72% in manufacturing are looking to consolidate.\n\nAnd when respondents talk about how much of their responsibilities revolve around maintaining and/or integrating their DevOps toolchains, it’s clear why they want to cut back or eliminate them. According to the survey, about 20% reported that maintenance and integration take up to 24% of their time, with more than 40% saying it accounts for 25% to 49%, and more than 27% say it uses up 50% to 74% of their workday. That’s more than 78% of DevOps professionals saying they waste at least a quarter of their day keeping their toolchain running.\n\n“The everyday life of one of our developers was spread across many different services,” said Nadav Robas, DevOps & DevSecOps manager at [Agoda](https://about.gitlab.com/customers/agoda/), a major online travel booking platform headquartered in Singapore. “I was looking to free up the hands of my DevOps engineers from having to do everyday maintenance work, maintaining uptime, and learning domain knowledge.”\n\nIt all adds up to a lot of time spent doing things that aren’t directly developing and deploying software. It also means that DevOps team mates aren’t doing as much of what they love doing - being innovative and creative - which affects their work experience and happiness.\n\n## Eliminating the toolchain tax\n\nTeams clearly are tired of paying the toolchain tax. And now they’re ridding themselves of this problem by [adopting a full DevSecOps platform](https://about.gitlab.com/blog/eight-steps-to-prepare-your-team-for-a-devops-platform-migration/). That one move can create efficiencies, replace hands-on tasks with automation, shift security left, reduce costs, reduce aggravations, and drive critical advantages for both DevOps teams and the overall business.\n\n“I didn’t want them to be experts in individual tools,” said Robas. “Instead, I wanted them to focus on the things that actually matter - how we produce code, how we properly deploy code. We could do that with a platform.”\n\nBeyond streamlining operations, a single platform also means companies aren’t paying licensing fees for multiple tools. To calculate what a company could save by replacing a toolchain, [use this ROI calculator](https://about.gitlab.com/calculator/). [1]\n\nHaving a comprehensive platform that [boosts productivity](https://about.gitlab.com/blog/5-ways-collaboration-boosts-productivity-and-your-career/) while reducing costs is a superpower, especially in economically challenging times, because it can help deliver value to customers more quickly.\n\n## Decrease toolchain sprawl with GitLab\n\nA DevSecOps platform - like [GitLab’s single, end-to-end platform](https://about.gitlab.com/stages-devops-lifecycle/) - helps companies cut out the potentially costly integration work that comes with using various tools, and helps organizations create and release software faster, while increasing security and compliance. It’s a mixture of benefits that shorten cycle times and increases productivity, enabling teams to build software with velocity, trust, and visibility.\n\nAnd that creates value for customers.\n\n“GitLab has provided our developers with a single pane of glass they can use to see all the processes of the software development lifecycle without jumping back and forth from one tool to another,” says Nadav. “We wanted to consolidate all our services into a single platform and we did. We’re more productive, more secure, and our developers are having a better experience.”\n\nSee the [benefits that migrating](https://page.gitlab.com/resources-ebook-trading-diy-devops-for-a-single-platform.html) to an end-to-end GitLab platform can bring to your organization.\n\n[1] _Please note that ROI may vary depending on many factors, and the ROI calculator does not reflect actual results as results may vary._\n\n> #### Consolidate your complex toolchain\n>\n> Read our free guide to learn how to streamline your toolchain to avoid inefficiencies, decrease costs, and accelerate time to market.\n>\n> [Read the guide](https://page.gitlab.com/consolidate-toolchain-guide.html){class=\"button\"}",[1104,1107,1110,1113,1116],{"header":1105,"content":1106},"How does GitLab help reduce toolchain complexity?","GitLab provides an end-to-end DevSecOps platform that consolidates services, offering teams a unified view of the software development lifecycle. This approach reduces toolchain sprawl, enhances security and compliance, and improves developer experience, boosting productivity and trust.",{"header":1108,"content":1109},"What is the \"toolchain tax,\" and how does it impact DevOps teams?","The \"toolchain tax\" refers to the hidden cost of managing and maintaining multiple tools in a software development toolchain. This complexity consumes up to 74% of DevOps professionals' time, leading to inefficiencies, delays, and reduced developer satisfaction.",{"header":1111,"content":1112},"How does a single DevSecOps platform improve efficiency?","A single DevSecOps platform eliminates the need for tool integration, automates manual tasks, shifts security earlier in the development lifecycle, and reduces costs. It enables teams to focus on innovation, shortens cycle times, and enhances productivity.",{"header":1114,"content":1115},"Why do DevOps teams want to consolidate their toolchains?","According to GitLab’s 2024 Global DevSecOps Survey, 64% of DevOps professionals want to consolidate their toolchains to reduce maintenance burdens, streamline workflows, improve monitoring, and enhance developer productivity by eliminating unnecessary context switching.",{"header":1117,"content":1118},"What are the financial benefits of adopting a comprehensive DevSecOps platform?","Replacing fragmented toolchains with a single platform reduces licensing fees for multiple tools and eliminates costly integration efforts. Organizations can calculate potential savings using ROI tools designed to assess the benefits of platform consolidation.","devops-teams-want-to-shake-off-diy-toolchains-a-platform-is-the-answer","content:en-us:the-source:platform:devops-teams-want-to-shake-off-diy-toolchains-a-platform-is-the-answer.yml","en-us/the-source/platform/devops-teams-want-to-shake-off-diy-toolchains-a-platform-is-the-answer.yml","en-us/the-source/platform/devops-teams-want-to-shake-off-diy-toolchains-a-platform-is-the-answer",{"_path":1124,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1125,"seo":1128,"content":1133,"type":522,"slug":1156,"category":28,"_id":1157,"_type":30,"title":1129,"_source":31,"_file":1158,"_stem":1159,"_extension":34,"date":1134,"description":1130,"timeToRead":533,"heroImage":1131,"keyTakeaways":1135,"articleBody":1139,"faq":1140},"/en-us/the-source/platform/optimize-value-stream-efficiency-to-do-more-with-less-faster",{"layout":5,"template":524,"author":1126,"featured":6,"sourceCTA":1127,"isHighlighted":6,"authorName":515},"stephen-walters","source-lp-dora-insights-where-is-ai-really-driving-developer-productivity",{"title":1129,"description":1130,"ogImage":1131,"config":1132},"Optimize value stream efficiency to do more with less, faster","Discover how to optimize your software delivery process and increase operational efficiency with Value Stream Management.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463530/doerc0wzbg75r8yixgnf.png",{"ignoreTitleCharLimit":119},{"title":1129,"date":1134,"description":1130,"timeToRead":533,"heroImage":1131,"keyTakeaways":1135,"articleBody":1139,"faq":1140},"2024-12-18",[1136,1137,1138],"Effective value stream management can accelerate a business's time to market, improve process visibility, and deliver enhanced customer experiences.","There are two types of key metrics in value stream management: Value Flow metrics and Value Realization metrics. The former help identify software delivery bottlenecks, while the latter measure what has been delivered.","Adopting a unified platform for the entire software development lifecycle can provide comprehensive visibility across personas and products, thus making businesses faster and more competitive in the market.","Software defines the pace of innovation, and that means all organizations face the same imperative: deliver better, more secure code faster while spending less. Success in this digital transformation journey is rapidly becoming the dividing line between market leaders and their competitors, requiring organizations to fundamentally rethink how they develop, secure, and deploy software.\n\nThe answer lies in value stream management - a proven approach that accelerates time to market, eliminates common obstacles like handoffs and broken feedback loops, and provides the visibility leaders need to ensure high-quality customer experiences.\n\n## Why value stream management?\nOver the past year, I’ve participated in more than 10 executive round tables, spoken to countless customers from around the world, and taken input from organizations such as the [DevOps Institute](https://www.devopsinstitute.com/) and the [Value Stream Management Consortium](https://www.vsmconsortium.org/).\n\nI’ve noticed a common theme when discussing transformation goals with industry leaders. They recognize their organization can’t stop at becoming a software company - they need to be a high-performing one.\n\nWhile it’s no small task to align business objectives with IT work, accelerate the software delivery process, and improve software quality, there are four key tenets organizations can follow to propel their digital transformation journeys while creating more business value with fewer resources:\n\n1. **Make developers more productive**: Improve developer experience to more effectively recruit and retain tech talent and make developers more productive so they ship better software faster.\n2. **Measure productivity and efficiency**: Measure impact across the software delivery lifecycle to improve operational efficiency.\n3. **Secure the software supply chain**: Reduce security and compliance risk.\n4. **Accelerate cloud migration**: Move to the cloud with the right security controls in place to minimize risk.\n\nSuccessfully implementing these tenets requires a structured approach that connects people, processes, and technology. Value stream management provides this framework, offering a proven roadmap that helps organizations systematically transform how they deliver software. The Value Stream Management Consortium has developed this implementation path into nine key stages: Go, Assess, Vision, Identify, Organize, Map, Connect, Inspect, and Adapt.\n\n## Implementing value stream management\nA critical step early in the roadmap is defining the **Vision**, which sets the parameters for inspecting value streams. It’s key that the business outcomes drive the vision. For example, if an organization’s vision is to be the first to market with a new product, speed of delivery is an important factor. However, if customer satisfaction and service reliability are the most essential elements, quality metrics will be at the top of the list.\n\nOnce you’ve identified the vision, the remaining steps in the roadmap ensure you have the people, process, and technology in place to support the vision:\n\n* The **Identify** and **Organize** stages are about the people. Organizations should visually represent the human aspect of these phases in a [value stream reference architecture](https://skilupit.thinkific.com/courses/value-stream-reference-architecture-paper).\n* The **Map** stage is about bringing together the correct people with a lean and efficient process. Value stream mapping not only helps visualize workflows but also highlights areas of waste and areas for continuous improvement.\n* The **Connect** stage is about enabling technology that automates the process and simplifies operations for cross-functional teams, reducing cognitive load, improving quality and security, and enabling faster value delivery.\n* Finally, the organization can then **Inspect** and **Adapt** their software value streams for optimization, continuously and in real time.\n\nThis roadmap ensures that individuals are connected to the technology and equipped to utilize it effectively. [Value stream discovery](#putting-value-stream-discovery-to-work) also plays a crucial role in mapping individuals and teams into a workflow strategically designed to enhance the developer and user experience.