[{"data":1,"prerenderedAt":710},["ShallowReactive",2],{"/en-us/blog/align-engineering-security-appsec-tests-in-ci/":3,"navigation-en-us":40,"banner-en-us":456,"footer-en-us":471,"Joni Klippert":682,"next-steps-en-us":695},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":30,"_id":33,"_type":34,"title":35,"_source":36,"_file":37,"_stem":38,"_extension":39},"/en-us/blog/align-engineering-security-appsec-tests-in-ci","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"How Developer-Centric AppSec Testing Transforms DevOps Teams","Find and fix security bugs faster by implementing developer-centric application security testing in the CI pipeline. And the bonus? Engineering and security will finally be better aligned.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749681513/Blog/Hero%20Images/stackhawk.jpg","https://about.gitlab.com/blog/align-engineering-security-appsec-tests-in-ci","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"How developer-centric AppSec testing can dramatically change your DevOps team\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Joni Klippert\"}],\n        \"datePublished\": \"2020-08-21\",\n      }",{"title":17,"description":10,"authors":18,"heroImage":11,"date":20,"body":21,"category":22,"tags":23},"How developer-centric AppSec testing can dramatically change your DevOps team",[19],"Joni Klippert","2020-08-21","\n\nSoftware development has accelerated dramatically over the past decade. As [DevOps](/topics/devops/) became pervasive, companies went from shipping software monthly to shipping software to production frequently throughout the day. This happened as engineering teams took ownership of the deployment, performance, and resilience of their software. \n\nAnd it has paid off. Companies that have adopted DevOps are deploying software significantly faster, ultimately driving business value as innovation is more rapidly delivered to customers.\n\nSecurity, however, did not keep up. Security teams typically fell into one of two positions - the blocker of frequent deployments or the team perpetually bringing up issues in last month’s work. The need for a shift in the security model is widely known. It was the subject of the [2019 Black Hat Conference keynote](https://www.blackhat.com/us-19/briefings/schedule/index.html#every-security-team-is-a-software-team-now-17280), stats from GitLab’s [2020 Global DevSecOps Survey](https://about.gitlab.com/resources/downloads/2020-devsecops-report.pdf) make this obvious, and we’ve [shared our opinions](https://www.stackhawk.com/blog/application-security-is-broken/) at StackHawk.\n\nI believe there is a solution (or at least a *huge* step in the right direction)... developer-centric [application security](/topics/devsecops/) tooling in the CI pipeline.\n\n## The CI pipeline aligns engineering and security\n\nWhile some in the industry have been debating the term DevSecOps, leading companies have started adopting developer-first security tooling that brings alignment through the CI pipeline. Instrumented correctly, it ensures that security bugs are caught before they hit production and that the fix cycle is drastically shortened.\n\nThe legacy model has security teams running application security tests against production environments. These sort of checks are great if they are your backstop. But if this is the primary way of assessing your application’s security posture, you need to catch up with modern engineering practices. \n\nModern teams are running checks on each microservice that makes up the customer facing application, catching bugs in pipeline, and equipping developers with the information to self serve fixes and triage issues. Fix times are significantly shorter, as developers are still in the context of the code they were working on. By testing microservices vs. the end state application, the underlying bugs are much easier to find and fix. And with developer-centric tooling, developers can fix bugs themselves instead of cycling through siloed internal processes. This structure better aligns each function with their best skill sets. Engineers know the application the best and are most equipped to fix, and security teams are able to focus on strategy instead of Jira ticket creation.