[{"data":1,"prerenderedAt":1002},["ShallowReactive",2],{"/en-us/blog/harden-pipeline-perimeter-for-ai-assisted-coding":3,"navigation-en-us":233,"banner-en-us":649,"footer-en-us":657,"blog-post-authors-en-us-Vishal Thenge":900,"blog-related-posts-en-us-harden-pipeline-perimeter-for-ai-assisted-coding":916,"blog-promotions-en-us":939,"next-steps-en-us":992},{"id":4,"title":5,"authors":6,"body":8,"category":215,"date":216,"description":217,"extension":218,"externalUrl":219,"featured":220,"heroImage":221,"meta":222,"navigation":220,"path":223,"seo":224,"slug":227,"stem":228,"tags":229,"template":231,"updatedDate":219,"__hash__":232},"blogPosts/en-us/blog/harden-pipeline-perimeter-for-ai-assisted-coding.md","Harden your pipeline perimeter for the era of AI-assisted coding",[7],"Vishal Thenge",{"type":9,"value":10,"toc":207},"minimark",[11,15,18,21,26,29,83,87,90,137,141,144,188,192],[12,13,14],"p",{},"AI-assisted development is moving faster than the security models built to govern it — agents write code, open merge requests, and ship changes at a pace where vulnerabilities go unnoticed. The problem isn't a shortage of scanning tools; it's that security lives outside the workflow where decisions actually get made and policies become suggestions.",[12,16,17],{},"GitLab Ultimate changes that by making application security a core property of the platform itself, not a portal developers have to visit separately.",[12,19,20],{},"This article walks through the three compounding dimensions that make that possible — See, Enforce, and Fix — and why all three together are what turn GitLab into a true DevSecOps control plane for the AI-native software development lifecycle (SDLC).",[22,23,25],"h2",{"id":24},"you-cant-secure-what-you-cant-see","You can't secure what you can't see",[12,27,28],{},"Governance starts with seeing every project, every scanner, and every action across the SDLC. Per-project dashboards leave the gaps invisible, and gaps are where unenforced policy lives.",[30,31,32,49,58,66,74],"ul",{},[33,34,35,36,42,43,48],"li",{},"The ",[37,38,41],"a",{"href":39,"rel":40},"https://docs.gitlab.com/user/application_security/security_dashboard/",[],"Group Security Dashboard"," rolls up findings from Static Application Security Testing (SAST), Software Composition Analysis (SCA), secret detection, container scanning, Infrastructure as Code (IaC) scanning, Dynamic Application Security Testing (DAST), and fuzz testing. The dashboard shows results from across repositories in one view, without stitching exports from multiple tools. You get trends over time, risk sliced by business unit and exposure level, and the ",[37,44,47],{"href":45,"rel":46},"https://docs.gitlab.com/user/application_security/security_inventory/",[],"Security Inventory"," all in the same view. The Security Inventory surfaces projects with no grade because they have never been scanned, the gap most per-project dashboards never report.",[33,50,51,52,57],{},"GitLab Ultimate's application security surfaces identity risks that other scanners often ignore entirely. The ",[37,53,56],{"href":54,"rel":55},"https://docs.gitlab.com/administration/credentials_inventory/",[],"Credentials Inventory"," lists every token on the instance with owner, scopes, and expiry. One filter shows every active, non-revoked credentials, and compromised token. This allows you to immediately revoke compromised tokens without needing to write scripts in the middle of an incident.",[33,59,60,65],{},[37,61,64],{"href":62,"rel":63},"https://docs.gitlab.com/administration/settings/account_and_limit_settings/#limit-the-lifetime-of-access-tokens",[],"Token Lifetime Enforcement"," moves your rotation policy from on paper into a platform guardrail: no token active beyond the maximum you set.",[33,67,68,73],{},[37,69,72],{"href":70,"rel":71},"https://docs.gitlab.com/user/compliance/audit_event_streaming/",[],"Audit Event Streaming"," sends structured, timestamped events such as, token creation, permission changes, merge request (MR) approvals, and role modifications, to your Security Information and Event Management (SIEM) in real time. Every security-relevant action in GitLab is visible to your Security Operations Center as it happens, not reconstructed from logs after an