[{"data":1,"prerenderedAt":1201},["ShallowReactive",2],{"/en-us/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design":3,"footer-en-us":50,"the-source-banner-en-us":393,"the-source-navigation-en-us":405,"article-site-categories-en-us":433,"the-source-newsletter-en-us":435,"footer-source-/en-us/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design/":446,"strengthen-your-cybersecurity-strategy-with-secure-by-design-article-hero-category-en-us":457,"strengthen-your-cybersecurity-strategy-with-secure-by-design-the-source-source-cta-en-us":480,"strengthen-your-cybersecurity-strategy-with-secure-by-design-category-en-us":495,"strengthen-your-cybersecurity-strategy-with-secure-by-design-the-source-resources-en-us":507,"strengthen-your-cybersecurity-strategy-with-secure-by-design-article-hero-author-en-us":538},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":13,"content":17,"type":41,"slug":42,"category":5,"_id":43,"_type":44,"title":45,"_source":46,"_file":47,"_stem":48,"_extension":49},"/en-us/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design","security",false,"",{"layout":9,"template":10,"author":11,"featured":6,"sourceCTA":12},"the-source","TheSourceArticle","joel-krooswyk","source-lp-guide-to-dynamic-sboms",{"title":14,"description":15,"ogImage":16},"Strengthen your cybersecurity strategy with Secure by Design","Take a closer look at Secure by Design and related concepts, and learn steps you can take today to build security into your software development processes.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463932/pnfdgovoaq5qd1yprxuc.png",{"title":14,"date":18,"description":15,"timeToRead":19,"heroImage":16,"keyTakeaways":20,"articleBody":24,"faq":25},"2024-10-29","6 min read",[21,22,23],"Secure by Design, Secure by Default, and Secure by Demand proactively prevent vulnerabilities and software supply chain attacks by encouraging software manufacturers to embed security into every aspect of product design and development.","Adopting a comprehensive DevSecOps approach and creating and maintaining software bills of materials (SBOMs) are key steps to becoming Secure by Design.","Incorporating AI into the software development lifecycle can also help teams expedite development processes, resolve vulnerabilities, and create more secure products.","An organization’s approach to cybersecurity must constantly evolve as attack surfaces increase and it learns more about potential threats. Understanding that security threats can enter from any point in the software supply chain, a Secure by Design approach integrates security into the design, coding, testing, and deployment phases of software development. As the standard for U.S. federal agencies - and any organization that touches their software - Secure by Design has become a go-to benchmark for building security measures into the software development lifecycle.\n\nOver time, Secure by Design has branched off into related concepts such as _Secure by Default_ and _Secure by Demand_, which emphasize different ways of  approaching Secure by Design:\n\n- [Secure by Default](#what-is-secure-by-default) focuses on ensuring that all software products are secure out of the box.\n- [Secure by Demand](#what-is-secure-by-demand) extends Secure by Design principles to the procurement process.\n\nHere’s a closer look at Secure by Design and these related approaches, including a [step-by-step guide](#building-a-secure-by-design-cybersecurity-strategy) to how organizations can adapt their strategies to prevent security risks such as exploitable vulnerabilities and software supply chain attacks.\n\n## What is Secure by Design?\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) introduced its [Secure by Design Initiative](https://www.cisa.gov/securebydesign) in April 2023, with a focus on three key software security principles:\n\n1. Take ownership of customer security outcomes\n1. Embrace radical transparency and accountability\n1. Build organizational structure and leadership to achieve these goals\n\nSecure by Design integrates security principles and protocols into every stage of the software development process. This means that security measures are built into the design, coding, testing, and deployment phases of software development rather than being added on as an afterthought.\n\nThe goal of Secure by Design is to create a secure foundation for software systems from the very beginning, reducing vulnerabilities and potential attack surfaces.\n\n### What is Secure by Default?\nSecure by Default is an offshoot of Secure by Design that focuses on ensuring that any software or hardware is set to its most secure configuration without requiring reconfiguration by the user. Products that are Secure by Default automatically enable the most important security controls needed to protect enterprises from unauthorized access by bad actors - meaning users do not have to go through additional steps to ensure that a product is protected against prevalent exploitation techniques.\n\nSecure by Default tactics include eliminating default passwords and mandating multi-factor authentication and single sign-on to allow only authorized users access to resources. This approach also includes automatic updates and patches, as well as secure configurations for all user accounts and devices.\n\n### What is Secure by Demand?\nSecure by Demand combines Secure by Design principles with budgeting and procurement contracts in order to drive Secure by Design as a mandate for vendors as well as contractors. [CISA’s Secure by Demand Guide](https://www.cisa.gov/resources-tools/resources/secure-demand-guide) provides a set of questions and resources that software purchasers, buyers, and procurers can use to better understand a potential vendor’s approach to cybersecurity. This includes questions about the vendor's authentication practices, software supply chain security, and vulnerability disclosure and reporting.\n\nBy requiring vendors to adhere to Secure by Design principles and protocols in their products and services, organizations can help prevent potential vulnerabilities from entering their software supply chain. The Secure by Demand approach also further incentivizes vendors to continuously improve their own cybersecurity posture.\n\n## Building a Secure by Design cybersecurity strategy\nAs organizations prioritize becoming Secure by Design, steps include utilizing effective DevSecOps practices, maintaining a software bill of materials (SBOM), and incorporating AI to defend against threats entering from any point in the software development lifecycle.\n\n### Adopting DevSecOps practices\nOne of the first steps to support a Secure by Design posture is a secure software development process: developing, building, securing, and deploying software using a comprehensive DevSecOps approach.\n\nToday, many developers utilize complex toolsets to create new programs. A [recent survey by GitLab](https://about.gitlab.com/developer-survey/) found that 62% of respondents use 6 or more tools for development, and 20% use 11 or more - an inefficiency that increases risk by introducing potential security vulnerabilities.\n\nDevelopers should be able to access all the tools necessary for DevSecOps workflows in a single, easy-to-use interface. With an end-to-end solution, like a [DevSecOps platform](/platform/), organizations can implement a Secure by Design approach without increasing the security burden on developers.\n\n### Creating and maintaining SBOMs\nEmbracing transparency is another significant part of being Secure by Design. Organizations must understand what’s in their software, especially when it may include components from multiple sources.