[{"data":1,"prerenderedAt":703},["ShallowReactive",2],{"/en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard/":3,"navigation-en-us":32,"banner-en-us":449,"footer-en-us":464,"Fernando Diaz":675,"next-steps-en-us":688},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":22,"_id":25,"_type":26,"title":27,"_source":28,"_file":29,"_stem":30,"_extension":31},"/en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Secure open source container infrastructure with GitLab and Chainguard","Learn how GitLab + Chainguard can help deliver secure containerized applications faster. This tutorial includes easy-to-follow code examples.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098693/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2823%29_2w6waL76KROjhJHM2vXet6_1750098693265.png","https://about.gitlab.com/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Secure open source container infrastructure with GitLab and Chainguard\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Fernando Diaz\"}],\n        \"datePublished\": \"2024-09-09\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21},[18],"Fernando Diaz","2024-09-09","Container technology, which creates consistent environments and streamlines deployment processes, is incredibly beneficial for software development. Containers contribute to faster development cycles, more efficient resource utilization, and greater flexibility in application management.\n\nSome of that efficiency can be lost, though, if organizations reinvent the wheel with each software development project. Instead, a base image should serve as the starting point for building other container images. These base images contain a bare minimum OS, essential tools, ensured compatibility, reduced image size, and other advantages.\n\nWhile base images provide a lot of value, they do have risks. It’s easy for your application to be compromised due to:\n\n- __Large attack surface:__ Base images may include extraneous packages, which could increase the attack surface.\n- __Unmanaged dependencies:__ Many dependencies in container images are not frequently updated and can be filled with vulnerabilities.\n- __Severe and unknown vulnerabilities:__ There's a high risk of severe and unknown vulnerabilities present in a base image, even in known public registries.\n- __Misconfiguration:__ Base images may be misconfigured or contain a standard configuration that contains hard-coded secrets and can lead to unauthorized access.\n\nGitLab and Chainguard provide several solutions to address these risks, including Hardened Base Images, Container Signing, and Vulnerability Scanning and Management. In this article, you'll learn how these features can be implemented to prevent breaches via containerized applications.\n\n## Chainguard’s minimal, hardened container images with low-to-no CVEs\n\nChainguard Images offer several key benefits that make them essential for organizations prioritizing security:\n\n- __Low-to-no vulnerabilities (out of the box and Day Two):__ Chainguard images are the product of a Linux distro and toolchain purposely built from the ground up to distribute patched open source software fast. \n- **Reduced attack surface:** Hardened images remove unnecessary components, libraries, and tools, significantly reducing potential entry points for attackers. This minimization of the attack surface makes it more difficult for malicious actors to exploit vulnerabilities.\n- __Improved compliance:__ Many industries have strict security regulations. Hardened images, especially those designed to meet [FIPS hardening standards](https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips) and to include a security technical implementation guide, or STIG, help organizations meet compliance requirements like [FedRAMP](https://about.gitlab.com/solutions/public-sector/fedramp/), PCI-DSS, etc., by adhering to security best practices and standards.\n- __Enhanced runtime security:__ Properly hardened images are less likely to be compromised during runtime, providing better protection for the applications and data they contain.\n- __Increased operational efficiency:__ Minimal images are typically smaller in size, leading to faster deployment times and reduced resource consumption.