incident.",[33,75,76,77,82],{},"Instantly search for open-source dependency exposure across your entire project portfolio using the ",[37,78,81],{"href":79,"rel":80},"https://docs.gitlab.com/user/application_security/dependency_list/",[],"group software bill of materials (SBOM)",".",[22,84,86],{"id":85},"you-cant-enforce-what-isnt-automated","You can't enforce what isn't automated",[12,88,89],{},"Enforcement is the difference between a policy that exists and a policy that runs. Documented policies require developers to remember them, configure them, and apply them on every change, which is hard at human speed and impossible at agent speed. GitLab enforces policy from inside the platform, on every pipeline, and every MR, no matter if a human or agent is making the change, to ensure security can keep pace with AI-assisted development to ship safely.",[30,91,92,105,113,121,129],{},[33,93,94,99,100,104],{},[37,95,98],{"href":96,"rel":97},"https://docs.gitlab.com/user/application_security/policies/scan_execution_policies/",[],"Scan Execution Policies"," inject mandatory SAST, SCA, and secret detection jobs into every pipeline targeting production. Developers don't write them, can't safely remove them, and can't skip them with ",[101,102,103],"code",{},"[skip ci]",". Set once at the group level and the permissions cascade to all projects automatically, no per-project config, no opt-outs.",[33,106,107,112],{},[37,108,111],{"href":109,"rel":110},"https://docs.gitlab.com/user/application_security/policies/pipeline_execution_policies/",[],"Pipeline Execution Policies"," (PEPs) go further and enforce a platform-owned CI template. This addresses the shadow pipeline problem. A team-built pipeline outside your governed templates runs with the same access and trust as a sanctioned one. PEPs close the gap — security jobs run regardless of what a project's pipeline contains.",[33,114,115,120],{},[37,116,119],{"href":117,"rel":118},"https://docs.gitlab.com/user/application_security/detect/roll_out_security_scanning/#merge-request-approval-policy",[],"MR Approval Policies"," encode what used to live in documentation: protected branches, minimum approvers, and code owner requirements.",[33,122,35,123,128],{},[37,124,127],{"href":125,"rel":126},"https://docs.gitlab.com/user/compliance/compliance_center/",[],"Compliance Center"," maps these to SOC 2, ISO 27001, NIST, and PCI DSS, with live dashboards and chain-of-custody reports replacing spreadsheet audits assembled the week before a review.",[33,130,131,136],{},[37,132,135],{"href":133,"rel":134},"https://docs.gitlab.com/user/application_security/secret_detection/secret_push_protection/",[],"Secret Push Protection"," blocks credentials at the pre-receive hook — before they ever reach Git history. The push is rejected with the file, line, and secret type. Bypass attempts are logged. Enforcement plus visibility in the same control.",[22,138,140],{"id":139},"you-cant-fix-what-developers-dont-understand","You can't fix what developers don't understand",[12,142,143],{},"Visibility and enforcement put findings in front of developers. The next question is how efficiently those findings get remediated. Backlogs of open vulnerabilities are one of the biggest challenges and risks in enterprise development, and the gap widens further when AI-assisted development pushes more code through the pipeline. GitLab Ultimate works from both perspectives — prevention and remediation — proactively blocks vulnerabilities from reaching the default branch while also streamlining the remediation of existing security debt. GitLab Ultimate closes findings inside the same workflow they were detected in, with context, prioritization, and AI-generated remediation that ship through the same approvals as any other change.",[30,145,146,154,162,171,179],{},[33,147,35,148,153],{},[37,149,152],{"href":150,"rel":151},"https://docs.gitlab.com/user/application_security/detect/roll_out_security_scanning/#merge-request-security-widget",[],"MR security widget"," surfaces SAST, SCA, container, IaC, and secret detection findings inline with the code diff — before the code reaches the default branch. Developers see what's new in this MR, where it is, and how to remediate it. No separate portal. No context switch. The right moment, in