\n\n[SBOMs are essential tools for achieving this transparency](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/). They offer detailed inventories of software components, including version, license, and dependency details, that enable greater awareness of potential vulnerabilities or malicious code.\n\nMaintaining this inventory allows organizations to fully understand potential vulnerabilities and risks that could arise when elements are lifted from open source repositories and licensed third-party components. A DevSecOps platform can help [automatically generate and update SBOMs](/solutions/application-security-testing/), integrate them into existing workflows, and link them to associated vulnerabilities.\n\nWhile many organizations are now using SBOMs, they must be dynamic, connected with security scanning tools, and continuously updated to be fully effective. When integrated with scanning tools and dashboards, SBOMs can provide a way to identify the risks associated with an application. Even when not required, SBOMs can support compliance with security regulations by validating that code is secure.\n\n### Using AI in software development\nAs organizations explore ways to use AI, software development workflows provide a valuable entry point to the technology, which has the potential to accelerate development processes and enhance security.\n\nOrganizations across all industries are already beginning to explore these applications: 39% of respondents [in GitLab’s survey](https://about.gitlab.com/developer-survey/2024/ai/) said they are already using AI in the software development lifecycle.\n\nApplying AI across the software development lifecycle can help organizations avoid AI-driven silos and backlogs within development workflows. AI can perform key functions such as:\n\n* Code explanation and legacy code refactoring into [memory-safe languages](https://about.gitlab.com/blog/memory-safe-vs-unsafe/)\n* [Root cause analysis for DevSecOps pipelines](https://about.gitlab.com/blog/developing-gitlab-duo-blending-ai-and-root-cause-analysis-to-fix-ci-cd/), expediting solutions for complex problems during testing\n* [Vulnerability resolution](https://about.gitlab.com/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo/) to help reconcile known vulnerabilities, supporting more thorough remediation\n\nAs leaders integrate AI into their workflows, it is crucial to prioritize privacy and data security. An essential aspect of adopting a Secure by Design approach is to develop an [AI strategy that safeguards sensitive data and protects intellectual property rights](https://about.gitlab.com/the-source/ai/building-a-transparency-first-ai-strategy-7-questions-to-ask-your-devops/).\n\n### What’s next\nSecure by Design may soon become the default approach to creating a more trustworthy software ecosystem. The [U.S. government](https://about.gitlab.com/the-source/security/national-cybersecurity-strategy-a-wake-up-call-for-software-developers/) is currently working with software manufacturers to create frameworks that legally incentivize the private sector to produce and release Secure by Design software, driving businesses to invest more in secure technology and practices.\n\nWith robust security built into software development from the start, transparency through effective SBOMs, and AI enhancing the development process, everyone involved in the software development lifecycle will be positioned for success.",[26,29,32,35,38],{"header":27,"content":28},"What is Secure by Demand, and how does it impact vendors?","Secure by Demand extends Secure by Design principles into procurement and vendor management. It requires organizations to mandate security best practices from their software providers, ensuring that third-party products meet high cybersecurity standards. This approach minimizes supply chain risks and encourages vendors to continuously improve their security posture to remain competitive.",{"header":30,"content":31},"How does AI enhance Secure by Design practices?","AI accelerates Secure by Design by automating security tasks, such as vulnerability detection, root cause analysis, and legacy code refactoring. AI-powered tools can analyze security risks in real time, generate secure coding suggestions, and streamline DevSecOps pipelines. However, organizations must implement AI responsibly by safeguarding privacy, data security, and intellectual property rights.",{"header":33,"content":34},"How does Secure by Default differ from Secure by Design?","Secure by Default is an extension of Secure by Design, ensuring that software products come pre-configured with the highest security settings. Users don’t need to manually adjust settings or apply additional safeguards to achieve a secure environment. Examples include eliminating default passwords, enforcing multi-factor authentication, and automating security updates to protect against common exploitation techniques.",{"header":36,"content":37},"How can organizations implement a Secure by Design strategy?","To adopt a Secure by Design strategy, organizations should integrate DevSecOps practices, maintain a software bill of materials (SBOM) for transparency, and use AI-driven security tools to detect vulnerabilities early. A DevSecOps platform helps unify security and development workflows, while SBOMs provide a comprehensive inventory of software components to track dependencies and potential risks.",{"header":39,"content":40},"What is Secure by Design, and why is it important?","Secure by Design is a cybersecurity approach that integrates security into every stage of software development, from design to deployment. Instead of applying security fixes reactively, it ensures that security measures are built into the development process from the start. This proactive strategy reduces vulnerabilities, strengthens software resilience, and aligns with federal security standards, such as those established by CISA.","article","strengthen-your-cybersecurity-strategy-with-secure-by-design","content:en-us:the-source:security:strengthen-your-cybersecurity-strategy-with-secure-by-design.yml","yaml","Strengthen Your Cybersecurity Strategy With Secure By Design","content","en-us/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design.yml","en-us/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design","yml",{"_path":51,"_dir":52,"_draft":6,"_partial":6,"_locale":7,"data":53,"_id":389,"_type":44,"title":390,"_source":46,"_file":391,"_stem":392,"_extension":49},"/shared/en-us/main-footer","en-us",{"text":54,"source":55,"edit":61,"contribute":66,"config":71,"items":76,"minimal":381},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":56,"config":57},"View page source",{"href":58,"dataGaName":59,"dataGaLocation":60},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":62,"config":63},"Edit this page",{"href":64,"dataGaName":65,"dataGaLocation":60},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":67,"config":68},"Please contribute",{"href":69,"dataGaName":70,"dataGaLocation":60},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":72,"facebook":73,"youtube":74,"linkedin":75},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[77,135,192,251,319],{"title":78,"links":79,"subMenu":95},"Pricing",[80,85,90],{"text":81,"config":82},"View plans",{"href":83,"dataGaName":84,"dataGaLocation":60},"/pricing/","view plans",{"text":86,"config":87},"Why Premium?",{"href":88,"dataGaName":89,"dataGaLocation":60},"/pricing/premium/","why premium",{"text":91,"config":92},"Why Ultimate?",{"href":93,"dataGaName":94,"dataGaLocation":60},"/pricing/ultimate/","why ultimate",[96],{"title":97,"links":98},"Contact Us",[99,104,109,114,119,124,129],{"text":100,"config":101},"Contact