[{"data":1,"prerenderedAt":1079},["ShallowReactive",2],{"/de-de/blog/sbom-based-dependency-scanning":3,"navigation-de-de":302,"banner-de-de":722,"footer-de-de":731,"blog-post-authors-de-de-Mark Settle|Joel Patterson":970,"blog-related-posts-de-de-sbom-based-dependency-scanning":996,"blog-promotions-de-de":1017,"next-steps-de-de":1069},{"id":4,"title":5,"authors":6,"body":9,"category":283,"date":284,"description":285,"extension":286,"externalUrl":287,"featured":288,"heroImage":289,"meta":290,"navigation":291,"path":292,"seo":293,"slug":295,"stem":296,"tags":297,"template":300,"updatedDate":287,"__hash__":301},"blogPosts/de-de/blog/sbom-based-dependency-scanning.md","Supply-Chain-Risiken reduzieren – mit SBOM-basiertem Dependency Scanning",[7,8],"Mark Settle","Joel Patterson",{"type":10,"value":11,"toc":272},"minimark",[12,29,32,41,46,55,58,65,74,78,81,101,107,113,117,131,135,144,155,159,162,171,190,194,197,206,220,229,233],[13,14,15,16,22,23,28],"p",{},"Drittanbieter-Code prägt die meisten Codebasen, und\n",[17,18,21],"a",{"href":19,"rel":20},"https://about.gitlab.com/de-de/blog/pipeline-security-lessons-from-march-supply-chain-incidents/",[],"vier aktuelle Supply-Chain-Vorfälle","\nzeigen, wie ein einzelnes kompromittiertes Paket in jeden abhängigen Projekt\nFolgen haben kann. KI verschärft dieses Problem: Forschungsergebnisse legen\nnahe, dass fast die Hälfte von\n",[17,24,27],{"href":25,"rel":26},"https://cset.georgetown.edu/publication/cybersecurity-risks-of-ai-generated-code/",[],"KI-generiertem Code Schwachstellen enthält",".",[13,30,31],{},"Traditionelle Dependency-Scanner, einschließlich des GitLab-Gemnasium-Analyzers,\nwurden entwickelt, um eine Frage zu beantworten: Welche der deklarierten Pakete\nhaben bekannte CVEs? Als Abhängigkeitsbäume noch nicht so tief und Release-Zyklen\nnoch nicht so schnell waren, funktionierte dieser Ansatz.",[13,33,34,35,40],{},"Heutige Application-Security-Teams müssen schwierigere Fragen beantworten: Wie\nist ein verwundbares Paket ins Projekt gelangt? Was kam mit ihm? Und welche\nAbhängigkeiten erreicht der eigene Code tatsächlich? Mit GitLab 19.0 wird\n",[17,36,39],{"href":37,"rel":38},"https://docs.gitlab.com/user/application_security/dependency_scanning/dependency_scanning_sbom/",[],"Dependency Scanning auf Basis einer Software Bill of Materials (SBOM)","\nallgemein verfügbar, um diese Fragen zu beantworten. Das Feature inventarisiert\njede direkte und transitive Abhängigkeit im Projekt und zeigt, welche verwundbaren\nPakete die Anwendung tatsächlich verwendet.",[42,43,45],"h2",{"id":44},"wie-gitlab-verwundbare-abhängigkeiten-aufdeckt","Wie GitLab verwundbare Abhängigkeiten aufdeckt",[13,47,48,49,54],{},"SBOM-basiertes Dependency Scanning ist ein schlanker Analyzer, der Schwachstellen\nin Drittanbieter-Bibliotheken und -Paketen erkennt. Er katalogisiert Abhängigkeiten\nin einem SBOM und gleicht diese Komponenten mit der\n",[17,50,53],{"href":51,"rel":52},"https://advisories.gitlab.com/",[],"GitLab Advisory Database"," ab, um bekannte\nProbleme zu markieren.",[13,56,57],{},"GitLab zeigt Findings dort, wo Entwicklungsteams arbeiten. Die durch eine\nÄnderung eingeführten Schwachstellen erscheinen im Merge Request, damit Fixes\nvor dem Ausliefern möglich sind. Findings werden auch in Schwachstellen-Dashboards\nund -Berichten angezeigt, sodass Security-Teams Ergebnisse aus allen Projekten\nan einem Ort sehen können.",[13,59,60],{},[61,62],"img",{"alt":63,"src":64,"title":63},"Dependency-Scanning-Bericht mit Software Bill of Materials","https://res.cloudinary.com/about-gitlab-com/image/upload/v1779470339/hqqacbegzzompikjkcij.png",[13,66,67,68,73],{},"Der Analyzer generiert sowohl ein SBOM im ",[17,69,72],{"href":70,"rel":71},"https://cyclonedx.org/",[],"CycloneDX","-Format\nals auch einen Dependency-Scanning-Bericht – maschinenlesbare Ausgaben, die\ninnerhalb von GitLab, für Compliance-Reporting oder in übergreifenden\nSupply-Chain-Werkzeugen verwendet werden können.",[42,75,77],{"id":76},"was-sbom-basiertes-dependency-scanning-ermöglicht","Was SBOM-basiertes Dependency Scanning ermöglicht",[13,79,80],{},"SBOM-basiertes Dependency Scanning führt Fähigkeiten ein, die über den\nGemnasium-basierten Analyzer hinausgehen:",[13,82,83,87,88,92,93,96,97,100],{},[84,85,86],"strong",{},"Transitive Abhängigkeiten bis zur Quelle zurückverfolgen."," Der Analyzer\nverfolgt transitive Abhängigkeiten, egal wie tief verschachtelt. Wenn ein\nverwundbares Paket markiert wird, zeigt er die Kette, über die es ins Projekt\ngelangt ist. Wenn ",[89,90,91],"code",{},"library-a"," von ",[89,94,95],{},"library-b"," abhängt, das