[{"data":1,"prerenderedAt":1061},["ShallowReactive",2],{"/en-us/blog/secrets-manager-in-public-beta":3,"navigation-en-us":285,"banner-en-us":701,"footer-en-us":709,"blog-post-authors-en-us-Joe Randazzo|Mark Settle":952,"blog-related-posts-en-us-secrets-manager-in-public-beta":979,"blog-promotions-en-us":999,"next-steps-en-us":1051},{"id":4,"title":5,"authors":6,"body":9,"category":266,"date":267,"description":268,"extension":269,"externalUrl":270,"featured":271,"heroImage":272,"meta":273,"navigation":274,"path":275,"seo":276,"slug":278,"stem":279,"tags":280,"template":283,"updatedDate":270,"__hash__":284},"blogPosts/en-us/blog/secrets-manager-in-public-beta.md","Manage CI/CD credentials with GitLab Secrets Manager",[7,8],"Joe Randazzo","Mark Settle",{"type":10,"value":11,"toc":253},"minimark",[12,21,31,36,39,42,46,55,66,76,79,84,87,90,98,102,111,114,117,129,133,136,139,143,152,156,160,163,182,185,194,203,207],[13,14,15,16,20],"p",{},"Many credential leaks start with a developer who needs a credential, doesn’t have a good place to put it, and improvises. It lands in an over-scoped CI/CD variable, a config file, or a ",[17,18,19],"code",{},".env"," committed “just for a moment.”",[13,22,23,24,30],{},"GitLab Secrets Manager, ",[25,26,29],"a",{"href":27,"rel":28},"https://docs.gitlab.com/ci/secrets/secrets_manager/",[],"now in public beta"," with GitLab 19.0, keeps credentials in the same platform that runs your code and pipelines. Each secret is scoped to the jobs that need it and governed by the access controls you already use. Fewer secrets end up in the wrong place, and if one leaks, security and engineering teams can experience less disruption.",[32,33,35],"h2",{"id":34},"where-secrets-usually-land","Where secrets usually land",[13,37,38],{},"Developers often default to placing secrets in CI/CD variables. Set the variable at the project or group level, mask the value, and update the pipeline. From there, the value is injected into every job, and anyone with pipeline access can read it. This pattern inverts least privilege but keeps the build running.",[13,40,41],{},"The usual fix is a standalone vault. While this approach gets the secrets out of CI/CD config, it adds a permanent operational tax: another system to authenticate, another access model to maintain, and another audit stream to correlate during an incident.",[32,43,45],{"id":44},"try-secrets-manager-in-your-existing-projects-and-pipelines","Try Secrets Manager in your existing projects and pipelines",[13,47,48,49,54],{},"GitLab Secrets Manager is a native GitLab capability built on ",[25,50,53],{"href":51,"rel":52},"https://openbao.org/",[],"OpenBao",". It’s already part of your GitLab platform, so credentials stay within your existing project and group structure.",[13,56,57,58,61,62,65],{},"Developers can move a secret out of CI/CD variables by declaring it in ",[17,59,60],{},".gitlab-ci.yml"," with the ",[17,63,64],{},"secrets:"," keyword:",[67,68,73],"pre",{"className":69,"code":71,"language":72},[70],"language-text","deploy:\n  secrets:\n    DATABASE_PASSWORD:\n      gitlab_secrets_manager:\n        name: db-password\n  script:\n    - deploy --password $DATABASE_PASSWORD\n","text",[17,74,71],{"__ignoreMap":75},"",[13,77,78],{},"By default, GitLab writes the secret to a temporary file and provides its path as an environment variable scoped to that job. Passing the path instead of the value can reduce exposure in subprocesses, crash dumps, and telemetry.",[80,81,83],"h3",{"id":82},"the-access-model-you-already-use","The access model you already use",[13,85,86],{},"A standalone secrets manager forces you to maintain two access models in parallel. Every team, application, and permission boundary you’ve already modeled in GitLab must be reconstructed in the secrets tool, and kept in sync as people join, change roles, and depart. When the two systems drift — a departed engineer’s credentials linger or an application accumulates access it no longer needs — the gaps become exploitable.",[13,88,89],{},"Secrets Manager uses your existing group and project structure as the isolation boundary for secrets, with no separate structure to build and maintain. You set read, create, update, and delete permissions per user, group, or role using the same controls you use for code. Secrets created at the group level are available to every project nested beneath it, so common credentials are defined once and inherited where they’re needed. When someone leaves or is removed from the project, they immediately lose access to its secrets.",[13,91,92],{},[93,94],"img",{"alt":95,"src":96,"title":97},"Screenshot of the GitLab Secrets Manager page, showing a \"Stored secrets\" table. Each row lists a secret name, its environment and branch scope, the creation date, and a \"Healthy\" status indicator.