sales",{"href":102,"dataGaName":103,"dataGaLocation":60},"/sales/","sales",{"text":105,"config":106},"Support portal",{"href":107,"dataGaName":108,"dataGaLocation":60},"https://support.gitlab.com","support portal",{"text":110,"config":111},"Customer portal",{"href":112,"dataGaName":113,"dataGaLocation":60},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":115,"config":116},"Status",{"href":117,"dataGaName":118,"dataGaLocation":60},"https://status.gitlab.com/","status",{"text":120,"config":121},"Terms of use",{"href":122,"dataGaName":123,"dataGaLocation":60},"/terms/","terms of use",{"text":125,"config":126},"Privacy statement",{"href":127,"dataGaName":128,"dataGaLocation":60},"/privacy/","privacy statement",{"text":130,"config":131},"Cookie preferences",{"dataGaName":132,"dataGaLocation":60,"id":133,"isOneTrustButton":134},"cookie preferences","ot-sdk-btn",true,{"title":136,"links":137,"subMenu":148},"Product",[138,143],{"text":139,"config":140},"DevSecOps platform",{"href":141,"dataGaName":142,"dataGaLocation":60},"/platform/","devsecops platform",{"text":144,"config":145},"AI-Assisted Development",{"href":146,"dataGaName":147,"dataGaLocation":60},"/gitlab-duo/","ai-assisted development",[149],{"title":150,"links":151},"Topics",[152,157,162,167,172,177,182,187],{"text":153,"config":154},"CICD",{"href":155,"dataGaName":156,"dataGaLocation":60},"/topics/ci-cd/","cicd",{"text":158,"config":159},"GitOps",{"href":160,"dataGaName":161,"dataGaLocation":60},"/topics/gitops/","gitops",{"text":163,"config":164},"DevOps",{"href":165,"dataGaName":166,"dataGaLocation":60},"/topics/devops/","devops",{"text":168,"config":169},"Version Control",{"href":170,"dataGaName":171,"dataGaLocation":60},"/topics/version-control/","version control",{"text":173,"config":174},"DevSecOps",{"href":175,"dataGaName":176,"dataGaLocation":60},"/topics/devsecops/","devsecops",{"text":178,"config":179},"Cloud Native",{"href":180,"dataGaName":181,"dataGaLocation":60},"/topics/cloud-native/","cloud native",{"text":183,"config":184},"AI for Coding",{"href":185,"dataGaName":186,"dataGaLocation":60},"/topics/devops/ai-for-coding/","ai for coding",{"text":188,"config":189},"Agentic AI",{"href":190,"dataGaName":191,"dataGaLocation":60},"/topics/agentic-ai/","agentic ai",{"title":193,"links":194},"Solutions",[195,199,204,209,214,218,223,226,231,236,241,246],{"text":196,"config":197},"Application Security Testing",{"href":198,"dataGaName":196,"dataGaLocation":60},"/solutions/application-security-testing/",{"text":200,"config":201},"Automated software delivery",{"href":202,"dataGaName":203,"dataGaLocation":60},"/solutions/delivery-automation/","automated software delivery",{"text":205,"config":206},"Agile development",{"href":207,"dataGaName":208,"dataGaLocation":60},"/solutions/agile-delivery/","agile delivery",{"text":210,"config":211},"SCM",{"href":212,"dataGaName":213,"dataGaLocation":60},"/solutions/source-code-management/","source code management",{"text":153,"config":215},{"href":216,"dataGaName":217,"dataGaLocation":60},"/solutions/continuous-integration/","continuous integration & delivery",{"text":219,"config":220},"Value stream management",{"href":221,"dataGaName":222,"dataGaLocation":60},"/solutions/value-stream-management/","value stream management",{"text":158,"config":224},{"href":225,"dataGaName":161,"dataGaLocation":60},"/solutions/gitops/",{"text":227,"config":228},"Enterprise",{"href":229,"dataGaName":230,"dataGaLocation":60},"/enterprise/","enterprise",{"text":232,"config":233},"Small business",{"href":234,"dataGaName":235,"dataGaLocation":60},"/small-business/","small business",{"text":237,"config":238},"Public sector",{"href":239,"dataGaName":240,"dataGaLocation":60},"/solutions/public-sector/","public sector",{"text":242,"config":243},"Education",{"href":244,"dataGaName":245,"dataGaLocation":60},"/solutions/education/","education",{"text":247,"config":248},"Financial services",{"href":249,"dataGaName":250,"dataGaLocation":60},"/solutions/finance/","financial services",{"title":252,"links":253},"Resources",[254,259,264,269,274,279,284,289,294,299,304,309,314],{"text":255,"config":256},"Install",{"href":257,"dataGaName":258,"dataGaLocation":60},"/install/","install",{"text":260,"config":261},"Quick start guides",{"href":262,"dataGaName":263,"dataGaLocation":60},"/get-started/","quick setup checklists",{"text":265,"config":266},"Learn",{"href":267,"dataGaName":268,"dataGaLocation":60},"https://university.gitlab.com/","learn",{"text":270,"config":271},"Product documentation",{"href":272,"dataGaName":273,"dataGaLocation":60},"https://docs.gitlab.com/","docs",{"text":275,"config":276},"Blog",{"href":277,"dataGaName":278,"dataGaLocation":60},"/blog/","blog",{"text":280,"config":281},"Customer success stories",{"href":282,"dataGaName":283,"dataGaLocation":60},"/customers/","customer success stories",{"text":285,"config":286},"Remote",{"href":287,"dataGaName":288,"dataGaLocation":60},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":290,"config":291},"GitLab Services",{"href":292,"dataGaName":293,"dataGaLocation":60},"/services/","services",{"text":295,"config":296},"TeamOps",{"href":297,"dataGaName":298,"dataGaLocation":60},"/teamops/","teamops",{"text":300,"config":301},"Community",{"href":302,"dataGaName":303,"dataGaLocation":60},"/community/","community",{"text":305,"config":306},"Forum",{"href":307,"dataGaName":308,"dataGaLocation":60},"https://forum.gitlab.com/","forum",{"text":310,"config":311},"Events",{"href":312,"dataGaName":313,"dataGaLocation":60},"/events/","events",{"text":315,"config":316},"Partners",{"href":317,"dataGaName":318,"dataGaLocation":60},"/partners/","partners",{"title":320,"links":321},"Company",[322,327,332,337,342,347,352,356,361,366,371,376],{"text":323,"config":324},"About",{"href":325,"dataGaName":326,"dataGaLocation":60},"/company/","company",{"text":328,"config":329},"Jobs",{"href":330,"dataGaName":331,"dataGaLocation":60},"/jobs/","jobs",{"text":333,"config":334},"Leadership",{"href":335,"dataGaName":336,"dataGaLocation":60},"/company/team/e-group/","leadership",{"text":338,"config":339},"Team",{"href":340,"dataGaName":341,"dataGaLocation":60},"/company/team/","team",{"text":343,"config":344},"Handbook",{"href":345,"dataGaName":346,"dataGaLocation":60},"https://handbook.gitlab.com/","handbook",{"text":348,"config":349},"Investor relations",{"href":350,"dataGaName":351,"dataGaLocation":60},"https://ir.gitlab.com/","investor relations",{"text":353,"config":354},"Sustainability",{"href":355,"dataGaName":353,"dataGaLocation":60},"/sustainability/",{"text":357,"config":358},"Diversity, inclusion and belonging (DIB)",{"href":359,"dataGaName":360,"dataGaLocation":60},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":362,"config":363},"Trust Center",{"href":364,"dataGaName":365,"dataGaLocation":60},"/security/","trust center",{"text":367,"config":368},"Newsletter",{"href":369,"dataGaName":370,"dataGaLocation":60},"/company/contact/","newsletter",{"text":372,"config":373},"Press",{"href":374,"dataGaName":375,"dataGaLocation":60},"/press/","press",{"text":377,"config":378},"Modern Slavery Transparency Statement",{"href":379,"dataGaName":380,"dataGaLocation":60},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":382},[383,385,387],{"text":120,"config":384},{"href":122,"dataGaName":123,"dataGaLocation":60},{"text":125,"config":386},{"href":127,"dataGaName":128,"dataGaLocation":60},{"text":130,"config":388},{"dataGaName":132,"dataGaLocation":60,"id":133,"isOneTrustButton":134},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":394,"_dir":395,"_draft":6,"_partial":6,"_locale":7,"visibility":134,"id":396,"title":397,"button":398,"_id":402,"_type":44,"_source":46,"_file":403,"_stem":404,"_extension":49},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":399,"text":401},{"href":400},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":406,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":407,"subscribeLink":412,"navItems":416,"_id":429,"_type":44,"title":430,"_source":46,"_file":431,"_stem":432,"_extension":49},"/shared/en-us/the-source/navigation",{"altText":408,"config":409},"the