seinerseits von\ndem verwundbaren ",[89,98,99],{},"library-c"," abhängt, lässt sich dieser Pfad nachverfolgen und\nder richtige Eingriffspunkt identifizieren.",[13,102,103,106],{},[84,104,105],{},"Auf Schwachstellen fokussieren, die der eigene Code tatsächlich verwendet.","\nNicht jede in Manifest- und Build-Dateien enthaltene Abhängigkeit läuft in der\nAnwendung. Für Java-, JavaScript/TypeScript- und Python-Projekte prüft der\nAnalyzer, ob der Code verwundbare Pakete direkt importiert oder einbindet –\nund unterscheidet damit erreichbare Abhängigkeiten von solchen, die transitiv\nhereingezogen, aber nie von der Anwendung referenziert werden. GitLab zeigt den\nErreichbarkeitsstatus bei jedem Finding, damit Teams Schwachstellen in Paketen,\ndie der Code nie importiert, nachrangig behandeln und den Behebungsaufwand dort\nkonzentrieren können, wo tatsächliche Exposition plausibel ist.",[13,108,109,112],{},[84,110,111],{},"Kontinuierlich auf neue Schwachstellen scannen."," Den Analyzer bei der\nVeröffentlichung neuer Advisories sowie für jeden MR und Pipeline-Lauf aufrufen.\nDas ist besonders relevant für Projekte, bei denen die aktive Entwicklung\nnachgelassen hat, der Code aber noch in Produktion läuft.",[42,114,116],{"id":115},"sbom-basiertes-dependency-scanning-in-aktion","SBOM-basiertes Dependency Scanning in Aktion",[118,119,122,123],"figure",{"className":120},[121],"video_container","\n  ",[124,125,130],"iframe",{"src":126,"frameBorder":127,"allowFullScreen":128,"title":129},"https://www.youtube.com/embed/r_QjbNUqJT0?si=378NdrSve1GoFklm","0","true","Dependency Scanning mit SBOM GA – GitLab 19"," ",[42,132,134],{"id":133},"unterstützte-sprachen-und-dateiformate","Unterstützte Sprachen und Dateiformate",[13,136,137,138,143],{},"Dieses Release\n",[17,139,142],{"href":140,"rel":141},"https://docs.gitlab.com/user/application_security/dependency_scanning/dependency_scanning_sbom/#supported-languages-and-files",[],"unterstützt mehr als 24 Paket-Ökosysteme",",\nweitere sind für zukünftige Releases geplant. Die Unterstützung neuer Sprachen\nund Dateiformate ist jetzt einfacher, weil der Analyzer Lockfiles und\nDependency-Graphs direkt parst, statt die Build-Toolchain jedes Paketmanagers\nnachzubilden.",[13,145,146,147,150,151,154],{},"Wenn kein unterstütztes Lockfile oder Dependency-Graph verfügbar ist, fällt der\nAnalyzer auf das Parsen von Manifest-Dateien wie ",[89,148,149],{},"pom.xml",", ",[89,152,153],{},"requirements.txt","\nund Gradle-Build-Dateien zurück. Damit werden direkte Abhängigkeiten, aber\nkeine transitiven erkannt – die Abdeckung ist damit weniger vollständig als bei\neinem Lockfile-basierten Scan. Lockfiles bleiben der empfohlene Ansatz, aber\ndas Manifest-Parsing gibt Teams einen Einstiegspunkt für Projekte, die noch\nkein Lockfile haben.",[42,156,158],{"id":157},"dependency-scanning-einmal-konfigurieren-überall-durchsetzen","Dependency Scanning einmal konfigurieren, überall durchsetzen",[13,160,161],{},"Mit wachsender Projektzahl wird die manuelle Konfiguration von Scannern über\njedes Projekt hinweg zur erheblichen operationellen Last. Projekte werden\nübergangen, Konfigurationen driften auseinander, und Audits fördern Lücken\nzutage, von denen niemand wusste.",[13,163,164,165,170],{},"GitLab 19.0 liefert ein\n",[17,166,169],{"href":167,"rel":168},"https://docs.gitlab.com/user/application_security/configuration/security_configuration_profiles/",[],"Security-Configuration-Profile","\nfür Dependency Scanning. Security- und Platform-Teams konfigurieren das Scanning\neinmalig und wenden es auf Hunderte von Projekten an, statt jede Pipeline von\nHand zu bearbeiten.",[13,172,173,174,179,180,185,186,189],{},"Mit\n",[17,175,178],{"href":176,"rel":177},"https://docs.gitlab.com/user/application_security/policies/scan_execution_policies/",[],"Scan Execution Policies","\nund\n",[17,181,184],{"href":182,"rel":183},"https://docs.gitlab.com/user/application_security/policies/pipeline_execution_policies/",[],"Pipeline Execution Policies","\nlassen sich diese Sicherheitsstandards verbindlich machen. Sie ermöglichen die\nDurchsetzung von Dependency Scanning über mehrere Projekte hinweg, ohne eine\neinzige ",[89,187,188],{},".gitlab-ci.yml","-Datei anzufassen. Die Anforderung einmal auf Group-\noder Instanz-Ebene definiert – und die Richtlinie gilt überall automatisch.",[42,191,193],{"id":192},"jetzt-starten","Jetzt starten",[13,195,196],{},"SBOM-basiertes Dependency Scanning ist für GitLab-Ultimate-Kunden verfügbar.