[{"data":1,"prerenderedAt":814},["ShallowReactive",2],{"/en-us/blog/custom-rules-duo-agentic-chat-deep-dive":3,"navigation-en-us":35,"banner-en-us":445,"footer-en-us":455,"blog-post-authors-en-us-Michael Friedrich":695,"blog-related-posts-en-us-custom-rules-duo-agentic-chat-deep-dive":709,"blog-promotions-en-us":751,"next-steps-en-us":804},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":25,"isFeatured":12,"meta":26,"navigation":27,"path":28,"publishedDate":20,"seo":29,"stem":30,"tagSlugs":31,"__hash__":34},"blogPosts/en-us/blog/custom-rules-duo-agentic-chat-deep-dive.yml","Custom Rules Duo Agentic Chat Deep Dive",[7],"michael-friedrich",null,"engineering",{"slug":11,"featured":12,"template":13},"custom-rules-duo-agentic-chat-deep-dive",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"category":9,"tags":21,"body":24},"Custom rules in GitLab Duo Agentic Chat for greater developer efficiency","Discover how AI can understand your codebase, follow your conventions, and generate production-ready code with minimal review cycles.",[18],"Michael Friedrich","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099203/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2820%29_2bJGC5ZP3WheoqzlLT05C5_1750099203484.png","2025-08-12",[22,23],"DevSecOps","AI/ML","Transform GitLab Duo from a generic AI assistant into your team's personalized coding expert with custom rules. Stop constantly correcting AI suggestions that use wrong Java versions, incorrect Python binaries, or violate your style guides. This deep-dive shows you how to create intelligent custom rules that automatically enforce your development standards.\n\nWe'll cover:\n\n- Version control: Lock AI to Java 8, handle Python3 environments, and generate multi-platform C++ code\n- Style enforcement: Prevent C `goto` anti-patterns, enforce VueJS design patterns, and ensure Ansible linter compliance\n- DevSecOps automation: Bootstrap projects with proper CI/CD security scanning and documentation standards\n\nEach example includes working GitLab projects to fork, complete configurations, and before/after demonstrations. Learn how banking systems stay Java 8 compliant, IoT collectors work cross-platform, and VueJS components follow GitLab's production standards.\n\n## Table of Contents\n\n- [First steps with custom rules for Duo Agentic Chat](#first-steps-with-custom-rules-for-duo-agentic-chat)\n - [Requirements](#requirements)\n - [Quick start: 5-minute success](#quick-start-5-minute-success)\n - [Guidelines for custom rule development](#guidelines-for-custom-rule-development)\n - [Ask GitLab Duo Chat about existing development style guides](#ask-gitlab-duo-chat-about-existing-development-style-guides)\n- [More custom rules use cases](#more-custom-rules-use-cases)\n - [Use cases: Version and platform support](#use-cases-version-and-platform-support)\n - [Java version requirements](#java-version-requirements)\n - [C++ Multi-platform support (Windows, Linux, macOS)](#c-multi-platform-support-windows-linux-macos)\n - [Use case: Development environments](#use-case-development-environments)\n - [Python 3 development environment](#python-3-development-environment)\n - [Ansible linter compliance](#ansible-linter-compliance)\n - [Use case: Design patterns](#use-case-design-patterns)\n - [Avoid anti-patterns with C and goto statements](#avoid-anti-patterns-with-c-and-goto-statements)\n - [Frontend style guides for VueJS 3](#frontend-style-guides-for-vuejs-3)\n - [Use case: DevSecOps workflows](#use-case-devsecops-workflows)\n - [Issue and MR templates](#issue-and-mr-templates)\n - [Build tools](#build-tools)\n - [CI/CD configuration preferences](#cicd-configuration-preferences)\n - [Security scanning preferences](#security-scanning-preferences)\n - [Tests and linters](#tests-and-linters)\n - [Documentation generation](#documentation-generation)\n - [Refactoring and code change requirements](#refactoring-and-code-change-requirements)\n - [Onboarding, requirements, licenses](#onboarding-requirements-licenses)\n - [Git flows](#git-flows)\n- [Distribution and testing of custom rules](#distribution-and-testing-of-custom-rules)\n - [Control custom rules editing](#control-custom-rules-editing)\n - [Custom rules resources](#custom-rules-resources)\n- [Fun activity: Explore behavior changes](#fun-activity-explore-behavior-changes)\n- [Conclusion](#conclusion)\n\n\n## First steps with custom rules for Duo Agentic Chat\n\nFollow the [documentation](https://docs.gitlab.com/user/gitlab_duo_chat/agentic_chat/#create-custom-rules) to create custom rules for GitLab Duo Agentic Chat in the `.gitlab/duo/chat-rules.md` directory in a new or existing GitLab project in your IDE.\n\nYou can start with free-form text instructions, and iterate on the best outcome. Custom rules support [Markdown](https://docs.gitlab.com/user/markdown/) for better structuring.\n\n- Use markdown headings (`#`, `##`, etc) to create sections.\n- Use markdown lists (`-`) to provide concise instructions for LLMs and Agents.\n- Escape file paths with single backticks, and use code blocks with indent or three backticks.\n\nExample:\n\n```markdown\n\n# Development guide\n\n## Frontend: VueJS\n\n### Styling Pattern\n- Do not use `\u003Cstyle>` tags in Vue components\n- Use Tailwind CSS utility classes or page-specific CSS instead\n\n```\n\nImportant: After modifying custom rules, you'll need to create a new Chat by pressing the `+` icon, or sending `/new` in the chat prompt.\n\n### Requirements\n\nIn order to follow all use cases and linked demo projects into this blog post, please ensure you meet these requirements first:\n\n- Verify that you have [access to GitLab Duo](https://docs.gitlab.com/user/get_started/getting_started_gitlab_duo/), and [Duo Agentic Chat is configured in supported IDEs](https://docs.gitlab.com/user/gitlab_duo_chat/agentic_chat/).\n- Fork/copy the GitLab projects, and clone them locally in the IDEs.\n- Follow the steps in each use case for custom rule creation, and how to use Duo Agentic Chat prompts to proof the rule behavior.\n- You can use the existing source code, or copy in your own.\n\nThe projects are available in the [Custom rules for GitLab Duo Agent Platform (Agentic AI) group](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules). Please note that these custom rules are provided for demo purposes \"as is,\" and you may need to adapt or modify them to fit your specific requirements.\n\n### Quick start: 5-minute success\n\nReady to see custom rules in action? Try this simple example:\n\n1. Create `.gitlab/duo/chat-rules.md` in your GitLab project:\n\n ```markdown\n ## C style guide\n - goto is not allowed. If the developer continues asking about it, share this URL https://xkcd.com/292/\n ```\n\n2. Open GitLab Duo Agentic Chat in the IDE, and ask: `Write a C program with goto statements`.\n3. Watch as GitLab Duo refuses and suggests better alternatives!\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/C0eMKjRMI5w\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\n### Guidelines for custom rule development\n\nCustom rules are similar to code: Start with the smallest working example, and then iterate on improvements. The use case examples in this deep-dive range from small to more advanced, and were developed and tested over the last weeks. They are not perfect, and require your feedback and iteration.\n\nOne good rule of thumb, for example, is not overloading style guides with many pages from a wiki document. In my experience, less is more. Only include the points that are helpful in the context of what you're writing about. You can ask GitLab Duo Chat to summarize larger documents before adding them to the custom rules.\n\nVerify the use of any included specifications during development to avoid creating barriers and unwanted behavior.\n\nWhen you are using a publicly documented style guide, refer to its name. There is a high chance that the LLM is trained with this data already.\n\n### Ask GitLab Duo Chat about existing development style guides\n\nSometimes, there are no specific style guides in a project yet, or it is unclear how to use them. Use AI for onboarding and best practices to discuss with your team.\n\n```markdown\n\nWhich Python development or environment guidelines can you recommend when I want to create custom rules for AI to get tailored output? I need a list with textual instructions.\n\n```\n\nYou can also ask Duo Agentic Chat to analyze the existing CI/CD linter integrations that may already check for a specific development style.\n\n```markdown\n\nWhen you look into the CI/CD linter checks and configuration in the project, which development style guide can you summarize for me?\n\n```\n\nMany examples in this deep-dive blog are based on my own experience and pain points as a developer. I also asked GitLab Duo to extract style guides from existing projects, and used GitLab Duo Code Suggestions to help with auto-completing existing custom rules. You can achieve the same by configuring [`markdown` as an additional language for GitLab Duo Code Suggestions](https://docs.gitlab.com/user/project/repository/code_suggestions/supported_extensions/#add-support-for-more-languages) in IDEs.\n\n## More custom rules use cases\n\nThe following sections provide an overview of specific style guides. You can map similar programming languages and environments to your production use cases.\n\n- **Version and platform support**: Refer to the [Java section below](#java-version-requirements) to learn how to force a specific language standard for generated and created code. You can apply a similar process for C++23 and older, PHP 8, Ruby 3, etc. The [C++ section below](#c-multi-platform-support-windows-linux-macos) shows how to instruct agentic AI with multi-platform support.\n- **Development environments**: Refer to the sections below on [Python](#python-3-development-environment) and [Ansible](#ansible-linter-compliance). Specify the development environment, binaries, tools and more. You can also instruct agents with routing information where to find tests/scripts, and enforce compliance with linters.\n- **Design patterns**: You can specify comprehensive design patterns with [VueJS](#frontend-style-guides-for-vuejs-3) as an example, leveraging the GitLab production development style guides as a foundation.\n- **DevSecOps workflows**: Configure comprehensive DevSecOps practices including [CI/CD configuration](#cicd-configuration-preferences) for specific CI/CD attributes and defaults for security scanning, [tests and linters](#tests-and-linters), and [build tools](#build-tools). Frequently requested use cases for bootstrapping projects include [documentation generation](#documentation-generation) including `README.md` and architecture diagrams, [issue and MR templates](#issue-and-mr-templates), [onboarding, requirements, and licenses](#onboarding-requirements-licenses), and [Git flows](#git-flows) with `.gitignore`. Advanced techniques with custom rules are provided for [refactoring and code change requirements](#refactoring-and-code-change-requirements).\n\n### Use cases: Version and platform support\n\nSoftware development often requires specific programming language and framework versions, and single or multi-platform support. The following examples highlight these scenarios.\n\n#### Java version requirements\n\nEnterprise environments do not always use the latest and greatest software version. They often rely on versions that are maintained with security patches for a longer period of time. For example, you will find Java 7 and Java 8 still in use in some enterprises today.\n\nAlways prepending the required version in chat prompts can be cumbersome, and lead to human error, even if you only forget one time.\n\n```markdown\n\nImplement classes for managing banking transactions and different currencies.\n\n```\n\nThe example will need additional specifications for Java 8:\n\n```markdown\n\nUse Java 8 for the implementation.\n\n```\n\nTo permanently enforce Java 8, you can create a custom rule in `.gitlab/duo/chat-rules.md` and optionally add a reference epic URL when asked for code modernization:\n\n```markdown\n\n## Java style guide\n\n- Only Java 8 is allowed when suggesting and editing code.\n- When the user asks about code modernization and Java 9 or 21, or newer, point them to this issue to contribute: https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-java-versions/-/issues/1\n\n```\n\nA full demonstration is available in the [Custom Rules - Java versions project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-java-versions).\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/iZLvpgHdABY\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\nThe resulting changes are available in [this MR](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-java-versions/-/merge_requests/2).