[{"data":1,"prerenderedAt":1199},["ShallowReactive",2],{"/en-us/the-source/security/how-to-implement-secret-management-best-practices-with-gitlab":3,"footer-en-us":48,"the-source-banner-en-us":390,"the-source-navigation-en-us":402,"article-site-categories-en-us":430,"the-source-newsletter-en-us":432,"footer-source-/en-us/the-source/security/how-to-implement-secret-management-best-practices-with-gitlab/":443,"how-to-implement-secret-management-best-practices-with-gitlab-article-hero-category-en-us":454,"how-to-implement-secret-management-best-practices-with-gitlab-the-source-source-cta-en-us":478,"how-to-implement-secret-management-best-practices-with-gitlab-category-en-us":493,"how-to-implement-secret-management-best-practices-with-gitlab-the-source-resources-en-us":505,"how-to-implement-secret-management-best-practices-with-gitlab-article-hero-author-en-us":536},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":12,"content":18,"type":39,"slug":40,"category":5,"_id":41,"_type":42,"title":43,"_source":44,"_file":45,"_stem":46,"_extension":47},"/en-us/the-source/security/how-to-implement-secret-management-best-practices-with-gitlab","security",false,"",{"layout":9,"template":10,"author":11,"featured":6},"the-source","TheSourceArticle","jlongo",{"title":13,"description":14,"ogImage":15,"config":16},"How to implement secret management best practices with GitLab","Learn how companies tasked with storage and protection of customer data can reduce risk and increase trust with secure secret management.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463593/wgbh2snwpsyle9jom1k1.png",{"ignoreTitleCharLimit":17},true,{"title":13,"date":19,"description":14,"timeToRead":20,"heroImage":15,"keyTakeaways":21,"articleBody":25,"faq":26},"2024-03-12","5 min read",[22,23,24],"Insecure secret management risks data breaches; GitLab's native integration enhances security.","Auditable and attributable secret management allows security teams to monitor for anomalous or malicious activity and quickly respond.","GitLab supports secret storage and usage with robust access controls and detection tools.","Insecure secret management practices (SMPs) pose a significant risk to any company, especially those tasked with the storage and protection of their customers' data. It's a common problem, and it is often at the core of a company's risk register. A leaked secret can result in a loss of confidentiality and potentially a data breach. These types of incidents can lead to significant financial losses and a loss of trust amongst an entity's customer base.\n\nFor many companies, insecure SMPs may result from a lack of expertise or being unaware of the tools and strategies that exist to solve this issue. Appropriate SMPs can help reduce the potential for compromise and increase trust in an organization's secret management strategy. In this post, we will discuss secret management best practices, GitLab's ability to support those practices, and our strategy for improving the DevSecOps platform's native secret management capabilities.\n\n## Develop a cryptographic strategy\n\nEvery company needs a cryptographic strategy as a foundation to ensure developers are operating in a standardized way and all applications and their components are being developed in accordance with the company's cryptographic requirements.\n\nUnderstanding the data your company processes, and your company's risk tolerance and threat landscape will help you develop a strong cryptographic strategy.\n\n### Secret generation\n\nSecrets, including access tokens and SSH keys, should be generated using cryptographic devices such as Hardware Security Modules (HSM). These devices help generate cryptographically strong secrets and store them in a tamper- and intrusion-resistant manner.\n\nWhile relying on physical devices can be costly and operationally prohibitive for companies, the leading cloud service providers offer cloud HSM services – for example, [AWS CloudHSM](https://aws.amazon.com/cloudhsm/) and [GCP Cloud HSM](https://cloud.google.com/kms/docs/hsm).\n\n### Secret storage\n\nStoring secrets is just as critical as generating them. Generated secrets must be stored in a manner that supports secure long-term storage and enables users to securely retrieve and use them when necessary.\n\nThe leading cloud service providers, as well as security companies such as [HashiCorp](https://www.vaultproject.io/), offer cloud-based services for securely storing and retrieving secrets. These services enable users to seamlessly leverage secrets within their processes and code, thereby eliminating the need to hardcode secrets.\n\n#### How does GitLab support secret storage?\n\nGitLab provides native support for the following [secret management providers](https://docs.gitlab.com/ee/ci/secrets/index.html):\n\n- Vault by HashiCorp\n- Google Cloud Secret Manager\n- Azure Key Vault\n\nBy configuring GitLab to connect with a secret management provider, secrets are explicitly requested only when needed by a CI job. When secrets aren't needed by CI jobs, they remain securely stored in the secret management service's environment, thereby reducing the potential for compromise. In addition to native support for the above secret management providers, GitLab also offers [OIDC authentication](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html) to authenticate against other providers (i.e. AWS Secret Manager). This is a much more secure and preferred method of storing secrets when compared to storing and [masking](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable) secrets as CI/CD variables.\n\n### Secret use\n\nSecrets should be used for a single purpose. Reusing secrets across different applications or services increases the potential for exposure and increases the impact if the secrets are compromised.\n\nTo reduce the potential for exposure or malicious activity, access to secrets should be controlled with the [principle of least privilege](https://about.gitlab.com/blog/the-ultimate-guide-to-least-privilege-access-with-gitlab/) in mind. Access should only be granted to the individuals or services that require such access in order to support their work and operational activities.\n\n#### How does GitLab support secret use?\n\nGitLab provides administrators with a strong [role-based access control model](https://docs.gitlab.com/ee/user/permissions.html) and also offers the ability to create [custom roles](https://docs.gitlab.com/ee/user/custom_roles.html), thereby allowing administrators to align access profiles with their organizational standards and risk tolerance.\n\nGitLab also allows users to perform [secret detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/) to check for unintentionally committed secrets and credentials. GitLab Ultimate users can enforce [automatic responses to leaked secrets](https://docs.gitlab.com/ee/user/application_security/secret_detection/automatic_response/), such as revoking the secret, to mitigate the impact of leaked credentials.\n\n### Auditability\n\nAccess and use of secrets should be auditable and attributable. In an ideal scenario, individuals would not have access to view secrets in plaintext, but the state of a company's operations are not always ideal.\n\nAuditable and attributable secret management allows security teams to monitor for anomalous or malicious activity, and quickly respond to such activity through automated and manual intervention.