\nDas Feature ist auf GitLab.com aktiv und wird für GitLab Dedicated und\nselbstverwaltete Kunden im regulären Release-Rhythmus ausgerollt.",[13,198,199,200,205],{},"Teams, die vom Gemnasium-Dependency-Scanner migrieren, können beide Analyzer\nwährend der Umstellung parallel betreiben. Der\n",[17,201,204],{"href":202,"rel":203},"https://docs.gitlab.com/user/application_security/dependency_scanning/migration_guide_to_sbom_based_scans/",[],"Migrationsleitfaden","\nführt durch den Wechsel, einschließlich des Ergebnisvergleichs zwischen beiden.",[13,207,208,209,214,215,219],{},"Für einen Neustart steht das\n",[17,210,213],{"href":211,"rel":212},"https://docs.gitlab.com/tutorials/dependency_scanning_by_sbom/",[],"Setup-Tutorial","\nmit Schritt-für-Schritt-Anleitung zur Verfügung. Die\n",[17,216,218],{"href":37,"rel":217},[],"technische Dokumentation","\ndeckt Konfiguration, unterstützte Sprachen und erweiterte Optionen ab.",[13,221,222,223,228],{},"Wünsche und Ideen zum Dependency Scanning bitte im\n",[17,224,227],{"href":225,"rel":226},"https://gitlab.com/gitlab-org/gitlab/-/work_items/523458",[],"Feedback-Epic"," teilen.",[42,230,232],{"id":231},"weitere-informationen-zu-gitlab-190","Weitere Informationen zu GitLab 19.0",[234,235,236,244,251,258,265],"ul",{},[237,238,239],"li",{},[17,240,243],{"href":241,"rel":242},"https://about.gitlab.com/de-de/blog/secrets-manager-in-public-beta/",[],"CI/CD-Credentials mit GitLab Secrets Manager verwalten",[237,245,246],{},[17,247,250],{"href":248,"rel":249},"https://about.gitlab.com/de-de/blog/transform-mrs-to-automated-workflow/",[],"MRs von manuellen Aufgaben zu automatisierten Workflows transformieren",[237,252,253],{},[17,254,257],{"href":255,"rel":256},"https://about.gitlab.com/de-de/blog/track-ci-component-usage/",[],"CI-Komponentennutzung in der Organisation nachverfolgen",[237,259,260],{},[17,261,264],{"href":262,"rel":263},"https://about.gitlab.com/de-de/blog/more-ai-models-for-duo-agent-platform-self-hosted/",[],"Mehr KI-Modelle für GitLab Duo Agent Platform Self-Hosted",[237,266,267],{},[17,268,271],{"href":269,"rel":270},"https://about.gitlab.com/de-de/blog/security-configuration-profiles/",[],"Vollständige Security-Scanner-Abdeckung der Codebase in Minuten",{"title":273,"searchDepth":274,"depth":274,"links":275},"",2,[276,277,278,279,280,281,282],{"id":44,"depth":274,"text":45},{"id":76,"depth":274,"text":77},{"id":115,"depth":274,"text":116},{"id":133,"depth":274,"text":134},{"id":157,"depth":274,"text":158},{"id":192,"depth":274,"text":193},{"id":231,"depth":274,"text":232},"security","2026-05-26","Transitive Abhängigkeiten erkennen, ihren Ursprung nachverfolgen und nach realer Exposition priorisieren.","md",null,false,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1779189265/iqzyhhiwagxzwywvjzow.png",{},true,"/de-de/blog/sbom-based-dependency-scanning",{"config":294,"title":5,"description":285},{"noIndex":288},"sbom-based-dependency-scanning","de-de/blog/sbom-based-dependency-scanning",[283,298,299],"features","product","BlogPost","94OmjX00JtBoAUf3Ac6m1TdSpa2VL76DW9nWSMCbZFQ",{"logo":303,"freeTrial":308,"sales":313,"login":318,"items":323,"search":640,"minimal":674,"duo":692,"switchNav":701,"pricingDeployment":712},{"config":304},{"href":305,"dataGaName":306,"dataGaLocation":307},"/de-de/","gitlab logo","header",{"text":309,"config":310},"Kostenlose Testversion anfordern",{"href":311,"dataGaName":312,"dataGaLocation":307},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de&glm_content=default-saas-trial/","free trial",{"text":314,"config":315},"Vertrieb kontaktieren",{"href":316,"dataGaName":317,"dataGaLocation":307},"/de-de/sales/","sales",{"text":319,"config":320},"Anmelden",{"href":321,"dataGaName":322,"dataGaLocation":307},"https://gitlab.com/users/sign_in/","sign in",[324,353,455,460,564,620],{"text":325,"config":326,"menu":328},"Plattform",{"dataNavLevelOne":327},"platform",{"type":329,"columns":330},"cards",[331,337,345],{"title":325,"description":332,"link":333},"Die intelligente Orchestrierungsplattform für DevSecOps",{"text":334,"config":335},"Die Plattform erkunden",{"href":336,"dataGaName":327,"dataGaLocation":307},"/de-de/platform/",{"title":338,"description":339,"link":340},"GitLab Duo Agent Platform","Agentische KI für den gesamten Software-Lebenszyklus",{"text":341,"config":342},"Lerne GitLab Duo kennen",{"href":343,"dataGaName":344,"dataGaLocation":307},"/de-de/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":346,"description":347,"link":348},"Warum GitLab?","Erfahre, warum sich Unternehmen für GitLab entscheiden",{"text":349,"config":350},"Mehr erfahren",{"href":351,"dataGaName":352,"dataGaLocation":307},"/de-de/why-gitlab/","why