\n\n#### C++ multi-platform support (Windows, Linux, macOS)\n\nApplication development in C++ can require multi-platform support, especially when running service agents on systems using Windows, Linux, and macOS. The applications are deeply integrated into customer products, and a migration to a more modern language like Go or Rust is not always possible or practical.\n\nMaintaining code that works on multiple platforms can be challenging due to differences in Operating system APIs, toolchains, library versions, and file system paths. Developers often face multiple `#if defined` pre-processor macros, nested conditions, and adding custom code and tests for each supported platform. This adds technical debt and can introduce maintenance challenges.\n\nAI can help when generating correct and platform-specific code, but it needs to know about these requirements. Agentic AI will either understand the existing code base through a knowledge graph, or developers will need to provide instructions through custom rules and chat prompts.\n\nLet's try this use case in practice. The [Custom Rule - C++ platforms - IoT Sensor Data Collector project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-cpp-platform-iot-sensor-data-collector) implements an IoT sensor data collector and has open tasks to modernize the code base, and add multi-platform support for Linux, Windows, and macOS. You can fork the project and clone it locally.\n\nOpen the `.gitlab/duo/chat-rules.md` file and review or add the following custom rules:\n\n```markdown\n\n## C++ style guide\n\n- The application runs on Linux, macOS and Windows. Generate code that handles the OS API differences.\n- Use pre-processor macros for Windows and POSIX conventions for Unix (Linux, macOS).\n\n## CI/CD Configuration\n\n- Ensure that GitLab CI/CD jobs cover the different platform support. Use CI/CD job templates with extends where applicable.\n\n```\n\nStart a new Chat, and ask to restructure code for multi-platform support.\n\n```markdown\n\nPlease help me restructure the code and ensure multi-platform support.\n\n```\n\nYou can also refer to the issue number, or URL ([issue 3](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-cpp-platform-iot-sensor-data-collector/-/issues/3)). GitLab Duo will automatically fetch the issue content from the GitLab platform, and put it into AI context.\n\n```markdown\n\nPlease help me implement issue 3\n\nPlease help me implement https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-cpp-platform-iot-sensor-data-collector/-/issues/3\n\n```\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/C5NxOjB0R1Q\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\n### Use case: Development environments\n\nDevelopment environments often vary between operating systems and developers. This can be confusing for AI models generating code or suggesting changes. The following use cases illustrate these environment problems and their solutions with custom rules.\n\n#### Python 3 development environment\n\nA Python development environment usually comes with the `python` executable and `pip` package manager. However, on systems like MacOS or Ubuntu, you need to use `python3` and `pip3` to get access to more recent Python 3 versions. This can create confusion running Python scripts, creating virtual environments, and installing package dependencies.\n\nFor this custom rules use case, I installed Python using [Homebrew](https://brew.sh/) which results in a binary executable called `python3` and a package manager `pip3`.\n\nAs an example, set up a Python virtual environment, install dependencies using `pip`, and run the application:\n\n```shell\n\npython -m venv myenv\nsource myenv/bin/activate\n\npip install -r requirements.txt\n\npython script.py\n\n```\n\nThis doesn't work as expected because we need to use specific binaries with version `3`:\n\n```shell\n\npython3 -m venv myenv\nsource myenv/bin/activate\n\npip3 install -r requirements.txt\n\npython3 script.py\n\n```\n\nWe can test this problem with Agentic Chat for both, suggested code blocks, and the approval request for commands to execute. The [Custom Rule - Python3 Env Shop app project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-python-3-env-shop-app) implements a web shop application in Python, and provides the default Python executable paths in its `README.md` file which typically gets added into Agentic Chat context.\n\n![Duo Agentic Chat, proposing the wrong binary commands](https://res.cloudinary.com/about-gitlab-com/image/upload/v1769123901/c0jltxbgxi2suobxhwwq.png)\n\nIn order to overcome the problem, review `.gitlab/duo/chat-rules.md` which contains the following custom rules to enforce the Python executable names.\n\n```markdown\n\n## Python style guide\n\n- For Python binaries, always use python3 and pip3 when suggesting or running shell commands.\n- Detect the Python environment automatically when possible.\n\n```\n\nYou can also instruct agents with pre-defined routes to gather additional information through tool calling and/or MCP, when they do not attempt this automatically already.\n\nOpen a new Agentic Chat, and ask `How to run this application?` to see custom rules in action, using `python3` and `pip3` as desired.\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/UQ2_OCvUmF0\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\n\nThe full source code is available in the [Custom Rule - Python3 Env Shop app project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-python-3-env-shop-app).\n\n#### Ansible linter compliance\n\nModern Ansible for Infrastructure-as-Code tasks enforces a strict style guide, which can be verified using `ansible-lint`: It detects when Boolean values (`true`/`false`) are required instead of strings (`yes`/`no`), builtin module actions requiring the FQCN (Fully Qualified Collection Name) as parameter names, and trailing whitespaces that need trimming. CLI and IDE integrations, such as the [VS Code Ansible extension by Red Hat](https://developers.redhat.com/learning/learn:ansible:get-started-ansible-visual-studio-code-extension/resource/resources:install-and-configure-ansible-extension-visual-studio-code) help visualize these errors to developers. LLMs and chat agents might not always generate correct Ansible code and need manual work to fix it.\n\nLet's look at the problem with a concrete use case. The following example implements a basic Ansible playbook in the [Custom Rule - Ansible Environment project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-ansible-environment) to set up a GitLab server on Ubuntu. You'll notice the Boolean values are incorrectly typed as strings (`yes`/`no`), and additional problem reports for builtin module actions and whitespace trimming.\n\n![VS Code with Ansible lint error: Wrong boolean type](https://res.cloudinary.com/about-gitlab-com/image/upload/v1769123900/eofxonbvbs7o2qt48tmc.png)\n\n![VS Code with Ansible lint error: Builtin module action FQCN](https://res.cloudinary.com/about-gitlab-com/image/upload/v1769123900/qnzwk8b1dslmcqercxul.png)\n\n![VS Code with Ansible lint error: trailing whitespaces](https://res.cloudinary.com/about-gitlab-com/image/upload/v1769123900/fsrceusoksp16xj42yix.png)\n\nLet's see how we can create custom rules to help Duo Agents fix the Ansible linter errors, and prevent them from happening in the future.\n\nFork and clone the [Custom Rule - Ansible Environment project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-ansible-environment) and open `.gitlab/duo/chat-rules.md` in the IDE inspect the custom rules:\n\n```markdown\n\n## Ansible styleguide\n\n- Boolean values in Ansible should be typed as \"true\" or \"false\" and never as string.\n- Ansible module builtin actions must use the FQCN (Fully Qualified Collection Name).\n- Always trim whitespaces in Ansible YAML.\n\n```\n\nOpen a new GitLab Duo Agentic Chat prompt, and ask Duo Agent for the same Ansible playbook:\n\n```markdown\n\nPlease help me fix the Ansible linter errors\n\n```\n\nThe Agents will analyze the repository, ask to run `ansible-lint` commands, and investigate how to fix the problems followed the defined custom rules.\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/P465U8IfScE\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\nYou can inspect the custom rules and Ansible code changes in [this MR](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-ansible-environment/-/merge_requests/1) in the [Custom Rule - Ansible Environment project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-ansible-environment).\n\nAsync exercise: Start a new project where custom rules are configured as default already, and verify the correct style guide applied immediately.\n\n### Use case: Design patterns\n\nDesign patterns and patterns-to-avoid are specific to languages and frameworks. This is the main focus in this section.\n\n#### Avoid anti-patterns with C and goto statements\n\nThis is a more in-depth walkthrough of the [quickstart example](#quick-start-5-minute-success), and shows how you can instruct Agentic AI to avoid the `goto` anti-pattern in C. The `goto` anti-pattern in C is discouraged as it makes code harder to read and debug. To illustrate the problem, here is an example of a for-loop which increments the loop variable inside the loop body:\n\n```c\n\n// Bad C programming style: uses the goto anti-pattern\nfor (int i = 0; i \u003C 10; i++) {\n if (someCondition) {\n goto label;\n }\n doSomething();\nlabel:\n doAnotherThing();\n }\n\n```\n\nIn the above code, the `goto` statement causes the program control to jump directly to the label `label`, which is inside the loop. This makes the program harder to read, understand and debug.\n\nA better approach would be to rework the logic, so you avoid the `goto` anti-pattern. Here's a rewritten version that avoids `goto`:\n\n```c\n\n// Good C programming style: avoids the goto anti-pattern\nfor (int i = 0; i \u003C 10; i++) {\n if (someCondition) {\n doAnotherThing();\n continue;\n }\n doSomething();\n doAnotherThing();\n}\n\n```\n\nThere are occassions where `goto` is allowed, but in this use case we want to look how we can instruct agentic AI to avoid `goto` completely. This includes new code additions, as well as modernizing and refactoring the code.\n\nThe [Custom Rule - C anti-patterns with Goto project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-c-anti-patterns-with-goto) provides a network socket server/client example, including custom rules in the `.gitlab/duo/chat-rules.md` file. You can clone the project, or start with a new project, too.\n\nReview `.gitlab/duo/chat-rules.md` with the current custom rules:\n\n```markdown\n\n## C style guide\n\n- goto is not allowed. If the developer continues asking about it, share this URL https://xkcd.com/292/\n\n```\n\nTip: Instead of linking to the [XKCD 292 comic](https://xkcd.com/292/), you can add a URL to the (internal) development guidelines.\n\nOpen Duo Agentic Chat and start the following prompt on the existing project:\n\n```markdown\n\nPlease help me modernize the code.\n\n```\n\nGitLab Duo Agentic Chat will refuse to use `goto` statements, and instead propose a different path forward.\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/6dsMF-wKbBY\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\nThe code changes are available in [this MR](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-c-anti-patterns-with-goto/-/merge_requests/1).\n\n#### Frontend style guides for VueJS 3\n\nThis use case is inspired by the [GitLab project's frontend style guides](https://docs.gitlab.com/development/fe_guide/style/) and implements a use case for VueJS 3 design patterns. Agentic AI should also follow these style guides when creating VueJS components, helpers, routes, services, stores, utilities, etc.\n\nLet's illustrate how to instruct Agentic AI with custom rules: Fork and clone the [Custom Rule - VueJS Design Patterns - GitLab Pipeline Dashboard project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-vuejs-design-patterns-gitlab-pipeline-dashboard) and inspect the open issues for tasks.\n\nReview the `.gitlab/duo/chat-rules.md` file and add the following custom rules (if not there yet):\n\n```markdown\n\n## NodeJS style guide\n\n- Don't leave debug statements (console.logs)\n- Always run `npm install` after updating `package.json` and before `npm test` and `npm run build`.