\n\nA platform approach is essential for successful implementation. According to Gartner’s [Market Guide for DevOps Value Stream Delivery Platforms](https://www.gartner.com/en/documents/3991050), value stream delivery platforms provide fully integrated capabilities that enable continuous delivery of software. These capabilities include planning, version control, continuous integration, test automation, release orchestration, continuous deployment and rollback monitoring, security testing, and analyzing value stream metrics. Value stream delivery platforms integrate with infrastructure and compliance automation tools to automate infrastructure deployment and policy enforcement.\n\n## Measuring success with value stream metrics\nThere are two types of metrics in value stream management: flow and realization.\n\nValue flow metrics define how we deliver software, from ideation through realization. These metrics measure the flow of business value, including insight into the efficiency, quality, and speed at which software progresses through the entire value stream. By understanding value flow metrics, organizations can identify bottlenecks and areas for improvement.\n\nDORA metrics are a subset of flow metrics. DORA metrics provide a quantitative measure of performance and include:\n\n1. **Deployment Frequency**: How often an organization deploys code to production. A higher deployment frequency indicates that the development team can deliver changes more rapidly, which reflects a more agile and efficient software development process.\n2. **Lead Time for Changes**: The time it takes for a code change to go from commit to deploy. A shorter lead time signifies that the team efficiently converts ideas into actual deployments, allowing for quicker delivery of features or fulfillment of customer requests.\n3. **Time to Restore Service**: How long it takes to recover from a service failure and restore normal operations. A lower time to restore service indicates a more resilient system and a capable response team, minimizing downtime and enhancing user experience.\n4. **Change Failure Rate**: The percentage of changes that result in a service degradation, including incidents, bugs, or any changes that necessitate a rollback. Lowering the change failure rate reflects improved quality in code changes and builds greater confidence in the development process.\n\nWhen analyzed in combination with metrics such as issue resolution lead time, cycle time, new issues, and deployments, these metrics offer a holistic view of the value stream’s efficiency. Using these measures wisely and in combination is important for identifying areas for improvement across the software development lifecycle.\n\nValue realization metrics measure tangible outcomes of delivery efforts. While traditional measures like revenue, sales, and profit margins provide financial insights, other key indicators such as net promoter scores and customer journey time capture equally important dimensions of realized value. While these lagging metrics reflect past performance, leading indicators like visitor traffic, customer reviews, and conversion rates offer valuable predictions of future success.\n\n## Putting value stream discovery to work\nMetrics and inspection come together with value stream discovery, which looks at an organization’s current and desired future state in the context of its technology value stream - the amount of time and resources required to move from idea and requirements to deployment and customer value. Value stream discovery also establishes a baseline to measure software delivery performance progress and identify the touchpoints in the process that don’t add value for the customer or the business. The outputs from value stream discovery allow the organization to configure a lean setup for a DevSecOps toolchain more easily.\n\nA unified platform is essential for achieving the envisioned future state while catering to developers' and customers' needs. This systematic approach fosters transparency - essential for effective value stream inspections - and underscores the significance of applying metrics to assess and understand the current state. Value stream discovery is pivotal for comprehensively mapping processes, personas, tools, interactions, and measurements into a singular view.\n\n## Software defines the pace of innovation\nWhen we examine the rationale behind inspecting software development value streams, it becomes clear that visibility is key to understanding how and what organizations deliver. Having the right metrics in place ensures that organizations can see how their software delivery is progressing, where bottlenecks and inefficiencies exist, and how to adapt for continuous improvement. Implementing an end-to-end DevSecOps platform combined with value stream discovery techniques equips organizations to continuously refine and enhance their delivery processes, accelerating innovation and paving the way for long-term success.",[1141,1144,1147,1150,1153],{"header":1142,"content":1143},"How does Value Stream Management improve operational efficiency?","VSM improves operational efficiency by eliminating inefficiencies such as handoffs, broken feedback loops, and redundant processes. It connects people, processes, and technology, enabling cross-functional teams to work more collaboratively and productively, thereby accelerating time to market.",{"header":1145,"content":1146},"What is Value Stream Management and why is it important for software delivery?","Value Stream Management (VSM) is a strategic approach that optimizes software delivery by mapping and analyzing every step from ideation to customer value. It provides end-to-end visibility, identifies bottlenecks, and streamlines workflows, enabling organizations to deliver high-quality software faster while reducing costs and risks.",{"header":1148,"content":1149},"What are value flow metrics and how do they help in measuring efficiency?","Value flow metrics track the movement of business value through the entire software delivery lifecycle, from ideation to deployment. Metrics like deployment frequency, lead time for changes, and change failure rate help organizations identify bottlenecks, improve workflow efficiency, and enhance software quality.",{"header":1151,"content":1152},"How does Value Stream Management enhance security and compliance in software delivery?","VSM enhances security and compliance by integrating security checks and policy enforcement into the development pipeline. It ensures continuous monitoring and auditing, reducing risks and ensuring that security and compliance measures are consistently applied throughout the software lifecycle.",{"header":1154,"content":1155},"What is the role of Value Stream Discovery in optimizing software delivery?","Value Stream Discovery involves mapping the current state of software delivery processes to identify inefficiencies and value-adding activities. It provides a baseline for measuring performance and guides the configuration of lean, efficient DevSecOps toolchains, leading to faster, more reliable software delivery.","optimize-value-stream-efficiency-to-do-more-with-less-faster","content:en-us:the-source:platform:optimize-value-stream-efficiency-to-do-more-with-less-faster.yml","en-us/the-source/platform/optimize-value-stream-efficiency-to-do-more-with-less-faster.yml","en-us/the-source/platform/optimize-value-stream-efficiency-to-do-more-with-less-faster",{"_path":1161,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1162,"seo":1164,"content":1168,"type":597,"slug":1175,"category":28,"_id":1176,"_type":30,"title":1165,"_source":31,"_file":1177,"_stem":1178,"_extension":34,"date":1169,"description":1166,"heroImage":1167,"keyTakeaways":1170,"articleBody":1174},"/en-us/the-source/platform/navigating-a-smooth-transition-to-agile-planning",{"layout":5,"template":524,"featured":6,"gatedAsset":1163,"isHighlighted":6,"authorName":-1},"pf-navigating-a-smooth-transition-to-agile-planning",{"title":1165,"description":1166,"ogImage":1167},"Navigating a smooth transition to Agile planning","Streamline your software development projects with Agile planning for enhanced collaboration, more efficient processes, and comprehensive reporting.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464185/sxq87gqpw1v2mbtpk34h.png",{"title":1165,"date":1169,"description":1166,"heroImage":1167,"keyTakeaways":1170,"articleBody":1174},"2024-12-10",[1171,1172,1173],"Agile software development promotes an iterative approach to value delivery that prioritizes continuous feedback and customer collaboration over traditional methods.","Traditional Agile project management tools lack direct integration into the software development lifecycle, which can result in issues like miscommunication and tool complexity.","Moving to GitLab's Agile approach allows software development teams to integrate Agile frameworks seamlessly within a DevSecOps platform for a more streamlined and collaborative environment.","When software development teams want to increase efficiencies that lead to results and deliver greater customer satisfaction, they often turn to Agile methods. The Agile planning process focuses on continuous delivery of value, enabling development teams to be flexible as projects change and prioritize the use of customer feedback to drive decisions. Self-organizing teams use this approach to software development to simplify workflows, improve collaboration and visibility, boost customer satisfaction, and automate the time spent on configuration and maintenance.\n\nAgile project planning is leveraged across industries, including:\n\n- __Government agencies__: The Agile methodology is a critical component of the Authorization to Operate (ATO) (FedRAMP) journey in federal entities, which is a process used to evaluate new products and manage risk.\n- __Financial services__: Agile teams support this heavily regulated industry by breaking down large compliance projects into individual tasks, helping teams identify vulnerabilities earlier in development cycles.\n- __Technology__: A flexible approach helps tech companies quickly adapt in a fast-paced industry, enabling project teams to build secure software faster and achieve their business goals.\n\nHowever, traditional Agile platforms, such as Jira, are limited to project and issue management and are not fully integrated into the software development lifecycle (SDLC). These unconnected project management tools can lead to a variety of challenges, such as a complex toolchain, technical debt, excessive onboarding time, and a lack of visibility across Agile teams.\n\nGitLab's 2024 Global DevSecOps Report, a survey of over 5,000 DevSecOps professionals, revealed that:\n\n- 64% of respondents want to consolidate their toolchain\n- 42% of respondents (who also use AI tools) use 6-10 tools in their software development process\n- 26% of respondents said it takes up to 2 months to onboard\n\nWhile a unified DevSecOps and Agile platform will not solve these challenges alone, it will bring development teams, security, and operations together under shared project goals, reducing complexity and helping teams achieve faster delivery of key features to customers.\n\n## Challenges with traditional project management methodologies\nSince traditional Agile platforms are not fully integrated into the SDLC and lack support for iterative process management, the disparate tools lead to various problems, including:\n\n__Lack of transparency__: Separate tools for planning and deployment cause silos in reporting and limit visibility, especially for self-organizing teams managing their sprint backlog. The lack of visibility leads to compliance setbacks and affects future iterations.\n\n__Miscommunication__: When access to all tools is limited, development teams do not have the necessary insights they need to make informed decisions about their development cycles and upcoming sprints.\n\n__Tool complexity__: With additional plugins and integrations required, the level of complexity increases, creating repetitive tasks and slowing down the onboarding time for new software developers and overall time to market. This makes it difficult to maintain continuous feedback loops and effective customer collaboration.\n\n__Too many licenses__: Multiple tools for planning and deployment lead to context switching to keep projects on track. Having project teams work in a centralized platform is beneficial to increase efficiency and effectiveness, especially for daily standups and sprint planning.