gitlab",{"text":354,"left":291,"config":355,"menu":357},"Produkt",{"dataNavLevelOne":356},"solutions",{"type":358,"link":359,"columns":363,"feature":434},"lists",{"text":360,"config":361},"Alle Lösungen anzeigen",{"href":362,"dataGaName":356,"dataGaLocation":307},"/de-de/solutions/",[364,389,412],{"title":365,"description":366,"link":367,"items":372},"Automatisierung","CI/CD und Automatisierung zur Beschleunigung der Bereitstellung",{"config":368},{"icon":369,"href":370,"dataGaName":371,"dataGaLocation":307},"AutomatedCodeAlt","/de-de/solutions/delivery-automation/","automated software delivery",[373,377,380,385],{"text":374,"config":375},"CI/CD",{"href":376,"dataGaLocation":307,"dataGaName":374},"/de-de/solutions/continuous-integration/",{"text":338,"config":378},{"href":343,"dataGaLocation":307,"dataGaName":379},"gitlab duo agent platform - product menu",{"text":381,"config":382},"Quellcodeverwaltung",{"href":383,"dataGaLocation":307,"dataGaName":384},"/de-de/solutions/source-code-management/","Source Code Management",{"text":386,"config":387},"Automatische Softwarebereitstellung",{"href":370,"dataGaLocation":307,"dataGaName":388},"Automated software delivery",{"title":390,"description":391,"link":392,"items":397},"Sicherheit","Entwickle Code schneller ohne Abstriche bei der Sicherheit",{"config":393},{"href":394,"dataGaName":395,"dataGaLocation":307,"icon":396},"/de-de/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[398,402,407],{"text":399,"config":400},"Anwendungssicherheitstests",{"href":394,"dataGaName":401,"dataGaLocation":307},"Application security testing",{"text":403,"config":404},"Sicherheit der Software-Lieferkette",{"href":405,"dataGaLocation":307,"dataGaName":406},"/de-de/solutions/supply-chain/","Software supply chain security",{"text":408,"config":409},"Software-Compliance",{"href":410,"dataGaName":411,"dataGaLocation":307},"/de-de/solutions/software-compliance/","software compliance",{"title":413,"link":414,"items":419},"Messung",{"config":415},{"icon":416,"href":417,"dataGaName":418,"dataGaLocation":307},"DigitalTransformation","/de-de/solutions/visibility-measurement/","visibility and measurement",[420,424,429],{"text":421,"config":422},"Sichtbarkeit und Messung",{"href":417,"dataGaLocation":307,"dataGaName":423},"Visibility and Measurement",{"text":425,"config":426},"Wertstrommanagement",{"href":427,"dataGaLocation":307,"dataGaName":428},"/de-de/solutions/value-stream-management/","Value Stream Management",{"text":430,"config":431},"Analysen und Einblicke",{"href":432,"dataGaLocation":307,"dataGaName":433},"/de-de/solutions/analytics-and-insights/","Analytics and insights",{"title":435,"type":358,"items":436},"GitLab für",[437,443,449],{"text":438,"config":439},"Enterprise",{"icon":440,"href":441,"dataGaLocation":307,"dataGaName":442},"Building","/de-de/enterprise/","enterprise",{"text":444,"config":445},"Kleinunternehmen",{"icon":446,"href":447,"dataGaLocation":307,"dataGaName":448},"Work","/de-de/small-business/","small business",{"text":450,"config":451},"Öffentlicher Sektor",{"icon":452,"href":453,"dataGaLocation":307,"dataGaName":454},"Organization","/de-de/solutions/public-sector/","public sector",{"text":456,"config":457},"Preise",{"href":458,"dataGaName":459,"dataGaLocation":307,"dataNavLevelOne":459},"/de-de/pricing/","pricing",{"text":461,"config":462,"menu":464},"Ressourcen",{"dataNavLevelOne":463},"resources",{"type":358,"link":465,"columns":469,"feature":553},{"text":466,"config":467},"Alle Ressourcen anzeigen",{"href":468,"dataGaName":463,"dataGaLocation":307},"/de-de/resources/",[470,503,525],{"title":471,"items":472},"Erste Schritte",[473,478,483,488,493,498],{"text":474,"config":475},"Installieren",{"href":476,"dataGaName":477,"dataGaLocation":307},"/de-de/install/","install",{"text":479,"config":480},"Kurzanleitungen",{"href":481,"dataGaName":482,"dataGaLocation":307},"/de-de/get-started/","quick setup checklists",{"text":484,"config":485},"Lernen",{"href":486,"dataGaLocation":307,"dataGaName":487},"https://university.gitlab.com/","learn",{"text":489,"config":490},"Produktdokumentation",{"href":491,"dataGaName":492,"dataGaLocation":307},"https://docs.gitlab.com/","product documentation",{"text":494,"config":495},"Best-Practice-Videos",{"href":496,"dataGaName":497,"dataGaLocation":307},"/de-de/getting-started-videos/","best practice videos",{"text":499,"config":500},"Integrationen",{"href":501,"dataGaName":502,"dataGaLocation":307},"/de-de/integrations/","integrations",{"title":504,"items":505},"Entdecken",[506,511,516,520],{"text":507,"config":508},"Kundenerfolge",{"href":509,"dataGaName":510,"dataGaLocation":307},"/de-de/customers/","customer success