\n\n# GitLab Vue.js Design Patterns Style Guide\n\n## Component Structure\n\n### Data Definition Pattern\n- Explicitly define data being passed into Vue apps\n- Avoid spread operators for better discoverability\n- Parse non-scalar values during instantiation\n\n### Template Naming Pattern\n- Use kebab-case for component names in templates\n\n### File Structure Pattern\n- Use `.vue` files for Vue templates\n- Do not use `%template` in HAML\n\n### Styling Pattern\n- Do not use `\u003Cstyle>` tags in Vue components\n- Use Tailwind CSS utility classes or page-specific CSS instead\n\n[...]\n\n```\nThe full custom rules are available in the [`.gitlab/duo/chat-rules.md` file](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-vuejs-design-patterns-gitlab-pipeline-dashboard/-/blob/main/.gitlab/duo/chat-rules.md?ref_type=heads&plain=1).\n\nNext, open GitLab Duo Agentic Chat and ask how to [add new pipeline mini charts](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-vuejs-design-patterns-gitlab-pipeline-dashboard/-/issues/6), or other tasks you come across. Tip: You can reference only the issue, or alternatively paste the full issue URL, and Agentic Chat will look up both and extract the title and description for the current context.\n\n```markdown\n\nPlease help me implement issue 6\n\n```\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/KbczS-OVb90\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\nThe resulting code changes are available in [this MR](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-vuejs-design-patterns-gitlab-pipeline-dashboard/-/merge_requests/3).\n\nNote: The VueJS style guide was extracted from the [gitlab-org/gitlab project](https://gitlab.com/gitlab-org/gitlab) asking GitLab Duo Agentic Chat with the following prompt sequence:\n\n```markdown\n\nWhat is the development style guide for VueJS?\n\nCan you print the styleguide as Markdown formatted list with headings.\n\nCreate a file in the repo, and only print the style guide rules there, no codeblocks.\n\n```\n\n![IntelliJ IDEA with `gitlab-org/gitlab` source code, and GitLab Duo Agentic Chat writing the styleguide file](https://res.cloudinary.com/about-gitlab-com/image/upload/v1769123901/prf63nqoqsqzn7lh9pnq.png)\n\n### Use case: DevSecOps workflows\n\nDevSecOps workflows range from best practices for bootstrapping a project with issue/MR templates, `.gitignore`, GitLab CI/CD configuration, `README.md` documentation, licenses and much more. The following section explores a variety of use cases. You can use them as inspiration for your own custom rules.\n\nCommon DevSecOps automation with custom rules:\n\n- **Project bootstrap**: Auto-create README, .gitignore, CI/CD config\n- **Security defaults**: Enforce SAST, dependency scanning, secrets detection\n- **Documentation**: Generate issue/MR templates, architecture diagrams\n\nA combined use case example is available in the [Custom Rule - DevSecOps workflows - Git README build tools issue MR templates project](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules/custom-rule-devsecops-workflows). You can inspect the custom rules, and fork/clone it locally to ask Agentic Chat with a new prompt such as: `I need to bootstrap this project. Please help me with that`.\n\n\n\u003Cfigure class=\"video_container\">\n \u003Ciframe width=\"560\" height=\"315\"\n src=\"https://www.youtube.com/embed/hKpLcBtbC4g\" frameborder=\"0\"\n allowfullscreen=\"true\">\n \u003C/iframe>\n\u003C/figure>\n\nThe next sections provide detailed prompts, and most of them are shown in the recording, too.\n\n#### Issue and MR templates\n\nYou can instruct agentic AI to create issue/MR templates when they are missing, and offer to add project-specific information or labels. Agents will automatically query the GitLab API in the background, and put the current project structure into a template.\n\n```markdown\n\n## Issue and MR templates\n\n- If no issue templates for `Default` and `Feature Proposal` exist in .gitlab/issue_templates, create them using the following raw template sources:\n\n Default: https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/raw/main/.gitlab/issue_templates/Default.md\n Feature Proposal: https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/raw/main/.gitlab/issue_templates/Feature%20Proposal.md\n\n- If no default MR template `Default` exists in `.gitlab/merge_request_templates`, create them using the following raw template sources:\n\n Default: https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/raw/main/.gitlab/merge_request_templates/Default.md\n\n- Update the project URLs, and available labels in the fetched templates accordingly, or remove anything unknown and let the user know about TODOs.\n- Create a test issue/MR, when bootstrapping a new project.\n\n```\n\n#### Build tools\n\nThere is a variety of build tools, package managers, compilers, container builders available per programming language. When asking about updates and dependencies, agentic AI can use these default tools without asking for input.\n\n```markdown\n\n## Build tools\n\n- Always use a virtual env with Python, and set it up before executing any Python commands\n- For C/C++: Prefer CMake, and gcc on Linux, clang on macOS, MSVC on Windows.\n- For Python: Always use pip\n- For Java: Always use Gradle\n- For Node.js, suggest to use npm/yarn.\n- For Rust: Always use cargo\n- For Go: Always use go.mod\n- For Ruby: Always use Bundler\n- For PHP: Always use Composer\n- For .NET: Always use .NET CLI\n- For Scala: Always use SBT\n- For Elixir: Always use Mix\n- For Haskell: Always use Cabal\n- For Swift: Always use Swift Package Manager\n- For Kotlin: Always use Gradle or Maven.\n- For TypeScript: Always use npm or yarn.\n- Always suggest using a package manager or build tool based on the main programming language of the project.\n- When asking for dependencies, assume that the user wants to update all current dependencies to the latest version available.\n\n- Always suggest to create a Dockerfile if there isn't one. Always use a minimal image and use a tag for security scanning.\n- Always add a `Dockerfile` with the base image and the entrypoint if one does not exist.\n- Always include a `.dockerignore` and use it in the Docker build process.\n\n```\n\n#### CI/CD configuration preferences\n\nUse rules to prefer specific container images, variable and job name patterns, etc.\n\n```markdown\n\n## CI/CD Configuration\n\n- If no GitLab CI/CD configuration exists in `.gitlab-ci.yml`, ask the user for approval to create.\n- Create a GitLab CI/CD configuration automatically when a new project gets bootstrapped\n\n- Always use alpine as container image to build the application.\n- Add caching for detected programming languages and frameworks.\n\n```\n\n#### Security scanning preferences\n\nSecurity scanners can also be enforced in GitLab CI/CD configuration. The following example instructs agents to always include Advanced SAST, dependency scanning, and secret detection templates. It has been successfully tested across other use cases in this tutorial.\n\n```markdown\n\n## Security scanning\n\n- Always use Advanced SAST.\n- Always include SAST, Dependency Scanning, Secrets Detection templates, similar to the following format:\n\n include:\n - template: Jobs/SAST.gitlab-ci.yml\n - template: Jobs/Secret-Detection.gitlab-ci.yml\n - template: Jobs/Dependency-Scanning.gitlab-ci.yml\n\n variables:\n GITLAB_ADVANCED_SAST_ENABLED: 'true'\n\n```\n\n![VS Code with a Java app, GitLab CI/CD, custom rules, and Agentic Chat adding Advanced SAST](https://res.cloudinary.com/about-gitlab-com/image/upload/v1769123900/avokij2uelhkx711wp1q.png)\n\n#### Tests and linters\n\nYou can also directly instruct Agentic Chat where to find the tests, and how to run them. The same idea applies to calling linter commands. Thanks Jessie Young for sharing this neat tip!\n\n```markdown\n\n## Tests and linting details\n\n- Tests in this project are located in __ directory and are run using the ___ command\n- Linting is done with the ___ command\n\n```\n\n#### Documentation generation\n\nBest of documentation custom rules.\n\n```markdown\n\n- If a README is missing, ask the user if they want to create one. If the user agrees, create a basic `README.md` for them.\n- When the user asks for an architecture proposal, always respond with generating an architecture diagram in Mermaid, and ask the user if they want you to add it to the README.md or another documentation file.\n- For documentation in Markdown, always use GitLab flavored Markdown.\n- Always add correct code block syntax highlighting support.\n\n```\n\n#### Refactoring and code change requirements\n\nWhen a project should gradually be modernized with newly generated code, and not result in large refactors, the following rules can be helpful.\n\n```markdown\n\n## Keep the changes minimal\n\n- The project uses \u003Cthis standard and version>. For newly generated code, use this standard.\n- Do not attempt to refactor code already created in a project to this standard, but for new code, always ensure this standard is used.\n- If unsure whether a file requires modification or refactoring, document this as a todo task.\n- Never fix detected problems, whitespaces, code formatting, unless the user instructs you specifically in a comment.\n- The code must be retained in its original format and only changes specific to solving the user request are allowed.\n\n## Summaries\n\n- List all items to address at the bottom in a summary section with TODO: followed by a textual description.\n- Identify 3 critical items, and ask the user if you should create GitLab issues from those items.\n\n```\n\n#### Onboarding, requirements, licenses\n\nAlways include a specific documentation link, and guidelines to follow in chat responses.\n\n```markdown\n\n## Link to guidelines\n- Always refer to our developer guidelines when answering questions. You can find those guidelines here: https://docs.gitlab.com/development/\n\n## Context and planning\n- Always start with finding existing issues with the desired topic. Only then propose new implementation work.\n\n## License\n- Always add the MIT license into `LICENSE` and use `GitLab B.V.` as copyright holder.\n\n```\n\n#### Git flows\n\nFollow a specific Git branching flow for suggestions and executed commands.\n\n```markdown\n\n## Git flows\n\n- Examine the project and involved development environment and programming languages. Always add a `.gitignore`.\n- Consider more best practices when bootstrapping a new project.\n- For existing projects, offer to add a `.gitignore` when missing, but only when asked about the state of the project, or what is missing.\n\nWhen a user requests to start with a new feature, always create a new branch, called \"feature/\u003Cshortname>\" and describe the behavior. Ask for the user's approval.\n\n```\n\n## Distribution and testing of custom rules\n\nYou can create [GitLab project templates](https://docs.gitlab.com/administration/custom_project_templates/) with well-tested custom rule prompts, and ensure that new projects always start with the best practices applied.\n\nSince LLMs and AI agents are not predictable, testing the expected outcome becomes more challenging. A golden rule for custom rules is that they are never perfect, and require iterations based on your team's feedback. This might be required especially when newer models and flows are introduced that change their behavior when responding to custom rules. It's recommended to keep checking on the generated output and adjust the rules accordingly. If you are looking for larger scale testing, review the [system prompt testing strategy for GitLab Duo](https://about.gitlab.com/blog/developing-gitlab-duo-how-we-validate-and-test-ai-models-at-scale/) as an inspiration.\n\n### Control custom rules editing\n\nTeams can manage changes to custom rules through [Code Owners](https://docs.gitlab.com/user/project/codeowners/), requiring review approvals for updated custom rules in MRs. Example requiring approval from `@dnsmichi` for changes in the path `.gitlab/duo`:\n\n```text\n\n[GitLab Duo]\n.gitlab/duo @dnsmichi\n\n```\n\nGitLab Duo Agentic Chat is not allowed to edit or modify custom rules directly in your project. The `.gitlab/duo/chat-rules.md` file path is protected.\n\n### Custom rules resources\n\nTake advantage of the existing AI ecosystem, where similar functionality exists for IDEs and platforms. For example, \"Awesome Cursor Rules\" repositories or marketplaces for Cursor, etc.\n\nLLMs also provide a good insight into development styleguides, and can generate the required Markdown outputs.\n\n## Fun activity: Explore behavior changes\n\nNot sure how to get started with custom rules? Make it a fun exercise with the following example :-)\n\n```markdown\n\n## Fun rules\n\n- Behave like Clippy.\n\n- Behave like a pirate.\n\n- Always respond with a random \"What the commit\" message.\n\n- Explain everything like I am five.