\n\nThe key is to get the instrumentation right (read: don’t break the build for stupid stuff).\n\n## Application security tests in CI\n\nThat sounds great in theory, but what does it look like in practice? Getting started is actually more simple than it seems. We suggest adding three application security tests to start:\n\n## Software composition analysis (SCA)\n\nSCA identifies the open source dependencies in your code base and compares that against a database of known security vulnerabilities. Some tools automatically create pull requests to patch outdated libraries. Open source use is exponentially growing, especially with chained dependencies. SCA is incredibly important, but also can be noisy with non-exploitable findings.\n\nSome of the leading vendors in the space are [GitLab](/) and [Snyk](https://snyk.io/), with up and comers like [FOSSA](https://fossa.com/) also worth paying attention to.\n\n## Dynamic application security testing (DAST)\n\nDAST runs security tests against your running application, from localhost to CI to production. The beauty of DAST is that it most closely resembles what an attacker would see, by attacking your running application and reducing false positives. The two things to be sure of as you start testing with DAST is that your scanner is finding all of your paths and API endpoints and that it is able to scan as an authenticated user.\n\nGitLab provides DAST checks for Ultimate tier customers. If you want more robust scanning options and additional functionality to manage and fix bugs, [StackHawk](https://www.stackhawk.com) is the only place to turn (obviously I’m biased here). Other solutions include legacy vendors such as [Rapid7](https://www.rapid7.com/) or open source leader [ZAP](https://www.zaproxy.org/).\n\n## Secrets detection\n\nFinally, you’ll want to ensure that you have detection for leaked secrets in code. This tooling looks for credentials, keys, or other secrets that may have unintentionally been committed to the code base by developers. GitLab includes [secret detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/) in their GitLab Ultimate security tooling.\n\n## Getting started\n\nOftentimes, the thought of adding application security tests to the development workflow feels insurmountable. With a long list of priorities, engineering leadership will sometimes put this off. The reality, however, is that it is not that hard.\n\nAt StackHawk, we see many customers completing their first successful scans within 15 minutes of sign up and instrumentation in CI is literally as easy as adding [a few lines of YAML](https://docs.stackhawk.com/continuous-integration/) to your build.\n\nHere is our recommended playbook of how to get started with AppSec in CI. While this is specific to StackHawk, the principles can be applied to other tools as well.\n\n### Step 1: local testing and config\nAfter signing up and grabbing your API key, start iterating on [configuration](https://docs.stackhawk.com/hawkscan/configuration/) while testing against your application on localhost. This allows you to quickly adjust config and get successful authenticated scans running.\n\n### Step 2: non-blocking CI instrumentation\nAfter you’ve ironed out the configuration locally, add the test to your CI pipeline. At this point, it is strongly recommended to instrument as a non-blocking test so that you can triage any existing findings and smooth out any kinks.