stories",{"text":512,"config":513},"Blog",{"href":514,"dataGaName":515,"dataGaLocation":307},"/de-de/blog/","blog",{"text":517,"config":518},"The Source",{"href":519,"dataGaName":515,"dataGaLocation":307},"/de-de/the-source/",{"text":521,"config":522},"Remote",{"href":523,"dataGaName":524,"dataGaLocation":307},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":526,"items":527},"Vernetzen",[528,533,538,543,548],{"text":529,"config":530},"GitLab-Services",{"href":531,"dataGaName":532,"dataGaLocation":307},"/de-de/services/","services",{"text":534,"config":535},"Community",{"href":536,"dataGaName":537,"dataGaLocation":307},"/community/","community",{"text":539,"config":540},"Forum",{"href":541,"dataGaName":542,"dataGaLocation":307},"https://forum.gitlab.com/","forum",{"text":544,"config":545},"Veranstaltungen",{"href":546,"dataGaName":547,"dataGaLocation":307},"/events/","events",{"text":549,"config":550},"Partner",{"href":551,"dataGaName":552,"dataGaLocation":307},"/de-de/partners/","partners",{"config":554,"title":557,"text":558,"link":559},{"background":555,"textColor":556},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","Neues bei GitLab","Über die neuesten Funktionen und Verbesserungen auf dem Laufenden bleiben.",{"text":560,"config":561},"Aktuelle Nachrichten",{"href":562,"dataGaName":563,"dataGaLocation":307},"/de-de/whats-new/","whats new",{"text":565,"config":566,"menu":568},"Company",{"dataNavLevelOne":567},"company",{"type":358,"columns":569},[570],{"items":571},[572,577,583,585,590,595,600,605,610,615],{"text":573,"config":574},"Über",{"href":575,"dataGaName":576,"dataGaLocation":307},"/de-de/company/","about",{"text":578,"config":579,"footerGa":582},"Karriere",{"href":580,"dataGaName":581,"dataGaLocation":307},"/jobs/","jobs",{"dataGaName":581},{"text":544,"config":584},{"href":546,"dataGaName":547,"dataGaLocation":307},{"text":586,"config":587},"Geschäftsführung",{"href":588,"dataGaName":589,"dataGaLocation":307},"/company/team/e-group/","leadership",{"text":591,"config":592},"Handbuch",{"href":593,"dataGaName":594,"dataGaLocation":307},"https://handbook.gitlab.com/","handbook",{"text":596,"config":597},"Investor Relations",{"href":598,"dataGaName":599,"dataGaLocation":307},"https://ir.gitlab.com/","investor relations",{"text":601,"config":602},"Trust Center",{"href":603,"dataGaName":604,"dataGaLocation":307},"/de-de/security/","trust center",{"text":606,"config":607},"AI Transparency Center",{"href":608,"dataGaName":609,"dataGaLocation":307},"/de-de/ai-transparency-center/","ai transparency center",{"text":611,"config":612},"Newsletter",{"href":613,"dataGaName":614,"dataGaLocation":307},"/company/contact/#contact-forms","newsletter",{"text":616,"config":617},"Presse",{"href":618,"dataGaName":619,"dataGaLocation":307},"/press/","press",{"text":621,"config":622,"menu":623},"Kontakt",{"dataNavLevelOne":567},{"type":358,"columns":624},[625],{"items":626},[627,630,635],{"text":314,"config":628},{"href":316,"dataGaName":629,"dataGaLocation":307},"talk to sales",{"text":631,"config":632},"Support-Portal",{"href":633,"dataGaName":634,"dataGaLocation":307},"https://support.gitlab.com","support portal",{"text":636,"config":637},"Kundenportal",{"href":638,"dataGaName":639,"dataGaLocation":307},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":641,"login":642,"suggestions":649},"Schließen",{"text":643,"link":644},"Um Repositorys und Projekte zu durchsuchen, melde dich an bei",{"text":645,"config":646},"gitlab.com",{"href":321,"dataGaName":647,"dataGaLocation":648},"search login","search",{"text":650,"default":651},"Vorschläge",[652,654,659,661,666,671],{"text":338,"config":653},{"href":343,"dataGaName":338,"dataGaLocation":648},{"text":655,"config":656},"Codevorschläge (KI)",{"href":657,"dataGaName":658,"dataGaLocation":648},"/de-de/solutions/code-suggestions/","Code Suggestions (AI)",{"text":374,"config":660},{"href":376,"dataGaName":374,"dataGaLocation":648},{"text":662,"config":663},"GitLab auf AWS",{"href":664,"dataGaName":665,"dataGaLocation":648},"/de-de/partners/technology-partners/aws/","GitLab on AWS",{"text":667,"config":668},"GitLab auf Google Cloud",{"href":669,"dataGaName":670,"dataGaLocation":648},"/de-de/partners/technology-partners/google-cloud-platform/","GitLab on Google Cloud",{"text":346,"config":672},{"href":351,"dataGaName":673,"dataGaLocation":648},"Why GitLab?",{"freeTrial":675,"mobileIcon":680,"desktopIcon":685,"secondaryButton":688},{"text":676,"config":677},"Kostenlos