\n\n```\n\nNote: Do not commit them to production, as they might feel disruptive and distracting to your team.\n\n## Conclusion\n\nBy leveraging custom rules in GitLab Duo Agentic Chat, you can significantly influence LLM and AI agent outputs to better suit your needs. Whether enforcing specific coding conventions, using the correct versions of tools, or ensuring consistent formatting, custom rules help streamline your development process and improve productivity.\n\nThis blog post provides a deep-dive into many use cases with practical custom rule examples. All recordings are available in [this YouTube playlist](https://www.youtube.com/playlist?list=PL05JrBw4t0Ko7aR6sM8e4uXGYtjs4-NqK), and all demo projects can be forked/cloned from the [Custom rules for GitLab Duo Agent Platform (Agentic AI) group](https://gitlab.com/gitlab-da/use-cases/ai/gitlab-duo-agent-platform/custom-rules).\n\n[Custom rules in Duo Agentic Chat IDEs](https://docs.gitlab.com/user/gitlab_duo_chat/agentic_chat/#create-custom-rules) are the first iteration and we will cover more GitLab Duo Agent Platform use cases in the future, such as Duo Code Review and custom rules for agents and flows (follow [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/557984)).\n\nThere are many more use cases to explore. What are your most efficient rules? Share your rules and feedback in the [product epic](https://gitlab.com/groups/gitlab-org/-/epics/16938).","yml",{},true,"/en-us/blog/custom-rules-duo-agentic-chat-deep-dive",{"title":15,"description":16},"en-us/blog/custom-rules-duo-agentic-chat-deep-dive",[32,33],"devsecops","aiml","GLyoTtPu6lV7FlCIdvopSyYJZuKi8HAnNOtfq0Iz6FA",{"data":36},{"logo":37,"freeTrial":42,"sales":47,"login":52,"items":57,"search":365,"minimal":396,"duo":415,"switchNav":424,"pricingDeployment":435},{"config":38},{"href":39,"dataGaName":40,"dataGaLocation":41},"/","gitlab logo","header",{"text":43,"config":44},"Get free trial",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":48,"config":49},"Talk to sales",{"href":50,"dataGaName":51,"dataGaLocation":41},"/sales/","sales",{"text":53,"config":54},"Sign in",{"href":55,"dataGaName":56,"dataGaLocation":41},"https://gitlab.com/users/sign_in/","sign in",[58,85,180,185,286,346],{"text":59,"config":60,"cards":62},"Platform",{"dataNavLevelOne":61},"platform",[63,69,77],{"title":59,"description":64,"link":65},"The intelligent orchestration platform for DevSecOps",{"text":66,"config":67},"Explore our Platform",{"href":68,"dataGaName":61,"dataGaLocation":41},"/platform/",{"title":70,"description":71,"link":72},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":73,"config":74},"Meet GitLab Duo",{"href":75,"dataGaName":76,"dataGaLocation":41},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":78,"description":79,"link":80},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":81,"config":82},"Learn more",{"href":83,"dataGaName":84,"dataGaLocation":41},"/why-gitlab/","why gitlab",{"text":86,"left":27,"config":87,"link":89,"lists":93,"footer":162},"Product",{"dataNavLevelOne":88},"solutions",{"text":90,"config":91},"View all Solutions",{"href":92,"dataGaName":88,"dataGaLocation":41},"/solutions/",[94,118,141],{"title":95,"description":96,"link":97,"items":102},"Automation","CI/CD and automation to accelerate deployment",{"config":98},{"icon":99,"href":100,"dataGaName":101,"dataGaLocation":41},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[103,107,110,114],{"text":104,"config":105},"CI/CD",{"href":106,"dataGaLocation":41,"dataGaName":104},"/solutions/continuous-integration/",{"text":70,"config":108},{"href":75,"dataGaLocation":41,"dataGaName":109},"gitlab duo agent platform - product menu",{"text":111,"config":112},"Source Code Management",{"href":113,"dataGaLocation":41,"dataGaName":111},"/solutions/source-code-management/",{"text":115,"config":116},"Automated Software Delivery",{"href":100,"dataGaLocation":41,"dataGaName":117},"Automated software delivery",{"title":119,"description":120,"link":121,"items":126},"Security","Deliver code faster without compromising security",{"config":122},{"href":123,"dataGaName":124,"dataGaLocation":41,"icon":125},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[127,131,136],{"text":128,"config":129},"Application Security Testing",{"href":123,"dataGaName":130,"dataGaLocation":41},"Application security testing",{"text":132,"config":133},"Software Supply Chain Security",{"href":134,"dataGaLocation":41,"dataGaName":135},"/solutions/supply-chain/","Software supply chain security",{"text":137,"config":138},"Software Compliance",{"href":139,"dataGaName":140,"dataGaLocation":41},"/solutions/software-compliance/","software compliance",{"title":142,"link":143,"items":148},"Measurement",{"config":144},{"icon":145,"href":146,"dataGaName":147,"dataGaLocation":41},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[149,153,157],{"text":150,"config":151},"Visibility & Measurement",{"href":146,"dataGaLocation":41,"dataGaName":152},"Visibility and Measurement",{"text":154,"config":155},"Value Stream Management",{"href":156,"dataGaLocation":41,"dataGaName":154},"/solutions/value-stream-management/",{"text":158,"config":159},"Analytics & Insights",{"href":160,"dataGaLocation":41,"dataGaName":161},"/solutions/analytics-and-insights/","Analytics and insights",{"title":163,"items":164},"GitLab for",[165,170,175],{"text":166,"config":167},"Enterprise",{"href":168,"dataGaLocation":41,"dataGaName":169},"/enterprise/","enterprise",{"text":171,"config":172},"Small Business",{"href":173,"dataGaLocation":41,"dataGaName":174},"/small-business/","small business",{"text":176,"config":177},"Public Sector",{"href":178,"dataGaLocation":41,"dataGaName":179},"/solutions/public-sector/","public sector",{"text":181,"config":182},"Pricing",{"href":183,"dataGaName":184,"dataGaLocation":41,"dataNavLevelOne":184},"/pricing/","pricing",{"text":186,"config":187,"link":189,"lists":193,"feature":273},"Resources",{"dataNavLevelOne":188},"resources",{"text":190,"config":191},"View all resources",{"href":192,"dataGaName":188,"dataGaLocation":41},"/resources/",[194,227,245],{"title":195,"items":196},"Getting started",[197,202,207,212,217,222],{"text":198,"config":199},"Install",{"href":200,"dataGaName":201,"dataGaLocation":41},"/install/","install",{"text":203,"config":204},"Quick start guides",{"href":205,"dataGaName":206,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":208,"config":209},"Learn",{"href":210,"dataGaLocation":41,"dataGaName":211},"https://university.gitlab.com/","learn",{"text":213,"config":214},"Product documentation",{"href":215,"dataGaName":216,"dataGaLocation":41},"https://docs.gitlab.com/","product documentation",{"text":218,"config":219},"Best practice videos",{"href":220,"dataGaName":221,"dataGaLocation":41},"/getting-started-videos/","best practice videos",{"text":223,"config":224},"Integrations",{"href":225,"dataGaName":226,"dataGaLocation":41},"/integrations/","integrations",{"title":228,"items":229},"Discover",[230,235,240],{"text":231,"config":232},"Customer success stories",{"href":233,"dataGaName":234,"dataGaLocation":41},"/customers/","customer success stories",{"text":236,"config":237},"Blog",{"href":238,"dataGaName":239,"dataGaLocation":41},"/blog/","blog",{"text":241,"config":242},"Remote",{"href":243,"dataGaName":244,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":246,"items":247},"Connect",[248,253,258,263,268],{"text":249,"config":250},"GitLab Services",{"href":251,"dataGaName":252,"dataGaLocation":41},"/services/","services",{"text":254,"config":255},"Community",{"href":256,"dataGaName":257,"dataGaLocation":41},"/community/","community",{"text":259,"config":260},"Forum",{"href":261,"dataGaName":262,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":264,"config":265},"Events",{"href":266,"dataGaName":267,"dataGaLocation":41},"/events/","events",{"text":269,"config":270},"Partners",{"href":271,"dataGaName":272,"dataGaLocation":41},"/partners/","partners",{"backgroundColor":274,"textColor":275,"text":276,"image":277,"link":281},"#2f2a6b","#fff","Insights for the future of software development",{"altText":278,"config":279},"the source promo card",{"src":280},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":282,"config":283},"Read the latest",{"href":284,"dataGaName":285,"dataGaLocation":41},"/the-source/","the source",{"text":287,"config":288,"lists":290},"Company",{"dataNavLevelOne":289},"company",[291],{"items":292},[293,298,304,306,311,316,321,326,331,336,341],{"text":294,"config":295},"About",{"href":296,"dataGaName":297,"dataGaLocation":41},"/company/","about",{"text":299,"config":300,"footerGa":303},"Jobs",{"href":301,"dataGaName":302,"dataGaLocation":41},"/jobs/","jobs",{"dataGaName":302},{"text":264,"config":305},{"href":266,"dataGaName":267,"dataGaLocation":41},{"text":307,"config":308},"Leadership",{"href":309,"dataGaName":310,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":312,"config":313},"Team",{"href":314,"dataGaName":315,"dataGaLocation":41},"/company/team/","team",{"text":317,"config":318},"Handbook",{"href":319,"dataGaName":320,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":322,"config":323},"Investor relations",{"href":324,"dataGaName":325,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":327,"config":328},"Trust Center",{"href":329,"dataGaName":330,"dataGaLocation":41},"/security/","trust center",{"text":332,"config":333},"AI Transparency Center",{"href":334,"dataGaName":335,"dataGaLocation":41},"/ai-transparency-center/","ai transparency center",{"text":337,"config":338},"Newsletter",{"href":339,"dataGaName":340,"dataGaLocation":41},"/company/contact/#contact-forms","newsletter",{"text":342,"config":343},"Press",{"href":344,"dataGaName":345,"dataGaLocation":41},"/press/","press",{"text":347,"config":348,"lists":349},"Contact us",{"dataNavLevelOne":289},[350],{"items":351},[352,355,360],{"text":48,"config":353},{"href":50,"dataGaName":354,"dataGaLocation":41},"talk to sales",{"text":356,"config":357},"Support portal",{"href":358,"dataGaName":359,"dataGaLocation":41},"https://support.gitlab.com","support portal",{"text":361,"config":362},"Customer portal",{"href":363,"dataGaName":364,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":366,"login":367,"suggestions":374},"Close",{"text":368,"link":369},"To search repositories and projects, login to",{"text":370,"config":371},"gitlab.com",{"href":55,"dataGaName":372,"dataGaLocation":373},"search login","search",{"text":375,"default":376},"Suggestions",[377,379,383,385,389,393],{"text":70,"config":378},{"href":75,"dataGaName":70,"dataGaLocation":373},{"text":380,"config":381},"Code Suggestions (AI)",{"href":382,"dataGaName":380,"dataGaLocation":373},"/solutions/code-suggestions/",{"text":104,"config":384},{"href":106,"dataGaName":104,"dataGaLocation":373},{"text":386,"config":387},"GitLab on AWS",{"href":388,"dataGaName":386,"dataGaLocation":373},"/partners/technology-partners/aws/",{"text":390,"config":391},"GitLab on Google Cloud",{"href":392,"dataGaName":390,"dataGaLocation":373},"/partners/technology-partners/google-cloud-platform/",{"text":394,"config":395},"Why GitLab?",{"href":83,"dataGaName":394,"dataGaLocation":373},{"freeTrial":397,"mobileIcon":402,"desktopIcon":407,"secondaryButton":410},{"text":398,"config":399},"Start free trial",{"href":400,"dataGaName":46,"dataGaLocation":401},"https://gitlab.com/-/trials/new/","nav",{"altText":403,"config":404},"Gitlab Icon",{"src":405,"dataGaName":406,"dataGaLocation":401},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":403,"config":408},{"src":409,"dataGaName":406,"dataGaLocation":401},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":411,"config":412},"Get Started",{"href":413,"dataGaName":414,"dataGaLocation":401},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":416,"mobileIcon":420,"desktopIcon":422},{"text":417,"config":418},"Learn more about GitLab Duo",{"href":75,"dataGaName":419,"dataGaLocation":401},"gitlab duo",{"altText":403,"config":421},{"src":405,"dataGaName":406,"dataGaLocation":401},{"altText":403,"config":423},{"src":409,"dataGaName":406,"dataGaLocation":401},{"button":425,"mobileIcon":430,"desktopIcon":432},{"text":426,"config":427},"/switch",{"href":428,"dataGaName":429,"dataGaLocation":401},"#contact","switch",{"altText":403,"config":431},{"src":405,"dataGaName":406,"dataGaLocation":401},{"altText":403,"config":433},{"src":434,"dataGaName":406,"dataGaLocation":401},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":436,"mobileIcon":441,"desktopIcon":443},{"text":437,"config":438},"Back to pricing",{"href":183,"dataGaName":439,"dataGaLocation":401,"icon":440},"back to pricing","GoBack",{"altText":403,"config":442},{"src":405,"dataGaName":406,"dataGaLocation":401},{"altText":403,"config":444},{"src":409,"dataGaName":406,"dataGaLocation":401},{"title":446,"button":447,"config":452},"See