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1779288172/o7dlh5uo18gdv6kqxflq.png","Project credentials stored in GitLab Secrets Manager",[80,99,101],{"id":100},"each-secret-scoped-to-the-job-that-needs-it","Each secret scoped to the job that needs it",[13,103,104,105,110],{},"When the ",[25,106,109],{"href":107,"rel":108},"https://about.gitlab.com/blog/pipeline-security-lessons-from-march-supply-chain-incidents/",[],"Axios npm package was compromised"," in March, organizations running a poisoned version had to operate as if every credential their pipelines touched was in an attacker’s hands. They scrambled to rotate exposed secrets and audit every system those secrets could reach.",[13,112,113],{},"The wider a secret’s scope, the more work it takes to remediate when exposed — and developers absorb that cost alongside the security team, in the form of blocked merges and broken builds. Narrow secret scoping shrinks cleanup to the systems a compromised credential was actually authorized to reach.",[13,115,116],{},"Secrets Manager limits the blast radius of compromised secrets by scoping each credential to the job that needs it. It decides which jobs can pull a given secret based on three job attributes: the environment it targets, the branch it runs on, and whether that branch is protected. Wildcards work on environment and branch, so you don’t have to enumerate every case. Because scopes are defined by job attributes GitLab already tracks, there’s no second system to reconcile with your pipeline.",[13,118,119,120,124,125,128],{},"When a job runs, it requests the value of the secret it needs. The secrets backend verifies the job’s identity, then checks its branch and environment against the scope rules before returning the value. You can combine conditions, so a single rule can require a job to run on a protected branch ",[121,122,123],"em",{},"and"," target a ",[17,126,127],{},"production/*"," environment before it receives credentials. When the job ends, the secret is discarded. Nothing persists to the runner, and the job logs are masked. A CI variable, by contrast, remains readable in your project config indefinitely.",[80,130,132],{"id":131},"trace-a-secret-to-its-pipeline","Trace a secret to its pipeline",[13,134,135],{},"When a secret leaks or a dependency gets compromised, responders must trace the credential through every pipeline and job that used it. That sparks an urgent process of stitching together logs from the CI system, the secrets tool, the identity provider, and wherever else the credential touched.",[13,137,138],{},"GitLab Secrets Manager logs the create, update, and delete events for project- and group-level secrets to the same audit trail as the rest of the platform, so changes to your secrets inventory live alongside the rest of your governance record. Secret reads from CI/CD pipelines stream as audit events with originating pipeline and job IDs, so responders can trace where a secret was used without manually correlating data across systems. Audit logging is available on self-managed deployments today, with GitLab.com support anticipated to arrive during the public beta program.",[32,140,142],{"id":141},"see-secrets-manager-in-action","See Secrets Manager in action",[144,145],"iframe",{"src":146,"frameBorder":147,"allow":148,"referrerPolicy":149,"style":150,"title":151},"https://player.vimeo.com/video/1194101911?badge=0&autopause=0&player_id=0&app_id=58479","0","autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share","strict-origin-when-cross-origin","position:absolute;top:0;left:0;width:100%;height:100%;","19.0 Secrets Manager",[153,154],"script",{"src":155},"https://player.vimeo.com/api/player.js",[32,157,159],{"id":158},"join-the-public-beta","Join the public beta",[13,161,162],{},"GitLab Secrets Manager is in public beta for Premium and Ultimate users on GitLab.com and self-managed deployments, with GitLab Dedicated support arriving soon.",[13,164,165,166,170,171,176,177,181],{},"On