\n\n#### Step 3: bug triage - fix critical issues in flight, backlog and discuss the rest\nAfter your first non-blocking CI run, start triaging any initial findings. Any bugs marked as High criticality should likely be fixed with some sense of urgency. Lows and Mediums should be triaged depending on your application and the bugs, either quickly addressed or added to a backlog for review. Existing findings should not be the blocker for you instrumenting checks to ensure that new bugs don’t get shipped to production.\n\n#### Step 4: switch to blocking tests\nAfter ironing out config locally and in CI, and then triaging initial findings, it is time to finalize the roll out. Switch the StackHawk test to blocking mode to ensure that new security bugs don’t hit production. You can set the scanner to break on High or Medium and High, which depends on your business and the nature of the application. With this in place, you can be confident that production-ready applications have been scanned for security.\n\n## Cultural shifts: it is more than CI\nThe CI pipeline is the natural hingepoint to start aligning engineering and security. A cultural shift, however, is absolutely needed. (If you're doubtful about this, here's a frank look at why [dev and sec don't get along](/blog/developer-security-divide/).) Modern engineering teams recognize that delivering a secure application is part of quality engineering. Engineers aren’t comfortable shipping applications with UI bugs, and they shouldn’t accept security holes either. \n\nSecurity, on the other hand, needs to shift from the blocker to speedy development and to the enabler of safety in an environment of high speed delivery. Modern security engineers are ensuring that their teams are working with safe-by-default frameworks, are equipped with developer-centric tooling, and that there are proper integration tests for business logic that can’t be tested by external tooling.\n\nWhile there is significant catch up needed, it is encouraging to see the leading software teams out there testing application security on every build.\n\n## Dig deeper\n\nTo learn more about adding AppSec tests to your CI build, join me at my [How Security Belongs in DevOps](https://sched.co/dUWD) talk at GitLab Commit on August 26th. You can also always sign up for a [free StackHawk trial or demo](https://www.stackhawk.com) or talk to your GitLab sales representative about the security features in GitLab Ultimate. And for the best of both worlds, check out more details on running [automated security testing with StackHawk in GitLab](https://docs.stackhawk.com/continuous-integration/gitlab.html).\n\n_Joni Klippert is founder & CEO of StackHawk, a software-as-a-service company built to help developers find and fix security vulnerabilities in their code. Joni has been building software for developers for more than 10 years, previously serving as VP Product, VictorOps from seed stage to acquisition by Splunk. Joni is a Colorado native and holds an MBA from the University of Colorado. She currently lives in Denver with her fiance Jason and Whippet \"Q\"._\n\nCover image by [Adi Goldstein](https://unsplash.com/@adigold1) on [Unsplash](https://unsplash.com)\n{: .note}\n\n\n\n","engineering",[24,25,26,27,28,29],"CI/CD","collaboration","DevOps","security","testing","workflow",{"slug":31,"featured":6,"template":32},"align-engineering-security-appsec-tests-in-ci","BlogPost","content:en-us:blog:align-engineering-security-appsec-tests-in-ci.yml","yaml","Align Engineering Security Appsec Tests In Ci","content","en-us/blog/align-engineering-security-appsec-tests-in-ci.yml","en-us/blog/align-engineering-security-appsec-tests-in-ci","yml",{"_path":41,"_dir":42,"_draft":6,"_partial":6,"_locale":7,"data":43,"_id":452,"_type":34,"title":453,"_source":36,"_file":454,"_stem":455,"_extension":39},"/shared/en-us/main-navigation","en-us",{"logo":44,"freeTrial":49,"sales":54,"login":59,"items":64,"search":393,"minimal":424,"duo":443},{"config":45},{"href":46,"dataGaName":47,"dataGaLocation":48},"/","gitlab