how agentic AI transforms software delivery",{"text":448,"config":449},"Watch GitLab Transcend now",{"href":450,"dataGaName":451,"dataGaLocation":41},"/events/transcend/virtual/","transcend event",{"layout":453,"icon":454,"disabled":27},"release","AiStar",{"data":456},{"text":457,"source":458,"edit":464,"contribute":469,"config":474,"items":479,"minimal":684},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":459,"config":460},"View page source",{"href":461,"dataGaName":462,"dataGaLocation":463},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":465,"config":466},"Edit this page",{"href":467,"dataGaName":468,"dataGaLocation":463},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":470,"config":471},"Please contribute",{"href":472,"dataGaName":473,"dataGaLocation":463},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":475,"facebook":476,"youtube":477,"linkedin":478},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[480,527,579,623,650],{"title":181,"links":481,"subMenu":496},[482,486,491],{"text":483,"config":484},"View plans",{"href":183,"dataGaName":485,"dataGaLocation":463},"view plans",{"text":487,"config":488},"Why Premium?",{"href":489,"dataGaName":490,"dataGaLocation":463},"/pricing/premium/","why premium",{"text":492,"config":493},"Why Ultimate?",{"href":494,"dataGaName":495,"dataGaLocation":463},"/pricing/ultimate/","why ultimate",[497],{"title":498,"links":499},"Contact Us",[500,503,505,507,512,517,522],{"text":501,"config":502},"Contact sales",{"href":50,"dataGaName":51,"dataGaLocation":463},{"text":356,"config":504},{"href":358,"dataGaName":359,"dataGaLocation":463},{"text":361,"config":506},{"href":363,"dataGaName":364,"dataGaLocation":463},{"text":508,"config":509},"Status",{"href":510,"dataGaName":511,"dataGaLocation":463},"https://status.gitlab.com/","status",{"text":513,"config":514},"Terms of use",{"href":515,"dataGaName":516,"dataGaLocation":463},"/terms/","terms of use",{"text":518,"config":519},"Privacy statement",{"href":520,"dataGaName":521,"dataGaLocation":463},"/privacy/","privacy statement",{"text":523,"config":524},"Cookie preferences",{"dataGaName":525,"dataGaLocation":463,"id":526,"isOneTrustButton":27},"cookie preferences","ot-sdk-btn",{"title":86,"links":528,"subMenu":537},[529,533],{"text":530,"config":531},"DevSecOps platform",{"href":68,"dataGaName":532,"dataGaLocation":463},"devsecops platform",{"text":534,"config":535},"AI-Assisted Development",{"href":75,"dataGaName":536,"dataGaLocation":463},"ai-assisted development",[538],{"title":539,"links":540},"Topics",[541,546,551,556,561,564,569,574],{"text":542,"config":543},"CICD",{"href":544,"dataGaName":545,"dataGaLocation":463},"/topics/ci-cd/","cicd",{"text":547,"config":548},"GitOps",{"href":549,"dataGaName":550,"dataGaLocation":463},"/topics/gitops/","gitops",{"text":552,"config":553},"DevOps",{"href":554,"dataGaName":555,"dataGaLocation":463},"/topics/devops/","devops",{"text":557,"config":558},"Version Control",{"href":559,"dataGaName":560,"dataGaLocation":463},"/topics/version-control/","version control",{"text":22,"config":562},{"href":563,"dataGaName":32,"dataGaLocation":463},"/topics/devsecops/",{"text":565,"config":566},"Cloud Native",{"href":567,"dataGaName":568,"dataGaLocation":463},"/topics/cloud-native/","cloud native",{"text":570,"config":571},"AI for Coding",{"href":572,"dataGaName":573,"dataGaLocation":463},"/topics/devops/ai-for-coding/","ai for coding",{"text":575,"config":576},"Agentic AI",{"href":577,"dataGaName":578,"dataGaLocation":463},"/topics/agentic-ai/","agentic ai",{"title":580,"links":581},"Solutions",[582,584,586,591,595,598,602,605,607,610,613,618],{"text":128,"config":583},{"href":123,"dataGaName":128,"dataGaLocation":463},{"text":117,"config":585},{"href":100,"dataGaName":101,"dataGaLocation":463},{"text":587,"config":588},"Agile development",{"href":589,"dataGaName":590,"dataGaLocation":463},"/solutions/agile-delivery/","agile delivery",{"text":592,"config":593},"SCM",{"href":113,"dataGaName":594,"dataGaLocation":463},"source code management",{"text":542,"config":596},{"href":106,"dataGaName":597,"dataGaLocation":463},"continuous integration & delivery",{"text":599,"config":600},"Value stream management",{"href":156,"dataGaName":601,"dataGaLocation":463},"value stream management",{"text":547,"config":603},{"href":604,"dataGaName":550,"dataGaLocation":463},"/solutions/gitops/",{"text":166,"config":606},{"href":168,"dataGaName":169,"dataGaLocation":463},{"text":608,"config":609},"Small business",{"href":173,"dataGaName":174,"dataGaLocation":463},{"text":611,"config":612},"Public sector",{"href":178,"dataGaName":179,"dataGaLocation":463},{"text":614,"config":615},"Education",{"href":616,"dataGaName":617,"dataGaLocation":463},"/solutions/education/","education",{"text":619,"config":620},"Financial services",{"href":621,"dataGaName":622,"dataGaLocation":463},"/solutions/finance/","financial services",{"title":186,"links":624},[625,627,629,631,634,636,638,640,642,644,646,648],{"text":198,"config":626},{"href":200,"dataGaName":201,"dataGaLocation":463},{"text":203,"config":628},{"href":205,"dataGaName":206,"dataGaLocation":463},{"text":208,"config":630},{"href":210,"dataGaName":211,"dataGaLocation":463},{"text":213,"config":632},{"href":215,"dataGaName":633,"dataGaLocation":463},"docs",{"text":236,"config":635},{"href":238,"dataGaName":239,"dataGaLocation":463},{"text":231,"config":637},{"href":233,"dataGaName":234,"dataGaLocation":463},{"text":241,"config":639},{"href":243,"dataGaName":244,"dataGaLocation":463},{"text":249,"config":641},{"href":251,"dataGaName":252,"dataGaLocation":463},{"text":254,"config":643},{"href":256,"dataGaName":257,"dataGaLocation":463},{"text":259,"config":645},{"href":261,"dataGaName":262,"dataGaLocation":463},{"text":264,"config":647},{"href":266,"dataGaName":267,"dataGaLocation":463},{"text":269,"config":649},{"href":271,"dataGaName":272,"dataGaLocation":463},{"title":287,"links":651},[652,654,656,658,660,662,664,668,673,675,677,679],{"text":294,"config":653},{"href":296,"dataGaName":289,"dataGaLocation":463},{"text":299,"config":655},{"href":301,"dataGaName":302,"dataGaLocation":463},{"text":307,"config":657},{"href":309,"dataGaName":310,"dataGaLocation":463},{"text":312,"config":659},{"href":314,"dataGaName":315,"dataGaLocation":463},{"text":317,"config":661},{"href":319,"dataGaName":320,"dataGaLocation":463},{"text":322,"config":663},{"href":324,"dataGaName":325,"dataGaLocation":463},{"text":665,"config":666},"Sustainability",{"href":667,"dataGaName":665,"dataGaLocation":463},"/sustainability/",{"text":669,"config":670},"Diversity, inclusion and belonging (DIB)",{"href":671,"dataGaName":672,"dataGaLocation":463},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":327,"config":674},{"href":329,"dataGaName":330,"dataGaLocation":463},{"text":337,"config":676},{"href":339,"dataGaName":340,"dataGaLocation":463},{"text":342,"config":678},{"href":344,"dataGaName":345,"dataGaLocation":463},{"text":680,"config":681},"Modern Slavery Transparency Statement",{"href":682,"dataGaName":683,"dataGaLocation":463},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":685},[686,689,692],{"text":687,"config":688},"Terms",{"href":515,"dataGaName":516,"dataGaLocation":463},{"text":690,"config":691},"Cookies",{"dataGaName":525,"dataGaLocation":463,"id":526,"isOneTrustButton":27},{"text":693,"config":694},"Privacy",{"href":520,"dataGaName":521,"dataGaLocation":463},[696],{"id":697,"title":18,"body":8,"config":698,"content":700,"description":8,"extension":25,"meta":704,"navigation":27,"path":705,"seo":706,"stem":707,"__hash__":708},"blogAuthors/en-us/blog/authors/michael-friedrich.yml",{"template":699},"BlogAuthor",{"name":18,"config":701},{"headshot":702,"ctfId":703},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659879/Blog/Author%20Headshots/dnsmichi-headshot.jpg","dnsmichi",{},"/en-us/blog/authors/michael-friedrich",{},"en-us/blog/authors/michael-friedrich","lJ-nfRIhdG49Arfrxdn1Vv4UppwD51BB13S3HwIswt4",[710,725,738],{"content":711,"config":723},{"body":712,"title":713,"description":714,"authors":715,"heroImage":717,"date":718,"category":9,"tags":719},"Most CI/CD tools can run a build and ship a deployment. Where they diverge is what happens when your delivery needs get real: a monorepo with a dozen services, microservices spread across multiple repositories, deployments to dozens of environments, or a platform team trying to enforce standards without becoming a bottleneck.\n \nGitLab's pipeline execution model was designed for that complexity. Parent-child pipelines, DAG execution, dynamic pipeline generation, multi-project triggers, merge request pipelines with merged results, and CI/CD Components each solve a distinct class of problems. Because they compose, understanding the full model unlocks something more than a faster pipeline. In this article, you'll learn about the five patterns where that model stands out, each mapped to a real engineering scenario with the configuration to match.\n \nThe configs below are illustrative. The scripts use echo commands to keep the signal-to-noise ratio low. Swap them out for your actual build, test, and deploy steps and they are ready to use.\n\n\n## 1. Monorepos: Parent-child pipelines + DAG execution\n\n\nThe problem: Your monorepo has a frontend, a backend, and a docs site. Every commit triggers a full rebuild of everything, even when only a README changed.\n\n\nGitLab solves this with two complementary features: [parent-child pipelines](https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#parent-child-pipelines) (which let a top-level pipeline spawn isolated sub-pipelines) and [DAG execution via `needs`](https://docs.gitlab.com/ci/yaml/#needs) (which breaks rigid stage-by-stage ordering and lets jobs start the moment their dependencies finish).\n\n\nA parent pipeline detects what changed and triggers only the relevant child pipelines:\n\n```yaml\n# .gitlab-ci.yml\nstages:\n - trigger\n\ntrigger-services:\n stage: trigger\n trigger:\n include:\n - local: '.gitlab/ci/api-service.yml'\n - local: '.gitlab/ci/web-service.yml'\n - local: '.gitlab/ci/worker-service.yml'\n strategy: depend\n```\n\n\nEach child pipeline is a fully independent pipeline with its own stages, jobs, and artifacts. The parent waits for all of them via [strategy: depend](https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#wait-for-downstream-pipeline-to-complete) so you get a single green/red signal at the top level, with full drill-down into each service's pipeline. This organizational separation is the bigger win for large teams: each service owns its pipeline config, changes in one cannot break another, and the complexity stays manageable as the repo grows.\n\n\nOne thing worth knowing: when you pass [multiple files to a single `trigger: include:`](https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#combine-multiple-child-pipeline-configuration-files), GitLab merges them into a single child pipeline configuration. This means jobs defined across those files share the same pipeline context and can reference each other with `needs:`, which is what makes the DAG optimization possible. If you split them into separate trigger jobs instead, each would be its own isolated pipeline and cross-file `needs:` references would not work.\n\n\nCombine this with `needs:` inside each child pipeline and you get DAG execution. Your integration tests can start the moment the build finishes, without waiting for other jobs in the same stage.\n\n```yaml\n# .gitlab/ci/api-service.yml\nstages:\n - build\n - test\n\nbuild-api:\n stage: build\n script:\n - echo \"Building API service\"\n\ntest-api:\n stage: test\n needs: [build-api]\n script:\n - echo \"Running API tests\"\n```\n\n\nWhy it matters: Teams with large monorepos typically report significant reductions in pipeline runtime after switching to DAG execution, since jobs no longer wait on unrelated work in the same stage. Parent-child pipelines add the organizational layer that keeps the configuration maintainable as the repo and team grow.\n\n![Local downstream pipelines](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738759/Blog/Imported/hackathon-fake-blog-post-s/image3_vwj3rz.png \"Local downstream pipelines\")\n\n## 2. Microservices: Cross-repo, multi-project pipelines\n\n\nThe problem: Your frontend lives in one repo, your backend in another. When the frontend team ships a change, they have no visibility into whether it broke the backend integration and vice versa.\n\n\nGitLab's [multi-project pipelines](https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#multi-project-pipelines) let one project trigger a pipeline in a completely separate project and wait for the result. The triggering project gets a linked downstream pipeline right in its own pipeline view.