the right place.",[33,155,156,161],{},[37,157,160],{"href":158,"rel":159},"https://docs.gitlab.com/user/application_security/sast/gitlab_advanced_sast/",[],"Advanced SAST"," uses cross-file taint analysis to follow untrusted input across multiple functions and files — the way an attacker would reason about your code. Developers see the full code flow from source to sink.",[33,163,164,165,170],{},"GitLab Duo Agent Platform ",[37,166,169],{"href":167,"rel":168},"https://docs.gitlab.com/user/application_security/vulnerabilities/false_positive_detection/",[],"scores likely false positives"," and explains why, so teams focus on real risk instead of triaging noise from yet another scanner. Rather than wasting time on manual analysis, organizations leverage context-aware, AI-driven triaging to accelerate remediation.",[33,172,35,173,178],{},[37,174,177],{"href":175,"rel":176},"https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/security_analyst_agent/",[],"GitLab Duo Security Analyst Agent"," prioritizes those vulnerabilities — considering exploitability, exposure, and business context, not just Common Vulnerability Scoring System (CVSS) scores.",[33,180,181,182,187],{},"For high-impact SAST findings, ",[37,183,186],{"href":184,"rel":185},"https://docs.gitlab.com/user/application_security/vulnerabilities/agentic_vulnerability_resolution/",[],"Agentic Vulnerability Resolution"," opens a fix MR automatically: context is included. The developer reviews and merges, closing the loop without any security expertise.",[22,189,191],{"id":190},"get-started-today","Get started today",[12,193,194,195,200,201,206],{},"AI-assisted development is not slowing down, and the gap between policy on paper and policy in production is widening with every commit. GitLab Ultimate narrows that gap with every change, in the workflow where the code is written. ",[37,196,199],{"href":197,"rel":198},"https://about.gitlab.com/free-trial/",[],"Start a free trial"," or ",[37,202,205],{"href":203,"rel":204},"https://about.gitlab.com/sales/",[],"talk to a solutions architect"," to see the benefits in your pipeline.",{"title":208,"searchDepth":209,"depth":209,"links":210},"",2,[211,212,213,214],{"id":24,"depth":209,"text":25},{"id":85,"depth":209,"text":86},{"id":139,"depth":209,"text":140},{"id":190,"depth":209,"text":191},"security","2026-05-13","The pipeline is now where humans, agents, and third-party code converge. Companies need a control plane that sees, enforces, and fixes every change.","md",null,true,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1765809212/noh0mdfn9o94ry9ykura.png",{},"/en-us/blog/harden-pipeline-perimeter-for-ai-assisted-coding",{"config":225,"title":5,"description":217},{"noIndex":226},false,"harden-pipeline-perimeter-for-ai-assisted-coding","en-us/blog/harden-pipeline-perimeter-for-ai-assisted-coding",[215,230],"AI","BlogPost","_XRsmtxlNjvMhX64GllWLjz2jsB0Gi4hie4iC-uoJSo",{"logo":234,"freeTrial":239,"sales":244,"login":249,"items":254,"search":569,"minimal":600,"duo":619,"switchNav":628,"pricingDeployment":639},{"config":235},{"href":236,"dataGaName":237,"dataGaLocation":238},"/","gitlab logo","header",{"text":240,"config":241},"Get free trial",{"href":242,"dataGaName":243,"dataGaLocation":238},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":245,"config":246},"Talk to sales",{"href":247,"dataGaName":248,"dataGaLocation":238},"/sales/","sales",{"text":250,"config":251},"Sign in",{"href":252,"dataGaName":253,"dataGaLocation":238},"https://gitlab.com/users/sign_in/","sign in",[255,284,384,389,493,549],{"text":256,"config":257,"menu":259},"Platform",{"dataNavLevelOne":258},"platform",{"type":260,"columns":261},"cards",[262,268,276],{"title":256,"description":263,"link":264},"The intelligent orchestration platform for DevSecOps",{"text":265,"config":266},"Explore our Platform",{"href":267,"dataGaName":258,"dataGaLocation":238},"/platform/",{"title":269,"description":270,"link":271},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":272,"config":273},"Meet GitLab Duo",{"href":274,"dataGaName":275,"dataGaLocation":238},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":277,"description":278,"link":279},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":280,"config":281},"Learn