\n\n#### How does GitLab support auditability?\n\nGitLab's [audit events](https://docs.gitlab.com/ee/administration/audit_events.html) capture activities related to tokens and keys that are created within GitLab. Some examples include:\n\n- personal access token events\n- deploy token events\n- cluster agent token events\n\nThese activities are saved to the database and are also available for [audit event streaming](https://docs.gitlab.com/ee/administration/audit_event_streaming/) for GitLab Ultimate customers.\n\n## Upcoming: GitLab Secret Manager\n\nGitLab plans to launch a native secret management experience in late 2024. GitLab Secret Manager is a multi-tenant, cloud-based solution and will be accessible to both GitLab.com and self-managed customers via our Cloud Connector service. This new service offers an easy-to-use interface, consistent with the current CI/CD variables interface, making adoption easier than a third-party product with a minimal learning curve. The GitLab Secret Manager will ensure the security and protection of sensitive information in your CI pipelines.\n\n> For more information or questions about GitLab Secret Manager, please visit our [MVC epic](https://gitlab.com/groups/gitlab-org/-/epics/10723) and leave a comment.",[27,30,33,36],{"header":28,"content":29},"What are the best practices for generating and using secrets?","- __Secret Generation__: Use cryptographic devices like Hardware Security Modules (HSMs) for generating strong secrets. Cloud HSM services (e.g., AWS CloudHSM, GCP Cloud HSM) offer cost-effective, tamper-resistant secret generation.\n- __Secret Use__: Implement the principle of least privilege, ensuring secrets are used for a single purpose and accessed only by authorized users or services. Refrain from hardcoding secrets to minimize exposure.",{"header":31,"content":32},"What is secret management and why is it important for software security?","Secret management involves securely storing, accessing, and using sensitive information such as API keys, access tokens, and passwords. Proper secret management prevents unauthorized access, reduces the risk of data breaches, and ensures the confidentiality and integrity of sensitive data in software development and deployment processes.",{"header":34,"content":35},"How does GitLab help with secret detection and auditability?","GitLab provides secret detection to check for inadvertently committed secrets and credentials. Administrators can enforce automated responses, such as revoking leaked secrets, to minimize security risks. Additionally, audit events capture and stream activities related to token and key usage, enabling continuous monitoring and anomaly detection.",{"header":37,"content":38},"How does GitLab support secure secret storage and retrieval?","GitLab integrates with leading secret management providers, including Vault by HashiCorp, Google Cloud Secret Manager, and Azure Key Vault. These integrations allow secrets to be securely stored and explicitly retrieved only when needed by CI jobs, reducing the risk of exposure and unauthorized access.","article","how-to-implement-secret-management-best-practices-with-gitlab","content:en-us:the-source:security:how-to-implement-secret-management-best-practices-with-gitlab.yml","yaml","How To Implement Secret Management Best Practices With Gitlab","content","en-us/the-source/security/how-to-implement-secret-management-best-practices-with-gitlab.yml","en-us/the-source/security/how-to-implement-secret-management-best-practices-with-gitlab","yml",{"_path":49,"_dir":50,"_draft":6,"_partial":6,"_locale":7,"data":51,"_id":386,"_type":42,"title":387,"_source":44,"_file":388,"_stem":389,"_extension":47},"/shared/en-us/main-footer","en-us",{"text":52,"source":53,"edit":59,"contribute":64,"config":69,"items":74,"minimal":378},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":54,"config":55},"View page source",{"href":56,"dataGaName":57,"dataGaLocation":58},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":60,"config":61},"Edit this page",{"href":62,"dataGaName":63,"dataGaLocation":58},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":65,"config":66},"Please contribute",{"href":67,"dataGaName":68,"dataGaLocation":58},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":70,"facebook":71,"youtube":72,"linkedin":73},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[75,132,189,248,316],{"title":76,"links":77,"subMenu":93},"Pricing",[78,83,88],{"text":79,"config":80},"View plans",{"href":81,"dataGaName":82,"dataGaLocation":58},"/pricing/","view plans",{"text":84,"config":85},"Why Premium?",{"href":86,"dataGaName":87,"dataGaLocation":58},"/pricing/premium/","why premium",{"text":89,"config":90},"Why Ultimate?",{"href":91,"dataGaName":92,"dataGaLocation":58},"/pricing/ultimate/","why ultimate",[94],{"title":95,"links":96},"Contact Us",[97,102,107,112,117,122,127],{"text":98,"config":99},"Contact sales",{"href":100,"dataGaName":101,"dataGaLocation":58},"/sales/","sales",{"text":103,"config":104},"Support portal",{"href":105,"dataGaName":106,"dataGaLocation":58},"https://support.gitlab.com","support portal",{"text":108,"config":109},"Customer portal",{"href":110,"dataGaName":111,"dataGaLocation":58},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":113,"config":114},"Status",{"href":115,"dataGaName":116,"dataGaLocation":58},"https://status.gitlab.com/","status",{"text":118,"config":119},"Terms of use",{"href":120,"dataGaName":121,"dataGaLocation":58},"/terms/","terms of use",{"text":123,"config":124},"Privacy statement",{"href":125,"dataGaName":126,"dataGaLocation":58},"/privacy/","privacy statement",{"text":128,"config":129},"Cookie preferences",{"dataGaName":130,"dataGaLocation":58,"id":131,"isOneTrustButton":17},"cookie preferences","ot-sdk-btn",{"title":133,"links":134,"subMenu":145},"Product",[135,140],{"text":136,"config":137},"DevSecOps platform",{"href":138,"dataGaName":139,"dataGaLocation":58},"/platform/","devsecops platform",{"text":141,"config":142},"AI-Assisted Development",{"href":143,"dataGaName":144,"dataGaLocation":58},"/gitlab-duo/","ai-assisted development",[146],{"title":147,"links":148},"Topics",[149,154,159,164,169,174,179,184],{"text":150,"config":151},"CICD",{"href":152,"dataGaName":153,"dataGaLocation":58},"/topics/ci-cd/","cicd",{"text":155,"config":156},"GitOps",{"href":157,"dataGaName":158,"dataGaLocation":58},"/topics/gitops/","gitops",{"text":160,"config":161},"DevOps",{"href":162,"dataGaName":163,"dataGaLocation":58},"/topics/devops/","devops",{"text":165,"config":166},"Version Control",{"href":167,"dataGaName":168,"dataGaLocation":58},"/topics/version-control/","version control",{"text":170,"config":171},"DevSecOps",{"href":172,"dataGaName":173,"dataGaLocation":58},"/topics/devsecops/","devsecops",{"text":175,"config":176},"Cloud Native",{"href":177,"dataGaName":178,"dataGaLocation":58},"/topics/cloud-native/","cloud native",{"text":180,"config":181},"AI for Coding",{"href":182,"dataGaName":183,"dataGaLocation":58},"/topics/devops/ai-for-coding/","ai for coding",{"text":185,"config":186},"Agentic AI",{"href":187,"dataGaName":188,"dataGaLocation":58},"/topics/agentic-ai/","agentic ai",{"title":190,"links":191},"Solutions",[192,196,201,206,211,215,220,223,228,233,238,243],{"text":193,"config":194},"Application