\n\nChainguard provides more than 833 minimal, hardened images that can be easily built, shipped, and run. Container images can all be stored and managed directly in GitLab Container Registry. These solutions greatly minimize container security complexity.\n\n## Chainguard image library\n\nThe [Chainguard](https://images.chainguard.dev/) directory provides hardened, minimal container images to help developers build software from the onset. With 97.6% fewer vulnerabilities than the average image, Chainguard Images help organizations swiftly reach container security compliance goals like [NIST 800-53](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final), FedRAMP, or PCI-DSS.\n\n![Chainguard minimal, hardened container images featured section](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/1__1__aHR0cHM6_1750098702263.png)\n\n\u003Ccenter>\u003Ci>Chainguard minimal, hardened container images featured section\u003C/i>\u003C/center>\n\u003Cp>\u003C/p>\n\nThese images can be accessed directly from the Chainguard Directory. All images have the following features:\n- Build time-generated [software bill of materials](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/)\n- [Sigstore-powered attestation and provenance](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html)\n- No vulnerabilities\n- Security advisory feed in [SecDB](https://www.goldmansachs.com/our-firm/history/moments/1993-secdb) and OSV formats\n\n## Using Chainguard container images in GitLab\n\nChainguard container images can be used in the following ways:\n- directly within GitLab to run jobs within a pipeline\n- stored in a Dockerfile in GitLab, which can be created, scanned for vulnerabilities, and pushed directly to the built-in container registry\n\n### Using Chainguard images in a GitLab job\n\nTo use a Chainguard image in a specific GitLab job, within your [`gitlab-ci.yml`](https://docs.gitlab.com/ee/ci/yaml/), simply set the `image` directive under the job definition to the image you wish to use. For example, the following job named `unit-tests` uses `cgr.dev/chainguard/go:latest` as the container image to run the job.\n\n```yaml\nstages:\n  - test\n\nunit-tests:\n  image: cgr.dev/chainguard/go:latest\n  stage: test\n  before_script:\n    - go mod download\n  script:\n    - go test -coverprofile=coverage.out\n  artifacts:\n    paths:\n      - coverage.out\n```\n\n### Using Chainguard images in a Dockerfile\n\nTo use a Chainguard image within a Dockerfile, simply create a Dockerfile in the root directory of your GitLab project. Then set the base image of the Dockerfile to the Chainguard image you wish to use, and add any other required commands:\n\n```dockerfile\nFROM cgr.dev/chainguard/go:latest\n\nWORKDIR /app\nCOPY . .\n\nRUN go mod download\nRUN go build -o /main .\n\nCMD [“/main”]\n```\n\nThen, you can create a job in the [`.gitlab-ci.yml`](https://docs.gitlab.com/ee/ci/yaml/) to log in to the [built-in GitLab Container Registry](https://docs.gitlab.com/ee/user/packages/container_registry/) and push the image:\n\n```yaml\nbuild-app-image:\n  stage: build\n  image: docker:latest\n  services:\n    - docker:dind\n  variables:\n    IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:latest\n  before_script:\n    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\n  script:\n    - docker build -t $IMAGE .\n    - docker push $IMAGE\n```\n\nOnce the job completes, you can see the pushed images in GitLab Container Registry by selecting **Deploy > Container Registry** from your project’s side tab.\n\n![GitLab Container Registry](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/2__1__aHR0cHM6_1750098702268.png)\n\n\u003Ccenter>\u003Ci>GitLab Container Registry\u003C/i>\u003C/center>\n\u003Cp>\u003C/p>\n\n**Note:** GitLab makes it easy to authenticate with the built-in container registry via [reserved CI/CD variables](https://docs.gitlab.com/ee/user/packages/container_registry/authenticate_with_container_registry.html#use-gitlab-cicd-to-authenticate) as seen above.\n\n## Container image signing\n\nSigning container images is a critical security measure to prevent tampering by verifying their authenticity, trust, and integrity:\n\n- **Authenticity:** Ensures the source of the image is trusted by verifying the signature attached to an image with the public key from a trusted certificate authority.\n- **Trust:** Image publishers and users can trust each other, allowing frequent image sharing. \n- **Integrity:** The signature includes a hash that can be checked to ensure the image has not been altered since the signing.