\n\n__Administrative burdens__: While customization can be helpful to implement plugins and integrations, the greater the number of customizations, the greater the technical debt - meaning more manual management is required to maintain user experience and workflow efficiency.\n\n__Version control and security patching__: The more configurations, the more patches are needed to prevent security issues. New versions or upgrades require regression testing, impacting integrations with other tools, and even bringing projects to a standstill.\n\nA DevSecOps platform allows Agile teams to deliver software faster in line with business goals by bringing the entire project team together in a single application, fostering more effective collaboration and streamlining workflows through proven Agile methods.\n\nRead the full ebook to explore how GitLab creates a streamlined Agile approach, and learn strategies to help you transition to Agile practices with ease.","navigating-a-smooth-transition-to-agile-planning","content:en-us:the-source:platform:navigating-a-smooth-transition-to-agile-planning.yml","en-us/the-source/platform/navigating-a-smooth-transition-to-agile-planning.yml","en-us/the-source/platform/navigating-a-smooth-transition-to-agile-planning",{"_path":1180,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1181,"seo":1182,"content":1186,"type":522,"slug":1209,"category":28,"_id":1210,"_type":30,"title":1183,"_source":31,"_file":1211,"_stem":1212,"_extension":34,"date":1187,"description":1184,"timeToRead":770,"heroImage":1185,"keyTakeaways":1188,"articleBody":1192,"faq":1193},"/en-us/the-source/platform/finops-balancing-financial-responsibility-and-innovation",{"layout":5,"template":524,"author":839,"featured":6,"sourceCTA":957,"isHighlighted":6,"authorName":507},{"title":1183,"description":1184,"ogImage":1185},"FinOps: Balancing financial responsibility and innovation","Explore how FinOps harmonizes financial accountability with business objectives, promoting cost-effective innovation in modern enterprises.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463866/i27a3wecdhplvd9wbxqr.png",{"title":1183,"date":1187,"description":1184,"timeToRead":770,"heroImage":1185,"keyTakeaways":1188,"articleBody":1192,"faq":1193},"2024-11-26",[1189,1190,1191],"FinOps fosters collaboration between finance, engineering, and business teams, aligning cloud investments with strategic business goals for maximum value.","By enhancing financial transparency, FinOps empowers organizations to make swift, data-driven decisions that reduce cloud costs.","Implementing FinOps creates a balance between innovation and cloud cost management, easing tension between product development and operations teams.","When cloud spending grows alongside your engineering teams, a painful trade-off often emerges: push developers to ship faster, or rein in escalating costs. But imagine boosting developer productivity by 30% while slashing project costs by 25%. That might sound impossible, yet it’s a realistic goal for organizations that adopt FinOps (Financial Operations) - a data-driven approach that applies DevOps principles and practices to optimize the costs associated with people, process, and technology across the software development lifecycle.\n\nI’ve seen firsthand how FinOps transforms organizations by bringing financial clarity to every aspect of software development. I recently met with the DevOps team at an insurance company that is beginning its FinOps journey. Early discussions included determining basic measurements such as cloud spend and identifying other revenue-driving, cost-reducing metrics through value stream management. These conversations are critical for FinOps practitioners to evaluate how teams and resources are organized and allocated, and which processes and tools may be implemented to drive change.\n\nFrom team structures to development processes to technology choices, this visibility helps leaders optimize investments across their entire operation. By bringing together finance, product, and engineering teams, FinOps enables CFOs, CPOs, and CTOs to make informed decisions - improving efficiency across the business.\n\nImproving efficiency and optimizing costs isn’t just a technical challenge - it’s also a strategic business imperative, especially as organizations invest more money in the cloud. FinOps brings necessary financial accountability to the cloud’s variable spend model. Let’s walk through the benefits of FinOps frameworks and how you can begin incorporating FinOps methodologies into your operational workflows.\n\n## What is FinOps?\nFinOps, short for Financial Operations, succeeds by transforming how finance, engineering, technology, and business teams operate. Through real-time data and analytics, teams gain immediate visibility into how they are using resources (such as cloud resources) and can take action before costs escalate. This proactive approach to financial accountability enables quick informed decisions about resource allocation, leading to measurable cost savings.\n\nAt its core, FinOps is a cultural practice that makes this transformation sustainable. By establishing clear processes and shared metrics, teams ensure their daily technology decisions support broader business objectives.\n\n## Why is FinOps so popular right now?\nAs many companies focus on generative AI and developer productivity, they need guardrails, such as automated workflows and reusable templates, on the delivery side of the equation to ensure [paved pathways](https://about.gitlab.com/the-source/platform/driving-business-results-with-platform-engineering/) are adopted. This becomes essential for organizations that are modernizing their applications and scaling cloud architectures in production.\n\nThe challenge intensifies when managing non-production costs, such as continuous integration (CI) costs. Companies that have adopted a data-driven approach can gain deep visibility into their CI costs. They can see the financial implications of scaling CI horizontally or vertically across different processor architectures. By implementing standards like ephemeral testing environments, they ensure code quality and security while optimizing spending.\n\nProduct owners, who normally own the budget for a product line, can also work with IT teams and engineering leads to provide transparency metrics. This collaboration allows leaders to roll up budget projections across multiple services and ensure that infrastructure resources are being leveraged at their optimal capacity. The result: finance teams can finally see which applications generate the most investment return.\n\n## Bridging technical and financial domains\nCreating a FinOps model can involve both a carrot and stick approach. The carrot approach fosters a more collaborative and transparent environment. The stick approach, on the other hand - for example, reprimanding development teams for overspending - most often leads to a breakdown in processes. You want FinOps to account for what developers need to do their work and how it impacts the company’s bottom line, not just monitor their use of cloud resources.\n\nI recently met with a major airline that was spending close to $5 million a year on CI runner fleets. Security scans, dependency scans, and token scanning all ran inside these runner fleets. They could have skipped the security step to reduce their spend, but the [potential for security issues](https://about.gitlab.com/the-source/security/how-to-strengthen-security-by-applying-devsecops-principles/) was a much bigger concern than spending the money on the runner fleets. Instead of skipping the security step, the company needed to identify ways to make their runner fleets as a whole more efficient to reduce their spend _and_ encourage developers to experiment and innovate.\n\nA successful FinOps program does not require a centralized team of full-time FinOps professionals. FinOps serves as a strategic liaison among cross-functional teams such as finance, product, and engineering. A typical FinOps program includes various job roles and functions, such as a CTO or VP of Engineering, a finance leader, and one or more engineering leaders who regularly collaborate to evaluate issues, identify new efficiency opportunities, and build remediation plans.\n\nAligning technical operations with financial objectives helps ensure that cloud infrastructure and software development investments yield the highest possible return. This can demonstrate to DevSecOps teams how their work contributes directly to increasing revenue, how they may be able to reduce costs, or both.\n\n## Smart financial control in developer workflows\nFinOps monitors resource consumption from both a user and operational standpoint to help optimize developer workflows. One way to accomplish this is to analyze CI jobs and identify which ones cost more than their value justifies. Every software development pipeline contains multiple jobs, each requiring an execution resource like a virtual machine (VM) or container. The longer each job takes to execute, the higher the cost. FinOps helps developers understand which jobs are performing poorly so they know which ones they need to refactor.\n\nThis creates a self-service model that frees technology teams to work within clear guidelines. For example, a policy might prohibit someone from provisioning $100,000 worth of resources on AWS, but they can spin up an EC2 image to conduct testing. However, if they can justify why they need to provision $100,000 worth of resources, they can submit a request explaining how the project will potentially generate revenue for the company. If approved, they can begin their work.\n\nHowever, I want to reassure DevSecOps professionals that FinOps isn't about restricting innovation through monitoring. Instead, it provides full visibility into your organization’s cloud usage and spending, helping teams identify opportunities to improve cloud productivity. In addition to fostering collaboration among finance, technology, and business teams, FinOps analyzes usage patterns and forecasts demand to anticipate whether resources need to be scaled up or down to meet future needs before overspending occurs.\n\n## Easing the tension\nThere’s a constant tug-of-war between engineering and operations teams. Engineering’s mission is to drive innovation that generates new revenue streams while creating great customer experiences. The operations team focuses on maximizing productivity while saving money. FinOps eases the tension between these groups by increasing developer productivity while reducing wasteful spending - aligning technical efficiency with financial prudence.\n\nFinOps helps business leaders think in precise numbers, not subjective costs. It’s imperative to approach software development with a clear understanding of its financial impact on the organization to make informed decisions on project continuance based on two key criteria: will the project increase revenue or reduce costs?\n\nAt its core, FinOps isn’t just about cutting cloud costs; it’s also about optimizing the entire software development lifecycle and making continuous improvements. The goal is to help engineers and operations consider financial effectiveness alongside technical innovation so they understand how their work maps to boosting the organization’s bottom line.