more",{"href":282,"dataGaName":283,"dataGaLocation":238},"/why-gitlab/","why gitlab",{"text":285,"left":220,"config":286,"menu":288},"Product",{"dataNavLevelOne":287},"solutions",{"type":289,"link":290,"columns":294,"feature":363},"lists",{"text":291,"config":292},"View all Solutions",{"href":293,"dataGaName":287,"dataGaLocation":238},"/solutions/",[295,319,342],{"title":296,"description":297,"link":298,"items":303},"Automation","CI/CD and automation to accelerate deployment",{"config":299},{"icon":300,"href":301,"dataGaName":302,"dataGaLocation":238},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[304,308,311,315],{"text":305,"config":306},"CI/CD",{"href":307,"dataGaLocation":238,"dataGaName":305},"/solutions/continuous-integration/",{"text":269,"config":309},{"href":274,"dataGaLocation":238,"dataGaName":310},"gitlab duo agent platform - product menu",{"text":312,"config":313},"Source Code Management",{"href":314,"dataGaLocation":238,"dataGaName":312},"/solutions/source-code-management/",{"text":316,"config":317},"Automated Software Delivery",{"href":301,"dataGaLocation":238,"dataGaName":318},"Automated software delivery",{"title":320,"description":321,"link":322,"items":327},"Security","Deliver code faster without compromising security",{"config":323},{"href":324,"dataGaName":325,"dataGaLocation":238,"icon":326},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[328,332,337],{"text":329,"config":330},"Application Security Testing",{"href":324,"dataGaName":331,"dataGaLocation":238},"Application security testing",{"text":333,"config":334},"Software Supply Chain Security",{"href":335,"dataGaLocation":238,"dataGaName":336},"/solutions/supply-chain/","Software supply chain security",{"text":338,"config":339},"Software Compliance",{"href":340,"dataGaName":341,"dataGaLocation":238},"/solutions/software-compliance/","software compliance",{"title":343,"link":344,"items":349},"Measurement",{"config":345},{"icon":346,"href":347,"dataGaName":348,"dataGaLocation":238},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[350,354,358],{"text":351,"config":352},"Visibility & Measurement",{"href":347,"dataGaLocation":238,"dataGaName":353},"Visibility and Measurement",{"text":355,"config":356},"Value Stream Management",{"href":357,"dataGaLocation":238,"dataGaName":355},"/solutions/value-stream-management/",{"text":359,"config":360},"Analytics & Insights",{"href":361,"dataGaLocation":238,"dataGaName":362},"/solutions/analytics-and-insights/","Analytics and insights",{"title":364,"type":289,"items":365},"GitLab for",[366,372,378],{"text":367,"config":368},"Enterprise",{"icon":369,"href":370,"dataGaLocation":238,"dataGaName":371},"Building","/enterprise/","enterprise",{"text":373,"config":374},"Small Business",{"icon":375,"href":376,"dataGaLocation":238,"dataGaName":377},"Work","/small-business/","small business",{"text":379,"config":380},"Public Sector",{"icon":381,"href":382,"dataGaLocation":238,"dataGaName":383},"Organization","/solutions/public-sector/","public sector",{"text":385,"config":386},"Pricing",{"href":387,"dataGaName":388,"dataGaLocation":238,"dataNavLevelOne":388},"/pricing/","pricing",{"text":390,"config":391,"menu":393},"Resources",{"dataNavLevelOne":392},"resources",{"type":289,"link":394,"columns":398,"feature":482},{"text":395,"config":396},"View all resources",{"href":397,"dataGaName":392,"dataGaLocation":238},"/resources/",[399,432,454],{"title":400,"items":401},"Getting started",[402,407,412,417,422,427],{"text":403,"config":404},"Install",{"href":405,"dataGaName":406,"dataGaLocation":238},"/install/","install",{"text":408,"config":409},"Quick start guides",{"href":410,"dataGaName":411,"dataGaLocation":238},"/get-started/","quick setup checklists",{"text":413,"config":414},"Learn",{"href":415,"dataGaLocation":238,"dataGaName":416},"https://university.gitlab.com/","learn",{"text":418,"config":419},"Product documentation",{"href":420,"dataGaName":421,"dataGaLocation":238},"https://docs.gitlab.com/","product documentation",{"text":423,"config":424},"Best practice videos",{"href":425,"dataGaName":426,"dataGaLocation":238},"/getting-started-videos/","best practice videos",{"text":428,"config":429},"Integrations",{"href":430,"dataGaName":431,"dataGaLocation":238},"/integrations/","integrations",{"title":433,"items":434},"Discover",[435,440,445,449],{"text":436,"config":437},"Customer