\n\nThe Sigstore project provides a CLI called Cosign, which can be used for keyless signing of container images. This eliminates the need to manage safeguards and rotate the private key that will be signing the image. GitLab provides [container-signing](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html) by allowing you to generate a private key via a token obtained from the GitLab server using the [OIDC identity](https://docs.gitlab.com/ee/administration/auth/oidc.html) of the user who ran the job. The token includes unique claims that certify that a CI/CD pipeline generated the token.\n\n![GitLab container image signature details](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/3__1__aHR0cHM6_1750098702270.png)\n\n\u003Ccenter>\u003Ci> GitLab container image signature details\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\nGitLab stores the container signature details in the container registry. A job can then be created to validate the signature against the certificate issuer using Cosign.\n\n# Vulnerability scanning and management\n\nAs you add more application dependencies to a hardened base image to achieve your goals, over time you may introduce vulnerabilities. By enabling security scanning provided by GitLab, you can address these risks as they come and reduce them. Additionally, when these vulnerabilities arise, vulnerability management tools are crucial for managing your security posture.\n\n## Vulnerability scanning and security guardrails\n\nIt's necessary to regularly run security scans to avoid data breaches, reduce service downtime, and prevent loss of brand reputation. Some benefits of running security scans before code is deployed to production include:\n\n- early detection and resolution\n- adherence to regulatory compliance\n- maintaining system uptime\n- building trust with customers\n- assessing and managing risk\n\nGitLab provides several analyzers to scan various parts of your application for security vulnerabilities:\n\n| Scanner Type    | Description     |\n| ---------- | ---------- |\n| [Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/) | Scans static source code for known vulnerabilities (C/C++, Java, Python, Go, JavaScript, and many more languages) |\n| [Dynamic Application Security Testing (DAST)](https://docs.gitlab.com/ee/user/application_security/dast/)       | Runs automated penetration tests to find vulnerabilities in your web applications and APIs as they are running       |\n| [Infrastructure as Code Scanning (IaC)](https://docs.gitlab.com/ee/user/application_security/iac_scanning/) | Scans infrastructure definition files for known vulnerabilities (Terraform, Ansible, AWS Cloudformation, Kubernetes, and many more) |\n| [Container Scanning](https://docs.gitlab.com/ee/user/application_security/container_scanning/) (including image dependencies and licenses)   | Scans container images for known vulnerabilities, including GitLab Container Registry, external container registries, Kubernetes cluster. Container image dependencies and licenses are also scanned and compared to policy |\n| [Dependency Scanning and License Compliance](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/) | Scans your application’s dependencies for known vulnerabilities, including NuGet, Gradle, Maven, pip, npm, yarn, and more. Dependency licenses are also scanned and compared to policy. |\n| [Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/)  | Scans your repository for secrets, such as keys and passwords. Scans all text files regardless of language or framework. Can be set to reject pushes if a secret is detected and can run in browser to warn if you are about to post a potential secret. |\n| [Web API Fuzzing](https://docs.gitlab.com/ee/user/application_security/api_fuzzing/)  | Sets operation parameters to unexpected values to cause unexpected behavior and errors in the API backend  |\n| [Coverage-guided Fuzzing](https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/)  | Sends random inputs to an instrumented version of your application to cause unexpected behavior  |\n\nThese scanners can be easily added to your pipeline by simply importing the appropriate scanner template in your `.gitlab-ci.yml`. For example, to [enable SAST](https://docs.gitlab.com/ee/user/application_security/sast/#configure-sast-in-your-cicd-yaml), simply