Security Testing",{"href":195,"dataGaName":193,"dataGaLocation":58},"/solutions/application-security-testing/",{"text":197,"config":198},"Automated software delivery",{"href":199,"dataGaName":200,"dataGaLocation":58},"/solutions/delivery-automation/","automated software delivery",{"text":202,"config":203},"Agile development",{"href":204,"dataGaName":205,"dataGaLocation":58},"/solutions/agile-delivery/","agile delivery",{"text":207,"config":208},"SCM",{"href":209,"dataGaName":210,"dataGaLocation":58},"/solutions/source-code-management/","source code management",{"text":150,"config":212},{"href":213,"dataGaName":214,"dataGaLocation":58},"/solutions/continuous-integration/","continuous integration & delivery",{"text":216,"config":217},"Value stream management",{"href":218,"dataGaName":219,"dataGaLocation":58},"/solutions/value-stream-management/","value stream management",{"text":155,"config":221},{"href":222,"dataGaName":158,"dataGaLocation":58},"/solutions/gitops/",{"text":224,"config":225},"Enterprise",{"href":226,"dataGaName":227,"dataGaLocation":58},"/enterprise/","enterprise",{"text":229,"config":230},"Small business",{"href":231,"dataGaName":232,"dataGaLocation":58},"/small-business/","small business",{"text":234,"config":235},"Public sector",{"href":236,"dataGaName":237,"dataGaLocation":58},"/solutions/public-sector/","public sector",{"text":239,"config":240},"Education",{"href":241,"dataGaName":242,"dataGaLocation":58},"/solutions/education/","education",{"text":244,"config":245},"Financial services",{"href":246,"dataGaName":247,"dataGaLocation":58},"/solutions/finance/","financial services",{"title":249,"links":250},"Resources",[251,256,261,266,271,276,281,286,291,296,301,306,311],{"text":252,"config":253},"Install",{"href":254,"dataGaName":255,"dataGaLocation":58},"/install/","install",{"text":257,"config":258},"Quick start guides",{"href":259,"dataGaName":260,"dataGaLocation":58},"/get-started/","quick setup checklists",{"text":262,"config":263},"Learn",{"href":264,"dataGaName":265,"dataGaLocation":58},"https://university.gitlab.com/","learn",{"text":267,"config":268},"Product documentation",{"href":269,"dataGaName":270,"dataGaLocation":58},"https://docs.gitlab.com/","docs",{"text":272,"config":273},"Blog",{"href":274,"dataGaName":275,"dataGaLocation":58},"/blog/","blog",{"text":277,"config":278},"Customer success stories",{"href":279,"dataGaName":280,"dataGaLocation":58},"/customers/","customer success stories",{"text":282,"config":283},"Remote",{"href":284,"dataGaName":285,"dataGaLocation":58},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":287,"config":288},"GitLab Services",{"href":289,"dataGaName":290,"dataGaLocation":58},"/services/","services",{"text":292,"config":293},"TeamOps",{"href":294,"dataGaName":295,"dataGaLocation":58},"/teamops/","teamops",{"text":297,"config":298},"Community",{"href":299,"dataGaName":300,"dataGaLocation":58},"/community/","community",{"text":302,"config":303},"Forum",{"href":304,"dataGaName":305,"dataGaLocation":58},"https://forum.gitlab.com/","forum",{"text":307,"config":308},"Events",{"href":309,"dataGaName":310,"dataGaLocation":58},"/events/","events",{"text":312,"config":313},"Partners",{"href":314,"dataGaName":315,"dataGaLocation":58},"/partners/","partners",{"title":317,"links":318},"Company",[319,324,329,334,339,344,349,353,358,363,368,373],{"text":320,"config":321},"About",{"href":322,"dataGaName":323,"dataGaLocation":58},"/company/","company",{"text":325,"config":326},"Jobs",{"href":327,"dataGaName":328,"dataGaLocation":58},"/jobs/","jobs",{"text":330,"config":331},"Leadership",{"href":332,"dataGaName":333,"dataGaLocation":58},"/company/team/e-group/","leadership",{"text":335,"config":336},"Team",{"href":337,"dataGaName":338,"dataGaLocation":58},"/company/team/","team",{"text":340,"config":341},"Handbook",{"href":342,"dataGaName":343,"dataGaLocation":58},"https://handbook.gitlab.com/","handbook",{"text":345,"config":346},"Investor relations",{"href":347,"dataGaName":348,"dataGaLocation":58},"https://ir.gitlab.com/","investor relations",{"text":350,"config":351},"Sustainability",{"href":352,"dataGaName":350,"dataGaLocation":58},"/sustainability/",{"text":354,"config":355},"Diversity, inclusion and belonging (DIB)",{"href":356,"dataGaName":357,"dataGaLocation":58},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":359,"config":360},"Trust Center",{"href":361,"dataGaName":362,"dataGaLocation":58},"/security/","trust center",{"text":364,"config":365},"Newsletter",{"href":366,"dataGaName":367,"dataGaLocation":58},"/company/contact/","newsletter",{"text":369,"config":370},"Press",{"href":371,"dataGaName":372,"dataGaLocation":58},"/press/","press",{"text":374,"config":375},"Modern Slavery Transparency Statement",{"href":376,"dataGaName":377,"dataGaLocation":58},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":379},[380,382,384],{"text":118,"config":381},{"href":120,"dataGaName":121,"dataGaLocation":58},{"text":123,"config":383},{"href":125,"dataGaName":126,"dataGaLocation":58},{"text":128,"config":385},{"dataGaName":130,"dataGaLocation":58,"id":131,"isOneTrustButton":17},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":391,"_dir":392,"_draft":6,"_partial":6,"_locale":7,"visibility":17,"id":393,"title":394,"button":395,"_id":399,"_type":42,"_source":44,"_file":400,"_stem":401,"_extension":47},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":396,"text":398},{"href":397},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":403,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":404,"subscribeLink":409,"navItems":413,"_id":426,"_type":42,"title":427,"_source":44,"_file":428,"_stem":429,"_extension":47},"/shared/en-us/the-source/navigation",{"altText":405,"config":406},"the source logo",{"src":407,"href":408},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":410,"config":411},"Subscribe",{"href":412},"#subscribe",[414,418,422],{"text":415,"config":416},"Artificial Intelligence",{"href":417},"/the-source/ai/",{"text":419,"config":420},"Security & Compliance",{"href":421},"/the-source/security/",{"text":423,"config":424},"Platform & Infrastructure",{"href":425},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"categoryNames":431},{"ai":415,"platform":423,"security":419},{"_path":433,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":434,"description":435,"submitMessage":436,"formData":437,"_id":440,"_type":42,"_source":44,"_file":441,"_stem":442,"_extension":47},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":438},{"formId":439,"formName":367,"hideRequiredLabel":17},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":444,"seo":445,"content":447,"type":39,"slug":40,"category":5,"_id":41,"_type":42,"title":43,"_source":44,"_file":45,"_stem":46,"_extension":47},{"layout":9,"template":10,"author":11,"featured":6},{"title":13,"description":14,"ogImage":15,"config":446},{"ignoreTitleCharLimit":17},{"title":13,"date":19,"description":14,"timeToRead":20,"heroImage":15,"keyTakeaways":448,"articleBody":25,"faq":449},[22,23,24],[450,451,452,453],{"header":28,"content":29},{"header":31,"content":32},{"header":34,"content":35},{"header":37,"content":38},{"_path":455,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":456,"config":457,"seo":458,"content":461,"slug":5,"_id":475,"_type":42,"title":7,"_source":44,"_file":476,"_stem":477,"_extension":47},"/en-us/the-source/security","category",{"layout":9},{"title":419,"description":459,"ogImage":460},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[462,467],{"componentName":463,"type":463,"componentContent":464},"TheSourceCategoryHero",{"title":419,"description":459,"image":465},{"config":466},{"src":460},{"componentName":468,"type":468,"componentContent":469},"TheSourceCategoryMainSection",{"config":470},{"sourceCTAs":471},[472,473,474],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":479,"_dir":480,"_draft":6,"_partial":6,"_locale":7,"config":481,"title":482,"description":483,"link":484,"_id":490,"_type":42,"_source":44,"_file":491,"_stem":492,"_extension":47},"/shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age","source-lp-ctas",{"slug":474},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":485,"config":486},"Read