source logo",{"src":410,"href":411},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":413,"config":414},"Subscribe",{"href":415},"#subscribe",[417,421,425],{"text":418,"config":419},"Artificial Intelligence",{"href":420},"/the-source/ai/",{"text":422,"config":423},"Security & Compliance",{"href":424},"/the-source/security/",{"text":426,"config":427},"Platform & Infrastructure",{"href":428},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"categoryNames":434},{"ai":418,"platform":426,"security":422},{"_path":436,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":437,"description":438,"submitMessage":439,"formData":440,"_id":443,"_type":44,"_source":46,"_file":444,"_stem":445,"_extension":49},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":441},{"formId":442,"formName":370,"hideRequiredLabel":134},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":447,"seo":448,"content":449,"type":41,"slug":42,"category":5,"_id":43,"_type":44,"title":45,"_source":46,"_file":47,"_stem":48,"_extension":49},{"layout":9,"template":10,"author":11,"featured":6,"sourceCTA":12},{"title":14,"description":15,"ogImage":16},{"title":14,"date":18,"description":15,"timeToRead":19,"heroImage":16,"keyTakeaways":450,"articleBody":24,"faq":451},[21,22,23],[452,453,454,455,456],{"header":27,"content":28},{"header":30,"content":31},{"header":33,"content":34},{"header":36,"content":37},{"header":39,"content":40},{"_path":458,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":459,"config":460,"seo":461,"content":464,"slug":5,"_id":477,"_type":44,"title":7,"_source":46,"_file":478,"_stem":479,"_extension":49},"/en-us/the-source/security","category",{"layout":9},{"title":422,"description":462,"ogImage":463},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[465,470],{"componentName":466,"type":466,"componentContent":467},"TheSourceCategoryHero",{"title":422,"description":462,"image":468},{"config":469},{"src":463},{"componentName":471,"type":471,"componentContent":472},"TheSourceCategoryMainSection",{"config":473},{"sourceCTAs":474},[12,475,476],"source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":481,"_dir":482,"_draft":6,"_partial":6,"_locale":7,"config":483,"title":484,"description":485,"link":486,"_id":492,"_type":44,"_source":46,"_file":493,"_stem":494,"_extension":49},"/shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms","source-lp-ctas",{"slug":12},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":487,"config":488},"Read the guide",{"href":489,"dataGaName":490,"dataGaLocation":491},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","thesource","content:shared:en-us:the-source:source-lp-ctas:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",{"_path":458,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":459,"config":496,"seo":497,"content":498,"slug":5,"_id":477,"_type":44,"title":7,"_source":46,"_file":478,"_stem":479,"_extension":49},{"layout":9},{"title":422,"description":462,"ogImage":463},[499,503],{"componentName":466,"type":466,"componentContent":500},{"title":422,"description":462,"image":501},{"config":502},{"src":463},{"componentName":471,"type":471,"componentContent":504},{"config":505},{"sourceCTAs":506},[12,475,476],[508,521,534],{"_path":509,"_dir":482,"_draft":6,"_partial":6,"_locale":7,"config":510,"title":511,"description":512,"link":513,"_id":518,"_type":44,"_source":46,"_file":519,"_stem":520,"_extension":49},"/shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age",{"slug":476},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":514,"config":515},"Read the report",{"href":516,"dataGaName":517,"dataGaLocation":491},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","content:shared:en-us:the-source:source-lp-ctas:application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age",{"_path":522,"_dir":482,"_draft":6,"_partial":6,"_locale":7,"config":523,"title":524,"description":525,"link":526,"_id":531,"_type":44,"_source":46,"_file":532,"_stem":533,"_extension":49},"/shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"slug":475},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":527,"config":528},"Download the guide",{"href":529,"dataGaName":530,"dataGaLocation":491},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:source-lp-ctas:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":481,"_dir":482,"_draft":6,"_partial":6,"_locale":7,"config":535,"title":484,"description":485,"link":536,"_id":492,"_type":44,"_source":46,"_file":493,"_stem":494,"_extension":49},{"slug":12},{"text":487,"config":537},{"href":489,"dataGaName":490,"dataGaLocation":491},[539,564,580,598,614,634,655,677,693,712,734,752,773,789,808,825,843,863,881,899,919,938,958,979,995,1011,1031,1049,1067,1084,1105,1123,1142,1158,1179],{"_path":540,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":542,"seo":543,"content":545,"type":559,"slug":560,"_id":561,"_type":44,"title":544,"_source":46,"_file":562,"_stem":563,"_extension":49},"/en-us/the-source/authors/amanda-rueda","authors",{"layout":9},{"title":544},"Amanda Rueda",[546,557],{"type":547,"componentName":547,"componentContent":548},"TheSourceAuthorHero",{"config":549,"name":544,"role":552,"bio":553,"headshot":554},{"gitlabHandle":550,"linkedInProfileUrl":551},"amandarueda","https://www.linkedin.com/in/amandamrueda/","Senior Product Manager","Amanda Rueda is a Senior Product Manager at GitLab, specializing in strategic product vision, agile planning, and leveraging AI to enhance workflows and user experiences. Amanda is a thought leader in agile planning and product management workflows, and enjoys building GitLab features that drive team collaboration, transparent project management, and high-performing teams.",{"altText":544,"config":555},{"src":556},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463383/osecw1pzbxvb7fhqhiky.png",{"componentName":558,"type":558},"TheSourceArticlesList","author","amanda-rueda","content:en-us:the-source:authors:amanda-rueda.yml","en-us/the-source/authors/amanda-rueda.yml","en-us/the-source/authors/amanda-rueda",{"_path":565,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":566,"seo":567,"content":569,"type":559,"slug":576,"_id":577,"_type":44,"title":568,"_source":46,"_file":578,"_stem":579,"_extension":49},"/en-us/the-source/authors/andre-michael-braun",{"layout":9},{"title":568},"Andre Michael Braun",[570,575],{"type":547,"componentName":547,"componentContent":571},{"name":568,"headshot":572},{"altText":568,"config":573},{"src":574},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463336/yl27k7wdlnkzsizwknn1.jpg",{"componentName":558,"type":558},"andre-michael-braun","content:en-us:the-source:authors:andre-michael-braun.yml","en-us/the-source/authors/andre-michael-braun.yml","en-us/the-source/authors/andre-michael-braun",{"_path":581,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":582,"seo":583,"content":585,"type":559,"slug":594,"_id":595,"_type":44,"title":584,"_source":46,"_file":596,"_stem":597,"_extension":49},"/en-us/the-source/authors/andrew-haschka",{"layout":9},{"title":584},"Andrew Haschka",[586,593],{"type":547,"componentName":547,"componentContent":587},{"name":584,"role":588,"bio":589,"headshot":590},"Field CTO, Asia Pacific & Japan","Andrew Haschka is the CTO for Asia Pacific & Japan at GitLab, acting as the trusted advisor to GitLab partners and customers. Andrew takes a consultative approach to address common