testen",{"href":678,"dataGaName":312,"dataGaLocation":679},"https://gitlab.com/-/trials/new/","nav",{"altText":681,"config":682},"GitLab-Symbol",{"src":683,"dataGaName":684,"dataGaLocation":679},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":681,"config":686},{"src":687,"dataGaName":684,"dataGaLocation":679},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":471,"config":689},{"href":690,"dataGaName":691,"dataGaLocation":679},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de/get-started/","get started",{"freeTrial":693,"mobileIcon":697,"desktopIcon":699},{"text":694,"config":695},"Mehr über GitLab Duo erfahren",{"href":343,"dataGaName":696,"dataGaLocation":679},"gitlab duo",{"altText":681,"config":698},{"src":683,"dataGaName":684,"dataGaLocation":679},{"altText":681,"config":700},{"src":687,"dataGaName":684,"dataGaLocation":679},{"button":702,"mobileIcon":707,"desktopIcon":709},{"text":703,"config":704},"/Option",{"href":705,"dataGaName":706,"dataGaLocation":679},"#contact","switch",{"altText":681,"config":708},{"src":683,"dataGaName":684,"dataGaLocation":679},{"altText":681,"config":710},{"src":711,"dataGaName":684,"dataGaLocation":679},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":713,"mobileIcon":718,"desktopIcon":720},{"text":714,"config":715},"Zurück zur Preisübersicht",{"href":458,"dataGaName":716,"dataGaLocation":679,"icon":717},"back to pricing","GoBack",{"altText":681,"config":719},{"src":683,"dataGaName":684,"dataGaLocation":679},{"altText":681,"config":721},{"src":687,"dataGaName":684,"dataGaLocation":679},{"title":723,"button":724,"config":729},"Sieh dir an, wie agentische KI die Softwarebereitstellung transformiert",{"text":725,"config":726},"Jetzt live bei GitLab Transcend am 10. Juni dabei sein",{"href":727,"dataGaName":728,"dataGaLocation":307},"/de-de/events/transcend/virtual/","transcend event",{"layout":730,"disabled":288},"release",{"data":732},{"text":733,"source":734,"edit":740,"contribute":745,"config":750,"items":755,"minimal":961},"Git ist eine Marke von Software Freedom Conservancy und unsere Verwendung von „GitLab“ erfolgt unter Lizenz.",{"text":735,"config":736},"Quelltext der Seite anzeigen",{"href":737,"dataGaName":738,"dataGaLocation":739},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":741,"config":742},"Diese Seite bearbeiten",{"href":743,"dataGaName":744,"dataGaLocation":739},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":746,"config":747},"Beteilige dich",{"href":748,"dataGaName":749,"dataGaLocation":739},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":751,"facebook":752,"youtube":753,"linkedin":754},"https://x.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[756,801,854,896,927],{"title":456,"links":757,"subMenu":772},[758,762,767],{"text":759,"config":760},"Tarife anzeigen",{"href":458,"dataGaName":761,"dataGaLocation":739},"view plans",{"text":763,"config":764},"Vorteile von Premium",{"href":765,"dataGaName":766,"dataGaLocation":739},"/de-de/pricing/premium/","why premium",{"text":768,"config":769},"Vorteile von Ultimate",{"href":770,"dataGaName":771,"dataGaLocation":739},"/de-de/pricing/ultimate/","why ultimate",[773],{"title":621,"links":774},[775,777,779,781,786,791,796],{"text":314,"config":776},{"href":316,"dataGaName":317,"dataGaLocation":739},{"text":631,"config":778},{"href":633,"dataGaName":634,"dataGaLocation":739},{"text":636,"config":780},{"href":638,"dataGaName":639,"dataGaLocation":739},{"text":782,"config":783},"Status",{"href":784,"dataGaName":785,"dataGaLocation":739},"https://status.gitlab.com/","status",{"text":787,"config":788},"Nutzungsbedingungen",{"href":789,"dataGaName":790,"dataGaLocation":739},"/terms/","terms of use",{"text":792,"config":793},"Datenschutzerklärung",{"href":794,"dataGaName":795,"dataGaLocation":739},"/de-de/privacy/","privacy statement",{"text":797,"config":798},"Cookie-Einstellungen",{"dataGaName":799,"dataGaLocation":739,"id":800,"isOneTrustButton":291},"cookie preferences","ot-sdk-btn",{"title":354,"links":802,"subMenu":811},[803,807],{"text":804,"config":805},"DevSecOps-Plattform",{"href":336,"dataGaName":806,"dataGaLocation":739},"devsecops platform",{"text":808,"config":809},"KI-unterstützte Entwicklung",{"href":343,"dataGaName":810,"dataGaLocation":739},"ai-assisted development",[812],{"title":813,"links":814},"Themen",[815,819,824,829,834,839,844,849],{"text":374,"config":816},{"href":817,"dataGaName":818,"dataGaLocation":739},"/de-de/topics/ci-cd/","cicd",{"text":820,"config":821},"GitOps",{"href":822,"dataGaName":823,"dataGaLocation":739},"/de-de/topics/gitops/","gitops",{"text":825,"config":826},"DevOps",{"href":827,"dataGaName":828,"dataGaLocation":739},"/de-de/topics/devops/","devops",{"text":830,"config":831},"Versionskontrolle",{"href":832,"dataGaName":833,"dataGaLocation":739},"/de-de/topics/version-control/","version