logo","header",{"text":50,"config":51},"Get free trial",{"href":52,"dataGaName":53,"dataGaLocation":48},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":55,"config":56},"Talk to sales",{"href":57,"dataGaName":58,"dataGaLocation":48},"/sales/","sales",{"text":60,"config":61},"Sign in",{"href":62,"dataGaName":63,"dataGaLocation":48},"https://gitlab.com/users/sign_in/","sign in",[65,109,204,209,314,374],{"text":66,"config":67,"cards":69,"footer":92},"Platform",{"dataNavLevelOne":68},"platform",[70,76,84],{"title":66,"description":71,"link":72},"The most comprehensive AI-powered DevSecOps Platform",{"text":73,"config":74},"Explore our Platform",{"href":75,"dataGaName":68,"dataGaLocation":48},"/platform/",{"title":77,"description":78,"link":79},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":80,"config":81},"Meet GitLab Duo",{"href":82,"dataGaName":83,"dataGaLocation":48},"/gitlab-duo/","gitlab duo ai",{"title":85,"description":86,"link":87},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":88,"config":89},"Learn more",{"href":90,"dataGaName":91,"dataGaLocation":48},"/why-gitlab/","why gitlab",{"title":93,"items":94},"Get started with",[95,100,105],{"text":96,"config":97},"Platform Engineering",{"href":98,"dataGaName":99,"dataGaLocation":48},"/solutions/platform-engineering/","platform engineering",{"text":101,"config":102},"Developer Experience",{"href":103,"dataGaName":104,"dataGaLocation":48},"/developer-experience/","Developer experience",{"text":106,"config":107},"MLOps",{"href":108,"dataGaName":106,"dataGaLocation":48},"/topics/devops/the-role-of-ai-in-devops/",{"text":110,"left":111,"config":112,"link":114,"lists":118,"footer":186},"Product",true,{"dataNavLevelOne":113},"solutions",{"text":115,"config":116},"View all Solutions",{"href":117,"dataGaName":113,"dataGaLocation":48},"/solutions/",[119,143,165],{"title":120,"description":121,"link":122,"items":127},"Automation","CI/CD and automation to accelerate deployment",{"config":123},{"icon":124,"href":125,"dataGaName":126,"dataGaLocation":48},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[128,131,135,139],{"text":24,"config":129},{"href":130,"dataGaLocation":48,"dataGaName":24},"/solutions/continuous-integration/",{"text":132,"config":133},"AI-Assisted Development",{"href":82,"dataGaLocation":48,"dataGaName":134},"AI assisted development",{"text":136,"config":137},"Source Code Management",{"href":138,"dataGaLocation":48,"dataGaName":136},"/solutions/source-code-management/",{"text":140,"config":141},"Automated Software Delivery",{"href":125,"dataGaLocation":48,"dataGaName":142},"Automated software delivery",{"title":144,"description":145,"link":146,"items":151},"Security","Deliver code faster without compromising security",{"config":147},{"href":148,"dataGaName":149,"dataGaLocation":48,"icon":150},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[152,155,160],{"text":153,"config":154},"Security & Compliance",{"href":148,"dataGaLocation":48,"dataGaName":153},{"text":156,"config":157},"Software Supply Chain Security",{"href":158,"dataGaLocation":48,"dataGaName":159},"/solutions/supply-chain/","Software supply chain security",{"text":161,"config":162},"Compliance & Governance",{"href":163,"dataGaLocation":48,"dataGaName":164},"/solutions/continuous-software-compliance/","Compliance and governance",{"title":166,"link":167,"items":172},"Measurement",{"config":168},{"icon":169,"href":170,"dataGaName":171,"dataGaLocation":48},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[173,177,181],{"text":174,"config":175},"Visibility & Measurement",{"href":170,"dataGaLocation":48,"dataGaName":176},"Visibility and Measurement",{"text":178,"config":179},"Value Stream