\n\n_Read more about FinOps on the [FinOps Foundation website](https://www.finops.org/introduction/what-is-finops/)._",[1194,1197,1200,1203,1206],{"header":1195,"content":1196},"What are the key benefits of adopting FinOps?","Adopting FinOps leads to cost savings, improved resource allocation, and better cross-team collaboration. Organizations gain financial transparency, allowing them to scale cloud services efficiently, reduce waste, and ensure that every technology investment supports business growth and profitability.",{"header":1198,"content":1199},"How does FinOps align financial objectives with DevSecOps?","FinOps helps DevSecOps teams balance security and efficiency by ensuring that cost-saving measures do not compromise essential security processes. Instead of cutting security scans to save money, organizations use FinOps to optimize infrastructure, making security operations more cost-effective while maintaining compliance.",{"header":1201,"content":1202},"Why is FinOps important?","FinOps, short for Financial Operations, is a framework that helps organizations balance financial accountability with innovation by optimizing cloud spending and software development costs. It enables teams to make data-driven financial decisions while maintaining agility, improving collaboration between finance, engineering, and product teams.",{"header":1204,"content":1205},"What role do engineering teams play in a FinOps strategy?","Engineering teams are crucial in FinOps, as they make decisions that directly impact cloud costs. FinOps encourages developers to take ownership of cost efficiency by monitoring resource consumption, refactoring inefficient CI jobs, and leveraging automation to optimize deployments. The goal is to foster a culture where financial awareness becomes a natural part of development.",{"header":1207,"content":1208},"How does FinOps improve cloud cost management?","FinOps provides real-time visibility into cloud spending, allowing organizations to track resource utilization and prevent unnecessary costs. By integrating financial insights into DevOps workflows, companies can identify inefficiencies, optimize continuous integration (CI) costs, and ensure that infrastructure investments deliver maximum value.","finops-balancing-financial-responsibility-and-innovation","content:en-us:the-source:platform:finops-balancing-financial-responsibility-and-innovation.yml","en-us/the-source/platform/finops-balancing-financial-responsibility-and-innovation.yml","en-us/the-source/platform/finops-balancing-financial-responsibility-and-innovation",{"_path":1214,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1215,"seo":1217,"content":1221,"type":522,"slug":1241,"category":28,"_id":1242,"_type":30,"title":1218,"_source":31,"_file":1243,"_stem":1244,"_extension":34,"date":1222,"description":1219,"timeToRead":692,"heroImage":1220,"keyTakeaways":1223,"articleBody":1227,"faq":1228},"/en-us/the-source/platform/driving-business-results-with-platform-engineering",{"layout":5,"template":524,"author":916,"featured":6,"sourceCTA":1216,"isHighlighted":6,"authorName":487},"gitlab-2024-global-devsecops-report",{"title":1218,"description":1219,"ogImage":1220},"Driving business results with platform engineering","Platform engineering accelerates time to market, reduces security risk, and improves developer experience. Learn how to set your DevOps team up for success.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463790/xmrjm5ztb49zx5bggima.png",{"title":1218,"date":1222,"description":1219,"timeToRead":692,"heroImage":1220,"keyTakeaways":1223,"articleBody":1227,"faq":1228},"2024-10-29",[1224,1225,1226],"Platform engineering is emerging as a key strategy in modern software development to help businesses do more with less.","The benefits of platform engineering include improved efficiency, faster time to market, reduced security and compliance risk, improved software quality, and better developer experience.","Establishing a product-oriented culture and setting clear business goals are critical for success in platform engineering.","Platform engineering, which centralizes best practices and components for software development teams, is gaining prominence as DevSecOps practices and frameworks become increasingly embedded across organizations. The goal of platform engineering is to normalize and standardize developer workflows by providing developers with optimized “golden paths” for most of their workloads and flexibility to define exceptions for the rest.\n\nGartner® predicts that “by 2026, 80% of large software engineering organizations will establish platform engineering teams as internal providers of reusable services, components, and tools for application delivery, up from 45% in 2022” [1]. Platform engineering allows organizations - especially larger organizations with many engineering initiatives happening in parallel - to scale DevSecOps principles and tooling more easily. This approach is incredibly important when businesses are pressured to do more with less.\n\n## Key benefits of platform engineering\n**Increase speed to market:** Platform engineering promises to help organizations deliver better-quality software faster and more cost-efficiently. Building a platform engineering team will pay off over the long term, enabling large organizations to achieve faster release cycles with less tooling, resulting in significant cost savings.\n\n**Reduce security and compliance risks:**  By reducing tool sprawl and creating more normalized workflows, organizations can reduce compliance overhead and their potential attack surface. According to [IBM’s Cost of a Data Breach Report](https://www.ibm.com/reports/data-breach), the global average data breach cost in 2023 was $4.45 million. Still, organizations that managed their attack surface effectively could contain breaches faster.\n\n**Improve developer experience:** [DevEx](https://about.gitlab.com/developer-experience/) is a growing priority, with companies competing to attract and keep the best developer talent. Platform engineering teams can help improve the developer experience by building efficient, automated workflows or golden paths and lifting some repetitive tasks from developers’ workloads. This improves developer productivity and simplifies their day-to-day, allowing them to efficiently build, test, and deploy applications and focus on more impactful, business-critical work.\n\n## Platform engineering best practices\n\n### Start with the culture\nIf “platform” describes what we should build, then “engineering” describes how it should be built. Too many organizations leap into buying and installing technology without considering how they’ll need to evolve their organizational culture to make platform adoption a success.\n\nPlatform engineers should consider themselves product owners, with software developers as their customers. They should conduct discovery to understand developers’ needs and then reach out to end users to help them become successful with the resources provided. This requires internal marketing, communication, and customer support skills, which are often lacking in technical teams.\n\nThe key here is a product-oriented mindset and culture, which allows platform teams to focus on creating value for their end users (developers) by listening to user feedback and continuously iterating and improving their product (the internal developer platform). Leaders should create a collaborative environment where team members feel empowered to seek ways to help their specific (internal) customers. They’ll be focused on making it as easy as possible for people to consume their services - likely through self-service tools or programmable APIs.\n\n### Stay focused on delivering business value\nWhen starting a platform engineering initiative, organizations may be tempted to look at highly productive teams and copy what they do. Unfortunately, there’s often too much initial emphasis on the team's structure or the tools it uses. These are often the results of a highly productive team, not the cause. Instead of team structure and tools, leaders should focus on the business outcomes they want to see and then identify the right tools and team structures to achieve those goals.\n\nDefine the goal of your platform engineering practice in terms of business impact. Developing software faster is great - but why? What business goal does it serve?\n\nIncreasing speed and agility, for instance, is a common objective - but there could be several business goals behind it. Slow time to market has an obvious opportunity cost, as organizations must make difficult choices about what products to prioritize. Organizations that can move more quickly are also better equipped to respond to fast-moving markets. And there are security implications - organizations must know they can respond quickly and efficiently if a security incident occurs.\n\nCommon productivity and efficiency metrics are helpful, but leaders should try translating those metrics into dollar values to clarify the business value. For example, suppose a platform engineering effort reduces the time a new developer takes to perform their first commitment to production. In that case, the organization is saving a certain percentage of that developer’s year-one salary and part of the salary of those around them who are helping them onboard. The organization will also likely increase retention, reducing the need for expensive hiring (including advertising, recruiters, and lengthy interview cycles).\n\nLeaders can optimize platform engineering initiatives by staying laser-focused on business value to drive the right results.\n\n### Keep it measurable\nIt’s important to have metrics that help track the platform team’s progress and understand how developers are using (or not using) the services provided. This allows for continuous improvement, identifies areas of success or need for additional resources, and helps with internal marketing efforts.\n\nSome potential metrics to consider include:\n\n- **Adoption rate:** How many developers are actively using the platform?\n\n- **Time to value:** How long does it take for a new developer to start delivering code on the platform?\n\n- **Community engagement:** What percentage of components within the platform were provided by the community? (For example, when a team develops a new CI job that could benefit others, do they share it with the platform team for broader application and maintenance?)\n\n### Build for everyone\nThe early adopters of a developer platform might be the most visible (and vocal) early in the process. However, remember that early adopters - who typically make up less than 20% of an organization - may have very different needs than most users who will eventually leverage the platform. As you define the golden paths that make sense for your organization, ensure you’re building for the majority, not just early adopters.\n\nOne common golden path worth investing in early is an end-to-end continuous integration and continuous delivery (CI/CD) pipeline supporting a particular type of workload on one set of target platforms (such as Kubernetes). Once this base workload is supported, it provides a strong foundation for others and confidence that the platform can deliver value. Define your organization’s priority golden paths regarding the business outcomes they enable.\n\n## The DevSecOps platform: A foundation for platform engineering\nA DevSecOps platform provides one user interface, a unified data store, and security embedded within the DevSecOps lifecycle. With a DevSecOps platform, organizations can build a foundation for platform engineering with workflows-as-a-service for the entire software development process.\n\nHere are a few critical elements of a DevSecOps platform that set teams up for success with platform engineering:\n\n- **Planning and collaboration:** Platform engineering won’t work without transparency. [Bringing everyone into the same platform](/solutions/agile-delivery/) streamlines communication fosters collaboration between teams - enabling more efficient planning, building, testing, securing, deployment, and monitoring of code.\n\n- **CI/CD and orchestration:** Orchestration sits at the heart of platform engineering. A platform helps developers [check code quality and get it to production](/solutions/continuous-integration/). It also provides a templating mechanism to ensure common best practices are baked in, and every change goes through a consistent quality process.\n\n- **Developer experience:** DevEx is all about simplifying developers’ day-to-day by automating repetitive tasks and abstracting away unnecessary decisions. With a DevSecOps platform, all code is in a single place, making it easier for developers to find what they need with minimal context switching. In addition, providing developers with reusable tools and templates and AI-powered features such as code suggestions and code explanations removes obstacles so developers can onboard quickly and start creating value immediately.\n\n- **Integrated security:** With a DevSecOps platform, [automated security scanning](https://about.gitlab.com/solutions/application-security-testing/) ensures that all code meets a baseline policy - and, more importantly, developers have self-service access to that data. They're not waiting until the day of a production rollout to find out that the security team has found a critical vulnerability.