GitLab.com, ",[25,167,169],{"href":27,"rel":168},[],"opt in and create your first secret",". On self-managed deployments, follow the ",[25,172,175],{"href":173,"rel":174},"https://docs.gitlab.com/administration/secrets_manager/",[],"installation steps"," and learn ",[25,178,180],{"href":27,"rel":179},[],"how to use Secrets Manager as a developer",".",[13,183,184],{},"Our integrations for HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and Google Cloud Secret Manager work alongside GitLab Secrets Manager, so you can adopt it on your own timeline.",[13,186,187,188,193],{},"Secrets Manager is free during the beta period. Once generally available, it will be a paid feature billed through ",[25,189,192],{"href":190,"rel":191},"https://docs.gitlab.com/subscriptions/gitlab_credits/",[],"GitLab Credits",". You’ll need to opt in before anything is charged, and we’ll give you advance notice ahead of general availability.",[13,195,196,197,202],{},"Once you’ve tried Secrets Manager, ",[25,198,201],{"href":199,"rel":200},"https://gitlab.com/gitlab-org/gitlab/-/work_items/598100",[],"let us know what you think"," so your feedback can shape the capability before general availability.",[32,204,206],{"id":205},"read-more-about-whats-in-gitlab-190","Read more about what's in GitLab 19.0",[208,209,210,218,225,232,239,246],"ul",{},[211,212,213],"li",{},[25,214,217],{"href":215,"rel":216},"https://docs.gitlab.com/releases/19/gitlab-19-0-released/",[],"GitLab 19.0 released",[211,219,220],{},[25,221,224],{"href":222,"rel":223},"https://about.gitlab.com/blog/more-ai-models-for-duo-agent-platform-self-hosted/",[],"More AI models for GitLab Duo Agent Platform Self-Hosted",[211,226,227],{},[25,228,231],{"href":229,"rel":230},"https://about.gitlab.com/blog/transform-mrs-to-automated-workflow/",[],"Transform MRs from manual tasks to an automated workflow",[211,233,234],{},[25,235,238],{"href":236,"rel":237},"https://about.gitlab.com/blog/track-ci-component-usage/",[],"Track CI component usage across your organization",[211,240,241],{},[25,242,245],{"href":243,"rel":244},"https://about.gitlab.com/blog/sbom-based-dependency-scanning/",[],"Reduce supply chain risk with SBOM-based dependency scanning",[211,247,248],{},[25,249,252],{"href":250,"rel":251},"https://about.gitlab.com/blog/security-configuration-profiles/",[],"Full security scanner coverage of your codebase in minutes",{"title":75,"searchDepth":254,"depth":254,"links":255},2,[256,257,263,264,265],{"id":34,"depth":254,"text":35},{"id":44,"depth":254,"text":45,"children":258},[259,261,262],{"id":82,"depth":260,"text":83},3,{"id":100,"depth":260,"text":101},{"id":131,"depth":260,"text":132},{"id":141,"depth":254,"text":142},{"id":158,"depth":254,"text":159},{"id":205,"depth":254,"text":206},"security","2026-05-21","Each secret is scoped to its environment or branch and governed by the same controls you use for code. Join the public beta in GitLab 19.0.","md",null,false,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1779189265/iqzyhhiwagxzwywvjzow.png",{},true,"/en-us/blog/secrets-manager-in-public-beta",{"config":277,"title":5,"description":268},{"noIndex":271},"secrets-manager-in-public-beta","en-us/blog/secrets-manager-in-public-beta",[266,281,282],"product","features","BlogPost","ftf87TpOdQGyzO0VDIrKCiLCg0IZclSXyYaUQ5DFcY8",{"logo":286,"freeTrial":291,"sales":296,"login":301,"items":306,"search":621,"minimal":652,"duo":671,"switchNav":680,"pricingDeployment":691},{"config":287},{"href":288,"dataGaName":289,"dataGaLocation":290},"/","gitlab logo","header",{"text":292,"config":293},"Get free trial",{"href":294,"dataGaName":295,"dataGaLocation":290},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":297,"config":298},"Talk to sales",{"href":299,"dataGaName":300,"dataGaLocation":290},"/sales/","sales",{"text":302,"config":303},"Sign in",{"href":304,"dataGaName":305,"dataGaLocation":290},"https://gitlab.com/users/sign_in/","sign in",[307,336,436,441,545,601],{"text":308,"config":309,"menu":311},"Platform",{"dataNavLevelOne":310},"platform",{"type":312,"columns":313},"cards",[314,320,328],{"title":308,"description":315,"link":316},"The intelligent orchestration platform for DevSecOps",{"text":317,"config":318},"Explore our Platform",{"href":319,"dataGaName":310,"dataGaLocation":290},"/platform/",{"title":321,"description":322,"link":323},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":324,"config":325},"Meet GitLab