success stories",{"href":438,"dataGaName":439,"dataGaLocation":238},"/customers/","customer success stories",{"text":441,"config":442},"Blog",{"href":443,"dataGaName":444,"dataGaLocation":238},"/blog/","blog",{"text":446,"config":447},"The Source",{"href":448,"dataGaName":444,"dataGaLocation":238},"/the-source/",{"text":450,"config":451},"Remote",{"href":452,"dataGaName":453,"dataGaLocation":238},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":455,"items":456},"Connect",[457,462,467,472,477],{"text":458,"config":459},"GitLab Services",{"href":460,"dataGaName":461,"dataGaLocation":238},"/services/","services",{"text":463,"config":464},"Community",{"href":465,"dataGaName":466,"dataGaLocation":238},"/community/","community",{"text":468,"config":469},"Forum",{"href":470,"dataGaName":471,"dataGaLocation":238},"https://forum.gitlab.com/","forum",{"text":473,"config":474},"Events",{"href":475,"dataGaName":476,"dataGaLocation":238},"/events/","events",{"text":478,"config":479},"Partners",{"href":480,"dataGaName":481,"dataGaLocation":238},"/partners/","partners",{"config":483,"title":486,"text":487,"link":488},{"background":484,"textColor":485},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":489,"config":490},"Read the latest",{"href":491,"dataGaName":492,"dataGaLocation":238},"/whats-new/","whats new",{"text":494,"config":495,"menu":497},"Company",{"dataNavLevelOne":496},"company",{"type":289,"columns":498},[499],{"items":500},[501,506,512,514,519,524,529,534,539,544],{"text":502,"config":503},"About",{"href":504,"dataGaName":505,"dataGaLocation":238},"/company/","about",{"text":507,"config":508,"footerGa":511},"Jobs",{"href":509,"dataGaName":510,"dataGaLocation":238},"/jobs/","jobs",{"dataGaName":510},{"text":473,"config":513},{"href":475,"dataGaName":476,"dataGaLocation":238},{"text":515,"config":516},"Leadership",{"href":517,"dataGaName":518,"dataGaLocation":238},"/company/team/e-group/","leadership",{"text":520,"config":521},"Handbook",{"href":522,"dataGaName":523,"dataGaLocation":238},"https://handbook.gitlab.com/","handbook",{"text":525,"config":526},"Investor relations",{"href":527,"dataGaName":528,"dataGaLocation":238},"https://ir.gitlab.com/","investor relations",{"text":530,"config":531},"Trust Center",{"href":532,"dataGaName":533,"dataGaLocation":238},"/security/","trust center",{"text":535,"config":536},"AI Transparency Center",{"href":537,"dataGaName":538,"dataGaLocation":238},"/ai-transparency-center/","ai transparency center",{"text":540,"config":541},"Newsletter",{"href":542,"dataGaName":543,"dataGaLocation":238},"/company/contact/#contact-forms","newsletter",{"text":545,"config":546},"Press",{"href":547,"dataGaName":548,"dataGaLocation":238},"/press/","press",{"text":550,"config":551,"menu":552},"Contact us",{"dataNavLevelOne":496},{"type":289,"columns":553},[554],{"items":555},[556,559,564],{"text":245,"config":557},{"href":247,"dataGaName":558,"dataGaLocation":238},"talk to sales",{"text":560,"config":561},"Support portal",{"href":562,"dataGaName":563,"dataGaLocation":238},"https://support.gitlab.com","support portal",{"text":565,"config":566},"Customer portal",{"href":567,"dataGaName":568,"dataGaLocation":238},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":570,"login":571,"suggestions":578},"Close",{"text":572,"link":573},"To search repositories and projects, login to",{"text":574,"config":575},"gitlab.com",{"href":252,"dataGaName":576,"dataGaLocation":577},"search login","search",{"text":579,"default":580},"Suggestions",[581,583,587,589,593,597],{"text":269,"config":582},{"href":274,"dataGaName":269,"dataGaLocation":577},{"text":584,"config":585},"Code Suggestions (AI)",{"href":586,"dataGaName":584,"dataGaLocation":577},"/solutions/code-suggestions/",{"text":305,"config":588},{"href":307,"dataGaName":305,"dataGaLocation":577},{"text":590,"config":591},"GitLab on AWS",{"href":592,"dataGaName":590,"dataGaLocation":577},"/partners/technology-partners/aws/",{"text":594,"config":595},"GitLab on Google Cloud",{"href":596,"dataGaName":594,"dataGaLocation":577},"/partners/technology-partners/google-cloud-platform/",{"text":598,"config":599},"Why