add the following to your `.gitlab-ci.yml`:\n\n```yaml\nstages:\n  - test\n\ninclude:\n  - template: Jobs/SAST.gitlab-ci.yml\n```\n\nOnce you've enabled the scanners, whenever you create a merge request to commit code from a feature branch into another branch, [scanner results will display directly within the MR](https://docs.gitlab.com/ee/user/application_security/index.html#view-security-scan-information):\n\n![GitLab security scanner findings displayed in MR](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/4_aHR0cHM6_1750098702271.png)\n\n\u003Ccenter>\u003Ci>GitLab security scanner findings displayed in MR\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\nThese results allow developers to quickly assess, prioritize, and mitigate or remediate vulnerabilities by providing the following information:\n- description\n- severity\n- location\n- links and identifiers\n- training\n- solutions\n\n![GitLab security scanner vulnerability details](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/5_aHR0cHM6_1750098702272.png)\n\n\u003Ccenter>\u003Ci>GitLab security scanner vulnerability details\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\nAdditional actions can be taken on a vulnerability, such as:\n- dismissing the vulnerability and providing a reason to allow quicker review from the security team\n- creating an issue to collaborate later on a resolution\n\n**Note:** Scanners can also be configured and/or extended using variables and pipeline directives, just like any other GitLab job.\n\n### Security guardrails\n\nThe scanners mentioned above can be used along with [security policies](https://docs.gitlab.com/ee/user/application_security/policies/) to prevent insecure code from being merged into production and to ensure that the scanners are run on every pipeline. GitLab provides the following security policy types:\n\n- __Merge request approval policy:__  Create rules that check for security vulnerabilities and license compliance before merging a merge request.\n- __Scan execution policy:__ Create rules that enforce security scans for particular branches at a certain time.\n- __Pipeline execution policy:__ Enforce a custom CI/CD configuration to run in project pipelines.\n\nImplementing these policies ensures that when creating an MR, security scans and custom compliance jobs will be run, and that approval will be required if vulnerabilities or incompatible licenses are detected:\n\n![Merge request approval required due to vulnerabilities and incompatible licenses](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/6_aHR0cHM6_1750098702273.png)\n\n\u003Ccenter>\u003Ci>Merge request approval required due to vulnerabilities and incompatible licenses\u003C/i>\u003C/center>\n\n## Vulnerability reports\n\nDetecting vulnerabilities before they make it to production is important, but it is equally important to determine and manage vulnerabilities that make their way into production, so that they can be mitigated accordingly.\n\n[GitLab Vulnerability Report](https://docs.gitlab.com/ee/user/application_security/vulnerability_report/) provides information on all the detected vulnerabilities from scans of the default branch (which may be your staging or production branch):\n\n![Vulnerability report with filters applied](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/7_aHR0cHM6_1750098702274.png)\n\n\u003Ccenter>\u003Ci>Vulnerability report with filters applied\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\nIf you select a vulnerability, you’ll be taken to its vulnerability page, which displays the same vulnerability details as you would see in the MR view. You can use this view to quickly assess, prioritize, and mitigate or remediate vulnerabilities:\n\n![Vulnerability page for improper authorization vulnerability](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/8_aHR0cHM6_1750098702275.png)\n\n\u003Ccenter>\u003Ci>Vulnerability page for improper authorization vulnerability\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\nThe security team can manage vulnerabilities by setting their status to one of the following:\n\n- Detected: The default state for a newly discovered vulnerability.\n- Confirmed: A user has seen this vulnerability and confirmed it is accurate.