Duo",{"href":326,"dataGaName":327,"dataGaLocation":290},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":329,"description":330,"link":331},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":332,"config":333},"Learn more",{"href":334,"dataGaName":335,"dataGaLocation":290},"/why-gitlab/","why gitlab",{"text":337,"left":274,"config":338,"menu":340},"Product",{"dataNavLevelOne":339},"solutions",{"type":341,"link":342,"columns":346,"feature":415},"lists",{"text":343,"config":344},"View all Solutions",{"href":345,"dataGaName":339,"dataGaLocation":290},"/solutions/",[347,371,394],{"title":348,"description":349,"link":350,"items":355},"Automation","CI/CD and automation to accelerate deployment",{"config":351},{"icon":352,"href":353,"dataGaName":354,"dataGaLocation":290},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[356,360,363,367],{"text":357,"config":358},"CI/CD",{"href":359,"dataGaLocation":290,"dataGaName":357},"/solutions/continuous-integration/",{"text":321,"config":361},{"href":326,"dataGaLocation":290,"dataGaName":362},"gitlab duo agent platform - product menu",{"text":364,"config":365},"Source Code Management",{"href":366,"dataGaLocation":290,"dataGaName":364},"/solutions/source-code-management/",{"text":368,"config":369},"Automated Software Delivery",{"href":353,"dataGaLocation":290,"dataGaName":370},"Automated software delivery",{"title":372,"description":373,"link":374,"items":379},"Security","Deliver code faster without compromising security",{"config":375},{"href":376,"dataGaName":377,"dataGaLocation":290,"icon":378},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[380,384,389],{"text":381,"config":382},"Application Security Testing",{"href":376,"dataGaName":383,"dataGaLocation":290},"Application security testing",{"text":385,"config":386},"Software Supply Chain Security",{"href":387,"dataGaLocation":290,"dataGaName":388},"/solutions/supply-chain/","Software supply chain security",{"text":390,"config":391},"Software Compliance",{"href":392,"dataGaName":393,"dataGaLocation":290},"/solutions/software-compliance/","software compliance",{"title":395,"link":396,"items":401},"Measurement",{"config":397},{"icon":398,"href":399,"dataGaName":400,"dataGaLocation":290},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[402,406,410],{"text":403,"config":404},"Visibility & Measurement",{"href":399,"dataGaLocation":290,"dataGaName":405},"Visibility and Measurement",{"text":407,"config":408},"Value Stream Management",{"href":409,"dataGaLocation":290,"dataGaName":407},"/solutions/value-stream-management/",{"text":411,"config":412},"Analytics & Insights",{"href":413,"dataGaLocation":290,"dataGaName":414},"/solutions/analytics-and-insights/","Analytics and insights",{"title":416,"type":341,"items":417},"GitLab for",[418,424,430],{"text":419,"config":420},"Enterprise",{"icon":421,"href":422,"dataGaLocation":290,"dataGaName":423},"Building","/enterprise/","enterprise",{"text":425,"config":426},"Small Business",{"icon":427,"href":428,"dataGaLocation":290,"dataGaName":429},"Work","/small-business/","small business",{"text":431,"config":432},"Public Sector",{"icon":433,"href":434,"dataGaLocation":290,"dataGaName":435},"Organization","/solutions/public-sector/","public sector",{"text":437,"config":438},"Pricing",{"href":439,"dataGaName":440,"dataGaLocation":290,"dataNavLevelOne":440},"/pricing/","pricing",{"text":442,"config":443,"menu":445},"Resources",{"dataNavLevelOne":444},"resources",{"type":341,"link":446,"columns":450,"feature":534},{"text":447,"config":448},"View all resources",{"href":449,"dataGaName":444,"dataGaLocation":290},"/resources/",[451,484,506],{"title":452,"items":453},"Getting started",[454,459,464,469,474,479],{"text":455,"config":456},"Install",{"href":457,"dataGaName":458,"dataGaLocation":290},"/install/","install",{"text":460,"config":461},"Quick start guides",{"href":462,"dataGaName":463,"dataGaLocation":290},"/get-started/","quick setup checklists",{"text":465,"config":466},"Learn",{"href":467,"dataGaLocation":290,"dataGaName":468},"https://university.gitlab.com/","learn",{"text":470,"config":471},"Product documentation",{"href":472,"dataGaName":473,"dataGaLocation":290},"https://docs.gitlab.com/","product documentation",{"text":475,"config":476},"Best practice videos",{"href":477,"dataGaName":478,"dataGaLocation":290},"/getting-started-videos/","best practice