and unique business requirements. He provides subject matter expertise and industry experience throughout the customer’s modernisation journey, working with product management and engineering teams to evolve product features to meet market demand.",{"altText":584,"config":591},{"src":592},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463349/z1qnc4uxmqgg3hnm3da4.png",{"componentName":558,"type":558},"andrew-haschka","content:en-us:the-source:authors:andrew-haschka.yml","en-us/the-source/authors/andrew-haschka.yml","en-us/the-source/authors/andrew-haschka",{"_path":599,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":600,"seo":601,"content":603,"type":559,"slug":610,"_id":611,"_type":44,"title":602,"_source":46,"_file":612,"_stem":613,"_extension":49},"/en-us/the-source/authors/ayoub-fandi",{"layout":9},{"title":602},"Ayoub Fandi",[604,609],{"componentName":547,"type":547,"componentContent":605},{"name":602,"headshot":606},{"altText":602,"config":607},{"src":608},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463329/wyp554loeyoibx3ozren.jpg",{"componentName":558,"type":558},"ayoub-fandi","content:en-us:the-source:authors:ayoub-fandi.yml","en-us/the-source/authors/ayoub-fandi.yml","en-us/the-source/authors/ayoub-fandi",{"_path":615,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":616,"seo":617,"content":619,"type":559,"slug":630,"_id":631,"_type":44,"title":618,"_source":46,"_file":632,"_stem":633,"_extension":49},"/en-us/the-source/authors/bob-stevens",{"layout":9},{"title":618},"Bob Stevens",[620,629],{"componentName":547,"type":547,"componentContent":621},{"config":622,"name":618,"role":625,"headshot":626},{"gitlabHandle":623,"linkedInProfileUrl":624},"bstevens1","https://www.linkedin.com/in/bob-stevens-1237564/","Public Sector Area Vice President, GitLab",{"altText":618,"config":627},{"src":628},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1752687939/mv3lhtimdzr8jmfqmbk1.jpg",{"componentName":558,"type":558},"bob-stevens","content:en-us:the-source:authors:bob-stevens.yml","en-us/the-source/authors/bob-stevens.yml","en-us/the-source/authors/bob-stevens",{"_path":635,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":636,"seo":637,"content":639,"type":559,"slug":651,"_id":652,"_type":44,"title":638,"_source":46,"_file":653,"_stem":654,"_extension":49},"/en-us/the-source/authors/brian-wald",{"layout":9},{"title":638},"Brian Wald",[640,650],{"componentName":547,"type":547,"componentContent":641},{"config":642,"name":638,"role":645,"bio":646,"headshot":647},{"gitlabHandle":643,"linkedInProfileUrl":644},"brianwald","https://www.linkedin.com/in/brianwald/","Head of Global Field CTO org","Brian Wald is Head of Global Field CTO org at GitLab. He leads a dynamic team of Field CTOs dedicated to transforming enterprise software development practices.",{"altText":638,"config":648},{"src":649},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463417/fugpbux9miqbdx3wewtu.jpg",{"componentName":558,"type":558},"brian-wald","content:en-us:the-source:authors:brian-wald.yml","en-us/the-source/authors/brian-wald.yml","en-us/the-source/authors/brian-wald",{"_path":656,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":657,"seo":658,"content":660,"type":559,"slug":673,"_id":674,"_type":44,"title":659,"_source":46,"_file":675,"_stem":676,"_extension":49},"/en-us/the-source/authors/bryan-ross",{"layout":9},{"title":659},"Bryan Ross",[661,672],{"componentName":547,"type":547,"componentContent":662},{"config":663,"name":659,"role":667,"bio":668,"headshot":669},{"gitlabHandle":664,"twitterXProfileUrl":665,"linkedInProfileUrl":666},"bryanrossuk","https://twitter.com/bryanrossuk","https://www.linkedin.com/in/bryanross","Field CTO","With over 15 years of industry experience as a senior IT leader, Bryan helps customers realize business value from IT faster. Equally comfortable speaking with executives and engineers alike, he bridges the gap between technical and business stakeholders through compelling storytelling and real-world examples. With a knack for delivering authentic, impactful messages, he enjoys helping others at the intersection of technology, people and process.",{"altText":659,"config":670},{"src":671},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463324/mvdyvskii4hltdrgqxom.jpg",{"componentName":558,"type":558},"bryan-ross","content:en-us:the-source:authors:bryan-ross.yml","en-us/the-source/authors/bryan-ross.yml","en-us/the-source/authors/bryan-ross",{"_path":678,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":679,"seo":680,"content":682,"type":559,"slug":689,"_id":690,"_type":44,"title":681,"_source":46,"_file":691,"_stem":692,"_extension":49},"/en-us/the-source/authors/chandler-gibbons",{"layout":9},{"title":681},"Chandler Gibbons",[683,688],{"componentName":547,"type":547,"componentContent":684},{"name":681,"headshot":685},{"altText":681,"config":686},{"src":687},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463362/o7g9fqtqtjvegfwniuxh.jpg",{"componentName":558,"type":558},"chandler-gibbons","content:en-us:the-source:authors:chandler-gibbons.yml","en-us/the-source/authors/chandler-gibbons.yml","en-us/the-source/authors/chandler-gibbons",{"_path":694,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":695,"seo":696,"content":698,"type":559,"slug":708,"_id":709,"_type":44,"title":697,"_source":46,"_file":710,"_stem":711,"_extension":49},"/en-us/the-source/authors/dave-steer",{"layout":9},{"title":697},"Dave Steer",[699,707],{"componentName":547,"type":547,"componentContent":700},{"config":701,"name":697,"role":703,"headshot":704},{"gitlabHandle":702},"dsteer","Vice President, Product Marketing",{"altText":697,"config":705},{"src":706},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463457/zbtapdkglu3yb9suaq7w.png",{"componentName":558,"type":558},"dave-steer","content:en-us:the-source:authors:dave-steer.yml","en-us/the-source/authors/dave-steer.yml","en-us/the-source/authors/dave-steer",{"_path":713,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":714,"seo":715,"content":717,"type":559,"slug":729,"_id":730,"_type":44,"title":731,"_source":46,"_file":732,"_stem":733,"_extension":49},"/en-us/the-source/authors/ddesanto",{"layout":9},{"title":716},"David DeSanto",[718,728],{"componentName":547,"type":547,"componentContent":719},{"config":720,"name":716,"role":723,"bio":724,"headshot":725},{"gitlabHandle":721,"linkedInProfileUrl":722},"david","https://www.linkedin.com/in/ddesanto/","Chief Product Officer","David DeSanto is the Chief Product Officer at GitLab Inc., where he leads GitLab’s product division to define and execute GitLab's product vision and roadmap. David is responsible for ensuring the company builds, ships, and supports the platform that reinforces GitLab's leadership in the DevSecOps platform market.",{"altText":716,"config":726},{"src":727},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463446/bgnljs84zcsxj0t6nvix.png",{"componentName":558,"type":558},"ddesanto","content:en-us:the-source:authors:ddesanto.yml","Ddesanto","en-us/the-source/authors/ddesanto.yml","en-us/the-source/authors/ddesanto",{"_path":735,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":736,"seo":737,"content":739,"type":559,"slug":747,"_id":748,"_type":44,"title":749,"_source":46,"_file":750,"_stem":751,"_extension":49},"/en-us/the-source/authors/derek-debellis",{"layout":9},{"title":738},"Derek DeBellis",[740,746],{"componentName":547,"type":547,"componentContent":741},{"name":738,"role":742,"headshot":743},"Lead Researcher, Google's DORA team ",{"altText":738,"config":744},{"src":745},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463385/sbnjwfaguszi5g2smzr7.png",{"componentName":558,"type":558},"derek-debellis","content:en-us:the-source:authors:derek-debellis.yml","Derek