the report",{"href":487,"dataGaName":488,"dataGaLocation":489},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource","content:shared:en-us:the-source:source-lp-ctas:application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age",{"_path":455,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":456,"config":494,"seo":495,"content":496,"slug":5,"_id":475,"_type":42,"title":7,"_source":44,"_file":476,"_stem":477,"_extension":47},{"layout":9},{"title":419,"description":459,"ogImage":460},[497,501],{"componentName":463,"type":463,"componentContent":498},{"title":419,"description":459,"image":499},{"config":500},{"src":460},{"componentName":468,"type":468,"componentContent":502},{"config":503},{"sourceCTAs":504},[472,473,474],[506,510,523],{"_path":479,"_dir":480,"_draft":6,"_partial":6,"_locale":7,"config":507,"title":482,"description":483,"link":508,"_id":490,"_type":42,"_source":44,"_file":491,"_stem":492,"_extension":47},{"slug":474},{"text":485,"config":509},{"href":487,"dataGaName":488,"dataGaLocation":489},{"_path":511,"_dir":480,"_draft":6,"_partial":6,"_locale":7,"config":512,"title":513,"description":514,"link":515,"_id":520,"_type":42,"_source":44,"_file":521,"_stem":522,"_extension":47},"/shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"slug":473},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":516,"config":517},"Download the guide",{"href":518,"dataGaName":519,"dataGaLocation":489},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:source-lp-ctas:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":524,"_dir":480,"_draft":6,"_partial":6,"_locale":7,"config":525,"title":526,"description":527,"link":528,"_id":533,"_type":42,"_source":44,"_file":534,"_stem":535,"_extension":47},"/shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",{"slug":472},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":529,"config":530},"Read the guide",{"href":531,"dataGaName":532,"dataGaLocation":489},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","content:shared:en-us:the-source:source-lp-ctas:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",[537,562,578,596,612,632,653,675,691,710,732,750,771,787,806,823,841,861,879,897,917,935,956,977,993,1009,1029,1047,1065,1082,1103,1121,1140,1156,1177],{"_path":538,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":540,"seo":541,"content":543,"type":557,"slug":558,"_id":559,"_type":42,"title":542,"_source":44,"_file":560,"_stem":561,"_extension":47},"/en-us/the-source/authors/amanda-rueda","authors",{"layout":9},{"title":542},"Amanda Rueda",[544,555],{"type":545,"componentName":545,"componentContent":546},"TheSourceAuthorHero",{"config":547,"name":542,"role":550,"bio":551,"headshot":552},{"gitlabHandle":548,"linkedInProfileUrl":549},"amandarueda","https://www.linkedin.com/in/amandamrueda/","Senior Product Manager","Amanda Rueda is a Senior Product Manager at GitLab, specializing in strategic product vision, agile planning, and leveraging AI to enhance workflows and user experiences. Amanda is a thought leader in agile planning and product management workflows, and enjoys building GitLab features that drive team collaboration, transparent project management, and high-performing teams.",{"altText":542,"config":553},{"src":554},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463383/osecw1pzbxvb7fhqhiky.png",{"componentName":556,"type":556},"TheSourceArticlesList","author","amanda-rueda","content:en-us:the-source:authors:amanda-rueda.yml","en-us/the-source/authors/amanda-rueda.yml","en-us/the-source/authors/amanda-rueda",{"_path":563,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":564,"seo":565,"content":567,"type":557,"slug":574,"_id":575,"_type":42,"title":566,"_source":44,"_file":576,"_stem":577,"_extension":47},"/en-us/the-source/authors/andre-michael-braun",{"layout":9},{"title":566},"Andre Michael Braun",[568,573],{"type":545,"componentName":545,"componentContent":569},{"name":566,"headshot":570},{"altText":566,"config":571},{"src":572},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463336/yl27k7wdlnkzsizwknn1.jpg",{"componentName":556,"type":556},"andre-michael-braun","content:en-us:the-source:authors:andre-michael-braun.yml","en-us/the-source/authors/andre-michael-braun.yml","en-us/the-source/authors/andre-michael-braun",{"_path":579,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":580,"seo":581,"content":583,"type":557,"slug":592,"_id":593,"_type":42,"title":582,"_source":44,"_file":594,"_stem":595,"_extension":47},"/en-us/the-source/authors/andrew-haschka",{"layout":9},{"title":582},"Andrew Haschka",[584,591],{"type":545,"componentName":545,"componentContent":585},{"name":582,"role":586,"bio":587,"headshot":588},"Field CTO, Asia Pacific & Japan","Andrew Haschka is the CTO for Asia Pacific & Japan at GitLab, acting as the trusted advisor to GitLab partners and customers. Andrew takes a consultative approach to address common and unique business requirements. He provides subject matter expertise and industry experience throughout the customer’s modernisation journey, working with product management and engineering teams to evolve product features to meet market demand.",{"altText":582,"config":589},{"src":590},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463349/z1qnc4uxmqgg3hnm3da4.png",{"componentName":556,"type":556},"andrew-haschka","content:en-us:the-source:authors:andrew-haschka.yml","en-us/the-source/authors/andrew-haschka.yml","en-us/the-source/authors/andrew-haschka",{"_path":597,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":598,"seo":599,"content":601,"type":557,"slug":608,"_id":609,"_type":42,"title":600,"_source":44,"_file":610,"_stem":611,"_extension":47},"/en-us/the-source/authors/ayoub-fandi",{"layout":9},{"title":600},"Ayoub Fandi",[602,607],{"componentName":545,"type":545,"componentContent":603},{"name":600,"headshot":604},{"altText":600,"config":605},{"src":606},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463329/wyp554loeyoibx3ozren.jpg",{"componentName":556,"type":556},"ayoub-fandi","content:en-us:the-source:authors:ayoub-fandi.yml","en-us/the-source/authors/ayoub-fandi.yml","en-us/the-source/authors/ayoub-fandi",{"_path":613,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":614,"seo":615,"content":617,"type":557,"slug":628,"_id":629,"_type":42,"title":616,"_source":44,"_file":630,"_stem":631,"_extension":47},"/en-us/the-source/authors/bob-stevens",{"layout":9},{"title":616},"Bob