Management",{"href":180,"dataGaLocation":48,"dataGaName":178},"/solutions/value-stream-management/",{"text":182,"config":183},"Analytics & Insights",{"href":184,"dataGaLocation":48,"dataGaName":185},"/solutions/analytics-and-insights/","Analytics and insights",{"title":187,"items":188},"GitLab for",[189,194,199],{"text":190,"config":191},"Enterprise",{"href":192,"dataGaLocation":48,"dataGaName":193},"/enterprise/","enterprise",{"text":195,"config":196},"Small Business",{"href":197,"dataGaLocation":48,"dataGaName":198},"/small-business/","small business",{"text":200,"config":201},"Public Sector",{"href":202,"dataGaLocation":48,"dataGaName":203},"/solutions/public-sector/","public sector",{"text":205,"config":206},"Pricing",{"href":207,"dataGaName":208,"dataGaLocation":48,"dataNavLevelOne":208},"/pricing/","pricing",{"text":210,"config":211,"link":213,"lists":217,"feature":301},"Resources",{"dataNavLevelOne":212},"resources",{"text":214,"config":215},"View all resources",{"href":216,"dataGaName":212,"dataGaLocation":48},"/resources/",[218,251,273],{"title":219,"items":220},"Getting started",[221,226,231,236,241,246],{"text":222,"config":223},"Install",{"href":224,"dataGaName":225,"dataGaLocation":48},"/install/","install",{"text":227,"config":228},"Quick start guides",{"href":229,"dataGaName":230,"dataGaLocation":48},"/get-started/","quick setup checklists",{"text":232,"config":233},"Learn",{"href":234,"dataGaLocation":48,"dataGaName":235},"https://university.gitlab.com/","learn",{"text":237,"config":238},"Product documentation",{"href":239,"dataGaName":240,"dataGaLocation":48},"https://docs.gitlab.com/","product documentation",{"text":242,"config":243},"Best practice videos",{"href":244,"dataGaName":245,"dataGaLocation":48},"/getting-started-videos/","best practice videos",{"text":247,"config":248},"Integrations",{"href":249,"dataGaName":250,"dataGaLocation":48},"/integrations/","integrations",{"title":252,"items":253},"Discover",[254,259,263,268],{"text":255,"config":256},"Customer success stories",{"href":257,"dataGaName":258,"dataGaLocation":48},"/customers/","customer success stories",{"text":260,"config":261},"Blog",{"href":262,"dataGaName":5,"dataGaLocation":48},"/blog/",{"text":264,"config":265},"Remote",{"href":266,"dataGaName":267,"dataGaLocation":48},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":269,"config":270},"TeamOps",{"href":271,"dataGaName":272,"dataGaLocation":48},"/teamops/","teamops",{"title":274,"items":275},"Connect",[276,281,286,291,296],{"text":277,"config":278},"GitLab Services",{"href":279,"dataGaName":280,"dataGaLocation":48},"/services/","services",{"text":282,"config":283},"Community",{"href":284,"dataGaName":285,"dataGaLocation":48},"/community/","community",{"text":287,"config":288},"Forum",{"href":289,"dataGaName":290,"dataGaLocation":48},"https://forum.gitlab.com/","forum",{"text":292,"config":293},"Events",{"href":294,"dataGaName":295,"dataGaLocation":48},"/events/","events",{"text":297,"config":298},"Partners",{"href":299,"dataGaName":300,"dataGaLocation":48},"/partners/","partners",{"backgroundColor":302,"textColor":303,"text":304,"image":305,"link":309},"#2f2a6b","#fff","Insights for the future of software development",{"altText":306,"config":307},"the source promo card",{"src":308},"/images/navigation/the-source-promo-card.svg",{"text":310,"config":311},"Read the latest",{"href":312,"dataGaName":313,"dataGaLocation":48},"/the-source/","the