\n- Dismissed: A user has seen this vulnerability and dismissed it because it is inaccurate or otherwise not to be resolved. Dismissed vulnerabilities are ignored if detected in subsequent scans.\n- Resolved: The vulnerability has been fixed or is no longer present. If a resolved vulnerability is reintroduced and detected again, its record is reinstated and its status set to detected.\n\n## Software bill of materials\n\nA software bill of materials (SBOM) is a comprehensive inventory that lists all the components, dependencies, and associated metadata of a software application. SBOMs are vital for organizations to effectively manage software security, compliance, and supply chain risks.\n\nChainguard provides high-quality, [out-of-the-box SBOMs](https://images.chainguard.dev/directory/image/go/sbom) for their container images in SPDX format. The SBOM can be converted into CycloneDX format and loaded into or compared with the results of GitLab’s dependency list. The [dependency list](https://docs.gitlab.com/ee/user/application_security/dependency_list/) is an SBOM generated from an artifact or the results of the dependency, container, and license scanners:\n\n![Dependency List with some components expanded](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098702/Blog/Content%20Images/Blog/Content%20Images/9_aHR0cHM6_1750098702276.png)\n\n\u003Ccenter>\u003Ci>Dependency List with some components expanded\u003C/i>\u003C/center>\n\n\u003Cp>\u003C/p>\n\nChainguard images meet [SLSA Level 2 requirements](https://slsa.dev/spec/v0.1/levels?ref=fossa.com) and are verified, signed, and attested with signatures. Furthermore, GitLab CI can [generate and produce attestation/provenance metadata](https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-provenance-metadata) for all build artifacts. By using Chainguard with GitLab, you can prevent tampering and provide additional build integrity guarantees.\n\n## Learn more\n\nTo learn more about GitLab and Chainguard, and how we can help enhance your security posture, check out the following resources:\n\n- [GitLab Security and Compliance Solutions](https://about.gitlab.com/solutions/security-compliance/)\n- [GitLab Application Security Documentation](https://docs.gitlab.com/ee/user/application_security/get-started-security.html)\n- [GitLab pricing](https://about.gitlab.com/pricing/)\n- [Chainguard Images](https://www.chainguard.dev/chainguard-images)\n- [Chainguard Compliance and Risk Mitigation](https://www.chainguard.dev/solutions/compliance-and-risk-mitigation)\n- [Chainguard Sales](https://www.chainguard.dev/contact?utm_source=blog&utm_medium=partner&utm_campaign=GitLab_announcement_blog&utm_content=article)\n","security",{"slug":23,"featured":6,"template":24},"secure-open-source-container-infrastructure-with-gitlab-and-chainguard","BlogPost","content:en-us:blog:secure-open-source-container-infrastructure-with-gitlab-and-chainguard.yml","yaml","Secure Open Source Container Infrastructure With Gitlab And Chainguard","content","en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard.yml","en-us/blog/secure-open-source-container-infrastructure-with-gitlab-and-chainguard","yml",{"_path":33,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":35,"_id":445,"_type":26,"title":446,"_source":28,"_file":447,"_stem":448,"_extension":31},"/shared/en-us/main-navigation","en-us",{"logo":36,"freeTrial":41,"sales":46,"login":51,"items":56,"search":386,"minimal":417,"duo":436},{"config":37},{"href":38,"dataGaName":39,"dataGaLocation":40},"/","gitlab logo","header",{"text":42,"config":43},"Get free trial",{"href":44,"dataGaName":45,"dataGaLocation":40},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":47,"config":48},"Talk to sales",{"href":49,"dataGaName":50,"dataGaLocation":40},"/sales/","sales",{"text":52,"config":53},"Sign in",{"href":54,"dataGaName":55,"dataGaLocation":40},"https://gitlab.com/users/sign_in/","sign in",[57,101,197,202,307,367],{"text":58,"config":59,"cards":61,"footer":84},"Platform",{"dataNavLevelOne":60},"platform",[62,68,76],{"title":58,"description":63,"link":64},"The most comprehensive AI-powered DevSecOps Platform",{"text":65,"config":66},"Explore our Platform",{"href":67,"dataGaName":60,"dataGaLocation":40},"/platform/",{"title":69,"description":70,"link":71},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":72,"config":73},"Meet GitLab Duo",{"href":74,"dataGaName":75,"dataGaLocation":40},"/gitlab-duo/","gitlab duo