Stevens",[618,627],{"componentName":545,"type":545,"componentContent":619},{"config":620,"name":616,"role":623,"headshot":624},{"gitlabHandle":621,"linkedInProfileUrl":622},"bstevens1","https://www.linkedin.com/in/bob-stevens-1237564/","Public Sector Area Vice President, GitLab",{"altText":616,"config":625},{"src":626},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687939/mv3lhtimdzr8jmfqmbk1.jpg",{"componentName":556,"type":556},"bob-stevens","content:en-us:the-source:authors:bob-stevens.yml","en-us/the-source/authors/bob-stevens.yml","en-us/the-source/authors/bob-stevens",{"_path":633,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":634,"seo":635,"content":637,"type":557,"slug":649,"_id":650,"_type":42,"title":636,"_source":44,"_file":651,"_stem":652,"_extension":47},"/en-us/the-source/authors/brian-wald",{"layout":9},{"title":636},"Brian Wald",[638,648],{"componentName":545,"type":545,"componentContent":639},{"config":640,"name":636,"role":643,"bio":644,"headshot":645},{"gitlabHandle":641,"linkedInProfileUrl":642},"brianwald","https://www.linkedin.com/in/brianwald/","Head of Global Field CTO org","Brian Wald is Head of Global Field CTO org at GitLab. He leads a dynamic team of Field CTOs dedicated to transforming enterprise software development practices.",{"altText":636,"config":646},{"src":647},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463417/fugpbux9miqbdx3wewtu.jpg",{"componentName":556,"type":556},"brian-wald","content:en-us:the-source:authors:brian-wald.yml","en-us/the-source/authors/brian-wald.yml","en-us/the-source/authors/brian-wald",{"_path":654,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":655,"seo":656,"content":658,"type":557,"slug":671,"_id":672,"_type":42,"title":657,"_source":44,"_file":673,"_stem":674,"_extension":47},"/en-us/the-source/authors/bryan-ross",{"layout":9},{"title":657},"Bryan Ross",[659,670],{"componentName":545,"type":545,"componentContent":660},{"config":661,"name":657,"role":665,"bio":666,"headshot":667},{"gitlabHandle":662,"twitterXProfileUrl":663,"linkedInProfileUrl":664},"bryanrossuk","https://twitter.com/bryanrossuk","https://www.linkedin.com/in/bryanross","Field CTO","With over 15 years of industry experience as a senior IT leader, Bryan helps customers realize business value from IT faster. Equally comfortable speaking with executives and engineers alike, he bridges the gap between technical and business stakeholders through compelling storytelling and real-world examples. With a knack for delivering authentic, impactful messages, he enjoys helping others at the intersection of technology, people and process.",{"altText":657,"config":668},{"src":669},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463324/mvdyvskii4hltdrgqxom.jpg",{"componentName":556,"type":556},"bryan-ross","content:en-us:the-source:authors:bryan-ross.yml","en-us/the-source/authors/bryan-ross.yml","en-us/the-source/authors/bryan-ross",{"_path":676,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":677,"seo":678,"content":680,"type":557,"slug":687,"_id":688,"_type":42,"title":679,"_source":44,"_file":689,"_stem":690,"_extension":47},"/en-us/the-source/authors/chandler-gibbons",{"layout":9},{"title":679},"Chandler Gibbons",[681,686],{"componentName":545,"type":545,"componentContent":682},{"name":679,"headshot":683},{"altText":679,"config":684},{"src":685},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463362/o7g9fqtqtjvegfwniuxh.jpg",{"componentName":556,"type":556},"chandler-gibbons","content:en-us:the-source:authors:chandler-gibbons.yml","en-us/the-source/authors/chandler-gibbons.yml","en-us/the-source/authors/chandler-gibbons",{"_path":692,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":693,"seo":694,"content":696,"type":557,"slug":706,"_id":707,"_type":42,"title":695,"_source":44,"_file":708,"_stem":709,"_extension":47},"/en-us/the-source/authors/dave-steer",{"layout":9},{"title":695},"Dave Steer",[697,705],{"componentName":545,"type":545,"componentContent":698},{"config":699,"name":695,"role":701,"headshot":702},{"gitlabHandle":700},"dsteer","Vice President, Product Marketing",{"altText":695,"config":703},{"src":704},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463457/zbtapdkglu3yb9suaq7w.png",{"componentName":556,"type":556},"dave-steer","content:en-us:the-source:authors:dave-steer.yml","en-us/the-source/authors/dave-steer.yml","en-us/the-source/authors/dave-steer",{"_path":711,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":712,"seo":713,"content":715,"type":557,"slug":727,"_id":728,"_type":42,"title":729,"_source":44,"_file":730,"_stem":731,"_extension":47},"/en-us/the-source/authors/ddesanto",{"layout":9},{"title":714},"David DeSanto",[716,726],{"componentName":545,"type":545,"componentContent":717},{"config":718,"name":714,"role":721,"bio":722,"headshot":723},{"gitlabHandle":719,"linkedInProfileUrl":720},"david","https://www.linkedin.com/in/ddesanto/","Chief Product Officer","David DeSanto is the Chief Product Officer at GitLab Inc., where he leads GitLab’s product division to define and execute GitLab's product vision and roadmap. David is responsible for ensuring the company builds, ships, and supports the platform that reinforces GitLab's leadership in the DevSecOps platform market.",{"altText":714,"config":724},{"src":725},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463446/bgnljs84zcsxj0t6nvix.png",{"componentName":556,"type":556},"ddesanto","content:en-us:the-source:authors:ddesanto.yml","Ddesanto","en-us/the-source/authors/ddesanto.yml","en-us/the-source/authors/ddesanto",{"_path":733,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":734,"seo":735,"content":737,"type":557,"slug":745,"_id":746,"_type":42,"title":747,"_source":44,"_file":748,"_stem":749,"_extension":47},"/en-us/the-source/authors/derek-debellis",{"layout":9},{"title":736},"Derek DeBellis",[738,744],{"componentName":545,"type":545,"componentContent":739},{"name":736,"role":740,"headshot":741},"Lead Researcher, Google's DORA team ",{"altText":736,"config":742},{"src":743},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463385/sbnjwfaguszi5g2smzr7.png",{"componentName":556,"type":556},"derek-debellis","content:en-us:the-source:authors:derek-debellis.yml","Derek Debellis","en-us/the-source/authors/derek-debellis.yml","en-us/the-source/authors/derek-debellis",{"_path":751,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":752,"seo":753,"content":755,"type":557,"slug":767,"_id":768,"_type":42,"title":754,"_source":44,"_file":769,"_stem":770,"_extension":47},"/en-us/the-source/authors/emilio-salvador",{"layout":9},{"title":754},"Emilio Salvador",[756,766],{"componentName":545,"type":545,"componentContent":757},{"config":758,"name":754,"role":761,"bio":762,"headshot":763},{"gitlabHandle":759,"linkedInProfileUrl":760},"esalvadorp","https://www.linkedin.com/in/emiliosp/","Vice President, Strategy and Developer Relations, GitLab","Emilio Salvador is vice president of strategy and developer relations at GitLab. A technology executive with more than 20 years of experience, Emilio has held roles at Amazon and Microsoft, and most recently led strategy and operations for the Developer Advocacy and Experience team at Google. He holds an MBA from MIT Sloan School of