GitLab?",{"href":282,"dataGaName":598,"dataGaLocation":577},{"freeTrial":601,"mobileIcon":606,"desktopIcon":611,"secondaryButton":614},{"text":602,"config":603},"Start free trial",{"href":604,"dataGaName":243,"dataGaLocation":605},"https://gitlab.com/-/trials/new/","nav",{"altText":607,"config":608},"Gitlab Icon",{"src":609,"dataGaName":610,"dataGaLocation":605},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":607,"config":612},{"src":613,"dataGaName":610,"dataGaLocation":605},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":615,"config":616},"Get Started",{"href":617,"dataGaName":618,"dataGaLocation":605},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":620,"mobileIcon":624,"desktopIcon":626},{"text":621,"config":622},"Learn more about GitLab Duo",{"href":274,"dataGaName":623,"dataGaLocation":605},"gitlab duo",{"altText":607,"config":625},{"src":609,"dataGaName":610,"dataGaLocation":605},{"altText":607,"config":627},{"src":613,"dataGaName":610,"dataGaLocation":605},{"button":629,"mobileIcon":634,"desktopIcon":636},{"text":630,"config":631},"/switch",{"href":632,"dataGaName":633,"dataGaLocation":605},"#contact","switch",{"altText":607,"config":635},{"src":609,"dataGaName":610,"dataGaLocation":605},{"altText":607,"config":637},{"src":638,"dataGaName":610,"dataGaLocation":605},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":640,"mobileIcon":645,"desktopIcon":647},{"text":641,"config":642},"Back to pricing",{"href":387,"dataGaName":643,"dataGaLocation":605,"icon":644},"back to pricing","GoBack",{"altText":607,"config":646},{"src":609,"dataGaName":610,"dataGaLocation":605},{"altText":607,"config":648},{"src":613,"dataGaName":610,"dataGaLocation":605},{"title":650,"button":651,"config":655},"GitLab Orbit is here: The context layer for AI agents.",{"text":280,"config":652},{"href":653,"dataGaName":654,"dataGaLocation":238},"/gitlab-orbit/","orbit",{"layout":656,"disabled":226},"release",{"data":658},{"text":659,"source":660,"edit":666,"contribute":671,"config":676,"items":681,"minimal":889},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":661,"config":662},"View page source",{"href":663,"dataGaName":664,"dataGaLocation":665},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":667,"config":668},"Edit this page",{"href":669,"dataGaName":670,"dataGaLocation":665},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":672,"config":673},"Please contribute",{"href":674,"dataGaName":675,"dataGaLocation":665},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":677,"facebook":678,"youtube":679,"linkedin":680},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[682,729,783,827,857],{"title":385,"links":683,"subMenu":698},[684,688,693],{"text":685,"config":686},"View plans",{"href":387,"dataGaName":687,"dataGaLocation":665},"view plans",{"text":689,"config":690},"Why Premium?",{"href":691,"dataGaName":692,"dataGaLocation":665},"/pricing/premium/","why premium",{"text":694,"config":695},"Why Ultimate?",{"href":696,"dataGaName":697,"dataGaLocation":665},"/pricing/ultimate/","why ultimate",[699],{"title":700,"links":701},"Contact Us",[702,705,707,709,714,719,724],{"text":703,"config":704},"Contact sales",{"href":247,"dataGaName":248,"dataGaLocation":665},{"text":560,"config":706},{"href":562,"dataGaName":563,"dataGaLocation":665},{"text":565,"config":708},{"href":567,"dataGaName":568,"dataGaLocation":665},{"text":710,"config":711},"Status",{"href":712,"dataGaName":713,"dataGaLocation":665},"https://status.gitlab.com/","status",{"text":715,"config":716},"Terms of use",{"href":717,"dataGaName":718,"dataGaLocation":665},"/terms/","terms of use",{"text":720,"config":721},"Privacy statement",{"href":722,"dataGaName":723,"dataGaLocation":665},"/privacy/","privacy statement",{"text":725,"config":726},"Cookie preferences",{"dataGaName":727,"dataGaLocation":665,"id":728,"isOneTrustButton":220},"cookie preferences","ot-sdk-btn",{"title":285,"links":730,"subMenu":739},[731,735],{"text":732,"config":733},"DevSecOps platform",{"href":267,"dataGaName":734,"dataGaLocation":665},"devsecops platform",{"text":736,"config":737},"AI-Assisted Development",{"href":274,"dataGaName":738,"dataGaLocation":665},"ai-assisted