\n\n- **Metrics and analytics:** For a platform engineering initiative to be successful, organizations need to identify the business goals behind the project and be able to monitor their progress towards those goals. [Dashboards and analytics that pull data from across the software development lifecycle](https://about.gitlab.com/solutions/value-stream-management/) enable organizations to easily track key metrics, assess the impact of process improvements, and drill down into roadblocks. That empowers leaders to quickly identify trends and bottlenecks so they can focus efforts on at-risk projects.\n\n[Learn more](https://about.gitlab.com/solutions/platform-engineering/) about how GitLab can support your platform engineering journey by providing DevSecOps teams with a single self-service portal for standardized tools and workflows - reducing cognitive overload and making software delivery more scalable.\n\n*[1] Gartner, Top Strategic Technology Trends for 2024, Bart Willemsen, Gary Olliffe, and Arun Chandrasekaran, 16 October 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.*",[1229,1232,1235,1238],{"header":1230,"content":1231},"How does platform engineering improve developer productivity?","Platform engineering creates streamlined workflows, known as \"golden paths,\" that automate repetitive tasks and simplify decision-making for developers. By reducing complexity and improving self-service access to tools, developers can focus on innovation, coding, and business-critical work.",{"header":1233,"content":1234},"What key metrics should organizations track for platform engineering success?","Organizations should measure platform adoption rates, time to value for new developers, community engagement in contributing platform components, and overall impact on software delivery speed and quality. Tracking these metrics helps optimize platform performance and drive business results.",{"header":1236,"content":1237},"What is platform engineering, and why is it important?","Platform engineering centralizes best practices, tools, and workflows to improve developer efficiency and standardize software development. It helps organizations accelerate time to market, enhance security, and improve developer experience by providing optimized workflows and reducing toolchain complexity.",{"header":1239,"content":1240},"How does platform engineering enhance security and compliance?","By embedding security policies, automated scanning, and compliance frameworks directly into the software development platform, platform engineering ensures that security is consistently enforced across all applications. This reduces risk exposure and prevents vulnerabilities from reaching production.","driving-business-results-with-platform-engineering","content:en-us:the-source:platform:driving-business-results-with-platform-engineering.yml","en-us/the-source/platform/driving-business-results-with-platform-engineering.yml","en-us/the-source/platform/driving-business-results-with-platform-engineering",{"_path":1246,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1247,"seo":1249,"content":1251,"type":597,"slug":1258,"category":28,"_id":1259,"_type":30,"title":445,"_source":31,"_file":1260,"_stem":1261,"_extension":34,"date":1252,"description":446,"heroImage":1250,"keyTakeaways":1253,"articleBody":1257},"/en-us/the-source/platform/building-a-resilient-software-development-practice",{"layout":5,"template":524,"featured":6,"gatedAsset":1248,"isHighlighted":6,"authorName":-1},"pf-building-a-resilient-software-development-practice",{"title":445,"description":446,"ogImage":1250},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464340/jyxyhztk4eiinwouuo7t.png",{"title":445,"date":1252,"description":446,"heroImage":1250,"keyTakeaways":1253,"articleBody":1257},"2024-09-01",[1254,1255,1256],"Standardizing on a single platform for the entire software development lifecycle is key for making your software more cost efficient, agile, secure, scalable, and future-proof.","Shifting application security to earlier in the software development process reduces security vulnerabilities, ensures compliance, and builds trust with customers, partners, and stakeholders.","Empowering teams with clear goals, effective communication, and a culture of trust and autonomy boosts productivity, quality, employee satisfaction, and innovation.","In the rapidly evolving world of software development, enterprise leaders face a critical challenge: how to guide their teams to meet today’s business demands and adapt to tomorrow’s uncertainties. This guide presents a strategic approach to implementing a standardized software development process, ensuring systems are secure by design, and empowering high-performing teams to lead by example.\n\nThese three pillars form the foundation of a resilient software development practice that can thrive in an ever-changing environment.\n\n## The challenge of modern software development\nSoftware development is the lifeblood of modern enterprises. The decisions made by technical leaders today will echo through their organizations for years, influencing customer satisfaction, employee productivity, and overall business success. However, the landscape is constantly shifting. Applications must be updated or re-architected, open-source libraries evolve, and new cyber threats emerge daily. Disruptive innovations, like artificial intelligence, can fundamentally change the game overnight.\n\nIn this dynamic environment, software engineering, security, and operations teams have a dual mandate: deliver high-quality software quickly and regularly while maintaining robust security across every surface of the technology stack. This balancing act is crucial yet challenging. The solution lies in creating resilient software systems and software development standards that can withstand and even be responsive to the inevitability of change.\n\n## Three strategic pillars for sustainable success\nGitLab has worked with thousands of organizations to help overcome these challenges. From our experience, we’ve identified three key strategies that successful software development teams consistently employ:\n\n- **Standardizing a software development platform**: By creating a unified, efficient development environment where all teams can collaborate seamlessly, organizations can reduce complexity, improve code quality, and align all teams with the broader business objectives.\n- **Shifting security to earlier in the development process**: By building application security policies and tooling directly into the software development platform, organizations can ensure every application benefits from the same consistent set of guardrails, thereby enhancing protection against potential threats.\n- **Empowering high-performing teams**: High-performing teams are better equipped to handle the complexities of modern software development and are more likely to produce high-quality software that meets current and future needs.\n\nThese are not isolated tactics; they are interdependent strategies that, when combined, create a culture of resilience and a powerful framework for sustainable software development.\n\nIn this guide, we’ll unpack each one, explaining the benefits and high-level steps to implement each pillar in your organization. Finally, we’ll show how these pillars transform your software development team with a real-world case study.","building-a-resilient-software-development-practice","content:en-us:the-source:platform:building-a-resilient-software-development-practice.yml","en-us/the-source/platform/building-a-resilient-software-development-practice.yml","en-us/the-source/platform/building-a-resilient-software-development-practice",{"_path":1263,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1264,"seo":1266,"content":1270,"type":522,"slug":1293,"category":28,"_id":1294,"_type":30,"title":1267,"_source":31,"_file":1295,"_stem":1296,"_extension":34,"date":1271,"description":1268,"timeToRead":770,"heroImage":1269,"keyTakeaways":1272,"articleBody":1276,"faq":1277},"/en-us/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey",{"layout":5,"template":524,"author":1265,"featured":6,"sourceCTA":1216,"isHighlighted":6,"authorName":490},"dave-steer",{"title":1267,"description":1268,"ogImage":1269},"3 surprising findings from our 2024 Global DevSecOps Survey","This year, our survey revealed changes in organizations' investment priorities in the wake of AI — and how AI is shaping the way teams work.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464453/vepnkkbnjxdarswtxkga.png",{"title":1267,"date":1271,"description":1268,"timeToRead":770,"heroImage":1269,"keyTakeaways":1272,"articleBody":1276,"faq":1277},"2024-06-25",[1273,1274,1275],"AI highlights toolchain complexity, pushing for consolidation to improve DevSecOps efficiency.","AI accelerates onboarding but raises concerns about job security and role evolution.","Cloud computing becomes essential, though investment priorities shift toward AI.","This year’s [survey of more than 5,000 DevSecOps professionals worldwide](https://about.gitlab.com/developer-survey/) suggests that as organizations adopt new technologies such as AI, they're reevaluating investment priorities and looking more critically at how they can improve the developer experience. Here's a look at three of the more surprising results from this year's survey, and what they could mean for software development, operations, and security teams in 2024 and beyond.\n\n## 1. AI shines a light on cumbersome toolchains\n\nThis year, we looked specifically at how AI might impact DevSecOps teams’ attitudes toward their existing toolchains, and the findings were somewhat surprising. We know AI can help teams simplify software development, but our survey showed that respondents currently using AI might be more frustrated with their toolchains than those not using AI.\n\nNearly three-quarters (74%) of respondents whose organizations are currently using AI for software development said they wanted to consolidate their toolchain, compared to 57% of those who aren’t using AI. However, there wasn’t a significant difference between the two groups in the number of tools respondents reported using. In other words, respondents currently using AI weren’t using more tools but still felt a stronger need to consolidate their toolchain.\n\nWhy would AI accelerate the desire to consolidate? One explanation could be that different point solutions running different AI models create unmanageable (and unmeasurable) chaos in the software development lifecycle - and that is shedding new light on organizations’ already cumbersome and counterproductive toolchains. As organizations increase their AI investments, there will be a greater need to improve efficiency by consolidating and simplifying toolchain sprawl. Teams get more value from AI when toolchains are smaller, making integrating AI across the entire software development lifecycle easier.\n\nOne survey respondent identified “too many tools (including AI tools) and context switching” as the biggest challenges in software development in 2024, while another pointed to the “complexity of fragmented landscape of tools across the board.”\n\nAnother respondent highlighted AI’s opportunities to help teams address toolchain challenges: “AI is growing fast, and our current toolchain can be massively improved with AI integrations. We need to train team members better, so they know how to use AI effectively in their daily work.”\n\n## 2. AI speeds up developer onboarding - but organizations still have concerns\n\nAlong with the increase in the number of tools teams use, we noted a significant increase in developer onboarding times in this year’s survey. In 2024, 70% of respondents told us it takes developers in their organization more than a month to onboard and become productive, up from 66% in 2023.\n\nWhile it’s not surprising that AI-powered [chat assistants](https://about.gitlab.com/blog/gitlab-duo-chat-now-generally-available/) and [code suggestions](https://about.gitlab.com/blog/top-tips-for-efficient-ai-powered-code-suggestions-with-gitlab-duo/), can help developers onboard faster, the effect we observed in our survey was dramatic: Respondents who use AI for software development were much more likely to say that developer onboarding typically takes less than a month.