\n\n\nThe frontend pipeline builds an API contract artifact and publishes it, then triggers the backend pipeline. The backend fetches that artifact directly using the [Jobs API](https://docs.gitlab.com/ee/api/jobs.html#download-a-single-artifact-file-from-specific-tag-or-branch) and validates it before allowing anything to proceed. If a breaking change is detected, the backend pipeline fails and the frontend pipeline fails with it.\n\n```yaml\n# frontend repo: .gitlab-ci.yml\nstages:\n - build\n - test\n - trigger-backend\n\nbuild-frontend:\n stage: build\n script:\n - echo \"Building frontend and generating API contract...\"\n - mkdir -p dist\n - |\n echo '{\n \"api_version\": \"v2\",\n \"breaking_changes\": false\n }' > dist/api-contract.json\n - cat dist/api-contract.json\n artifacts:\n paths:\n - dist/api-contract.json\n expire_in: 1 hour\n\ntest-frontend:\n stage: test\n script:\n - echo \"All frontend tests passed!\"\n\ntrigger-backend-pipeline:\n stage: trigger-backend\n trigger:\n project: my-org/backend-service\n branch: main\n strategy: depend\n rules:\n - if: $CI_COMMIT_BRANCH == \"main\"\n```\n\n```yaml\n# backend repo: .gitlab-ci.yml\nstages:\n - build\n - test\n\nbuild-backend:\n stage: build\n script:\n - echo \"All backend tests passed!\"\n\nintegration-test:\n stage: test\n rules:\n - if: $CI_PIPELINE_SOURCE == \"pipeline\"\n script:\n - echo \"Fetching API contract from frontend...\"\n - |\n curl --silent --fail \\\n --header \"JOB-TOKEN: $CI_JOB_TOKEN\" \\\n --output api-contract.json \\\n \"${CI_API_V4_URL}/projects/${FRONTEND_PROJECT_ID}/jobs/artifacts/main/raw/dist/api-contract.json?job=build-frontend\"\n - cat api-contract.json\n - |\n if grep -q '\"breaking_changes\": true' api-contract.json; then\n echo \"FAIL: Breaking API changes detected - backend integration blocked!\"\n exit 1\n fi\n echo \"PASS: API contract is compatible!\"\n```\n\n\nA few things worth noting in this config. The `integration-test` job uses `$CI_PIPELINE_SOURCE == \"pipeline\"` to ensure it only runs when triggered by an upstream pipeline, not on a standalone push to the backend repo. The frontend project ID is referenced via `$FRONTEND_PROJECT_ID`, which should be set as a [CI/CD variable](https://docs.gitlab.com/ci/variables/) in the backend project settings to avoid hardcoding it.\n\n\nWhy it matters: Cross-service breakage that previously surfaced in production gets caught in the pipeline instead. The dependency between services stops being invisible and becomes something teams can see, track, and act on.\n\n\n![Cross-project pipelines](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738762/Blog/Imported/hackathon-fake-blog-post-s/image4_h6mfsb.png \"Cross-project pipelines\")\n\n\n## 3. Multi-tenant / matrix deployments: Dynamic child pipelines\n\n\nThe problem: You deploy the same application to 15 customer environments, or three cloud regions, or dev/staging/prod. Updating a deploy stage across all of them one by one is the kind of work that leads to configuration drift. Writing a separate pipeline for each environment is unmaintainable from day one.\n\n\nGitLab's [dynamic child pipelines](https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#dynamic-child-pipelines) let you generate a pipeline at runtime. A job runs a script that produces a YAML file, and that YAML becomes the pipeline for the next stage. The pipeline structure itself becomes data.\n\n\n```yaml\n# .gitlab-ci.yml\nstages:\n - generate\n - trigger-environments\n\ngenerate-config:\n stage: generate\n script:\n - |\n # ENVIRONMENTS can be passed as a CI variable or read from a config file.\n # Default to dev, staging, prod if not set.\n ENVIRONMENTS=${ENVIRONMENTS:-\"dev staging prod\"}\n for ENV in $ENVIRONMENTS; do\n cat > ${ENV}-pipeline.yml \u003C\u003C EOF\n stages:\n - deploy\n - verify\n deploy-${ENV}:\n stage: deploy\n script:\n - echo \"Deploying to ${ENV} environment\"\n verify-${ENV}:\n stage: verify\n script:\n - echo \"Running smoke tests on ${ENV}\"\n EOF\n done\n artifacts:\n paths:\n - \"*.yml\"\n exclude:\n - \".gitlab-ci.yml\"\n\n.trigger-template:\n stage: trigger-environments\n trigger:\n strategy: depend\n\ntrigger-dev:\n extends: .trigger-template\n trigger:\n include:\n - artifact: dev-pipeline.yml\n job: generate-config\n\ntrigger-staging:\n extends: .trigger-template\n needs: [trigger-dev]\n trigger:\n include:\n - artifact: staging-pipeline.yml\n job: generate-config\n\ntrigger-prod:\n extends: .trigger-template\n needs: [trigger-staging]\n trigger:\n include:\n - artifact: prod-pipeline.yml\n job: generate-config\n when: manual\n```\n\n\nThe generation script loops over an `ENVIRONMENTS` variable rather than hardcoding each environment separately. Pass in a different list via a CI variable or read it from a config file and the pipeline adapts without touching the YAML. The trigger jobs use [extends:](https://docs.gitlab.com/ci/yaml/#extends) to inherit shared configuration from `.trigger-template`, so `strategy: depend` is defined once rather than repeated on every trigger job. Add a new environment by updating the variable, not by duplicating pipeline config. Add [when: manual](https://docs.gitlab.com/ci/yaml/#when) to the production trigger and you get a promotion gate baked right into the pipeline graph.\n\n\nWhy it matters: SaaS companies and platform teams use this pattern to manage dozens of environments without duplicating pipeline logic. The pipeline structure itself stays lean as the deployment matrix grows.\n\n\n![Dynamic pipeline](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738765/Blog/Imported/hackathon-fake-blog-post-s/image7_wr0kx2.png \"Dynamic pipeline\")\n\n\n## 4. MR-first delivery: Merge request pipelines, merged results, and workflow routing\n\n\nThe problem: Your pipeline runs on every push to every branch. Expensive tests run on feature branches that will never merge. Meanwhile, you have no guarantee that what you tested is actually what will land on `main` after a merge.\n\n\nGitLab has three interlocking features that solve this together:\n\n\n* [Merge request pipelines](https://docs.gitlab.com/ci/pipelines/merge_request_pipelines/) run only when a merge request exists, not on every branch push. This alone eliminates a significant amount of wasted compute.\n\n* [Merged results pipelines](https://docs.gitlab.com/ci/pipelines/merged_results_pipelines/) go further. GitLab creates a temporary merge commit (your branch plus the current target branch) and runs the pipeline against that. You are testing what will actually exist after the merge, not just your branch in isolation.\n\n* [Workflow rules](https://docs.gitlab.com/ci/yaml/workflow/) let you define exactly which pipeline type runs under which conditions and suppress everything else. The `$CI_OPEN_MERGE_REQUESTS` guard below prevents duplicate pipelines firing for both a branch and its open MR simultaneously.\n\n\nWith those three working together, here is what a tiered pipeline looks like:\n\n```yaml\n# .gitlab-ci.yml\nworkflow:\n rules:\n - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS\n when: never\n - if: $CI_COMMIT_BRANCH\n - if: $CI_PIPELINE_SOURCE == \"schedule\"\n\nstages:\n - fast-checks\n - expensive-tests\n - deploy\n\nlint-code:\n stage: fast-checks\n script:\n - echo \"Running linter\"\n rules:\n - if: $CI_PIPELINE_SOURCE == \"push\"\n - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n - if: $CI_COMMIT_BRANCH == \"main\"\n\nunit-tests:\n stage: fast-checks\n script:\n - echo \"Running unit tests\"\n rules:\n - if: $CI_PIPELINE_SOURCE == \"push\"\n - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n - if: $CI_COMMIT_BRANCH == \"main\"\n\nintegration-tests:\n stage: expensive-tests\n script:\n - echo \"Running integration tests (15 min)\"\n rules:\n - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n - if: $CI_COMMIT_BRANCH == \"main\"\n\ne2e-tests:\n stage: expensive-tests\n script:\n - echo \"Running E2E tests (30 min)\"\n rules:\n - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n - if: $CI_COMMIT_BRANCH == \"main\"\n\nnightly-comprehensive-scan:\n stage: expensive-tests\n script:\n - echo \"Running full nightly suite (2 hours)\"\n rules:\n - if: $CI_PIPELINE_SOURCE == \"schedule\"\n\ndeploy-production:\n stage: deploy\n script:\n - echo \"Deploying to production\"\n rules:\n - if: $CI_COMMIT_BRANCH == \"main\"\n when: manual\n```\n\nWith this setup, the pipeline behaves differently depending on context. A push to a feature branch with no open MR runs lint and unit tests only. Once an MR is opened, the workflow rules switch from a branch pipeline to an MR pipeline, and the full integration and E2E suite runs against the merged result. Merging to `main` queues a manual production deployment. A nightly schedule runs the comprehensive scan once, not on every commit.\n\n\nWhy it matters: Teams routinely cut CI costs significantly with this pattern, not by running fewer tests, but by running the right tests at the right time. Merged results pipelines catch the class of bugs that only appear after a merge, before they ever reach `main`.\n\n\n![Conditional pipelines (within a branch with no MR)](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738768/Blog/Imported/hackathon-fake-blog-post-s/image6_dnfcny.png \"Conditional pipelines (within a branch with no MR)\")\n\n\n\n![Conditional pipelines (within an MR)](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738772/Blog/Imported/hackathon-fake-blog-post-s/image1_wyiafu.png \"Conditional pipelines (within an MR)\")\n\n\n\n![Conditional pipelines (on the main branch)](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738774/Blog/Imported/hackathon-fake-blog-post-s/image5_r6lkfd.png \"Conditional pipelines (on the main branch)\")\n\n## 5. Governed pipelines: CI/CD Components\n\n\nThe problem: Your platform team has defined the right way to build, test, and deploy. But every team has their own `.gitlab-ci.yml` with subtle variations. Security scanning gets skipped. Deployment standards drift. Audits are painful.\n\n\nGitLab [CI/CD Components](https://docs.gitlab.com/ci/components/) let platform teams publish versioned, reusable pipeline building blocks. Application teams consume them with a single `include:` line and optional inputs — no copy-paste, no drift. Components are discoverable through the [CI/CD Catalog](https://docs.gitlab.com/ci/components/#cicd-catalog), which means teams can find and adopt approved building blocks without needing to go through the platform team directly.\n\n\nHere is a component definition from a shared library:\n\n```yaml\n# templates/deploy.yml\nspec:\n inputs:\n stage:\n default: deploy\n environment:\n default: production\n---\ndeploy-job:\n stage: $[[ inputs.stage ]]\n script:\n - echo \"Deploying $APP_NAME to $[[ inputs.environment ]]\"\n - echo \"Deploy URL: $DEPLOY_URL\"\n environment:\n name: $[[ inputs.environment ]]\n```\nAnd here is how an application team consumes it:\n\n```yaml\n# Application repo: .gitlab-ci.yml\nvariables:\n APP_NAME: \"my-awesome-app\"\n DEPLOY_URL: \"https://api.example.com\"\n\ninclude:\n - component: gitlab.com/my-org/component-library/build@v1.0.6\n - component: gitlab.com/my-org/component-library/test@v1.0.6\n - component: gitlab.com/my-org/component-library/deploy@v1.0.6\n inputs:\n environment: staging\n\nstages:\n - build\n - test\n - deploy\n```\n\nThree lines of `include:` replace hundreds of lines of duplicated YAML. The platform team can push a security fix to `v1.0.7` and teams opt in on their own schedule — or the platform team can pin everyone to a minimum version. Either way, one change propagates everywhere instead of needing to be applied repo by repo.\n\n\nPair this with [resource groups](https://docs.gitlab.com/ci/resource_groups/) to prevent concurrent deployments to the same environment, and [protected environments](https://docs.gitlab.com/ci/environments/protected_environments/) to enforce approval gates - and you have a governed delivery platform where compliance is the default, not the exception.\n\n\nWhy it matters: This is the pattern that makes GitLab CI/CD scale across hundreds of teams. Platform engineering teams enforce compliance without becoming a bottleneck. Application teams get a fast path to a working pipeline without reinventing the wheel.