Management.",{"altText":754,"config":764},{"src":765},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463402/g0snp3uisjm4tj3pkqcw.jpg",{"componentName":556,"type":556},"emilio-salvador","content:en-us:the-source:authors:emilio-salvador.yml","en-us/the-source/authors/emilio-salvador.yml","en-us/the-source/authors/emilio-salvador",{"_path":772,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":773,"seo":774,"content":776,"type":557,"slug":783,"_id":784,"_type":42,"title":775,"_source":44,"_file":785,"_stem":786,"_extension":47},"/en-us/the-source/authors/erika-feldman",{"layout":9},{"title":775},"Erika Feldman",[777,782],{"componentName":545,"type":545,"componentContent":778},{"name":775,"headshot":779},{"altText":775,"config":780},{"src":781},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463354/d9quqvz7d2ayjwif7vdn.png",{"componentName":556,"type":556},"erika-feldman","content:en-us:the-source:authors:erika-feldman.yml","en-us/the-source/authors/erika-feldman.yml","en-us/the-source/authors/erika-feldman",{"_path":788,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":789,"seo":790,"content":792,"type":557,"slug":802,"_id":803,"_type":42,"title":791,"_source":44,"_file":804,"_stem":805,"_extension":47},"/en-us/the-source/authors/george-kichukov",{"layout":9},{"title":791},"George Kichukov",[793,801],{"componentName":545,"type":545,"componentContent":794},{"config":795,"name":791,"role":665,"bio":797,"headshot":798},{"gitlabHandle":796},"gkichukov","George Kichukov brings over two decades of expertise in software development, enterprise architecture, and technology leadership to his role as Financial Services Field CTO for GitLab. His career began in the startup ecosystem, where he spent five years developing name-matching technologies deployed across government, defense, and financial services. George transitioned into solution architecture, where he guided financial institutions in modernizing their application development practices. Prior to GitLab, George spent 12 years at a large financial services organization leading developer services, application security programs and DevOps infrastructure automation platforms. In his current role at GitLab, George partners with financial services organizations, helping them achieve their strategic objectives in DevOps, DevSecOps, Developer Experience, SDLC compliance, and using AI across software development.",{"altText":791,"config":799},{"src":800},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463366/dk2knfancgsxocjkmyoa.jpg",{"componentName":556,"type":556},"george-kichukov","content:en-us:the-source:authors:george-kichukov.yml","en-us/the-source/authors/george-kichukov.yml","en-us/the-source/authors/george-kichukov",{"_path":807,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":808,"seo":809,"content":811,"type":557,"slug":818,"_id":819,"_type":42,"title":820,"_source":44,"_file":821,"_stem":822,"_extension":47},"/en-us/the-source/authors/gitlab",{"layout":9},{"title":810},"GitLab",[812,817],{"componentName":545,"type":545,"componentContent":813},{"name":810,"headshot":814},{"altText":810,"config":815},{"src":816},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463461/ts7io0hgpdyqylbzfire.png",{"componentName":556,"type":556},"gitlab","content:en-us:the-source:authors:gitlab.yml","Gitlab","en-us/the-source/authors/gitlab.yml","en-us/the-source/authors/gitlab",{"_path":824,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":825,"seo":826,"content":828,"type":557,"slug":837,"_id":838,"_type":42,"title":827,"_source":44,"_file":839,"_stem":840,"_extension":47},"/en-us/the-source/authors/grant-hickman",{"layout":9},{"title":827},"Grant Hickman",[829,836],{"componentName":545,"type":545,"componentContent":830},{"config":831,"name":827,"headshot":833},{"gitlabHandle":832},"g.hickman",{"altText":827,"config":834},{"src":835},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463463/f3uqwtugqotyhwutz5gu.png",{"componentName":556,"type":556},"grant-hickman","content:en-us:the-source:authors:grant-hickman.yml","en-us/the-source/authors/grant-hickman.yml","en-us/the-source/authors/grant-hickman",{"_path":842,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":843,"seo":844,"content":846,"type":557,"slug":857,"_id":858,"_type":42,"title":845,"_source":44,"_file":859,"_stem":860,"_extension":47},"/en-us/the-source/authors/haim-snir",{"layout":9},{"title":845},"Haim Snir",[847,856],{"componentName":545,"type":545,"componentContent":848},{"config":849,"name":845,"role":852,"headshot":853},{"gitlabHandle":850,"linkedInProfileUrl":851},"hsnir1","https://www.linkedin.com/in/haimsnir/","Senior Product Manager, Dev & Analytics, GitLab",{"altText":845,"config":854},{"src":855},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463395/nubmshvaq8wpomopllni.png",{"componentName":556,"type":556},"haim-snir","content:en-us:the-source:authors:haim-snir.yml","en-us/the-source/authors/haim-snir.yml","en-us/the-source/authors/haim-snir",{"_path":862,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":863,"seo":864,"content":866,"type":557,"slug":870,"_id":875,"_type":42,"title":876,"_source":44,"_file":877,"_stem":878,"_extension":47},"/en-us/the-source/authors/iganbaruch",{"layout":9},{"title":865},"Itzik Gan Baruch",[867,874],{"componentName":545,"type":545,"componentContent":868},{"config":869,"name":865,"headshot":871},{"gitlabHandle":870},"iganbaruch",{"altText":865,"config":872},{"src":873},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463443/vibb2fkc0ojni2d1eqde.png",{"componentName":556,"type":556},"content:en-us:the-source:authors:iganbaruch.yml","Iganbaruch","en-us/the-source/authors/iganbaruch.yml","en-us/the-source/authors/iganbaruch",{"_path":880,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"type":557,"slug":881,"config":882,"seo":883,"content":886,"_id":894,"_type":42,"title":885,"_source":44,"_file":895,"_stem":896,"_extension":47},"/en-us/the-source/authors/jason-morgan","jason-morgan",{"layout":9},{"config":884,"title":885},{"noIndex":6},"Jason Morgan",[887,893],{"type":545,"componentName":545,"componentContent":888},{"name":885,"role":889,"headshot":890},"Staff Solutions Architect",{"altText":885,"config":891},{"src":892},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758808571/n1inburdbemlmpcg9atj.jpg",{"type":556,"componentName":556},"content:en-us:the-source:authors:jason-morgan.yml","en-us/the-source/authors/jason-morgan.yml","en-us/the-source/authors/jason-morgan",{"_path":898,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"type":557,"slug":899,"config":900,"seo":901,"content":904,"_id":914,"_type":42,"title":903,"_source":44,"_file":915,"_stem":916,"_extension":47},"/en-us/the-source/authors/jessie-young","jessie-young",{"layout":9},{"config":902,"title":903},{"noIndex":6},"Jessie Young",[905,913],{"type":545,"componentName":545,"componentContent":906},{"name":903,"role":907,"headshot":908,"config":911},"Principal Engineer, AI Engineering, GitLab",{"altText":903,"config":909},{"src":910},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1760537925/E03N1RJJX7C-U03NFV6N2PN-4d786e81137a-512_m62zso.png",{"gitlabHandle":912},"jessieay",{"type":556,"componentName":556},"content:en-us:the-source:authors:jessie-young.yml","en-us/the-source/authors/jessie-young.yml","en-us/the-source/authors/jessie-young",{"_path":918,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":919,"seo":920,"content":922,"type":557,"slug":11,"_id":931,"_type":42,"title":932,"_source":44,"_file":933,"_stem":934,"_extension":47},"/en-us/the-source/authors/jlongo",{"layout":9},{"title":921},"Joseph