\n\nDespite AI’s clear benefits for developer experience, respondents expressed several concerns about its rapid adoption. Over half (55%) of respondents said introducing AI into the software development lifecycle is risky, and 49% said they fear AI will replace their current role within the next five years.\n\nRachel Stephens, senior analyst at industry analyst firm RedMonk, shared her perspective on these findings: “There is a component of psychological safety and team culture that impacts how people feel about AI. Individuals may be concerned about the security or privacy implications of AI, but their sense of unpreparedness may also stem from a feeling that AI has personal risk to their livelihoods.”\n\nOur take is that the value of AI lies in its ability to automate repetitive tasks and behind-the-scenes optimization, empowering teams to focus on high-level problem-solving, innovation, and value creation. It’s about supplementing - not replacing - the human element of software development. One survey respondent summed this up as follows: “Fostering and maintaining creativity while leaning into AI is a challenge we face. We must remember that AI is simply one tool creative people use to cut out the junk that would otherwise impede productivity. It doesn’t replace human creativity.”\n\n## 3. The cloud becomes table stakes\n\nIn our survey, cloud computing has consistently ranked as a top IT investment priority over the past several years. In 2022, cloud computing ranked number two, after security, and in 2023 it took the top spot - not surprising, given increased pressure on organizations to undergo [digital transformation](https://about.gitlab.com/blog/lockheed-martin-aws-gitlab/).\n\nIn 2024, though, cloud computing saw a sharp decrease, ranking at number five. However, at the same time, it’s clear that the cloud continues to be important. In fact, we saw a significant increase in the number of respondents who said they are running 50% or more of their apps in the cloud. This suggests that while the cloud is still mission-critical for many businesses, it’s now “table stakes” - and at the same time, the list of priorities for technical teams and IT leaders continues to grow.\n\nAccording to RedMonk’s Stephens, “We are in a cash-constrained financial environment, and people are having to make prioritization decisions between technology investments - meaning organizations could be reallocating some, but not all, of their digital transformation budgets to things like AI.”\n",[1278,1281,1284,1287,1290],{"header":1279,"content":1280},"How is AI influencing DevSecOps toolchains?","AI is highlighting inefficiencies in DevSecOps toolchains, leading to a stronger desire for consolidation. According to GitLab's 2024 Global DevSecOps Survey, 74% of AI users want to streamline their toolchains to reduce complexity, minimize context switching, and improve workflow integration.",{"header":1282,"content":1283},"Why is cloud computing considered \"table stakes\" in 2024?","Cloud computing has become a standard infrastructure component rather than a top investment priority. While its ranking in IT investment dropped, more organizations are now running 50% or more of their applications in the cloud, meaning it's still an essential part of modern DevOps.",{"header":1285,"content":1286},"What are the biggest concerns about AI adoption in software development?","Despite AI’s benefits, 55% of survey respondents say that adopting AI is risky, and 49% fear AI could replace their jobs within five years. Concerns include security risks, privacy issues, and job displacement, highlighting the need for responsible AI implementation.",{"header":1288,"content":1289},"Does AI speed up developer onboarding?","Yes, AI-powered tools like code suggestions and AI chat assistants help developers onboard faster. GitLab's survey found that organizations using AI are more likely to onboard new developers in less than a month, compared to those not using AI.",{"header":1291,"content":1292},"How can organizations balance AI adoption with developer creativity?","To successfully integrate AI, organizations should use it to automate repetitive tasks while maintaining a culture that values human creativity and problem-solving. AI should supplement, not replace, developers by enhancing productivity and freeing up time for innovation.","3-surprising-findings-from-our-2024-global-devsecops-survey","content:en-us:the-source:platform:3-surprising-findings-from-our-2024-global-devsecops-survey.yml","en-us/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey.yml","en-us/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey",{"_path":1298,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1299,"seo":1301,"content":1305,"type":597,"slug":1312,"category":28,"_id":1313,"_type":30,"title":1302,"_source":31,"_file":1314,"_stem":1315,"_extension":34,"date":1306,"description":1303,"heroImage":1304,"keyTakeaways":1307,"articleBody":1311},"/en-us/the-source/platform/whats-next-in-devsecops-for-financial-services",{"layout":5,"template":524,"featured":6,"gatedAsset":1300,"isHighlighted":6,"authorName":-1},"pf-whats-next-in-devsecops-for-financial-services",{"title":1302,"description":1303,"ogImage":1304},"What’s next in DevSecOps for financial services","Explore trends for financial services providers in AI, automation, secure software releases, and more.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464218/yusqfi2s6j0uyskwxkqf.png",{"title":1302,"date":1306,"description":1303,"heroImage":1304,"keyTakeaways":1307,"articleBody":1311},"2024-06-01",[1308,1309,1310],"The financial services industry is placing a high emphasis on cyber security, AI, and automation in their IT investments for 2024, with plans to close the AI adoption gap.","Developers in financial services show interest in engaging with automation, collaboration, and flexible work conditions to enhance productivity and job satisfaction.","Financial services organizations face hurdles in hiring and retaining developers despite leading in frequent deployments, indicating a need for improved IT operations integration and AI support.","It’s clear from our survey of more than 5,000 DevSecOps professionals that artificial intelligence (AI), security, and automation are top of mind for organizations across the board. But what about financial institutions? This industry has some unique challenges and needs - including staying on top of ever-changing regulations, protecting sensitive data, maintaining customer trust, managing legacy systems, attracting and retaining top engineering talent, and undergoing digital transformation - that could make their progress and priorities a bit different.\n\nWe analyzed 770 survey responses from development, operations, and security teams at financial services organizations.\n\nAccording to our survey, financial services companies are a little behind in adopting AI in the software development lifecycle compared to other industries.\n\n> #### Only 34% of respondents in financial services said they were currently using AI in software development, compared to 39% of respondents across all industries.\n\nHowever, they're planning to nearly close that gap. More than three-quarters (76%) of financial services respondents are currently using AI or plan to in the next two years, similar to what we observed across all industries (78%). Is there anything that may be preventing deeper adoption of AI in financial services?\n\nThree key challenges stood out in our survey. Respondents in financial services who have used AI in software development said the top obstacles they face are a lack of knowledge about AI, concerns around privacy and data security, and a lack of skills needed to use AI.\n\nRead the full report for more in-depth analysis on how financial services companies are keeping up with cybersecurity threats, customer demands, AI advancements, and more.","whats-next-in-devsecops-for-financial-services","content:en-us:the-source:platform:whats-next-in-devsecops-for-financial-services.yml","en-us/the-source/platform/whats-next-in-devsecops-for-financial-services.yml","en-us/the-source/platform/whats-next-in-devsecops-for-financial-services",{"_path":1317,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1318,"seo":1320,"content":1324,"type":597,"slug":1330,"category":28,"_id":1331,"_type":30,"title":1321,"_source":31,"_file":1332,"_stem":1333,"_extension":34,"date":1306,"description":1322,"heroImage":1323,"keyTakeaways":1325,"articleBody":1329},"/en-us/the-source/platform/whats-next-in-devsecops-for-public-sector",{"layout":5,"template":524,"featured":6,"gatedAsset":1319,"isHighlighted":6,"authorName":-1},"pf-whats-next-in-devsecops-for-the-public-sector",{"title":1321,"description":1322,"ogImage":1323},"What’s next in DevSecOps for the public sector","Explore DevSecOps trends in the public sector, from AI adoption to security investments and beyond.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464369/jtewouwobqdxjd59u9vg.png",{"title":1321,"date":1306,"description":1322,"heroImage":1323,"keyTakeaways":1325,"articleBody":1329},[1326,1327,1328],"The public sector is focusing IT investments on security, AI, and DevSecOps platforms in 2024.","Europe is at the forefront of AI adoption in software development, prioritizing AI integration across all stages of software development lifecycle.","Onboarding developers, ensuring supply chain security, and enhancing application security practices are the key challenges faced by the public sector.","[Gated asset] It’s clear from our 2024 Global DevSecOps Survey of more than 5,000 DevSecOps professionals that artificial intelligence (AI), security, and automation are top of mind for organizations across the board. But what about the public sector? This industry has some unique challenges and requirements - from countering cybersecurity threats to maintaining compliance and accelerating software delivery - that could make their progress and priorities a bit different.\n\nWe analyzed the 687 survey responses from development, security, and operations professionals in the public sector (defined in our survey as government, aerospace, and defense organizations).\n\nAccording to our survey, the public sector as a whole is currently using AI in the software development lifecycle more than their peers in other key industries, including financial services, telecommunications, and software/computer hardware. But this doesn’t tell the whole story.\n\nAI usage in the public sector varies substantially by geographic region. In North America, 38% of respondents said their organization is currently using AI for software development. This is similar to what we found for all respondents across industries and regions (39%), but lower than their public sector peers in other regions. Many are planning to start using AI, though. Three-quarters (75%) of public sector respondents in North America are currently using AI or plan to in the next two years.\n\n> #### In Europe and the U.K., more than half of respondents in the public sector (57%) reported that their organization is currently using AI in the SDLC - and 88% are currently using AI or plan to in the next two years.\n\nIn Asia and Oceania, nearly half (49%) of respondents said their organization is currently using AI in the SDLC, with a total of 82% currently or planning to use AI in the next two years.\n\nA few things could have helped Europe get ahead on adopting AI for software development. First, the European Union (EU) set the parameters for AI adoption, by passing the EU Artificial Intelligence Act, earlier than the United States and many other countries. Second, the EU is investing in AI with The Digital Europe Programme (DIGITAL) and Horizon Europe.\n\nRead the full report for more in-depth analysis on DevSecOps, cybersecurity threats, AI advancements, and the unique challenges faced by the public sector.","whats-next-in-devsecops-for-public-sector","content:en-us:the-source:platform:whats-next-in-devsecops-for-public-sector.yml","en-us/the-source/platform/whats-next-in-devsecops-for-public-sector.yml","en-us/the-source/platform/whats-next-in-devsecops-for-public-sector",{"_path":1335,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1336,"seo":1338,"content":1342,"type":597,"slug":1348,"category":28,"_id":1349,"_type":30,"title":1339,"_source":31,"_file":1350,"_stem":1351,"_extension":34,"date":1306,"description":1340,"heroImage":1341,"keyTakeaways":1343,"articleBody":1347},"/en-us/the-source/platform/whats-next-in-devsecops-for-telecommunications",{"layout":5,"template":524,"featured":6,"gatedAsset":1337,"isHighlighted":6,"authorName":-1},"pf-whats-next-in-devsecops-for-telecommunications",{"title":1339,"description":1340,"ogImage":1341},"What’s next in DevSecOps for telecommunications","Explore 2024 DevSecOps trends in the telecommunications sector, from AI adoption to developer onboarding.