videos",{"text":480,"config":481},"Integrations",{"href":482,"dataGaName":483,"dataGaLocation":290},"/integrations/","integrations",{"title":485,"items":486},"Discover",[487,492,497,501],{"text":488,"config":489},"Customer success stories",{"href":490,"dataGaName":491,"dataGaLocation":290},"/customers/","customer success stories",{"text":493,"config":494},"Blog",{"href":495,"dataGaName":496,"dataGaLocation":290},"/blog/","blog",{"text":498,"config":499},"The Source",{"href":500,"dataGaName":496,"dataGaLocation":290},"/the-source/",{"text":502,"config":503},"Remote",{"href":504,"dataGaName":505,"dataGaLocation":290},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":507,"items":508},"Connect",[509,514,519,524,529],{"text":510,"config":511},"GitLab Services",{"href":512,"dataGaName":513,"dataGaLocation":290},"/services/","services",{"text":515,"config":516},"Community",{"href":517,"dataGaName":518,"dataGaLocation":290},"/community/","community",{"text":520,"config":521},"Forum",{"href":522,"dataGaName":523,"dataGaLocation":290},"https://forum.gitlab.com/","forum",{"text":525,"config":526},"Events",{"href":527,"dataGaName":528,"dataGaLocation":290},"/events/","events",{"text":530,"config":531},"Partners",{"href":532,"dataGaName":533,"dataGaLocation":290},"/partners/","partners",{"config":535,"title":538,"text":539,"link":540},{"background":536,"textColor":537},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":541,"config":542},"Read the latest",{"href":543,"dataGaName":544,"dataGaLocation":290},"/whats-new/","whats new",{"text":546,"config":547,"menu":549},"Company",{"dataNavLevelOne":548},"company",{"type":341,"columns":550},[551],{"items":552},[553,558,564,566,571,576,581,586,591,596],{"text":554,"config":555},"About",{"href":556,"dataGaName":557,"dataGaLocation":290},"/company/","about",{"text":559,"config":560,"footerGa":563},"Jobs",{"href":561,"dataGaName":562,"dataGaLocation":290},"/jobs/","jobs",{"dataGaName":562},{"text":525,"config":565},{"href":527,"dataGaName":528,"dataGaLocation":290},{"text":567,"config":568},"Leadership",{"href":569,"dataGaName":570,"dataGaLocation":290},"/company/team/e-group/","leadership",{"text":572,"config":573},"Handbook",{"href":574,"dataGaName":575,"dataGaLocation":290},"https://handbook.gitlab.com/","handbook",{"text":577,"config":578},"Investor relations",{"href":579,"dataGaName":580,"dataGaLocation":290},"https://ir.gitlab.com/","investor relations",{"text":582,"config":583},"Trust Center",{"href":584,"dataGaName":585,"dataGaLocation":290},"/security/","trust center",{"text":587,"config":588},"AI Transparency Center",{"href":589,"dataGaName":590,"dataGaLocation":290},"/ai-transparency-center/","ai transparency center",{"text":592,"config":593},"Newsletter",{"href":594,"dataGaName":595,"dataGaLocation":290},"/company/contact/#contact-forms","newsletter",{"text":597,"config":598},"Press",{"href":599,"dataGaName":600,"dataGaLocation":290},"/press/","press",{"text":602,"config":603,"menu":604},"Contact us",{"dataNavLevelOne":548},{"type":341,"columns":605},[606],{"items":607},[608,611,616],{"text":297,"config":609},{"href":299,"dataGaName":610,"dataGaLocation":290},"talk to sales",{"text":612,"config":613},"Support portal",{"href":614,"dataGaName":615,"dataGaLocation":290},"https://support.gitlab.com","support portal",{"text":617,"config":618},"Customer portal",{"href":619,"dataGaName":620,"dataGaLocation":290},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":622,"login":623,"suggestions":630},"Close",{"text":624,"link":625},"To search repositories and projects, login to",{"text":626,"config":627},"gitlab.com",{"href":304,"dataGaName":628,"dataGaLocation":629},"search login","search",{"text":631,"default":632},"Suggestions",[633,635,639,641,645,649],{"text":321,"config":634},{"href":326,"dataGaName":321,"dataGaLocation":629},{"text":636,"config":637},"Code Suggestions (AI)",{"href":638,"dataGaName":636,"dataGaLocation":629},"/solutions/code-suggestions/",{"text":357,"config":640},{"href":359,"dataGaName":357,"dataGaLocation":629},{"text":642,"config":643},"GitLab on AWS",{"href":644,"dataGaName":642,"dataGaLocation":629},"/partners/technology-partners/aws/",{"text":646,"config":647},"GitLab on Google Cloud",{"href":648,"dataGaName":646,"dataGaLocation":629},"/partners/technology-partners/google-cloud-platform/",{"text":650,"config":651},"Why GitLab?",{"href":334,"dataGaName":650,"dataGaLocation":629},{"freeTrial":653,"mobileIcon":658,"desktopIcon":663,"secondaryButton":666},{"text":654,"config":655},"Start