Longo",[923,930],{"componentName":545,"type":545,"componentContent":924},{"config":925,"name":921,"headshot":927},{"gitlabHandle":926},"jlongo_gitlab",{"altText":921,"config":928},{"src":929},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463434/uoxaknpmoposbbgzqji8.png",{"componentName":556,"type":556},"content:en-us:the-source:authors:jlongo.yml","Jlongo","en-us/the-source/authors/jlongo.yml","en-us/the-source/authors/jlongo",{"_path":936,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":937,"seo":938,"content":940,"type":557,"slug":952,"_id":953,"_type":42,"title":939,"_source":44,"_file":954,"_stem":955,"_extension":47},"/en-us/the-source/authors/joel-krooswyk",{"layout":9},{"title":939},"Joel Krooswyk",[941,951],{"componentName":545,"type":545,"componentContent":942},{"config":943,"name":939,"role":946,"bio":947,"headshot":948},{"gitlabHandle":944,"linkedInProfileUrl":945},"jkrooswyk","https://www.linkedin.com/in/joelrkrooswyk/","Federal CTO","Joel Krooswyk is the Federal CTO at GitLab. Joel has actively been involved in GitLab’s growth since 2017. His 25 years of leadership experience span not only the U.S. Public Sector, but also small, mid-market, and enterprise businesses globally. Joel combines deep government policy expertise with a wealth of experience in technology, software development, AI, and cybersecurity. He is frequently called upon by industry and agencies alike for policy commentary and response.",{"altText":939,"config":949},{"src":950},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463423/mkmdhuxsjggfvokdmdv7.jpg",{"componentName":556,"type":556},"joel-krooswyk","content:en-us:the-source:authors:joel-krooswyk.yml","en-us/the-source/authors/joel-krooswyk.yml","en-us/the-source/authors/joel-krooswyk",{"_path":957,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":958,"seo":959,"content":961,"type":557,"slug":973,"_id":974,"_type":42,"title":960,"_source":44,"_file":975,"_stem":976,"_extension":47},"/en-us/the-source/authors/josh-lemos",{"layout":9},{"title":960},"Josh Lemos",[962,972],{"componentName":545,"type":545,"componentContent":963},{"config":964,"name":960,"role":967,"bio":968,"headshot":969},{"gitlabHandle":965,"linkedInProfileUrl":966},"joshlemos","https://www.linkedin.com/in/joshlemos/","Chief Information Security Officer","Josh Lemos is the Chief Information Security Officer at GitLab Inc., where he brings 20 years of experience leading information security teams to his role. He is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, fortifying the Gitlab DevSecOps platform and ensuring the highest level of security for customers.",{"altText":960,"config":970},{"src":971},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463405/f4rqtiecakrekvxfhqar.jpg",{"componentName":556,"type":556},"josh-lemos","content:en-us:the-source:authors:josh-lemos.yml","en-us/the-source/authors/josh-lemos.yml","en-us/the-source/authors/josh-lemos",{"_path":978,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":979,"seo":980,"content":982,"type":557,"slug":989,"_id":990,"_type":42,"title":981,"_source":44,"_file":991,"_stem":992,"_extension":47},"/en-us/the-source/authors/julie-griffin",{"layout":9},{"title":981},"Julie Griffin",[983,988],{"componentName":545,"type":545,"componentContent":984},{"name":981,"headshot":985},{"altText":981,"config":986},{"src":987},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463371/hqkbr3uk8hw2de7tltn4.webp",{"componentName":556,"type":556},"julie-griffin","content:en-us:the-source:authors:julie-griffin.yml","en-us/the-source/authors/julie-griffin.yml","en-us/the-source/authors/julie-griffin",{"_path":994,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":995,"seo":996,"content":998,"type":557,"slug":1005,"_id":1006,"_type":42,"title":997,"_source":44,"_file":1007,"_stem":1008,"_extension":47},"/en-us/the-source/authors/kristina-weis",{"layout":9},{"title":997},"Kristina Weis",[999,1004],{"componentName":545,"type":545,"componentContent":1000},{"name":997,"headshot":1001},{"altText":997,"config":1002},{"src":1003},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463469/eoolq6n6bs0zb8gmf0js.webp",{"componentName":556,"type":556},"kristina-weis","content:en-us:the-source:authors:kristina-weis.yml","en-us/the-source/authors/kristina-weis.yml","en-us/the-source/authors/kristina-weis",{"_path":1010,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1011,"seo":1012,"content":1014,"type":557,"slug":1025,"_id":1026,"_type":42,"title":1013,"_source":44,"_file":1027,"_stem":1028,"_extension":47},"/en-us/the-source/authors/lee-faus",{"layout":9},{"title":1013},"Lee Faus",[1015,1024],{"componentName":545,"type":545,"componentContent":1016},{"config":1017,"name":1013,"role":1019,"bio":1020,"headshot":1021},{"gitlabHandle":1018},"lfaus","Global Field CTO","Lee Faus is a Global Field CTO at GitLab. Lee has been a software architect, teacher, professor, and educator for over 25 years. He leverages his experience as an educator to bring complex technology concepts into a business forum where executives gain valuable advice to positively impact their business.",{"altText":1013,"config":1022},{"src":1023},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463398/vivhlomglvnstamj54bo.jpg",{"componentName":556,"type":556},"lee-faus","content:en-us:the-source:authors:lee-faus.yml","en-us/the-source/authors/lee-faus.yml","en-us/the-source/authors/lee-faus",{"_path":1030,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"type":557,"slug":1031,"config":1032,"seo":1033,"content":1036,"_id":1044,"_type":42,"title":1035,"_source":44,"_file":1045,"_stem":1046,"_extension":47},"/en-us/the-source/authors/nathen-harvey","nathen-harvey",{"layout":9},{"config":1034,"title":1035},{"noIndex":6},"Nathen Harvey",[1037,1043],{"type":545,"componentName":545,"componentContent":1038},{"name":1035,"role":1039,"headshot":1040},"DORA Lead, Google Cloud",{"altText":1035,"config":1041},{"src":1042},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1760537671/ls7apap7dorwaguxs4hh.webp",{"type":556,"componentName":556},"content:en-us:the-source:authors:nathen-harvey.yml","en-us/the-source/authors/nathen-harvey.yml","en-us/the-source/authors/nathen-harvey",{"_path":1048,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1049,"seo":1050,"content":1052,"type":557,"slug":1056,"_id":1061,"_type":42,"title":1062,"_source":44,"_file":1063,"_stem":1064,"_extension":47},"/en-us/the-source/authors/ncregan",{"layout":9},{"title":1051},"Niall Cregan",[1053,1060],{"componentName":545,"type":545,"componentContent":1054},{"config":1055,"name":1051,"headshot":1057},{"gitlabHandle":1056},"ncregan",{"altText":1051,"config":1058},{"src":1059},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463431/yrtwodocb4cu3j7lkhyo.png",{"componentName":556,"type":556},"content:en-us:the-source:authors:ncregan.yml","Ncregan","en-us/the-source/authors/ncregan.yml","en-us/the-source/authors/ncregan",{"_path":1066,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"type":557,"slug":1067,"config":1068,"seo":1069,"content":1072,"_id":1079,"_type":42,"title":1071,"_source":44,"_file":1080,"_stem":1081,"_extension":47},"/en-us/the-source/authors/rob-smith","rob-smith",{"layout":9},{"config":1070,"title":1071},{"noIndex":6},"Rob