source",{"text":315,"config":316,"lists":318},"Company",{"dataNavLevelOne":317},"company",[319],{"items":320},[321,326,332,334,339,344,349,354,359,364,369],{"text":322,"config":323},"About",{"href":324,"dataGaName":325,"dataGaLocation":48},"/company/","about",{"text":327,"config":328,"footerGa":331},"Jobs",{"href":329,"dataGaName":330,"dataGaLocation":48},"/jobs/","jobs",{"dataGaName":330},{"text":292,"config":333},{"href":294,"dataGaName":295,"dataGaLocation":48},{"text":335,"config":336},"Leadership",{"href":337,"dataGaName":338,"dataGaLocation":48},"/company/team/e-group/","leadership",{"text":340,"config":341},"Team",{"href":342,"dataGaName":343,"dataGaLocation":48},"/company/team/","team",{"text":345,"config":346},"Handbook",{"href":347,"dataGaName":348,"dataGaLocation":48},"https://handbook.gitlab.com/","handbook",{"text":350,"config":351},"Investor relations",{"href":352,"dataGaName":353,"dataGaLocation":48},"https://ir.gitlab.com/","investor relations",{"text":355,"config":356},"Trust Center",{"href":357,"dataGaName":358,"dataGaLocation":48},"/security/","trust center",{"text":360,"config":361},"AI Transparency Center",{"href":362,"dataGaName":363,"dataGaLocation":48},"/ai-transparency-center/","ai transparency center",{"text":365,"config":366},"Newsletter",{"href":367,"dataGaName":368,"dataGaLocation":48},"/company/contact/","newsletter",{"text":370,"config":371},"Press",{"href":372,"dataGaName":373,"dataGaLocation":48},"/press/","press",{"text":375,"config":376,"lists":377},"Contact us",{"dataNavLevelOne":317},[378],{"items":379},[380,383,388],{"text":55,"config":381},{"href":57,"dataGaName":382,"dataGaLocation":48},"talk to sales",{"text":384,"config":385},"Get help",{"href":386,"dataGaName":387,"dataGaLocation":48},"/support/","get help",{"text":389,"config":390},"Customer portal",{"href":391,"dataGaName":392,"dataGaLocation":48},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":394,"login":395,"suggestions":402},"Close",{"text":396,"link":397},"To search repositories and projects, login to",{"text":398,"config":399},"gitlab.com",{"href":62,"dataGaName":400,"dataGaLocation":401},"search login","search",{"text":403,"default":404},"Suggestions",[405,407,411,413,417,421],{"text":77,"config":406},{"href":82,"dataGaName":77,"dataGaLocation":401},{"text":408,"config":409},"Code Suggestions (AI)",{"href":410,"dataGaName":408,"dataGaLocation":401},"/solutions/code-suggestions/",{"text":24,"config":412},{"href":130,"dataGaName":24,"dataGaLocation":401},{"text":414,"config":415},"GitLab on AWS",{"href":416,"dataGaName":414,"dataGaLocation":401},"/partners/technology-partners/aws/",{"text":418,"config":419},"GitLab on Google Cloud",{"href":420,"dataGaName":418,"dataGaLocation":401},"/partners/technology-partners/google-cloud-platform/",{"text":422,"config":423},"Why GitLab?",{"href":90,"dataGaName":422,"dataGaLocation":401},{"freeTrial":425,"mobileIcon":430,"desktopIcon":435,"secondaryButton":438},{"text":426,"config":427},"Start free trial",{"href":428,"dataGaName":53,"dataGaLocation":429},"https://gitlab.com/-/trials/new/","nav",{"altText":431,"config":432},"Gitlab Icon",{"src":433,"dataGaName":434,"dataGaLocation":429},"/images/brand/gitlab-logo-tanuki.svg","gitlab icon",{"altText":431,"config":436},{"src":437,"dataGaName":434,"dataGaLocation":429},"/images/brand/gitlab-logo-type.svg",{"text":439,"config":440},"Get Started",{"href":441,"dataGaName":442,"dataGaLocation":429},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":444,"mobileIcon":448,"desktopIcon":450},{"text":445,"config":446},"Learn more about GitLab Duo",{"href":82,"dataGaName":447,"dataGaLocation":429},"gitlab duo",{"altText":431,"config":449},{"src":433,"dataGaName":434,"dataGaLocation":429},{"altText":431,"config":451},{"src":437,"dataGaName":434,"dataGaLocation":429},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":457,"_dir":42,"_draft":6,"_partial":6,"_locale":7,"title":458,"button":459,"image":463,"config":466,"_id":468,"_type":34,"_source":36,"_file":469,"_stem":470,"_extension":39},"/shared/en-us/banner","is now in public beta!",{"text":88,"config":460},{"href":461,"dataGaName":462,"dataGaLocation":48},"/gitlab-duo/agent-platform/","duo