development",[740],{"title":741,"links":742},"Topics",[743,748,753,758,763,768,773,778],{"text":744,"config":745},"CICD",{"href":746,"dataGaName":747,"dataGaLocation":665},"/topics/ci-cd/","cicd",{"text":749,"config":750},"GitOps",{"href":751,"dataGaName":752,"dataGaLocation":665},"/topics/gitops/","gitops",{"text":754,"config":755},"DevOps",{"href":756,"dataGaName":757,"dataGaLocation":665},"/topics/devops/","devops",{"text":759,"config":760},"Version Control",{"href":761,"dataGaName":762,"dataGaLocation":665},"/topics/version-control/","version control",{"text":764,"config":765},"DevSecOps",{"href":766,"dataGaName":767,"dataGaLocation":665},"/topics/devsecops/","devsecops",{"text":769,"config":770},"Cloud Native",{"href":771,"dataGaName":772,"dataGaLocation":665},"/topics/cloud-native/","cloud native",{"text":774,"config":775},"AI for Coding",{"href":776,"dataGaName":777,"dataGaLocation":665},"/topics/devops/ai-for-coding/","ai for coding",{"text":779,"config":780},"Agentic AI",{"href":781,"dataGaName":782,"dataGaLocation":665},"/topics/agentic-ai/","agentic ai",{"title":784,"links":785},"Solutions",[786,788,790,795,799,802,806,809,811,814,817,822],{"text":329,"config":787},{"href":324,"dataGaName":329,"dataGaLocation":665},{"text":318,"config":789},{"href":301,"dataGaName":302,"dataGaLocation":665},{"text":791,"config":792},"Agile development",{"href":793,"dataGaName":794,"dataGaLocation":665},"/solutions/agile-delivery/","agile delivery",{"text":796,"config":797},"SCM",{"href":314,"dataGaName":798,"dataGaLocation":665},"source code management",{"text":744,"config":800},{"href":307,"dataGaName":801,"dataGaLocation":665},"continuous integration & delivery",{"text":803,"config":804},"Value stream management",{"href":357,"dataGaName":805,"dataGaLocation":665},"value stream management",{"text":749,"config":807},{"href":808,"dataGaName":752,"dataGaLocation":665},"/solutions/gitops/",{"text":367,"config":810},{"href":370,"dataGaName":371,"dataGaLocation":665},{"text":812,"config":813},"Small business",{"href":376,"dataGaName":377,"dataGaLocation":665},{"text":815,"config":816},"Public sector",{"href":382,"dataGaName":383,"dataGaLocation":665},{"text":818,"config":819},"Education",{"href":820,"dataGaName":821,"dataGaLocation":665},"/solutions/education/","education",{"text":823,"config":824},"Financial services",{"href":825,"dataGaName":826,"dataGaLocation":665},"/solutions/finance/","financial services",{"title":390,"links":828},[829,831,833,835,838,840,843,845,847,849,851,853,855],{"text":403,"config":830},{"href":405,"dataGaName":406,"dataGaLocation":665},{"text":408,"config":832},{"href":410,"dataGaName":411,"dataGaLocation":665},{"text":413,"config":834},{"href":415,"dataGaName":416,"dataGaLocation":665},{"text":418,"config":836},{"href":420,"dataGaName":837,"dataGaLocation":665},"docs",{"text":441,"config":839},{"href":443,"dataGaName":444,"dataGaLocation":665},{"text":841,"config":842},"What's new",{"href":491,"dataGaName":492,"dataGaLocation":665},{"text":436,"config":844},{"href":438,"dataGaName":439,"dataGaLocation":665},{"text":450,"config":846},{"href":452,"dataGaName":453,"dataGaLocation":665},{"text":458,"config":848},{"href":460,"dataGaName":461,"dataGaLocation":665},{"text":463,"config":850},{"href":465,"dataGaName":466,"dataGaLocation":665},{"text":468,"config":852},{"href":470,"dataGaName":471,"dataGaLocation":665},{"text":473,"config":854},{"href":475,"dataGaName":476,"dataGaLocation":665},{"text":478,"config":856},{"href":480,"dataGaName":481,"dataGaLocation":665},{"title":494,"links":858},[859,861,863,865,867,869,873,878,880,882,884],{"text":502,"config":860},{"href":504,"dataGaName":496,"dataGaLocation":665},{"text":507,"config":862},{"href":509,"dataGaName":510,"dataGaLocation":665},{"text":515,"config":864},{"href":517,"dataGaName":518,"dataGaLocation":665},{"text":520,"config":866},{"href":522,"dataGaName":523,"dataGaLocation":665},{"text":525,"config":868},{"href":527,"dataGaName":528,"dataGaLocation":665},{"text":870,"config":871},"Sustainability",{"href":872,"dataGaName":870,"dataGaLocation":665},"/sustainability/",{"text":874,"config":875},"Diversity, inclusion and belonging (DIB)",{"href":876,"dataGaName":877,"dataGaLocation":665},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":530,"config":879},{"href":532,"dataGaName":533,"dataGaLocation":665},{"text":540,"config":881},{"href":542,"dataGaName":543,"dataGaLocation":665},{"text":545,"config":883},{"href":547,"dataGaName":548,"dataGaLocation":665},{"text":885,"config":886},"Modern