Smith",[1073,1078],{"type":545,"componentName":545,"componentContent":1074},{"name":1071,"role":623,"headshot":1075},{"altText":1071,"config":1076},{"src":1077},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1760625579/ndksqvsfysea4cnltb1r.jpg",{"type":556,"componentName":556},"content:en-us:the-source:authors:rob-smith.yml","en-us/the-source/authors/rob-smith.yml","en-us/the-source/authors/rob-smith",{"_path":1083,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1084,"seo":1085,"content":1087,"type":557,"slug":1098,"_id":1099,"_type":42,"title":1100,"_source":44,"_file":1101,"_stem":1102,"_extension":47},"/en-us/the-source/authors/rschulman",{"layout":9},{"title":1086},"Robin Schulman",[1088,1097],{"componentName":545,"type":545,"componentContent":1089},{"config":1090,"name":1086,"role":1092,"bio":1093,"headshot":1094},{"gitlabHandle":1091},"robin","Chief Legal Officer","Robin Schulman is the Chief Legal Officer, Head of Corporate Affairs, and Corporate Secretary of GitLab Inc., the DevSecOps platform.",{"altText":1086,"config":1095},{"src":1096},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463437/u2xfbudw1f8hhnkrgaoy.webp",{"componentName":556,"type":556},"rschulman","content:en-us:the-source:authors:rschulman.yml","Rschulman","en-us/the-source/authors/rschulman.yml","en-us/the-source/authors/rschulman",{"_path":1104,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1105,"seo":1106,"content":1108,"type":557,"slug":1117,"_id":1118,"_type":42,"title":1107,"_source":44,"_file":1119,"_stem":1120,"_extension":47},"/en-us/the-source/authors/sabrina-farmer",{"layout":9},{"title":1107},"Sabrina Farmer",[1109,1116],{"componentName":545,"type":545,"componentContent":1110},{"name":1107,"role":1111,"bio":1112,"headshot":1113},"Chief Technology Officer","Sabrina Farmer is the Chief Technology Officer at GitLab, where she leads software engineering, operations, and customer support teams to execute the company's technical vision and strategy and oversee the development and delivery of GitLab's products and services.\n\nPrior to GitLab, Sabrina spent nearly two decades at Google, where she most recently served as vice president of engineering, core infrastructure. During her tenure with Google, she was directly responsible for the reliability, performance, and efficiency of all of Google's billion-user products and infrastructure.\n\nA long-time advocate for women in technology, Farmer earned a B.S. in Computer Science at the University of New Orleans, where she established two scholarships to help level the playing field for inclusion and empowerment in technology.",{"altText":1107,"config":1114},{"src":1115},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463377/udmzbjjr5xrcrffdlphx.webp",{"componentName":556,"type":556},"sabrina-farmer","content:en-us:the-source:authors:sabrina-farmer.yml","en-us/the-source/authors/sabrina-farmer.yml","en-us/the-source/authors/sabrina-farmer",{"_path":1122,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1123,"seo":1124,"content":1126,"type":557,"slug":1136,"_id":1137,"_type":42,"title":1125,"_source":44,"_file":1138,"_stem":1139,"_extension":47},"/en-us/the-source/authors/sandra-gittlen",{"layout":9},{"title":1125},"Sandra Gittlen",[1127,1135],{"componentName":545,"type":545,"componentContent":1128},{"config":1129,"name":1125,"role":1131,"headshot":1132},{"gitlabHandle":1130},"sgittlen","Managing Editor, Blog",{"altText":1125,"config":1133},{"src":1134},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463466/r7ckb9h2zr4c2rsz3zlm.png",{"componentName":556,"type":556},"sandra-gittlen","content:en-us:the-source:authors:sandra-gittlen.yml","en-us/the-source/authors/sandra-gittlen.yml","en-us/the-source/authors/sandra-gittlen",{"_path":1141,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1142,"seo":1143,"content":1145,"type":557,"slug":1152,"_id":1153,"_type":42,"title":1144,"_source":44,"_file":1154,"_stem":1155,"_extension":47},"/en-us/the-source/authors/sharon-gaudin",{"layout":9},{"title":1144},"Sharon Gaudin",[1146,1151],{"componentName":545,"type":545,"componentContent":1147},{"name":1144,"headshot":1148},{"altText":1144,"config":1149},{"src":1150},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463475/h6j4nnvykzyfzgvl7txb.webp",{"componentName":556,"type":556},"sharon-gaudin","content:en-us:the-source:authors:sharon-gaudin.yml","en-us/the-source/authors/sharon-gaudin.yml","en-us/the-source/authors/sharon-gaudin",{"_path":1157,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1158,"seo":1159,"content":1161,"type":557,"slug":1173,"_id":1174,"_type":42,"title":1160,"_source":44,"_file":1175,"_stem":1176,"_extension":47},"/en-us/the-source/authors/stephen-walters",{"layout":9},{"title":1160},"Stephen Walters",[1162,1172],{"componentName":545,"type":545,"componentContent":1163},{"config":1164,"name":1160,"role":1167,"bio":1168,"headshot":1169},{"gitlabHandle":1165,"linkedInProfileUrl":1166},"swalters1","https://www.linkedin.com/in/1stephenwalters/","Field CTO, GitLab","Stephen Walters is Field CTO for GitLab. Stephen has been in the IT industry for over 30 years. He is an extensively experienced subject matter expert in Value Stream Management, DevSecOps, DevOps, ALM, SDLC and IT4IT, with management and consultancy experience across end-to-end IT disciplines. Currently also operating as an Ambassador for the DevOps Institute and an Influencer in the Value Stream Management Consortium, he is interested in all things DevOps. Stephen is a co-author of the Value Stream Reference Architectures white paper and is currently pursuing further research into Value Stream Management, Organizational Architecture and AI.",{"altText":1160,"config":1170},{"src":1171},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463392/g6ktk5qb4vcqc9wqjlf9.jpg",{"componentName":556,"type":556},"stephen-walters","content:en-us:the-source:authors:stephen-walters.yml","en-us/the-source/authors/stephen-walters.yml","en-us/the-source/authors/stephen-walters",{"_path":1178,"_dir":539,"_draft":6,"_partial":6,"_locale":7,"config":1179,"seo":1180,"content":1182,"type":557,"slug":1194,"_id":1195,"_type":42,"title":1196,"_source":44,"_file":1197,"_stem":1198,"_extension":47},"/en-us/the-source/authors/taylor-mccaslin",{"layout":9},{"title":1181},"Taylor McCaslin",[1183,1193],{"componentName":545,"type":545,"componentContent":1184},{"config":1185,"name":1181,"role":1188,"bio":1189,"headshot":1190},{"gitlabHandle":1186,"linkedInProfileUrl":1187},"tmccaslin","https://www.linkedin.com/in/taylormccaslin/","Group Manager, Product - Data Science","Taylor McCaslin is the Product Lead for AI/ML at GitLab, where he is responsible for leading the team of product managers who manage the AI Powered and ModelOps stage groups and sets the vision and direction for how to empower GitLab users to leverage data science as part of their DevOps program. Prior to joining GitLab, he held positions at Indeed, Duo Security, and WP Engine.",{"altText":1181,"config":1191},{"src":1192},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463427/trfasilaeasosxfcxmsm.jpg",{"componentName":556,"type":556},"taylor-mccaslin","content:en-us:the-source:authors:taylor-mccaslin.yml","Taylor Mccaslin","en-us/the-source/authors/taylor-mccaslin.yml","en-us/the-source/authors/taylor-mccaslin",1761814439134]