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464311/v3gzrcd1rk6l1bpk3m7d.png",{"title":1339,"date":1306,"description":1340,"heroImage":1341,"keyTakeaways":1343,"articleBody":1347},[1344,1345,1346],"In 2024, the telecommunications industry is prioritizing investments in security, DevOps, and AI, focusing particularly on progressing in DevSecOps maturity.","The telecommunications industry still lags behind in AI adoption for software development due to security and experience-related challenges.","Telecommunications developers expressed a desire to improve the developer experience through the adoption of AI, better pay, and automation.","It’s clear from our 2024 Global DevSecOps Survey of more than 5,000 DevSecOps professionals that artificial intelligence (AI), security, and automation are top of mind for organizations across the board. But what about the telecommunications sector? This industry has some unique challenges and needs - from protecting customer data to modernizing and controlling costs - that could make their progress and priorities a bit different.\n\nWe analyzed 515 survey responses from telecommunications industry professionals across development, security, and operations roles.\n\nWe found that the telecommunications industry is a bit ahead of the curve on using many security-related technologies.\n\nHowever, they’re less likely to feel confident about their team’s security. Only 53% of respondents in telecommunications say they are confident in their organization’s approach to application security, compared to 60% of respondents across all industries and 67% in the software/computer hardware industry.\n\nWhy is the telecommunications industry less confident in their approach to security? The results from our survey point to a possible cultural gap around Security. Of the security professionals in telecommunications who took the 2024 Global DevSecOps Survey:\n\n> #### 64% said the security team has a difficult time getting the development team to prioritize remediation of vulnerabilities, compared to 59% across all industries.\n\nIn addition, because nearly every company and organization relies on the telecommunications industry to deliver their service properly and securely, DevSecOps professionals in telecommunications have a heightened sense of security and also often have to build the plane while flying it, so to speak.\n\nRead the full report for more in-depth analysis on DevSecOps, cybersecurity threats, AI advancements, and the unique challenges faced by the telecommunications industry.","whats-next-in-devsecops-for-telecommunications","content:en-us:the-source:platform:whats-next-in-devsecops-for-telecommunications.yml","en-us/the-source/platform/whats-next-in-devsecops-for-telecommunications.yml","en-us/the-source/platform/whats-next-in-devsecops-for-telecommunications",{"_path":1353,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1354,"seo":1355,"content":1359,"type":522,"slug":1382,"category":28,"_id":1383,"_type":30,"title":1356,"_source":31,"_file":1384,"_stem":1385,"_extension":34,"date":1360,"description":1357,"timeToRead":770,"heroImage":1358,"keyTakeaways":1361,"articleBody":1365,"faq":1366},"/en-us/the-source/platform/how-devops-and-platform-engineering-turbocharge-efficiency",{"layout":5,"template":524,"author":1090,"featured":6,"sourceCTA":25,"isHighlighted":6,"authorName":514},{"title":1356,"description":1357,"ogImage":1358},"How DevOps and platform engineering turbocharge efficiency","Platform engineering and DevOps work together to improve efficiency and productivity. One doesn’t replace the other.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464549/dpw4yyb39ltxmagvuhvr.png",{"title":1356,"date":1360,"description":1357,"timeToRead":770,"heroImage":1358,"keyTakeaways":1361,"articleBody":1365,"faq":1366},"2024-01-25",[1362,1363,1364],"Platform engineering optimizes DevOps platforms, enhancing efficiency without replacing them.","DevOps provides the framework; platform engineering customizes for specific organizational needs.","Collaboration boosts development speed, security, and compliance in DevOps through platform engineering.","When it comes to platform engineering and DevOps, it’s not an either/or situation.\n\nTo be clear, platform engineering and DevOps are not the same thing. There’s a bit of confusion about the two practices. Does one replace the other? No. Can they work well together? Definitely.\n\nLet’s look at what platform engineering is and how it can work hand-in-hand with a DevOps platform.\n\n## DevOps and platform engineering: Differences and benefits\n\nYou’re likely pretty familiar with DevOps. It’s a methodology, along with a set of processes and tools, that integrates software developers with operations teams to increase efficiency, speed, and security. DevOps works most effectively on a single end-to-end platform, allowing teams to consolidate an often complex and confusing multitude of tools into a single, complete software development ecosystem.\n\nPlatform engineering, on the other hand, is an emerging approach to software development that accelerates production and deployment velocity by providing DevOps teams with a single self-service portal for tools and workflows. By making the day-to-day developer experience more efficient, platform engineering improves team performance, eases the cognitive load on developers, and makes software delivery scalable, faster, and repeatable.\n\nDevOps and platform engineering sound similar. They have similar goals. But think of it this way: DevOps, or a DevOps platform, acts as the framework for platform engineering. And platform engineering is a way to optimize, or turbocharge, a DevOps platform.\n\n## Why DevOps and platform engineering work well together\n\nOrganizations often adopt platform engineering after their software development teams have already migrated to DevOps. That’s because by using a DevOps platform, with tools and [automation](https://about.gitlab.com/blog/how-automation-is-making-devops-pros-jobs-easier/) already built in, platform engineers don’t have to integrate tools and build their own platform for their processes and methodologies to work on top of. They simply can optimize the single, end-to-end platform already set up for them, saving them a lot of time and labor.\n\nAs DevOps grows, there is an increasing call for platform engineers, a bleeding-edge role, in various job listings. A platform engineer, or team, is an extension of the DevOps team, tailoring the DevOps platform for the specific development, security, and compliance needs of specific organizations. Companies are looking for platform engineers with a myriad of skills - from experience with automation to infrastructure as code, cloud deployments, Kubernetes, and secure coding practices.\n\n“Using a DevOps platform is the perfect starting point for platform engineering,” says [Cailey Pawlowski](https://gitlab.com/cpawlowski), solutions architect at GitLab. “Both are focused on improving the development process and a developer’s experience. They work together.”\n\n## How platform engineers can optimize DevOps platforms\n\nPlatform engineering is focused on creating efficiencies and optimizations. That means platform teams help the business better serve its customers, stay ahead of competitors, and avoid costly and damaging security incidents.\n\nTo help their organizations get the most out of their DevOps platform, platform engineers can:\n- use and customize monitoring tools in the DevOps platform to find out when and why bottlenecks are happening, and then fix those problems\n- ensure teams aren’t missing out on tools, like [vulnerability scanning](https://about.gitlab.com/blog/remediating-vulnerabilities-with-insights-and-ai/) and access management, in the platform that will help their workflows\n- customize tools in the platform, such as finely tuned automation scripts for CI, to fit the organization’s specific needs\n- create a list of best practices and then ensure they’re being followed\n- set up and customize platform templates to standardize pipelines so developers don’t have to create new pipelines from scratch every time\n- build in pipeline efficiencies, such as custom code related to the organization’s infrastructure or a specific app\n- configure security and compliance policies to ensure that scans are run at specific times or points in the development process, or are triggered by certain events, such as a pipeline running against a branch\n- set up checks and balances for regulation enforcement\n- set up regular [security audits](https://about.gitlab.com/blog/what-you-need-to-know-about-devops-audits/)\n\n## How platform engineering helps DevOps teams\n\nBy setting up clear steps and guidelines, and by creating efficiencies throughout the software development lifecycle, platform engineers can have a great effect on the DevOps process, as well as on the team.\n\nHere are a few benefits:\n- increase development velocity by streamlining workflows\n- [improve collaboration](https://about.gitlab.com/blog/5-ways-collaboration-boosts-productivity-and-your-career/) by giving team members more time and energy to work together\n- make building secure software more efficient and consistent\n- ease regulatory compliance by setting up training, policies, and checks and balances\n- reduce team members’ cognitive load by using automated tools to reduce repetitive, hands-on work\n- minimize human error with automation\n- [make developers happier](https://about.gitlab.com/blog/why-hackerone-gets-love-letters-from-developers/) by easing manual tasks, giving them time and energy to do the creative, challenging work they enjoy\n\n“Platform engineering is about empowering developers,” says [Ayoub Fandi](https://gitlab.com/ayofan), staff field security engineer at GitLab. “It’s about enhancing what a DevOps platform already provides by making sure teams are using all of the tools available and by making the most of them. It’s literally having people dedicated to making developers’ jobs easier.”\n\nCheck out this video demo on how platform engineering works.\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/lwKOOq6XD9A?si=O2vIoCpgSwSvzRYh\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->",[1367,1370,1373,1376,1379],{"header":1368,"content":1369},"What skills are needed for platform engineering within a DevOps environment?","Platform engineers require expertise in automation, infrastructure as code, cloud deployments, Kubernetes, and secure coding practices. They also need a strong understanding of DevOps tools and methodologies to effectively customize and optimize workflows for organizational needs.",{"header":1371,"content":1372},"How can organizations get started with platform engineering to enhance DevOps?","Organizations should begin by evaluating their existing DevOps platform and identifying bottlenecks in their workflows. From there, they can establish a platform engineering team to standardize pipelines, customize tools, and implement automation scripts, ensuring a smooth and efficient development lifecycle.",{"header":1374,"content":1375},"What are the key benefits of implementing platform engineering alongside DevOps?","Key benefits include increased development velocity, improved collaboration, enhanced security and compliance, reduced cognitive load for developers, and minimized human error through automation. By optimizing DevOps tools and processes, platform engineering empowers development teams to build secure software more efficiently.",{"header":1377,"content":1378},"Can platform engineering replace DevOps in software development?","No, platform engineering does not replace DevOps. Instead, it builds on the DevOps framework by providing self-service capabilities and standardizing pipelines. This helps developers focus on coding and innovation while ensuring security and compliance through automation and best practices.",{"header":1380,"content":1381},"How do platform engineering and DevOps complement each other?","Platform engineering enhances DevOps by optimizing tools and workflows within a unified platform, reducing cognitive load on developers, and increasing productivity. While DevOps provides the framework for continuous integration and delivery, platform engineering customizes and standardizes processes, making development more scalable and efficient.","how-devops-and-platform-engineering-turbocharge-efficiency","content:en-us:the-source:platform:how-devops-and-platform-engineering-turbocharge-efficiency.yml","en-us/the-source/platform/how-devops-and-platform-engineering-turbocharge-efficiency.yml","en-us/the-source/platform/how-devops-and-platform-engineering-turbocharge-efficiency",{"_path":1387,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1388,"seo":1390,"content":1395,"type":597,"slug":1401,"category":28,"_id":1402,"_type":30,"title":1391,"_source":31,"_file":1403,"_stem":1404,"_extension":34,"description":1392,"heroImage":1393,"keyTakeaways":1396,"articleBody":1400},"/en-us/the-source/platform/how-a-devsecops-platform-drives-business-success",{"layout":5,"template":524,"featured":6,"gatedAsset":1389,"isHighlighted":6,"authorName":-1},"pf-driving-business-success-with-devsecops",{"title":1391,"description":1392,"ogImage":1393,"config":1394},"How a DevSecOps platform drives business success: The complete guide","Learn how a DevSecOps platform can make development teams more efficient while cutting costs and improving security.