banner",{"config":464},{"src":465},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":467},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":472,"_dir":42,"_draft":6,"_partial":6,"_locale":7,"data":473,"_id":678,"_type":34,"title":679,"_source":36,"_file":680,"_stem":681,"_extension":39},"/shared/en-us/main-footer",{"text":474,"source":475,"edit":481,"contribute":486,"config":491,"items":496,"minimal":670},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":476,"config":477},"View page source",{"href":478,"dataGaName":479,"dataGaLocation":480},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":482,"config":483},"Edit this page",{"href":484,"dataGaName":485,"dataGaLocation":480},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":487,"config":488},"Please contribute",{"href":489,"dataGaName":490,"dataGaLocation":480},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":492,"facebook":493,"youtube":494,"linkedin":495},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[497,520,577,606,640],{"title":66,"links":498,"subMenu":503},[499],{"text":500,"config":501},"DevSecOps platform",{"href":75,"dataGaName":502,"dataGaLocation":480},"devsecops platform",[504],{"title":205,"links":505},[506,510,515],{"text":507,"config":508},"View plans",{"href":207,"dataGaName":509,"dataGaLocation":480},"view plans",{"text":511,"config":512},"Why Premium?",{"href":513,"dataGaName":514,"dataGaLocation":480},"/pricing/premium/","why premium",{"text":516,"config":517},"Why Ultimate?",{"href":518,"dataGaName":519,"dataGaLocation":480},"/pricing/ultimate/","why ultimate",{"title":521,"links":522},"Solutions",[523,528,531,533,538,543,547,550,554,559,561,564,567,572],{"text":524,"config":525},"Digital transformation",{"href":526,"dataGaName":527,"dataGaLocation":480},"/topics/digital-transformation/","digital transformation",{"text":153,"config":529},{"href":148,"dataGaName":530,"dataGaLocation":480},"security & compliance",{"text":142,"config":532},{"href":125,"dataGaName":126,"dataGaLocation":480},{"text":534,"config":535},"Agile development",{"href":536,"dataGaName":537,"dataGaLocation":480},"/solutions/agile-delivery/","agile delivery",{"text":539,"config":540},"Cloud transformation",{"href":541,"dataGaName":542,"dataGaLocation":480},"/topics/cloud-native/","cloud transformation",{"text":544,"config":545},"SCM",{"href":138,"dataGaName":546,"dataGaLocation":480},"source code management",{"text":24,"config":548},{"href":130,"dataGaName":549,"dataGaLocation":480},"continuous integration & delivery",{"text":551,"config":552},"Value stream management",{"href":180,"dataGaName":553,"dataGaLocation":480},"value stream management",{"text":555,"config":556},"GitOps",{"href":557,"dataGaName":558,"dataGaLocation":480},"/solutions/gitops/","gitops",{"text":190,"config":560},{"href":192,"dataGaName":193,"dataGaLocation":480},{"text":562,"config":563},"Small business",{"href":197,"dataGaName":198,"dataGaLocation":480},{"text":565,"config":566},"Public sector",{"href":202,"dataGaName":203,"dataGaLocation":480},{"text":568,"config":569},"Education",{"href":570,"dataGaName":571,"dataGaLocation":480},"/solutions/education/","education",{"text":573,"config":574},"Financial services",{"href":575,"dataGaName":576,"dataGaLocation":480},"/solutions/finance/","financial services",{"title":210,"links":578},[579,581,583,585,588,590,592,594,596,598,600,602,604],{"text":222,"config":580},{"href":224,"dataGaName":225,"dataGaLocation":480},{"text":227,"config":582},{"href":229,"dataGaName":230,"dataGaLocation":480},{"text":232,"config":584},{"href":234,"dataGaName":235,"dataGaLocation":480},{"text":237,"config":586},{"href":239,"dataGaName":587,"dataGaLocation":480},"docs",{"text":260,"config":589},{"href":262,"dataGaName":5,"dataGaLocation":480},{"text":255,"config":591},{"href":257,"dataGaName":258,"dataGaLocation":480},{"text":264,"config":593},{"href":266,"dataGaName":267,"dataGaLocation":480},{"text":277,"