free trial",{"href":656,"dataGaName":295,"dataGaLocation":657},"https://gitlab.com/-/trials/new/","nav",{"altText":659,"config":660},"Gitlab Icon",{"src":661,"dataGaName":662,"dataGaLocation":657},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":659,"config":664},{"src":665,"dataGaName":662,"dataGaLocation":657},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":667,"config":668},"Get Started",{"href":669,"dataGaName":670,"dataGaLocation":657},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":672,"mobileIcon":676,"desktopIcon":678},{"text":673,"config":674},"Learn more about GitLab Duo",{"href":326,"dataGaName":675,"dataGaLocation":657},"gitlab duo",{"altText":659,"config":677},{"src":661,"dataGaName":662,"dataGaLocation":657},{"altText":659,"config":679},{"src":665,"dataGaName":662,"dataGaLocation":657},{"button":681,"mobileIcon":686,"desktopIcon":688},{"text":682,"config":683},"/switch",{"href":684,"dataGaName":685,"dataGaLocation":657},"#contact","switch",{"altText":659,"config":687},{"src":661,"dataGaName":662,"dataGaLocation":657},{"altText":659,"config":689},{"src":690,"dataGaName":662,"dataGaLocation":657},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":692,"mobileIcon":697,"desktopIcon":699},{"text":693,"config":694},"Back to pricing",{"href":439,"dataGaName":695,"dataGaLocation":657,"icon":696},"back to pricing","GoBack",{"altText":659,"config":698},{"src":661,"dataGaName":662,"dataGaLocation":657},{"altText":659,"config":700},{"src":665,"dataGaName":662,"dataGaLocation":657},{"title":702,"button":703,"config":707},"GitLab Orbit is here: The context layer for AI agents.",{"text":332,"config":704},{"href":705,"dataGaName":706,"dataGaLocation":290},"/gitlab-orbit/","orbit",{"layout":708,"disabled":271},"release",{"data":710},{"text":711,"source":712,"edit":718,"contribute":723,"config":728,"items":733,"minimal":941},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":713,"config":714},"View page source",{"href":715,"dataGaName":716,"dataGaLocation":717},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":719,"config":720},"Edit this page",{"href":721,"dataGaName":722,"dataGaLocation":717},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":724,"config":725},"Please contribute",{"href":726,"dataGaName":727,"dataGaLocation":717},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":729,"facebook":730,"youtube":731,"linkedin":732},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[734,781,835,879,909],{"title":437,"links":735,"subMenu":750},[736,740,745],{"text":737,"config":738},"View plans",{"href":439,"dataGaName":739,"dataGaLocation":717},"view plans",{"text":741,"config":742},"Why Premium?",{"href":743,"dataGaName":744,"dataGaLocation":717},"/pricing/premium/","why premium",{"text":746,"config":747},"Why Ultimate?",{"href":748,"dataGaName":749,"dataGaLocation":717},"/pricing/ultimate/","why ultimate",[751],{"title":752,"links":753},"Contact Us",[754,757,759,761,766,771,776],{"text":755,"config":756},"Contact sales",{"href":299,"dataGaName":300,"dataGaLocation":717},{"text":612,"config":758},{"href":614,"dataGaName":615,"dataGaLocation":717},{"text":617,"config":760},{"href":619,"dataGaName":620,"dataGaLocation":717},{"text":762,"config":763},"Status",{"href":764,"dataGaName":765,"dataGaLocation":717},"https://status.gitlab.com/","status",{"text":767,"config":768},"Terms of use",{"href":769,"dataGaName":770,"dataGaLocation":717},"/terms/","terms of use",{"text":772,"config":773},"Privacy statement",{"href":774,"dataGaName":775,"dataGaLocation":717},"/privacy/","privacy statement",{"text":777,"config":778},"Cookie preferences",{"dataGaName":779,"dataGaLocation":717,"id":780,"isOneTrustButton":274},"cookie preferences","ot-sdk-btn",{"title":337,"links":782,"subMenu":791},[783,787],{"text":784,"config":785},"DevSecOps platform",{"href":319,"dataGaName":786,"dataGaLocation":717},"devsecops platform",{"text":788,"config":789},"AI-Assisted Development",{"href":326,"dataGaName":790,"dataGaLocation":717},"ai-assisted development",[792],{"title":793,"links":794},"Topics",[795,800,805,810,815,820,825,830],{"text":796,"config":797},"CICD",{"href":798,"dataGaName":799,"dataGaLocation":717},"/topics/ci-cd/","cicd",{"text":801,"config":802},"GitOps",{"href":803,"dataGaName":804,"dataGaLocation":717},"/topics/gitops/","gitops",{"text":806,"config":807},"DevOps",{"href":808,"dataGaName":809,"dataGaLocation":717},"/topics/devops/","devops",{"text":811,"config":812},"Version