Slavery Transparency Statement",{"href":887,"dataGaName":888,"dataGaLocation":665},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":890},[891,894,897],{"text":892,"config":893},"Terms",{"href":717,"dataGaName":718,"dataGaLocation":665},{"text":895,"config":896},"Cookies",{"dataGaName":727,"dataGaLocation":665,"id":728,"isOneTrustButton":220},{"text":898,"config":899},"Privacy",{"href":722,"dataGaName":723,"dataGaLocation":665},[901],{"id":902,"title":7,"body":219,"config":903,"content":905,"description":219,"extension":910,"meta":911,"navigation":220,"path":912,"seo":913,"stem":914,"__hash__":915},"blogAuthors/en-us/blog/authors/vishal-thenge.yml",{"template":904},"BlogAuthor",{"name":7,"config":906},{"socialProof":907,"headshot":909},{"gitlabHandle":908},"vthenge","https://res.cloudinary.com/about-gitlab-com/image/upload/v1778679633/rap90jlu5xvctxfw0jtw.png","yml",{},"/en-us/blog/authors/vishal-thenge",{},"en-us/blog/authors/vishal-thenge","2XG8haUsBClI0_stvszGR1ovFtzf7AHo2doY4AyUXs8",[917,925,932],{"title":918,"description":919,"heroImage":920,"category":215,"date":921,"authors":922,"slug":924,"externalUrl":219},"Full security scanner coverage of your codebase in minutes","Security configuration profiles lead to faster scanner rollouts. Learn how this new capability in GitLab 19.0 covers thousands of projects in minutes, no gaps.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1779189265/iqzyhhiwagxzwywvjzow.png","2026-05-26",[923],"Michael Omokoh","security-configuration-profiles",{"title":926,"description":927,"heroImage":920,"category":215,"date":921,"authors":928,"slug":931,"externalUrl":219},"Reduce supply chain risk with SBOM-based dependency scanning","Detect transitive dependencies, trace how they entered your project, and prioritize them by real-world exposure.",[929,930],"Mark Settle","Joel Patterson","sbom-based-dependency-scanning",{"title":933,"description":934,"heroImage":920,"category":215,"date":935,"authors":936,"slug":938,"externalUrl":219},"Manage CI/CD credentials with GitLab Secrets Manager","Each secret is scoped to its environment or branch and governed by the same controls you use for code. Join the public beta in GitLab 19.0.","2026-05-21",[937,929],"Joe Randazzo","secrets-manager-in-public-beta",{"promotions":940},[941,955,967,978],{"id":942,"categories":943,"header":945,"text":946,"button":947,"image":952},"ai-modernization",[944],"ai","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":948,"config":949},"Get your AI maturity score",{"href":950,"dataGaName":951,"dataGaLocation":444},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":953},{"src":954},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":956,"categories":957,"header":959,"text":946,"button":960,"image":964},"devops-modernization",[958,767],"product","Are you just managing tools or shipping innovation?",{"text":961,"config":962},"Get your DevOps maturity score",{"href":963,"dataGaName":951,"dataGaLocation":444},"/assessments/devops-modernization-assessment/",{"config":965},{"src":966},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":968,"categories":969,"header":970,"text":946,"button":971,"image":975},"security-modernization",[215],"Are you trading speed for security?",{"text":972,"config":973},"Get your security maturity score",{"href":974,"dataGaName":951,"dataGaLocation":444},"/assessments/security-modernization-assessment/",{"config":976},{"src":977},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":979,"paths":980,"header":983,"text":984,"button":985,"image":990},"github-azure-migration",[981,982],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":986,"config":987},"See how GitLab compares to GitHub",{"href":988,"dataGaName":989,"dataGaLocation":444},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":991},{"src":966},{"header":993,"blurb":994,"button":995,"secondaryButton":1000},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":996,"config":997},"Get your free trial",{"href":998,"dataGaName":243,"dataGaLocation":999},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":703,"config":1001},{"href":247,"dataGaName":248,"dataGaLocation":999},1781392667727]