Debellis","en-us/the-source/authors/derek-debellis.yml","en-us/the-source/authors/derek-debellis",{"_path":753,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":754,"seo":755,"content":757,"type":559,"slug":769,"_id":770,"_type":44,"title":756,"_source":46,"_file":771,"_stem":772,"_extension":49},"/en-us/the-source/authors/emilio-salvador",{"layout":9},{"title":756},"Emilio Salvador",[758,768],{"componentName":547,"type":547,"componentContent":759},{"config":760,"name":756,"role":763,"bio":764,"headshot":765},{"gitlabHandle":761,"linkedInProfileUrl":762},"esalvadorp","https://www.linkedin.com/in/emiliosp/","Vice President, Strategy and Developer Relations, GitLab","Emilio Salvador is vice president of strategy and developer relations at GitLab. A technology executive with more than 20 years of experience, Emilio has held roles at Amazon and Microsoft, and most recently led strategy and operations for the Developer Advocacy and Experience team at Google. He holds an MBA from MIT Sloan School of Management.",{"altText":756,"config":766},{"src":767},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463402/g0snp3uisjm4tj3pkqcw.jpg",{"componentName":558,"type":558},"emilio-salvador","content:en-us:the-source:authors:emilio-salvador.yml","en-us/the-source/authors/emilio-salvador.yml","en-us/the-source/authors/emilio-salvador",{"_path":774,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":775,"seo":776,"content":778,"type":559,"slug":785,"_id":786,"_type":44,"title":777,"_source":46,"_file":787,"_stem":788,"_extension":49},"/en-us/the-source/authors/erika-feldman",{"layout":9},{"title":777},"Erika Feldman",[779,784],{"componentName":547,"type":547,"componentContent":780},{"name":777,"headshot":781},{"altText":777,"config":782},{"src":783},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463354/d9quqvz7d2ayjwif7vdn.png",{"componentName":558,"type":558},"erika-feldman","content:en-us:the-source:authors:erika-feldman.yml","en-us/the-source/authors/erika-feldman.yml","en-us/the-source/authors/erika-feldman",{"_path":790,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":791,"seo":792,"content":794,"type":559,"slug":804,"_id":805,"_type":44,"title":793,"_source":46,"_file":806,"_stem":807,"_extension":49},"/en-us/the-source/authors/george-kichukov",{"layout":9},{"title":793},"George Kichukov",[795,803],{"componentName":547,"type":547,"componentContent":796},{"config":797,"name":793,"role":667,"bio":799,"headshot":800},{"gitlabHandle":798},"gkichukov","George Kichukov brings over two decades of expertise in software development, enterprise architecture, and technology leadership to his role as Financial Services Field CTO for GitLab. His career began in the startup ecosystem, where he spent five years developing name-matching technologies deployed across government, defense, and financial services. George transitioned into solution architecture, where he guided financial institutions in modernizing their application development practices. Prior to GitLab, George spent 12 years at a large financial services organization leading developer services, application security programs and DevOps infrastructure automation platforms. In his current role at GitLab, George partners with financial services organizations, helping them achieve their strategic objectives in DevOps, DevSecOps, Developer Experience, SDLC compliance, and using AI across software development.",{"altText":793,"config":801},{"src":802},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463366/dk2knfancgsxocjkmyoa.jpg",{"componentName":558,"type":558},"george-kichukov","content:en-us:the-source:authors:george-kichukov.yml","en-us/the-source/authors/george-kichukov.yml","en-us/the-source/authors/george-kichukov",{"_path":809,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":810,"seo":811,"content":813,"type":559,"slug":820,"_id":821,"_type":44,"title":822,"_source":46,"_file":823,"_stem":824,"_extension":49},"/en-us/the-source/authors/gitlab",{"layout":9},{"title":812},"GitLab",[814,819],{"componentName":547,"type":547,"componentContent":815},{"name":812,"headshot":816},{"altText":812,"config":817},{"src":818},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463461/ts7io0hgpdyqylbzfire.png",{"componentName":558,"type":558},"gitlab","content:en-us:the-source:authors:gitlab.yml","Gitlab","en-us/the-source/authors/gitlab.yml","en-us/the-source/authors/gitlab",{"_path":826,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":827,"seo":828,"content":830,"type":559,"slug":839,"_id":840,"_type":44,"title":829,"_source":46,"_file":841,"_stem":842,"_extension":49},"/en-us/the-source/authors/grant-hickman",{"layout":9},{"title":829},"Grant Hickman",[831,838],{"componentName":547,"type":547,"componentContent":832},{"config":833,"name":829,"headshot":835},{"gitlabHandle":834},"g.hickman",{"altText":829,"config":836},{"src":837},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463463/f3uqwtugqotyhwutz5gu.png",{"componentName":558,"type":558},"grant-hickman","content:en-us:the-source:authors:grant-hickman.yml","en-us/the-source/authors/grant-hickman.yml","en-us/the-source/authors/grant-hickman",{"_path":844,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":845,"seo":846,"content":848,"type":559,"slug":859,"_id":860,"_type":44,"title":847,"_source":46,"_file":861,"_stem":862,"_extension":49},"/en-us/the-source/authors/haim-snir",{"layout":9},{"title":847},"Haim Snir",[849,858],{"componentName":547,"type":547,"componentContent":850},{"config":851,"name":847,"role":854,"headshot":855},{"gitlabHandle":852,"linkedInProfileUrl":853},"hsnir1","https://www.linkedin.com/in/haimsnir/","Senior Product Manager, Dev & Analytics, GitLab",{"altText":847,"config":856},{"src":857},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463395/nubmshvaq8wpomopllni.png",{"componentName":558,"type":558},"haim-snir","content:en-us:the-source:authors:haim-snir.yml","en-us/the-source/authors/haim-snir.yml","en-us/the-source/authors/haim-snir",{"_path":864,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":865,"seo":866,"content":868,"type":559,"slug":872,"_id":877,"_type":44,"title":878,"_source":46,"_file":879,"_stem":880,"_extension":49},"/en-us/the-source/authors/iganbaruch",{"layout":9},{"title":867},"Itzik Gan Baruch",[869,876],{"componentName":547,"type":547,"componentContent":870},{"config":871,"name":867,"headshot":873},{"gitlabHandle":872},"iganbaruch",{"altText":867,"config":874},{"src":875},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463443/vibb2fkc0ojni2d1eqde.png",{"componentName":558,"type":558},"content:en-us:the-source:authors:iganbaruch.yml","Iganbaruch","en-us/the-source/authors/iganbaruch.yml","en-us/the-source/authors/iganbaruch",{"_path":882,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"type":559,"slug":883,"config":884,"seo":885,"content":888,"_id":896,"_type":44,"title":887,"_source":46,"_file":897,"_stem":898,"_extension":49},"/en-us/the-source/authors/jason-morgan","jason-morgan",{"layout":9},{"config":886,"title":887},{"noIndex":6},"Jason Morgan",[889,895],{"type":547,"componentName":547,"componentContent":890},{"name":887,"role":891,"headshot":892},"Staff Solutions Architect",{"altText":887,"config":893},{"src":894},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758808571/n1inburdbemlmpcg9atj.jpg",{"type":558,"componentName":558},"content:en-us:the-source:authors:jason-morgan.yml","en-us/the-source/authors/jason-morgan.yml","en-us/the-source/authors/jason-morgan",{"_path":900,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"type":559,"slug":901,"config":902,"seo":903,"content":906,"_id":916,"_type":44,"title":905,"_source":46,"_file":917,"_stem":918,"_extension":49},"/en-us/the-source/authors/jessie-young","jessie-young",{"layout":9},{"config":904,"title":905},{"noIndex":6},"Jessie