Control",{"href":813,"dataGaName":814,"dataGaLocation":717},"/topics/version-control/","version control",{"text":816,"config":817},"DevSecOps",{"href":818,"dataGaName":819,"dataGaLocation":717},"/topics/devsecops/","devsecops",{"text":821,"config":822},"Cloud Native",{"href":823,"dataGaName":824,"dataGaLocation":717},"/topics/cloud-native/","cloud native",{"text":826,"config":827},"AI for Coding",{"href":828,"dataGaName":829,"dataGaLocation":717},"/topics/devops/ai-for-coding/","ai for coding",{"text":831,"config":832},"Agentic AI",{"href":833,"dataGaName":834,"dataGaLocation":717},"/topics/agentic-ai/","agentic ai",{"title":836,"links":837},"Solutions",[838,840,842,847,851,854,858,861,863,866,869,874],{"text":381,"config":839},{"href":376,"dataGaName":381,"dataGaLocation":717},{"text":370,"config":841},{"href":353,"dataGaName":354,"dataGaLocation":717},{"text":843,"config":844},"Agile development",{"href":845,"dataGaName":846,"dataGaLocation":717},"/solutions/agile-delivery/","agile delivery",{"text":848,"config":849},"SCM",{"href":366,"dataGaName":850,"dataGaLocation":717},"source code management",{"text":796,"config":852},{"href":359,"dataGaName":853,"dataGaLocation":717},"continuous integration & delivery",{"text":855,"config":856},"Value stream management",{"href":409,"dataGaName":857,"dataGaLocation":717},"value stream management",{"text":801,"config":859},{"href":860,"dataGaName":804,"dataGaLocation":717},"/solutions/gitops/",{"text":419,"config":862},{"href":422,"dataGaName":423,"dataGaLocation":717},{"text":864,"config":865},"Small business",{"href":428,"dataGaName":429,"dataGaLocation":717},{"text":867,"config":868},"Public sector",{"href":434,"dataGaName":435,"dataGaLocation":717},{"text":870,"config":871},"Education",{"href":872,"dataGaName":873,"dataGaLocation":717},"/solutions/education/","education",{"text":875,"config":876},"Financial services",{"href":877,"dataGaName":878,"dataGaLocation":717},"/solutions/finance/","financial services",{"title":442,"links":880},[881,883,885,887,890,892,895,897,899,901,903,905,907],{"text":455,"config":882},{"href":457,"dataGaName":458,"dataGaLocation":717},{"text":460,"config":884},{"href":462,"dataGaName":463,"dataGaLocation":717},{"text":465,"config":886},{"href":467,"dataGaName":468,"dataGaLocation":717},{"text":470,"config":888},{"href":472,"dataGaName":889,"dataGaLocation":717},"docs",{"text":493,"config":891},{"href":495,"dataGaName":496,"dataGaLocation":717},{"text":893,"config":894},"What's new",{"href":543,"dataGaName":544,"dataGaLocation":717},{"text":488,"config":896},{"href":490,"dataGaName":491,"dataGaLocation":717},{"text":502,"config":898},{"href":504,"dataGaName":505,"dataGaLocation":717},{"text":510,"config":900},{"href":512,"dataGaName":513,"dataGaLocation":717},{"text":515,"config":902},{"href":517,"dataGaName":518,"dataGaLocation":717},{"text":520,"config":904},{"href":522,"dataGaName":523,"dataGaLocation":717},{"text":525,"config":906},{"href":527,"dataGaName":528,"dataGaLocation":717},{"text":530,"config":908},{"href":532,"dataGaName":533,"dataGaLocation":717},{"title":546,"links":910},[911,913,915,917,919,921,925,930,932,934,936],{"text":554,"config":912},{"href":556,"dataGaName":548,"dataGaLocation":717},{"text":559,"config":914},{"href":561,"dataGaName":562,"dataGaLocation":717},{"text":567,"config":916},{"href":569,"dataGaName":570,"dataGaLocation":717},{"text":572,"config":918},{"href":574,"dataGaName":575,"dataGaLocation":717},{"text":577,"config":920},{"href":579,"dataGaName":580,"dataGaLocation":717},{"text":922,"config":923},"Sustainability",{"href":924,"dataGaName":922,"dataGaLocation":717},"/sustainability/",{"text":926,"config":927},"Diversity, inclusion and belonging (DIB)",{"href":928,"dataGaName":929,"dataGaLocation":717},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":582,"config":931},{"href":584,"dataGaName":585,"dataGaLocation":717},{"text":592,"config":933},{"href":594,"dataGaName":595,"dataGaLocation":717},{"text":597,"config":935},{"href":599,"dataGaName":600,"dataGaLocation":717},{"text":937,"config":938},"Modern Slavery Transparency