\n\n\n![Component pipeline (imported jobs)](https://res.cloudinary.com/about-gitlab-com/image/upload/v1775738776/Blog/Imported/hackathon-fake-blog-post-s/image2_pizuxd.png \"Component pipeline (imported jobs)\")\n\n## Putting it all together\n\nNone of these features exist in isolation. The reason GitLab's pipeline model is worth understanding deeply is that these primitives compose:\n\n* A monorepo uses parent-child pipelines, and each child uses DAG execution\n\n* A microservices platform uses multi-project pipelines, and each project uses MR pipelines with merged results\n\n* A governed platform uses CI/CD components to standardize the patterns above across every team\n\n\nMost teams discover one of these features when they hit a specific pain point. The ones who invest in understanding the full model end up with a delivery system that actually reflects how their engineering organization works, not a pipeline that fights it.\n\n## Other patterns worth exploring\n\n\nThe five patterns above cover the most common structural pain points, but GitLab's pipeline model goes further. A few others worth looking into as your needs grow:\n\n\n* [Review apps with dynamic environments](https://docs.gitlab.com/ci/environments/) let you spin up a live preview for every feature branch and tear it down automatically when the MR closes. Useful for teams doing frontend work or API changes that need stakeholder sign-off before merging.\n\n* [Caching and artifact strategies](https://docs.gitlab.com/ci/caching/) are often the fastest way to cut pipeline runtime after the structural work is done. Structuring `cache:` keys around dependency lockfiles and being deliberate about what gets passed between jobs with [artifacts:](https://docs.gitlab.com/ci/yaml/#artifacts) can make a significant difference without changing your pipeline shape at all.\n\n* [Scheduled and API-triggered pipelines](https://docs.gitlab.com/ci/pipelines/schedules/) are worth knowing about because not everything should run on a code push. Nightly security scans, compliance reports, and release automation are better modeled as scheduled or [API-triggered](https://docs.gitlab.com/ci/triggers/) pipelines with `$CI_PIPELINE_SOURCE` routing the right jobs for each context.\n\n## How to get started\n\nModern software delivery is complex. Teams are managing monorepos with dozens of services, coordinating across multiple repositories, deploying to many environments at once, and trying to keep standards consistent as organizations grow. GitLab's pipeline model was built with all of that in mind.\n\nWhat makes it worth investing time in is how well the pieces fit together. Parent-child pipelines bring structure to large codebases. Multi-project pipelines make cross-team dependencies visible and testable. Dynamic pipelines turn environment management into something that scales gracefully. MR-first delivery with merged results ensures confidence at every step of the review process. And CI/CD Components give platform teams a way to share best practices across an entire organization without becoming a bottleneck.\n\nEach of these features is powerful on its own, and even more so when combined. GitLab gives you the building blocks to design a delivery system that fits how your team actually works, and grows with you as your needs evolve.\n\n> [Start a free trial of GitLab Ultimate](https://about.gitlab.com/free-trial/) to use pipeline logic today.\n\n## Read more\n\n* [Variable and artifact sharing in GitLab parent-child pipelines](https://about.gitlab.com/blog/variable-and-artifact-sharing-in-gitlab-parent-child-pipelines/)\n* [CI/CD inputs: Secure and preferred method to pass parameters to a pipeline](https://about.gitlab.com/blog/ci-cd-inputs-secure-and-preferred-method-to-pass-parameters-to-a-pipeline/)\n* [Tutorial: How to set up your first GitLab CI/CD component](https://about.gitlab.com/blog/tutorial-how-to-set-up-your-first-gitlab-ci-cd-component/)\n* [How to include file references in your CI/CD components](https://about.gitlab.com/blog/how-to-include-file-references-in-your-ci-cd-components/)\n* [FAQ: GitLab CI/CD Catalog](https://about.gitlab.com/blog/faq-gitlab-ci-cd-catalog/)\n* [Building a GitLab CI/CD pipeline for a monorepo the easy way](https://about.gitlab.com/blog/building-a-gitlab-ci-cd-pipeline-for-a-monorepo-the-easy-way/)\n* [A CI/CD component builder's journey](https://about.gitlab.com/blog/a-ci-component-builders-journey/)\n* [CI/CD Catalog goes GA: No more building pipelines from scratch](https://about.gitlab.com/blog/ci-cd-catalog-goes-ga-no-more-building-pipelines-from-scratch/)","5 ways GitLab pipeline logic solves real engineering problems","Learn how to scale CI/CD with composable patterns for monorepos, microservices, environments, and governance.",[716],"Omid Khan","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772721753/frfsm1qfscwrmsyzj1qn.png","2026-04-09",[104,720,721,722],"DevOps platform","tutorial","features",{"featured":27,"template":13,"slug":724},"5-ways-gitlab-pipeline-logic-solves-real-engineering-problems",{"content":726,"config":736},{"title":727,"description":728,"authors":729,"heroImage":731,"date":732,"body":733,"category":9,"tags":734},"How to use GitLab Container Virtual Registry with Docker Hardened Images","Learn how to simplify container image management with this step-by-step guide.",[730],"Tim Rizzi","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772111172/mwhgbjawn62kymfwrhle.png","2026-03-12","If you're a platform engineer, you've probably had this conversation:\n \n*\"Security says we need to use hardened base images.\"*\n\n*\"Great, where do I configure credentials for yet another registry?\"*\n\n*\"Also, how do we make sure everyone actually uses them?\"*\n\nOr this one:\n\n*\"Why are our builds so slow?\"*\n\n*\"We're pulling the same 500MB image from Docker Hub in every single job.\"*\n\n*\"Can't we just cache these somewhere?\"*\n\nI've been working on [Container Virtual Registry](https://docs.gitlab.com/user/packages/virtual_registry/container/) at GitLab specifically to solve these problems. It's a pull-through cache that sits in front of your upstream registries — Docker Hub, dhi.io (Docker Hardened Images), MCR, and Quay — and gives your teams a single endpoint to pull from. Images get cached on the first pull. Subsequent pulls come from the cache. Your developers don't need to know or care which upstream a particular image came from.\n\nThis article shows you how to set up Container Virtual Registry, specifically with Docker Hardened Images in mind, since that's a combination that makes a lot of sense for teams concerned about security and not making their developers' lives harder.\n\n## What problem are we actually solving?\n\nThe Platform teams I usually talk to manage container images across three to five registries:\n\n* **Docker Hub** for most base images\n* **dhi.io** for Docker Hardened Images (security-conscious workloads)\n* **MCR** for .NET and Azure tooling\n* **Quay.io** for Red Hat ecosystem stuff\n* **Internal registries** for proprietary images\n\nEach one has its own:\n\n* Authentication mechanism\n* Network latency characteristics\n* Way of organizing image paths\n\nYour CI/CD configs end up littered with registry-specific logic. Credential management becomes a project unto itself. And every pipeline job pulls the same base images over the network, even though they haven't changed in weeks.\n\nContainer Virtual Registry consolidates this. One registry URL. One authentication flow (GitLab's). Cached images are served from GitLab's infrastructure rather than traversing the internet each time.\n\n## How it works\n\nThe model is straightforward:\n\n```text\nYour pipeline pulls:\n gitlab.com/virtual_registries/container/1000016/python:3.13\n\nVirtual registry checks:\n 1. Do I have this cached? → Return it\n 2. No? → Fetch from upstream, cache it, return it\n\n```\n\nYou configure upstreams in priority order. When a pull request comes in, the virtual registry checks each upstream until it finds the image. The result gets cached for a configurable period (default 24 hours).\n\n```text\n┌─────────────────────────────────────────────────────────┐\n│ CI/CD Pipeline │\n│ │ │\n│ ▼ │\n│ gitlab.com/virtual_registries/container/\u003Cid>/image │\n└─────────────────────────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────────────────┐\n│ Container Virtual Registry │\n│ │\n│ Upstream 1: Docker Hub ────────────────┐ │\n│ Upstream 2: dhi.io (Hardened) ────────┐│ │\n│ Upstream 3: MCR ─────────────────────┐││ │\n│ Upstream 4: Quay.io ────────────────┐│││ │\n│ ││││ │\n│ ┌─────────────────┴┴┴┴──┐ │\n│ │ Cache │ │\n│ │ (manifests + layers) │ │\n│ └───────────────────────┘ │\n└─────────────────────────────────────────────────────────┘\n```\n\n## Why this matters for Docker Hardened Images\n\n[Docker Hardened Images](https://docs.docker.com/dhi/) are great because of the minimal attack surface, near-zero CVEs, proper software bills of materials (SBOMs), and SLSA provenance. If you're evaluating base images for security-sensitive workloads, they should be on your list.\n\nBut adopting them creates the same operational friction as any new registry:\n\n* **Credential distribution**: You need to get Docker credentials to every system that pulls images from dhi.io.\n* **CI/CD changes**: Every pipeline needs to be updated to authenticate with dhi.io.\n* **Developer friction**: People need to remember to use the hardened variants.\n* **Visibility gap**: It's difficult to tell if teams are actually using hardened images vs. regular ones.\n\nVirtual registry addresses each of these:\n\n**Single credential**: Teams authenticate to GitLab. The virtual registry handles upstream authentication. You configure Docker credentials once, at the registry level, and they apply to all pulls.\n\n**No CI/CD changes per-team**: Point pipelines at your virtual registry. Done. The upstream configuration is centralized.\n\n**Gradual adoption**: Since images get cached with their full path, you can see in the cache what's being pulled. If someone's pulling `library/python:3.11` instead of the hardened variant, you'll know.\n\n**Audit trail**: The cache shows you exactly which images are in active use. Useful for compliance, useful for understanding what your fleet actually depends on.\n\n## Setting it up\n\nHere's a real setup using the Python client from this demo project.\n\n### Create the virtual registry\n\n```python\nfrom virtual_registry_client import VirtualRegistryClient\n\nclient = VirtualRegistryClient()\n\nregistry = client.create_virtual_registry(\n group_id=\"785414\", # Your top-level group ID\n name=\"platform-images\",\n description=\"Cached container images for platform teams\"\n)\n\nprint(f\"Registry ID: {registry['id']}\")\n# You'll need this ID for the pull URL\n```\n\n### Add Docker Hub as an upstream\n\nFor official images like Alpine, Python, etc.:\n\n```python\ndocker_upstream = client.create_upstream(\n registry_id=registry['id'],\n url=\"https://registry-1.docker.io\",\n name=\"Docker Hub\",\n cache_validity_hours=24\n)\n```\n\n### Add Docker Hardened Images (dhi.io)\n\nDocker Hardened Images are hosted on `dhi.io`, a separate registry that requires authentication:\n\n```python\ndhi_upstream = client.create_upstream(\n registry_id=registry['id'],\n url=\"https://dhi.io\",\n name=\"Docker Hardened Images\",\n username=\"your-docker-username\",\n password=\"your-docker-access-token\",\n cache_validity_hours=24\n)\n```\n\n### Add other upstreams\n\n```python\n# MCR for .NET teams\nclient.create_upstream(\n registry_id=registry['id'],\n url=\"https://mcr.microsoft.com\",\n name=\"Microsoft Container Registry\",\n cache_validity_hours=48\n)\n\n# Quay for Red Hat stuff\nclient.create_upstream(\n registry_id=registry['id'],\n url=\"https://quay.io\",\n name=\"Quay.io\",\n cache_validity_hours=24\n)\n```\n\n### Update your CI/CD\n\nHere's a `.gitlab-ci.yml` that pulls through the virtual registry:\n\n```yaml\nvariables:\n VIRTUAL_REGISTRY_ID: \u003Cyour_virtual_registry_ID>\n\n \nbuild:\n image: docker:24\n services:\n - docker:24-dind\n before_script:\n # Authenticate to GitLab (which handles upstream auth for you)\n - echo \"${CI_JOB_TOKEN}\" | docker login -u gitlab-ci-token --password-stdin gitlab.com\n script:\n # All of these go through your single virtual registry\n \n # Official Docker Hub images (use library/ prefix)\n - docker pull gitlab.com/virtual_registries/container/${VIRTUAL_REGISTRY_ID}/library/alpine:latest\n \n # Docker Hardened Images from dhi.io (no prefix needed)\n - docker pull gitlab.com/virtual_registries/container/${VIRTUAL_REGISTRY_ID}/python:3.13\n \n # .NET from MCR\n - docker pull gitlab.com/virtual_registries/container/${VIRTUAL_REGISTRY_ID}/dotnet/sdk:8.0\n```\n\n### Image path formats\n\nDifferent registries use different path conventions:\n\n| Registry | Pull URL Example |\n|----------|------------------|\n| Docker Hub (official) | `.../library/python:3.11-slim` |\n| Docker Hardened Images (dhi.io) | `.../python:3.13` |\n| MCR | `.../dotnet/sdk:8.0` |\n| Quay.io | `.../prometheus/prometheus:latest` |\n\n### Verify it's working\n\nAfter some pulls, check your cache:\n\n```python\nupstreams = client.list_registry_upstreams(registry['id'])\nfor upstream in upstreams:\n entries = client.list_cache_entries(upstream['id'])\n print(f\"{upstream['name']}: {len(entries)} cached entries\")\n\n```\n\n## What the numbers look like\n\nI ran tests pulling images through the virtual registry:\n\n| Metric | Without Cache | With Warm Cache |\n|--------|---------------|-----------------|\n| Pull time (Alpine) | 10.3s | 4.2s |\n| Pull time (Python 3.13 DHI) | 11.6s | ~4s |\n| Network roundtrips to upstream | Every pull | Cache misses only |\n\n\n\n\nThe first pull is the same speed (it has to fetch from upstream). Every pull after that, for the cache validity period, comes straight from GitLab's storage. No network hop to Docker Hub, dhi.io, MCR, or wherever the image lives.