Young",[907,915],{"type":547,"componentName":547,"componentContent":908},{"name":905,"role":909,"headshot":910,"config":913},"Principal Engineer, AI Engineering, GitLab",{"altText":905,"config":911},{"src":912},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1760537925/E03N1RJJX7C-U03NFV6N2PN-4d786e81137a-512_m62zso.png",{"gitlabHandle":914},"jessieay",{"type":558,"componentName":558},"content:en-us:the-source:authors:jessie-young.yml","en-us/the-source/authors/jessie-young.yml","en-us/the-source/authors/jessie-young",{"_path":920,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":921,"seo":922,"content":924,"type":559,"slug":933,"_id":934,"_type":44,"title":935,"_source":46,"_file":936,"_stem":937,"_extension":49},"/en-us/the-source/authors/jlongo",{"layout":9},{"title":923},"Joseph Longo",[925,932],{"componentName":547,"type":547,"componentContent":926},{"config":927,"name":923,"headshot":929},{"gitlabHandle":928},"jlongo_gitlab",{"altText":923,"config":930},{"src":931},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463434/uoxaknpmoposbbgzqji8.png",{"componentName":558,"type":558},"jlongo","content:en-us:the-source:authors:jlongo.yml","Jlongo","en-us/the-source/authors/jlongo.yml","en-us/the-source/authors/jlongo",{"_path":939,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":940,"seo":941,"content":943,"type":559,"slug":11,"_id":955,"_type":44,"title":942,"_source":46,"_file":956,"_stem":957,"_extension":49},"/en-us/the-source/authors/joel-krooswyk",{"layout":9},{"title":942},"Joel Krooswyk",[944,954],{"componentName":547,"type":547,"componentContent":945},{"config":946,"name":942,"role":949,"bio":950,"headshot":951},{"gitlabHandle":947,"linkedInProfileUrl":948},"jkrooswyk","https://www.linkedin.com/in/joelrkrooswyk/","Federal CTO","Joel Krooswyk is the Federal CTO at GitLab. Joel has actively been involved in GitLab’s growth since 2017. His 25 years of leadership experience span not only the U.S. Public Sector, but also small, mid-market, and enterprise businesses globally. Joel combines deep government policy expertise with a wealth of experience in technology, software development, AI, and cybersecurity. He is frequently called upon by industry and agencies alike for policy commentary and response.",{"altText":942,"config":952},{"src":953},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463423/mkmdhuxsjggfvokdmdv7.jpg",{"componentName":558,"type":558},"content:en-us:the-source:authors:joel-krooswyk.yml","en-us/the-source/authors/joel-krooswyk.yml","en-us/the-source/authors/joel-krooswyk",{"_path":959,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":960,"seo":961,"content":963,"type":559,"slug":975,"_id":976,"_type":44,"title":962,"_source":46,"_file":977,"_stem":978,"_extension":49},"/en-us/the-source/authors/josh-lemos",{"layout":9},{"title":962},"Josh Lemos",[964,974],{"componentName":547,"type":547,"componentContent":965},{"config":966,"name":962,"role":969,"bio":970,"headshot":971},{"gitlabHandle":967,"linkedInProfileUrl":968},"joshlemos","https://www.linkedin.com/in/joshlemos/","Chief Information Security Officer","Josh Lemos is the Chief Information Security Officer at GitLab Inc., where he brings 20 years of experience leading information security teams to his role. He is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, fortifying the Gitlab DevSecOps platform and ensuring the highest level of security for customers.",{"altText":962,"config":972},{"src":973},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463405/f4rqtiecakrekvxfhqar.jpg",{"componentName":558,"type":558},"josh-lemos","content:en-us:the-source:authors:josh-lemos.yml","en-us/the-source/authors/josh-lemos.yml","en-us/the-source/authors/josh-lemos",{"_path":980,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":981,"seo":982,"content":984,"type":559,"slug":991,"_id":992,"_type":44,"title":983,"_source":46,"_file":993,"_stem":994,"_extension":49},"/en-us/the-source/authors/julie-griffin",{"layout":9},{"title":983},"Julie Griffin",[985,990],{"componentName":547,"type":547,"componentContent":986},{"name":983,"headshot":987},{"altText":983,"config":988},{"src":989},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463371/hqkbr3uk8hw2de7tltn4.webp",{"componentName":558,"type":558},"julie-griffin","content:en-us:the-source:authors:julie-griffin.yml","en-us/the-source/authors/julie-griffin.yml","en-us/the-source/authors/julie-griffin",{"_path":996,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":997,"seo":998,"content":1000,"type":559,"slug":1007,"_id":1008,"_type":44,"title":999,"_source":46,"_file":1009,"_stem":1010,"_extension":49},"/en-us/the-source/authors/kristina-weis",{"layout":9},{"title":999},"Kristina Weis",[1001,1006],{"componentName":547,"type":547,"componentContent":1002},{"name":999,"headshot":1003},{"altText":999,"config":1004},{"src":1005},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463469/eoolq6n6bs0zb8gmf0js.webp",{"componentName":558,"type":558},"kristina-weis","content:en-us:the-source:authors:kristina-weis.yml","en-us/the-source/authors/kristina-weis.yml","en-us/the-source/authors/kristina-weis",{"_path":1012,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1013,"seo":1014,"content":1016,"type":559,"slug":1027,"_id":1028,"_type":44,"title":1015,"_source":46,"_file":1029,"_stem":1030,"_extension":49},"/en-us/the-source/authors/lee-faus",{"layout":9},{"title":1015},"Lee Faus",[1017,1026],{"componentName":547,"type":547,"componentContent":1018},{"config":1019,"name":1015,"role":1021,"bio":1022,"headshot":1023},{"gitlabHandle":1020},"lfaus","Global Field CTO","Lee Faus is a Global Field CTO at GitLab. Lee has been a software architect, teacher, professor, and educator for over 25 years. He leverages his experience as an educator to bring complex technology concepts into a business forum where executives gain valuable advice to positively impact their business.",{"altText":1015,"config":1024},{"src":1025},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463398/vivhlomglvnstamj54bo.jpg",{"componentName":558,"type":558},"lee-faus","content:en-us:the-source:authors:lee-faus.yml","en-us/the-source/authors/lee-faus.yml","en-us/the-source/authors/lee-faus",{"_path":1032,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"type":559,"slug":1033,"config":1034,"seo":1035,"content":1038,"_id":1046,"_type":44,"title":1037,"_source":46,"_file":1047,"_stem":1048,"_extension":49},"/en-us/the-source/authors/nathen-harvey","nathen-harvey",{"layout":9},{"config":1036,"title":1037},{"noIndex":6},"Nathen Harvey",[1039,1045],{"type":547,"componentName":547,"componentContent":1040},{"name":1037,"role":1041,"headshot":1042},"DORA Lead, Google Cloud",{"altText":1037,"config":1043},{"src":1044},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1760537671/ls7apap7dorwaguxs4hh.webp",{"type":558,"componentName":558},"content:en-us:the-source:authors:nathen-harvey.yml","en-us/the-source/authors/nathen-harvey.yml","en-us/the-source/authors/nathen-harvey",{"_path":1050,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1051,"seo":1052,"content":1054,"type":559,"slug":1058,"_id":1063,"_type":44,"title":1064,"_source":46,"_file":1065,"_stem":1066,"_extension":49},"/en-us/the-source/authors/ncregan",{"layout":9},{"title":1053},"Niall