control",{"text":835,"config":836},"DevSecOps",{"href":837,"dataGaName":838,"dataGaLocation":739},"/de-de/topics/devsecops/","devsecops",{"text":840,"config":841},"Cloud-nativ",{"href":842,"dataGaName":843,"dataGaLocation":739},"/de-de/topics/cloud-native/","cloud native",{"text":845,"config":846},"KI für das Programmieren",{"href":847,"dataGaName":848,"dataGaLocation":739},"/de-de/topics/devops/ai-for-coding/","ai for coding",{"text":850,"config":851},"Agentische KI",{"href":852,"dataGaName":853,"dataGaLocation":739},"/de-de/topics/agentic-ai/","agentic ai",{"title":855,"links":856},"Lösungen",[857,860,862,867,871,874,877,880,882,884,886,891],{"text":399,"config":858},{"href":394,"dataGaName":859,"dataGaLocation":739},"Application Security Testing",{"text":386,"config":861},{"href":370,"dataGaName":371,"dataGaLocation":739},{"text":863,"config":864},"Agile Entwicklung",{"href":865,"dataGaName":866,"dataGaLocation":739},"/de-de/solutions/agile-delivery/","agile delivery",{"text":868,"config":869},"SCM",{"href":383,"dataGaName":870,"dataGaLocation":739},"source code management",{"text":374,"config":872},{"href":376,"dataGaName":873,"dataGaLocation":739},"continuous integration & delivery",{"text":425,"config":875},{"href":427,"dataGaName":876,"dataGaLocation":739},"value stream management",{"text":820,"config":878},{"href":879,"dataGaName":823,"dataGaLocation":739},"/de-de/solutions/gitops/",{"text":438,"config":881},{"href":441,"dataGaName":442,"dataGaLocation":739},{"text":444,"config":883},{"href":447,"dataGaName":448,"dataGaLocation":739},{"text":450,"config":885},{"href":453,"dataGaName":454,"dataGaLocation":739},{"text":887,"config":888},"Bildungswesen",{"href":889,"dataGaName":890,"dataGaLocation":739},"/de-de/solutions/education/","education",{"text":892,"config":893},"Finanzdienstleistungen",{"href":894,"dataGaName":895,"dataGaLocation":739},"/de-de/solutions/finance/","financial services",{"title":461,"links":897},[898,900,902,904,907,909,912,914,916,919,921,923,925],{"text":474,"config":899},{"href":476,"dataGaName":477,"dataGaLocation":739},{"text":479,"config":901},{"href":481,"dataGaName":482,"dataGaLocation":739},{"text":484,"config":903},{"href":486,"dataGaName":487,"dataGaLocation":739},{"text":489,"config":905},{"href":491,"dataGaName":906,"dataGaLocation":739},"docs",{"text":512,"config":908},{"href":514,"dataGaName":515,"dataGaLocation":739},{"text":910,"config":911},"Neuigkeiten",{"href":562,"dataGaName":563,"dataGaLocation":739},{"text":507,"config":913},{"href":509,"dataGaName":510,"dataGaLocation":739},{"text":521,"config":915},{"href":523,"dataGaName":524,"dataGaLocation":739},{"text":917,"config":918},"GitLab Services",{"href":531,"dataGaName":532,"dataGaLocation":739},{"text":534,"config":920},{"href":536,"dataGaName":537,"dataGaLocation":739},{"text":539,"config":922},{"href":541,"dataGaName":542,"dataGaLocation":739},{"text":544,"config":924},{"href":546,"dataGaName":547,"dataGaLocation":739},{"text":549,"config":926},{"href":551,"dataGaName":552,"dataGaLocation":739},{"title":928,"links":929},"Unternehmen",[930,932,934,936,938,940,945,950,952,954,956],{"text":573,"config":931},{"href":575,"dataGaName":567,"dataGaLocation":739},{"text":578,"config":933},{"href":580,"dataGaName":581,"dataGaLocation":739},{"text":586,"config":935},{"href":588,"dataGaName":589,"dataGaLocation":739},{"text":591,"config":937},{"href":593,"dataGaName":594,"dataGaLocation":739},{"text":596,"config":939},{"href":598,"dataGaName":599,"dataGaLocation":739},{"text":941,"config":942},"Nachhaltigkeit",{"href":943,"dataGaName":944,"dataGaLocation":739},"/sustainability/","Sustainability",{"text":946,"config":947},"Vielfalt, Inklusion und Zugehörigkeit",{"href":948,"dataGaName":949,"dataGaLocation":739},"/de-de/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":601,"config":951},{"href":603,"dataGaName":604,"dataGaLocation":739},{"text":611,"config":953},{"href":613,"dataGaName":614,"dataGaLocation":739},{"text":616,"config":955},{"href":618,"dataGaName":619,"dataGaLocation":739},{"text":957,"config":958},"Transparenzerklärung zu moderner