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464160/hhtmmojkw5qfgd8kawje.png",{"ignoreTitleCharLimit":119},{"title":1391,"description":1392,"heroImage":1393,"keyTakeaways":1396,"articleBody":1400},[1397,1398,1399],"A DevSecOps platform reduces security investigation costs by integrating security testing from the start, enabling teams to fix vulnerabilities earlier in the development lifecycle and avoiding costly breaches that could damage brand reputation.","Enterprise software development teams using DevSecOps platforms report 60% less time spent on manual tasks, with 83% rating their security efforts as \"good\" or \"excellent.\"","Organizations save money by replacing multiple tool licenses with a single DevSecOps platform, while gaining benefits such as automated security scanning, improved collaboration, and comprehensive supply chain protection.","The evolution of DevOps into DevSecOps isn’t about a simple name change. It’s actually about a crucial advance in the mindset around DevOps.\n\nOrganizations increasingly have been turning to DevOps to make the development and deployment of business-critical software more efficient and reliable. But speeding software development without keeping security top of mind isn’t as efficient as it could be and it doesn’t produce the most secure software. DevSecOps takes the next step in DevOps, making the importance of security in the software development lifecycle explicit. It’s becoming a standard mindset as software development teams realize the value of incorporating security earlier, and throughout, the entire development process.\n\n> _“There's never a good time for a security breach. Developers and executives need to understand that a small problem can easily become a bigger one. You need to invest in secure deployments and security observability to help prevent it.\"_\n>\n> –Michael Friedrich, senior developer evangelist\n\nThe traditional approach of cobbling together multiple development and security tools creates unnecessary complexity, increases costs, and leaves organizations vulnerable to security risks. This comprehensive guide shows you how an end-to-end DevSecOps platform can:\n\n* Reduce the number of costly security investigations\n* Empower teams to fix vulnerabilities earlier in the software development lifecycle\n* Decrease money spent on toolchain licenses and management\n* Allow teams to identify issues that could hurt the brand and break customer trust\n* Lessen legal liability connected to security breaches\n\nThat focus on security saves companies money and time, while also better securing the business, its customers, and its brand. It also enables teams to push software out faster, helping companies meet customer needs before their competitors can. Ultimately, it’s about ensuring that shipping software quickly isn’t done at the expense of security.\n\n## The benefits of a DevSecOps platform\nDiscover why 73% of security professionals are either using or planning to adopt a DevSecOps platform in the next year. Read our guide to explore how leading organizations are achieving:\n\n* 95% faster deployment times\n* 60% reduction in manual task overhead\n* Enhanced security controls across the software supply chain, translating into more secure code\n* Significant cost savings through toolchain consolidation\n\n## Real-world success stories and ROI\nLearn how organizations like FullSave and HackerOne have transformed their development processes using an integrated DevSecOps platform, including a 12x increase in deployment frequency and dramatic reductions in security scan costs. They've also experienced enhanced team collaboration and visibility, leading to improved code quality and security outcomes across their entire software development lifecycle.\n\n## Expert insights and analysis\nUnderstanding the impact of DevSecOps platforms is crucial for technology leaders across the enterprise. Our guide brings together valuable perspectives from industry leaders and technical experts, making it an essential resource for CTOs and CISOs evaluating security investments, development managers seeking to improve team efficiency, enterprise architects planning technical infrastructure, and security team leaders looking to shift security left in their development process.\n\n## What you'll learn in this guide\n* How DevSecOps platforms save money through toolchain consolidation\n* Why 83% of DevSecOps users rate their security efforts as \"good\" or \"excellent\"\n* Best practices for implementing a multi-cloud strategy\n* Strategies for securing your software supply chain\n* Methods for measuring efficiency and ROI\n* Ways to increase visibility and control across the development lifecycle\n\nGet immediate access to our comprehensive guide and learn how a DevSecOps platform can transform your organization's software development process. Discover why leading enterprises are consolidating their toolchains and embracing an integrated approach to security, development, and operations.","how-a-devsecops-platform-drives-business-success","content:en-us:the-source:platform:how-a-devsecops-platform-drives-business-success.yml","en-us/the-source/platform/how-a-devsecops-platform-drives-business-success.yml","en-us/the-source/platform/how-a-devsecops-platform-drives-business-success",{"_path":1406,"_dir":28,"_draft":6,"_partial":6,"_locale":7,"config":1407,"seo":1409,"content":1413,"type":597,"slug":1419,"category":28,"_id":1420,"_type":30,"title":1410,"_source":31,"_file":1421,"_stem":1422,"_extension":34,"description":1411,"heroImage":1412,"keyTakeaways":1414,"articleBody":1418},"/en-us/the-source/platform/the-ultimate-playbook-for-high-performing-devsecops-teams",{"layout":5,"template":524,"featured":6,"gatedAsset":1408,"isHighlighted":6,"authorName":-1},"pf-the-ultimate-playbook-for-high-performing-devsecops-teams",{"title":1410,"description":1411,"ogImage":1412},"The ultimate playbook for high-performing DevSecOps teams","Learn 8 ways IT leaders can help teams build better, more secure software, faster.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464151/msenjffuhlnrzyegauqk.png",{"title":1410,"description":1411,"heroImage":1412,"keyTakeaways":1414,"articleBody":1418},[1415,1416,1417],"DevSecOps teams’ performance influences not just the speed of software development but also impacts brand, customer loyalty, and partner relationships.","High-performing DevSecOps teams aid in rapid deployment frequency, faster time-to-market, improved security practices, and better quality, which correlate to cost savings and agility in volatile markets.","IT leaders play a crucial role in elevating team performance by providing a vision and resources, as well as fostering a culture of learning and collaboration.","IT leaders may realize that the performance of development, security, and operations teams affects how quickly the organization can produce new software. However, leaders also need to be aware that team performance is integral to how the overall business can take on competitors and ride out changes in a turbulent market. High-performing DevSecOps teams are directly tied to creating a stronger business. And IT leaders - from managers to directors and executives - play a critical role in exactly how effectively and efficiently those teams function and are able to bolster the company’s brand, customer loyalty, partner relationships, and ultimately the bottom line.\n\n> _“It’s not just up to team members to make sure they’re running at top performance, creating software efficiently, at speed, and securely. IT leaders have a shared responsibility in ensuring their teams have a strong vision, resources, and a culture of learning, collaboration, and development. It would be difficult for any team to be successful without strong leadership.”_\n>\n> –Fatima Sarah Khalid, developer evangelist at GitLab\n\nIf your organization already has an AI-powered DevSecOps platform, that’s a great start because it eliminates the complexity, mounting costs, and security risks that go along with a toolchain. But there’s a chasm of difference between elite teams and everyone else, affecting how resilient, secure, and reliable your team is able to be.\n\nIf teams are falling somewhere below a top performance level, they’re not taking full advantage of all the features and processes that could be powering your software development lifecycle.\n\n## Why performance matters to your business\nHigh performance translates to higher deployment frequency, faster time to market, improved security practices, and better quality - all of which directly correlate to cost savings and the company’s ability to quickly pivot to meet volatile and changing markets. And creating secure software means protecting the company’s data and brand, avoiding embarrassing headlines, and ensuring customer and partner trust isn’t lost. Being more efficient and having teams develop and deploy faster and more securely means the business can respond to whatever comes at it. Also, delivering a lot of value to customers means increasing brand loyalty since users won’t be so easily enticed to switch to one of your competitors who beat you to the market with a tempting new feature.\n\n## Do you have high performers?\nSo how well are your DevSecOps teams operating? Here are several questions you can ask yourself as you think about team performance:\n\n- How quickly and efficiently are your teams deploying software?\n- Are your teams using automation for compliance, security, or continuous integration and delivery?\n- Is the software development process slower, or not as smooth, as it used to be?\n- Are security issues consistently, or increasingly, popping up in your software?\n- Does the security team know what development teams are working on?\n- Does pushing new features into production often cause issues or slowdowns?\n- Are team members showing signs of burnout?\n\n#### If teams are having trouble with any of these areas, they may need a little extra support.\n\n## Getting started\nIn this ebook, we’ll not only help you understand what helps DevSecOps teams become high performers, but how IT leaders can help them achieve that level of success. We’ll look at keeping software teams’ focus on users, the importance of collaboration between development and security, and combining the cloud with a flexible infrastructure.\n\nWhether your DevSecOps teams are struggling to up their game or could simply add to what they’re already doing right, remember that becoming a highly successful team of DevSecOps professionals is an attainable goal.","the-ultimate-playbook-for-high-performing-devsecops-teams","content:en-us:the-source:platform:the-ultimate-playbook-for-high-performing-devsecops-teams.yml","en-us/the-source/platform/the-ultimate-playbook-for-high-performing-devsecops-teams.yml","en-us/the-source/platform/the-ultimate-playbook-for-high-performing-devsecops-teams",1761814429254]