ai",{"title":77,"description":78,"link":79},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":80,"config":81},"Learn more",{"href":82,"dataGaName":83,"dataGaLocation":40},"/why-gitlab/","why gitlab",{"title":85,"items":86},"Get started with",[87,92,97],{"text":88,"config":89},"Platform Engineering",{"href":90,"dataGaName":91,"dataGaLocation":40},"/solutions/platform-engineering/","platform engineering",{"text":93,"config":94},"Developer Experience",{"href":95,"dataGaName":96,"dataGaLocation":40},"/developer-experience/","Developer experience",{"text":98,"config":99},"MLOps",{"href":100,"dataGaName":98,"dataGaLocation":40},"/topics/devops/the-role-of-ai-in-devops/",{"text":102,"left":103,"config":104,"link":106,"lists":110,"footer":179},"Product",true,{"dataNavLevelOne":105},"solutions",{"text":107,"config":108},"View all Solutions",{"href":109,"dataGaName":105,"dataGaLocation":40},"/solutions/",[111,136,158],{"title":112,"description":113,"link":114,"items":119},"Automation","CI/CD and automation to accelerate deployment",{"config":115},{"icon":116,"href":117,"dataGaName":118,"dataGaLocation":40},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[120,124,128,132],{"text":121,"config":122},"CI/CD",{"href":123,"dataGaLocation":40,"dataGaName":121},"/solutions/continuous-integration/",{"text":125,"config":126},"AI-Assisted Development",{"href":74,"dataGaLocation":40,"dataGaName":127},"AI assisted development",{"text":129,"config":130},"Source Code Management",{"href":131,"dataGaLocation":40,"dataGaName":129},"/solutions/source-code-management/",{"text":133,"config":134},"Automated Software Delivery",{"href":117,"dataGaLocation":40,"dataGaName":135},"Automated software delivery",{"title":137,"description":138,"link":139,"items":144},"Security","Deliver code faster without compromising security",{"config":140},{"href":141,"dataGaName":142,"dataGaLocation":40,"icon":143},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[145,148,153],{"text":146,"config":147},"Security & Compliance",{"href":141,"dataGaLocation":40,"dataGaName":146},{"text":149,"config":150},"Software Supply Chain Security",{"href":151,"dataGaLocation":40,"dataGaName":152},"/solutions/supply-chain/","Software supply chain security",{"text":154,"config":155},"Compliance & Governance",{"href":156,"dataGaLocation":40,"dataGaName":157},"/solutions/continuous-software-compliance/","Compliance and governance",{"title":159,"link":160,"items":165},"Measurement",{"config":161},{"icon":162,"href":163,"dataGaName":164,"dataGaLocation":40},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[166,170,174],{"text":167,"config":168},"Visibility & Measurement",{"href":163,"dataGaLocation":40,"dataGaName":169},"Visibility and Measurement",{"text":171,"config":172},"Value Stream Management",{"href":173,"dataGaLocation":40,"dataGaName":171},"/solutions/value-stream-management/",{"text":175,"config":176},"Analytics & Insights",{"href":177,"dataGaLocation":40,"dataGaName":178},"/solutions/analytics-and-insights/","Analytics and insights",{"title":180,"items":181},"GitLab for",[182,187,192],{"text":183,"config":184},"Enterprise",{"href":185,"dataGaLocation":40,"dataGaName":186},"/enterprise/","enterprise",{"text":188,"config":189},"Small Business",{"href":190,"dataGaLocation":40,"dataGaName":191},"/small-business/","small business",{"text":193,"config":194},"Public Sector",{"href":195,"dataGaLocation":40,"dataGaName":196},"/solutions/public-sector/","public sector",{"text":198,"config":199},"Pricing",{"href":200,"dataGaName":201,"dataGaLocation":40,"dataNavLevelOne":201},"/pricing/","pricing",{"text":203,"config":204,"link":206,"lists":210,"feature":294},"Resources",{"dataNavLevelOne":205},"resources",{"text":207,"config":208},"View all resources",{"href":209,"dataGaName":205,"dataGaLocation":40},"/resources/",[211,244,266],{"title":212,"items":213},"Getting started",[214,219,224,229,234,239],{"text":215,"config":216},"Install",{"href":217,"dataGaName":218,"dataGaLocation":40},"/install/","install",{"text":220,"config":221},"Quick start guides",{"href":222,"dataGaName":223,"dataGaLocation":40},"/get-started/","quick setup checklists",{"text":225,"config":226},"Learn",{"href":227,"dataGaLocation":40,"dataGaName":228},"https://university.gitlab.com/","learn",{"text":230,"config":231},"Product documentation",{"href":232,"dataGaName":233,"dataGaLocation":40},"https://docs.gitlab.com/","product