Cregan",[1055,1062],{"componentName":547,"type":547,"componentContent":1056},{"config":1057,"name":1053,"headshot":1059},{"gitlabHandle":1058},"ncregan",{"altText":1053,"config":1060},{"src":1061},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463431/yrtwodocb4cu3j7lkhyo.png",{"componentName":558,"type":558},"content:en-us:the-source:authors:ncregan.yml","Ncregan","en-us/the-source/authors/ncregan.yml","en-us/the-source/authors/ncregan",{"_path":1068,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"type":559,"slug":1069,"config":1070,"seo":1071,"content":1074,"_id":1081,"_type":44,"title":1073,"_source":46,"_file":1082,"_stem":1083,"_extension":49},"/en-us/the-source/authors/rob-smith","rob-smith",{"layout":9},{"config":1072,"title":1073},{"noIndex":6},"Rob Smith",[1075,1080],{"type":547,"componentName":547,"componentContent":1076},{"name":1073,"role":625,"headshot":1077},{"altText":1073,"config":1078},{"src":1079},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1760625579/ndksqvsfysea4cnltb1r.jpg",{"type":558,"componentName":558},"content:en-us:the-source:authors:rob-smith.yml","en-us/the-source/authors/rob-smith.yml","en-us/the-source/authors/rob-smith",{"_path":1085,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1086,"seo":1087,"content":1089,"type":559,"slug":1100,"_id":1101,"_type":44,"title":1102,"_source":46,"_file":1103,"_stem":1104,"_extension":49},"/en-us/the-source/authors/rschulman",{"layout":9},{"title":1088},"Robin Schulman",[1090,1099],{"componentName":547,"type":547,"componentContent":1091},{"config":1092,"name":1088,"role":1094,"bio":1095,"headshot":1096},{"gitlabHandle":1093},"robin","Chief Legal Officer","Robin Schulman is the Chief Legal Officer, Head of Corporate Affairs, and Corporate Secretary of GitLab Inc., the DevSecOps platform.",{"altText":1088,"config":1097},{"src":1098},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463437/u2xfbudw1f8hhnkrgaoy.webp",{"componentName":558,"type":558},"rschulman","content:en-us:the-source:authors:rschulman.yml","Rschulman","en-us/the-source/authors/rschulman.yml","en-us/the-source/authors/rschulman",{"_path":1106,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1107,"seo":1108,"content":1110,"type":559,"slug":1119,"_id":1120,"_type":44,"title":1109,"_source":46,"_file":1121,"_stem":1122,"_extension":49},"/en-us/the-source/authors/sabrina-farmer",{"layout":9},{"title":1109},"Sabrina Farmer",[1111,1118],{"componentName":547,"type":547,"componentContent":1112},{"name":1109,"role":1113,"bio":1114,"headshot":1115},"Chief Technology Officer","Sabrina Farmer is the Chief Technology Officer at GitLab, where she leads software engineering, operations, and customer support teams to execute the company's technical vision and strategy and oversee the development and delivery of GitLab's products and services.\n\nPrior to GitLab, Sabrina spent nearly two decades at Google, where she most recently served as vice president of engineering, core infrastructure. During her tenure with Google, she was directly responsible for the reliability, performance, and efficiency of all of Google's billion-user products and infrastructure.\n\nA long-time advocate for women in technology, Farmer earned a B.S. in Computer Science at the University of New Orleans, where she established two scholarships to help level the playing field for inclusion and empowerment in technology.",{"altText":1109,"config":1116},{"src":1117},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463377/udmzbjjr5xrcrffdlphx.webp",{"componentName":558,"type":558},"sabrina-farmer","content:en-us:the-source:authors:sabrina-farmer.yml","en-us/the-source/authors/sabrina-farmer.yml","en-us/the-source/authors/sabrina-farmer",{"_path":1124,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1125,"seo":1126,"content":1128,"type":559,"slug":1138,"_id":1139,"_type":44,"title":1127,"_source":46,"_file":1140,"_stem":1141,"_extension":49},"/en-us/the-source/authors/sandra-gittlen",{"layout":9},{"title":1127},"Sandra Gittlen",[1129,1137],{"componentName":547,"type":547,"componentContent":1130},{"config":1131,"name":1127,"role":1133,"headshot":1134},{"gitlabHandle":1132},"sgittlen","Managing Editor, Blog",{"altText":1127,"config":1135},{"src":1136},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463466/r7ckb9h2zr4c2rsz3zlm.png",{"componentName":558,"type":558},"sandra-gittlen","content:en-us:the-source:authors:sandra-gittlen.yml","en-us/the-source/authors/sandra-gittlen.yml","en-us/the-source/authors/sandra-gittlen",{"_path":1143,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1144,"seo":1145,"content":1147,"type":559,"slug":1154,"_id":1155,"_type":44,"title":1146,"_source":46,"_file":1156,"_stem":1157,"_extension":49},"/en-us/the-source/authors/sharon-gaudin",{"layout":9},{"title":1146},"Sharon Gaudin",[1148,1153],{"componentName":547,"type":547,"componentContent":1149},{"name":1146,"headshot":1150},{"altText":1146,"config":1151},{"src":1152},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463475/h6j4nnvykzyfzgvl7txb.webp",{"componentName":558,"type":558},"sharon-gaudin","content:en-us:the-source:authors:sharon-gaudin.yml","en-us/the-source/authors/sharon-gaudin.yml","en-us/the-source/authors/sharon-gaudin",{"_path":1159,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1160,"seo":1161,"content":1163,"type":559,"slug":1175,"_id":1176,"_type":44,"title":1162,"_source":46,"_file":1177,"_stem":1178,"_extension":49},"/en-us/the-source/authors/stephen-walters",{"layout":9},{"title":1162},"Stephen Walters",[1164,1174],{"componentName":547,"type":547,"componentContent":1165},{"config":1166,"name":1162,"role":1169,"bio":1170,"headshot":1171},{"gitlabHandle":1167,"linkedInProfileUrl":1168},"swalters1","https://www.linkedin.com/in/1stephenwalters/","Field CTO, GitLab","Stephen Walters is Field CTO for GitLab. Stephen has been in the IT industry for over 30 years. He is an extensively experienced subject matter expert in Value Stream Management, DevSecOps, DevOps, ALM, SDLC and IT4IT, with management and consultancy experience across end-to-end IT disciplines. Currently also operating as an Ambassador for the DevOps Institute and an Influencer in the Value Stream Management Consortium, he is interested in all things DevOps. Stephen is a co-author of the Value Stream Reference Architectures white paper and is currently pursuing further research into Value Stream Management, Organizational Architecture and AI.",{"altText":1162,"config":1172},{"src":1173},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463392/g6ktk5qb4vcqc9wqjlf9.jpg",{"componentName":558,"type":558},"stephen-walters","content:en-us:the-source:authors:stephen-walters.yml","en-us/the-source/authors/stephen-walters.yml","en-us/the-source/authors/stephen-walters",{"_path":1180,"_dir":541,"_draft":6,"_partial":6,"_locale":7,"config":1181,"seo":1182,"content":1184,"type":559,"slug":1196,"_id":1197,"_type":44,"title":1198,"_source":46,"_file":1199,"_stem":1200,"_extension":49},"/en-us/the-source/authors/taylor-mccaslin",{"layout":9},{"title":1183},"Taylor McCaslin",[1185,1195],{"componentName":547,"type":547,"componentContent":1186},{"config":1187,"name":1183,"role":1190,"bio":1191,"headshot":1192},{"gitlabHandle":1188,"linkedInProfileUrl":1189},"tmccaslin","https://www.linkedin.com/in/taylormccaslin/","Group Manager, Product - Data Science","Taylor McCaslin is the Product Lead for AI/ML at GitLab, where he is responsible for leading the team of product managers who manage the AI Powered and ModelOps stage groups and sets the vision and direction for how to empower GitLab users to leverage data science as part of their DevOps program. Prior to joining GitLab, he held positions at Indeed, Duo Security, and WP Engine.",{"altText":1183,"config":1193},{"src":1194},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463427/trfasilaeasosxfcxmsm.jpg",{"componentName":558,"type":558},"taylor-mccaslin","content:en-us:the-source:authors:taylor-mccaslin.yml","Taylor Mccaslin","en-us/the-source/authors/taylor-mccaslin.yml","en-us/the-source/authors/taylor-mccaslin",1761814425923]