Sklaverei",{"href":959,"dataGaName":960,"dataGaLocation":739},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":962},[963,965,968],{"text":787,"config":964},{"href":789,"dataGaName":790,"dataGaLocation":739},{"text":966,"config":967},"Cookies",{"dataGaName":799,"dataGaLocation":739,"id":800,"isOneTrustButton":291},{"text":792,"config":969},{"href":794,"dataGaName":795,"dataGaLocation":739},[971,985],{"id":972,"title":7,"body":287,"config":973,"content":975,"description":287,"extension":979,"meta":980,"navigation":291,"path":981,"seo":982,"stem":983,"__hash__":984},"blogAuthors/en-us/blog/authors/mark-settle.yml",{"template":974},"BlogAuthor",{"name":7,"config":976},{"headshot":977,"ctfId":978},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1779215794/fw131xublkzdvjdadd4q.png","marksettle","yml",{},"/en-us/blog/authors/mark-settle",{},"en-us/blog/authors/mark-settle","aur3jcqDyhashUtyXhd1W7N3ZrN09waCQv135AABEt4",{"id":986,"title":8,"body":287,"config":987,"content":988,"description":287,"extension":979,"meta":991,"navigation":291,"path":992,"seo":993,"stem":994,"__hash__":995},"blogAuthors/en-us/blog/authors/joel-patterson.yml",{"template":974},{"name":8,"config":989},{"headshot":990},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1779470299/ogjvh6vwl4jv6g69mjzl.jpg",{},"/en-us/blog/authors/joel-patterson",{},"en-us/blog/authors/joel-patterson","d20r_vnYvJS-Lm4joe8-19EJbQDBUfE59dcCRokaeA4",[997,1002,1009],{"title":271,"description":998,"heroImage":289,"category":283,"date":284,"authors":999,"slug":1001,"externalUrl":287},"Security Configuration Profiles ermöglichen schnellere Scanner-Rollouts. Wie GitLab 19.0 Tausende von Projekten in Minuten abdeckt – ohne Lücken.",[1000],"Michael Omokoh","security-configuration-profiles",{"title":1003,"description":1004,"heroImage":289,"category":283,"date":1005,"authors":1006,"slug":1008,"externalUrl":287},"CI/CD-Zugangsdaten absichern mit GitLab Secrets Manager","Secrets Manager (Public Beta): Job-Scoping, Least-Privilege-Zugriffsmodell und lückenloser Audit-Trail – nativ in GitLab 19.0.","2026-05-21",[1007,7],"Joe Randazzo","secrets-manager-in-public-beta",{"title":1010,"description":1011,"heroImage":1012,"category":283,"date":1013,"authors":1014,"slug":1016,"externalUrl":287},"Irreführende CVSS-Scores automatisch korrigieren – 5 Richtlinienmuster","CVSS-Scores spiegeln das tatsächliche Risiko nicht wider. Severity-Override-Richtlinien in GitLab automatisieren Korrekturen nach CVE, CWE und Verzeichnis.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772630163/akp8ly2mrsfrhsb0liyb.png","2026-05-13",[1015],"Grant Hickman","severity-override-vulnerability-management-policy",{"promotions":1018},[1019,1033,1044,1055],{"id":1020,"categories":1021,"header":1023,"text":1024,"button":1025,"image":1030},"ai-modernization",[1022],"ai","Hält KI, was uns versprochen wurde?","Das Quiz dauert maximal 5 Minuten.",{"text":1026,"config":1027},"Ermittle deinen KI-Reifegrad",{"href":1028,"dataGaName":1029,"dataGaLocation":515},"/de-de/assessments/ai-modernization-assessment/","modernization assessment",{"config":1031},{"src":1032},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":1034,"categories":1035,"header":1036,"text":1024,"button":1037,"image":1041},"devops-modernization",[299,838],"Verwaltest du Tool-Chaos oder stellst du Innovationen bereit?",{"text":1038,"config":1039},"Ermittle deinen DevOps-Reifegrad",{"href":1040,"dataGaName":1029,"dataGaLocation":515},"/de-de/assessments/devops-modernization-assessment/",{"config":1042},{"src":1043},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":1045,"categories":1046,"header":1047,"text":1024,"button":1048,"image":1052},"security-modernization",[283],"Tauschst du Schnelligkeit gegen Sicherheit ein?",{"text":1049,"config":1050},"Ermittle deinen Sicherheitsreifegrad",{"href":1051,"dataGaName":1029,"dataGaLocation":515},"/de-de/assessments/security-modernization-assessment/",{"config":1053},{"src":1054},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":1056,"paths":1057,"header":1060,"text":1061,"button":1062,"image":1067},"github-azure-migration",[1058,1059],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Ist dein Team bereit für den Umzug von GitHub nach Azure?","GitHub stellt bereits auf Azure um. Finde heraus, was das für dich bedeutet.",{"text":1063,"config":1064},"Erfahre, wie GitLab im Vergleich zu GitHub abschneidet",{"href":1065,"dataGaName":1066,"dataGaLocation":515},"/de-de/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":1068},{"src":1043},{"header":1070,"blurb":1071,"button":1072,"secondaryButton":1077},"Beginne noch heute, schneller zu entwickeln","Entdecke, was dein Team mit der intelligenten Orchestrierungsplattform für DevSecOps erreichen kann.\n",{"text":1073,"config":1074},"Kostenlosen Test starten",{"href":1075,"dataGaName":312,"dataGaLocation":1076},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/de-de/","feature",{"text":314,"config":1078},{"href":316,"dataGaName":317,"dataGaLocation":1076},1781392656732]