Statement",{"href":939,"dataGaName":940,"dataGaLocation":717},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":942},[943,946,949],{"text":944,"config":945},"Terms",{"href":769,"dataGaName":770,"dataGaLocation":717},{"text":947,"config":948},"Cookies",{"dataGaName":779,"dataGaLocation":717,"id":780,"isOneTrustButton":274},{"text":950,"config":951},"Privacy",{"href":774,"dataGaName":775,"dataGaLocation":717},[953,967],{"id":954,"title":7,"body":270,"config":955,"content":957,"description":270,"extension":961,"meta":962,"navigation":274,"path":963,"seo":964,"stem":965,"__hash__":966},"blogAuthors/en-us/blog/authors/joe-randazzo.yml",{"template":956},"BlogAuthor",{"name":7,"config":958},{"headshot":959,"ctfId":960},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664711/Blog/Author%20Headshots/randazzo.jpg","5DxpEbIVcwN2ukwiEMsHlH","yml",{},"/en-us/blog/authors/joe-randazzo",{},"en-us/blog/authors/joe-randazzo","Kg6ZOiBKQgjjlIpsfIAWHsug3iGMaAK1trTdXg4BaFI",{"id":968,"title":8,"body":270,"config":969,"content":970,"description":270,"extension":961,"meta":974,"navigation":274,"path":975,"seo":976,"stem":977,"__hash__":978},"blogAuthors/en-us/blog/authors/mark-settle.yml",{"template":956},{"name":8,"config":971},{"headshot":972,"ctfId":973},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1779215794/fw131xublkzdvjdadd4q.png","marksettle",{},"/en-us/blog/authors/mark-settle",{},"en-us/blog/authors/mark-settle","aur3jcqDyhashUtyXhd1W7N3ZrN09waCQv135AABEt4",[980,986,991],{"title":252,"description":981,"heroImage":272,"category":266,"date":982,"authors":983,"slug":985,"externalUrl":270},"Security configuration profiles lead to faster scanner rollouts. Learn how this new capability in GitLab 19.0 covers thousands of projects in minutes, no gaps.","2026-05-26",[984],"Michael Omokoh","security-configuration-profiles",{"title":245,"description":987,"heroImage":272,"category":266,"date":982,"authors":988,"slug":990,"externalUrl":270},"Detect transitive dependencies, trace how they entered your project, and prioritize them by real-world exposure.",[8,989],"Joel Patterson","sbom-based-dependency-scanning",{"title":992,"description":993,"heroImage":994,"category":266,"date":995,"authors":996,"slug":998,"externalUrl":270},"5 ways to fix misleading vulnerability severities with policy","Default CVSS scores don't reflect your actual risk. Use GitLab severity override policies to automate adjustments based on CVE, CWE, file path, and directory.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772630163/akp8ly2mrsfrhsb0liyb.png","2026-05-13",[997],"Grant Hickman","severity-override-vulnerability-management-policy",{"promotions":1000},[1001,1015,1026,1037],{"id":1002,"categories":1003,"header":1005,"text":1006,"button":1007,"image":1012},"ai-modernization",[1004],"ai","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":1008,"config":1009},"Get your AI maturity score",{"href":1010,"dataGaName":1011,"dataGaLocation":496},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":1013},{"src":1014},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":1016,"categories":1017,"header":1018,"text":1006,"button":1019,"image":1023},"devops-modernization",[281,819],"Are you just managing tools or shipping innovation?",{"text":1020,"config":1021},"Get your DevOps maturity score",{"href":1022,"dataGaName":1011,"dataGaLocation":496},"/assessments/devops-modernization-assessment/",{"config":1024},{"src":1025},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":1027,"categories":1028,"header":1029,"text":1006,"button":1030,"image":1034},"security-modernization",[266],"Are you trading speed for security?",{"text":1031,"config":1032},"Get your security maturity score",{"href":1033,"dataGaName":1011,"dataGaLocation":496},"/assessments/security-modernization-assessment/",{"config":1035},{"src":1036},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":1038,"paths":1039,"header":1042,"text":1043,"button":1044,"image":1049},"github-azure-migration",[1040,1041],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":1045,"config":1046},"See how GitLab compares to GitHub",{"href":1047,"dataGaName":1048,"dataGaLocation":496},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":1050},{"src":1025},{"header":1052,"blurb":1053,"button":1054,"secondaryButton":1059},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":1055,"config":1056},"Get your free trial",{"href":1057,"dataGaName":295,"dataGaLocation":1058},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":755,"config":1060},{"href":299,"dataGaName":300,"dataGaLocation":1058},1781392683160]