documentation",{"text":235,"config":236},"Best practice videos",{"href":237,"dataGaName":238,"dataGaLocation":40},"/getting-started-videos/","best practice videos",{"text":240,"config":241},"Integrations",{"href":242,"dataGaName":243,"dataGaLocation":40},"/integrations/","integrations",{"title":245,"items":246},"Discover",[247,252,256,261],{"text":248,"config":249},"Customer success stories",{"href":250,"dataGaName":251,"dataGaLocation":40},"/customers/","customer success stories",{"text":253,"config":254},"Blog",{"href":255,"dataGaName":5,"dataGaLocation":40},"/blog/",{"text":257,"config":258},"Remote",{"href":259,"dataGaName":260,"dataGaLocation":40},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":262,"config":263},"TeamOps",{"href":264,"dataGaName":265,"dataGaLocation":40},"/teamops/","teamops",{"title":267,"items":268},"Connect",[269,274,279,284,289],{"text":270,"config":271},"GitLab Services",{"href":272,"dataGaName":273,"dataGaLocation":40},"/services/","services",{"text":275,"config":276},"Community",{"href":277,"dataGaName":278,"dataGaLocation":40},"/community/","community",{"text":280,"config":281},"Forum",{"href":282,"dataGaName":283,"dataGaLocation":40},"https://forum.gitlab.com/","forum",{"text":285,"config":286},"Events",{"href":287,"dataGaName":288,"dataGaLocation":40},"/events/","events",{"text":290,"config":291},"Partners",{"href":292,"dataGaName":293,"dataGaLocation":40},"/partners/","partners",{"backgroundColor":295,"textColor":296,"text":297,"image":298,"link":302},"#2f2a6b","#fff","Insights for the future of software development",{"altText":299,"config":300},"the source promo card",{"src":301},"/images/navigation/the-source-promo-card.svg",{"text":303,"config":304},"Read the latest",{"href":305,"dataGaName":306,"dataGaLocation":40},"/the-source/","the source",{"text":308,"config":309,"lists":311},"Company",{"dataNavLevelOne":310},"company",[312],{"items":313},[314,319,325,327,332,337,342,347,352,357,362],{"text":315,"config":316},"About",{"href":317,"dataGaName":318,"dataGaLocation":40},"/company/","about",{"text":320,"config":321,"footerGa":324},"Jobs",{"href":322,"dataGaName":323,"dataGaLocation":40},"/jobs/","jobs",{"dataGaName":323},{"text":285,"config":326},{"href":287,"dataGaName":288,"dataGaLocation":40},{"text":328,"config":329},"Leadership",{"href":330,"dataGaName":331,"dataGaLocation":40},"/company/team/e-group/","leadership",{"text":333,"config":334},"Team",{"href":335,"dataGaName":336,"dataGaLocation":40},"/company/team/","team",{"text":338,"config":339},"Handbook",{"href":340,"dataGaName":341,"dataGaLocation":40},"https://handbook.gitlab.com/","handbook",{"text":343,"config":344},"Investor relations",{"href":345,"dataGaName":346,"dataGaLocation":40},"https://ir.gitlab.com/","investor relations",{"text":348,"config":349},"Trust Center",{"href":350,"dataGaName":351,"dataGaLocation":40},"/security/","trust center",{"text":353,"config":354},"AI Transparency Center",{"href":355,"dataGaName":356,"dataGaLocation":40},"/ai-transparency-center/","ai transparency center",{"text":358,"config":359},"Newsletter",{"href":360,"dataGaName":361,"dataGaLocation":40},"/company/contact/","newsletter",{"text":363,"config":364},"Press",{"href":365,"dataGaName":366,"dataGaLocation":40},"/press/","press",{"text":368,"config":369,"lists":370},"Contact us",{"dataNavLevelOne":310},[371],{"items":372},[373,376,381],{"text":47,"config":374},{"href":49,"dataGaName":375,"dataGaLocation":40},"talk to sales",{"text":377,"config":378},"Get help",{"href":379,"dataGaName":380,"dataGaLocation":40},"/support/","get help",{"text":382,"config":383},"Customer portal",{"href":384,"dataGaName":385,"dataGaLocation":40},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":387,"login":388,"suggestions":395},"Close",{"text":389,"link":390},"To search repositories and projects, login to",{"text":391,"config":392},"gitlab.com",{"href":54,"dataGaName":393,"dataGaLocation":394},"search login","search",{"text":396,"default":397},"Suggestions",[398,400,404,406,410,414],{"text":69,"config":399},{"href":74,"dataGaName":69,"dataGaLocation":394},{"text":401,"config":402},"Code Suggestions (AI)",{"href":403,"dataGaName":401,"dataGaLocation":394},"/solutions/code-suggestions/",{"text":121,"config":405},{"href":123,"dataGaName":121,"dataGaLocation":394},{"text":407,"config":408},"GitLab on