config":595},{"href":279,"dataGaName":280,"dataGaLocation":480},{"text":269,"config":597},{"href":271,"dataGaName":272,"dataGaLocation":480},{"text":282,"config":599},{"href":284,"dataGaName":285,"dataGaLocation":480},{"text":287,"config":601},{"href":289,"dataGaName":290,"dataGaLocation":480},{"text":292,"config":603},{"href":294,"dataGaName":295,"dataGaLocation":480},{"text":297,"config":605},{"href":299,"dataGaName":300,"dataGaLocation":480},{"title":315,"links":607},[608,610,612,614,616,618,620,624,629,631,633,635],{"text":322,"config":609},{"href":324,"dataGaName":317,"dataGaLocation":480},{"text":327,"config":611},{"href":329,"dataGaName":330,"dataGaLocation":480},{"text":335,"config":613},{"href":337,"dataGaName":338,"dataGaLocation":480},{"text":340,"config":615},{"href":342,"dataGaName":343,"dataGaLocation":480},{"text":345,"config":617},{"href":347,"dataGaName":348,"dataGaLocation":480},{"text":350,"config":619},{"href":352,"dataGaName":353,"dataGaLocation":480},{"text":621,"config":622},"Sustainability",{"href":623,"dataGaName":621,"dataGaLocation":480},"/sustainability/",{"text":625,"config":626},"Diversity, inclusion and belonging (DIB)",{"href":627,"dataGaName":628,"dataGaLocation":480},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":355,"config":630},{"href":357,"dataGaName":358,"dataGaLocation":480},{"text":365,"config":632},{"href":367,"dataGaName":368,"dataGaLocation":480},{"text":370,"config":634},{"href":372,"dataGaName":373,"dataGaLocation":480},{"text":636,"config":637},"Modern Slavery Transparency Statement",{"href":638,"dataGaName":639,"dataGaLocation":480},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":641,"links":642},"Contact Us",[643,646,648,650,655,660,665],{"text":644,"config":645},"Contact an expert",{"href":57,"dataGaName":58,"dataGaLocation":480},{"text":384,"config":647},{"href":386,"dataGaName":387,"dataGaLocation":480},{"text":389,"config":649},{"href":391,"dataGaName":392,"dataGaLocation":480},{"text":651,"config":652},"Status",{"href":653,"dataGaName":654,"dataGaLocation":480},"https://status.gitlab.com/","status",{"text":656,"config":657},"Terms of use",{"href":658,"dataGaName":659,"dataGaLocation":480},"/terms/","terms of use",{"text":661,"config":662},"Privacy statement",{"href":663,"dataGaName":664,"dataGaLocation":480},"/privacy/","privacy statement",{"text":666,"config":667},"Cookie preferences",{"dataGaName":668,"dataGaLocation":480,"id":669,"isOneTrustButton":111},"cookie preferences","ot-sdk-btn",{"items":671},[672,674,676],{"text":656,"config":673},{"href":658,"dataGaName":659,"dataGaLocation":480},{"text":661,"config":675},{"href":663,"dataGaName":664,"dataGaLocation":480},{"text":666,"config":677},{"dataGaName":668,"dataGaLocation":480,"id":669,"isOneTrustButton":111},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[683],{"_path":684,"_dir":685,"_draft":6,"_partial":6,"_locale":7,"content":686,"config":690,"_id":692,"_type":34,"title":19,"_source":36,"_file":693,"_stem":694,"_extension":39},"/en-us/blog/authors/joni-klippert","authors",{"name":19,"config":687},{"headshot":688,"ctfId":689},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","Joni-Klippert",{"template":691},"BlogAuthor","content:en-us:blog:authors:joni-klippert.yml","en-us/blog/authors/joni-klippert.yml","en-us/blog/authors/joni-klippert",{"_path":696,"_dir":42,"_draft":6,"_partial":6,"_locale":7,"header":697,"eyebrow":698,"blurb":699,"button":700,"secondaryButton":704,"_id":706,"_type":34,"title":707,"_source":36,"_file":708,"_stem":709,"_extension":39},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":50,"config":701},{"href":702,"dataGaName":53,"dataGaLocation":703},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":55,"config":705},{"href":57,"dataGaName":58,"dataGaLocation":703},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1754424478937]