\n\nFor a team running hundreds of pipeline jobs per day, that's hours of cumulative build time saved.\n\n## Practical considerations\nHere are some considerations to keep in mind:\n\n### Cache validity\n\n24 hours is the default. For security-sensitive images where you want patches quickly, consider 12 hours or less:\n\n```python\nclient.create_upstream(\n registry_id=registry['id'],\n url=\"https://dhi.io\",\n name=\"Docker Hardened Images\",\n username=\"your-username\",\n password=\"your-token\",\n cache_validity_hours=12\n)\n```\n\nFor stable, infrequently-updated images (like specific version tags), longer validity is fine.\n\n### Upstream priority\n\nUpstreams are checked in order. If you have images with the same name on different registries, the first matching upstream wins.\n\n### Limits\n\n* Maximum of 20 virtual registries per group\n* Maximum of 20 upstreams per virtual registry\n\n## Configuration via UI\n\nYou can also configure virtual registries and upstreams directly from the GitLab UI—no API calls required. Navigate to your group's **Settings > Packages and registries > Virtual Registry** to:\n\n* Create and manage virtual registries\n* Add, edit, and reorder upstream registries\n* View and manage the cache\n* Monitor which images are being pulled\n\n## What's next\n\nWe're actively developing:\n\n* **Allow/deny lists**: Use regex to control which images can be pulled from specific upstreams.\n\nThis is beta software. It works, people are using it in production, but we're still iterating based on feedback.\n\n## Share your feedback\n\nIf you're a platform engineer dealing with container registry sprawl, I'd like to understand your setup:\n\n* How many upstream registries are you managing?\n* What's your biggest pain point with the current state?\n* Would something like this help, and if not, what's missing?\n\nPlease share your experiences in the [Container Virtual Registry feedback issue](https://gitlab.com/gitlab-org/gitlab/-/work_items/589630).\n## Related resources\n- [New GitLab metrics and registry features help reduce CI/CD bottlenecks](https://about.gitlab.com/blog/new-gitlab-metrics-and-registry-features-help-reduce-ci-cd-bottlenecks/#container-virtual-registry)\n- [Container Virtual Registry documentation](https://docs.gitlab.com/user/packages/virtual_registry/container/)\n- [Container Virtual Registry API](https://docs.gitlab.com/api/container_virtual_registries/)",[721,735,722],"product",{"featured":12,"template":13,"slug":737},"using-gitlab-container-virtual-registry-with-docker-hardened-images",{"content":739,"config":749},{"title":740,"description":741,"authors":742,"heroImage":744,"date":745,"category":9,"tags":746,"body":748},"How IIT Bombay students are coding the future with GitLab","At GitLab, we often talk about how software accelerates innovation. But sometimes, you have to step away from the Zoom calls and stand in a crowded university hall to remember why we do this.",[743],"Nick Veenhof","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099013/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2814%29_6VTUA8mUhOZNDaRVNPeKwl_1750099012960.png","2026-01-08",[257,617,747],"open source","The GitLab team recently had the privilege of judging the **iHack Hackathon** at **IIT Bombay's E-Summit**. The energy was electric, the coffee was flowing, and the talent was undeniable. But what struck us most wasn't just the code — it was the sheer determination of students to solve real-world problems, often overcoming significant logistical and financial hurdles to simply be in the room.\n\n\nThrough our [GitLab for Education program](https://about.gitlab.com/solutions/education/), we aim to empower the next generation of developers with tools and opportunity. Here is a look at what the students built, and how they used GitLab to bridge the gap between idea and reality.\n\n## The challenge: Build faster, build securely\n\nThe premise for the GitLab track of the hackathon was simple: Don't just show us a product; show us how you built it. We wanted to see how students utilized GitLab's platform — from Issue Boards to CI/CD pipelines — to accelerate the development lifecycle.\n\nThe results were inspiring.\n\n## The winners\n\n### 1st place: Team Decode — Democratizing Scientific Research\n\n**Project:** FIRE (Fast Integrated Research Environment)\n\nTeam Decode took home the top prize with a solution that warms a developer's heart: a local-first, blazing-fast data processing tool built with [Rust](https://about.gitlab.com/blog/secure-rust-development-with-gitlab/) and Tauri. They identified a massive pain point for data science students: existing tools are fragmented, slow, and expensive.\n\nTheir solution, FIRE, allows researchers to visualize complex formats (like NetCDF) instantly. What impressed the judges most was their \"hacker\" ethos. They didn't just build a tool; they built it to be open and accessible.\n\n**How they used GitLab:** Since the team lived far apart, asynchronous communication was key. They utilized **GitLab Issue Boards** and **Milestones** to track progress and integrated their repo with Telegram to get real-time push notifications. As one team member noted, \"Coordinating all these technologies was really difficult, and what helped us was GitLab... the Issue Board really helped us track who was doing what.\"\n\n![Team Decode](https://res.cloudinary.com/about-gitlab-com/image/upload/v1767380253/epqazj1jc5c7zkgqun9h.jpg)\n\n### 2nd place: Team BichdeHueDost — Reuniting to Solve Payments\n\n**Project:** SemiPay (RFID Cashless Payment for Schools)\n\nThe team name, BichdeHueDost, translates to \"Friends who have been set apart.\" It's a fitting name for a group of friends who went to different colleges but reunited to build this project. They tackled a unique problem: handling cash in schools for young children. Their solution used RFID cards backed by a blockchain ledger to ensure secure, cashless transactions for students.\n\n**How they used GitLab:** They utilized [GitLab CI/CD](https://about.gitlab.com/topics/ci-cd/) to automate the build process for their Flutter application (APK), ensuring that every commit resulted in a testable artifact. This allowed them to iterate quickly despite the \"flaky\" nature of cross-platform mobile development.\n\n![Team BichdeHueDost](https://res.cloudinary.com/about-gitlab-com/image/upload/v1767380253/pkukrjgx2miukb6nrj5g.jpg)\n\n### 3rd place: Team ZenYukti — Agentic Repository Intelligence\n\n**Project:** RepoInsight AI (AI-powered, GitLab-native intelligence platform)\n\nTeam ZenYukti impressed us with a solution that tackles a universal developer pain point: understanding unfamiliar codebases. What stood out to the judges was the tool's practical approach to onboarding and code comprehension: RepoInsight-AI automatically generates documentation, visualizes repository structure, and even helps identify bugs, all while maintaining context about the entire codebase.\n\n**How they used GitLab:** The team built a comprehensive CI/CD pipeline that showcased GitLab's security and DevOps capabilities. They integrated [GitLab's Security Templates](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Security) (SAST, Dependency Scanning, and Secret Detection), and utilized [GitLab Container Registry](https://docs.gitlab.com/user/packages/container_registry/) to manage their Docker images for backend and frontend components. They created an AI auto-review bot that runs on merge requests, demonstrating an \"agentic workflow\" where AI assists in the development process itself.\n\n![Team ZenYukti](https://res.cloudinary.com/about-gitlab-com/image/upload/v1767380253/ymlzqoruv5al1secatba.jpg)\n\n## Beyond the code: A lesson in inclusion\n\nWhile the code was impressive, the most powerful moment of the event happened away from the keyboard.\n\nDuring the feedback session, we learned about the journey Team ZenYukti took to get to Mumbai. They traveled over 24 hours, covering nearly 1,800 kilometers. Because flights were too expensive and trains were booked, they traveled in the \"General Coach,\" a non-reserved, severely overcrowded carriage.\n\nAs one student described it:\n\n*\"You cannot even imagine something like this... there are no seats... people sit on the top of the train. This is what we have endured.\"*\n\nThis hit home. [Diversity, Inclusion, and Belonging](https://handbook.gitlab.com/handbook/company/culture/inclusion/) are core values at GitLab. We realized that for these students, the barrier to entry wasn't intellect or skill, it was access.\n\nIn that moment, we decided to break that barrier. We committed to reimbursing the travel expenses for the participants who struggled to get there. It's a small step, but it underlines a massive truth: **talent is distributed equally, but opportunity is not.**\n\n![hackathon class together](https://res.cloudinary.com/about-gitlab-com/image/upload/v1767380252/o5aqmboquz8ehusxvgom.jpg)\n\n### The future is bright (and automated)\n\nWe also saw incredible potential in teams like Prometheus, who attempted to build an autonomous patch remediation tool (DevGuardian), and Team Arrakis, who built a voice-first job portal for blue-collar workers using [GitLab Duo](https://about.gitlab.com/gitlab-duo-agent-platform/) to troubleshoot their pipelines.\n\nTo all the students who participated: You are the future. Through [GitLab for Education](https://about.gitlab.com/solutions/education/), we are committed to providing you with the top-tier tools (like GitLab Ultimate) you need to learn, collaborate, and change the world — whether you are coding from a dorm room, a lab, or a train carriage. **Keep shipping.**\n\n> :bulb: Learn more about the [GitLab for Education program](https://about.gitlab.com/solutions/education/).\n",{"slug":750,"featured":12,"template":13},"how-iit-bombay-students-code-future-with-gitlab",{"promotions":752},[753,767,778,790],{"id":754,"categories":755,"header":757,"text":758,"button":759,"image":764},"ai-modernization",[756],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":760,"config":761},"Get your AI maturity score",{"href":762,"dataGaName":763,"dataGaLocation":239},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":765},{"src":766},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":768,"categories":769,"header":770,"text":758,"button":771,"image":775},"devops-modernization",[735,32],"Are you just managing tools or shipping innovation?",{"text":772,"config":773},"Get your DevOps maturity score",{"href":774,"dataGaName":763,"dataGaLocation":239},"/assessments/devops-modernization-assessment/",{"config":776},{"src":777},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":779,"categories":780,"header":782,"text":758,"button":783,"image":787},"security-modernization",[781],"security","Are you trading speed for security?",{"text":784,"config":785},"Get your security maturity score",{"href":786,"dataGaName":763,"dataGaLocation":239},"/assessments/security-modernization-assessment/",{"config":788},{"src":789},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":791,"paths":792,"header":795,"text":796,"button":797,"image":802},"github-azure-migration",[793,794],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":798,"config":799},"See how GitLab compares to GitHub",{"href":800,"dataGaName":801,"dataGaLocation":239},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":803},{"src":777},{"header":805,"blurb":806,"button":807,"secondaryButton":812},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":808,"config":809},"Get your free trial",{"href":810,"dataGaName":46,"dataGaLocation":811},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":501,"config":813},{"href":50,"dataGaName":51,"dataGaLocation":811},1776442952369]