AWS",{"href":409,"dataGaName":407,"dataGaLocation":394},"/partners/technology-partners/aws/",{"text":411,"config":412},"GitLab on Google Cloud",{"href":413,"dataGaName":411,"dataGaLocation":394},"/partners/technology-partners/google-cloud-platform/",{"text":415,"config":416},"Why GitLab?",{"href":82,"dataGaName":415,"dataGaLocation":394},{"freeTrial":418,"mobileIcon":423,"desktopIcon":428,"secondaryButton":431},{"text":419,"config":420},"Start free trial",{"href":421,"dataGaName":45,"dataGaLocation":422},"https://gitlab.com/-/trials/new/","nav",{"altText":424,"config":425},"Gitlab Icon",{"src":426,"dataGaName":427,"dataGaLocation":422},"/images/brand/gitlab-logo-tanuki.svg","gitlab icon",{"altText":424,"config":429},{"src":430,"dataGaName":427,"dataGaLocation":422},"/images/brand/gitlab-logo-type.svg",{"text":432,"config":433},"Get Started",{"href":434,"dataGaName":435,"dataGaLocation":422},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":437,"mobileIcon":441,"desktopIcon":443},{"text":438,"config":439},"Learn more about GitLab Duo",{"href":74,"dataGaName":440,"dataGaLocation":422},"gitlab duo",{"altText":424,"config":442},{"src":426,"dataGaName":427,"dataGaLocation":422},{"altText":424,"config":444},{"src":430,"dataGaName":427,"dataGaLocation":422},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":450,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"title":451,"button":452,"image":456,"config":459,"_id":461,"_type":26,"_source":28,"_file":462,"_stem":463,"_extension":31},"/shared/en-us/banner","is now in public beta!",{"text":80,"config":453},{"href":454,"dataGaName":455,"dataGaLocation":40},"/gitlab-duo/agent-platform/","duo banner",{"config":457},{"src":458},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":460},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":465,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":466,"_id":671,"_type":26,"title":672,"_source":28,"_file":673,"_stem":674,"_extension":31},"/shared/en-us/main-footer",{"text":467,"source":468,"edit":474,"contribute":479,"config":484,"items":489,"minimal":663},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":469,"config":470},"View page source",{"href":471,"dataGaName":472,"dataGaLocation":473},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":475,"config":476},"Edit this page",{"href":477,"dataGaName":478,"dataGaLocation":473},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":480,"config":481},"Please contribute",{"href":482,"dataGaName":483,"dataGaLocation":473},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":485,"facebook":486,"youtube":487,"linkedin":488},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[490,513,570,599,633],{"title":58,"links":491,"subMenu":496},[492],{"text":493,"config":494},"DevSecOps platform",{"href":67,"dataGaName":495,"dataGaLocation":473},"devsecops platform",[497],{"title":198,"links":498},[499,503,508],{"text":500,"config":501},"View plans",{"href":200,"dataGaName":502,"dataGaLocation":473},"view plans",{"text":504,"config":505},"Why Premium?",{"href":506,"dataGaName":507,"dataGaLocation":473},"/pricing/premium/","why premium",{"text":509,"config":510},"Why Ultimate?",{"href":511,"dataGaName":512,"dataGaLocation":473},"/pricing/ultimate/","why ultimate",{"title":514,"links":515},"Solutions",[516,521,524,526,531,536,540,543,547,552,554,557,560,565],{"text":517,"config":518},"Digital transformation",{"href":519,"dataGaName":520,"dataGaLocation":473},"/topics/digital-transformation/","digital transformation",{"text":146,"config":522},{"href":141,"dataGaName":523,"dataGaLocation":473},"security & compliance",{"text":135,"config":525},{"href":117,"dataGaName":118,"dataGaLocation":473},{"text":527,"config":528},"Agile development",{"href":529,"dataGaName":530,"dataGaLocation":473},"/solutions/agile-delivery/","agile delivery",{"text":532,"config":533},"Cloud transformation",{"href":534,"dataGaName":535,"dataGaLocation":473},"/topics/cloud-native/","cloud transformation",{"text":537,"config":538},"SCM",{"href":131,"dataGaName":539,"dataGaLocation":473},"source code management",{"text":121,"config":541},{"href":123,"dataGaName":542,"dataGaLocation":473},"continuous integration & delivery",{"text":544,"config":545},"Value stream management",{"href":173,"dataGaName":546,"dataGaLocation":473},"value stream management",{"text":548,"config":549},"GitOps",{"href":550,"dataGaName":551,"dataGaLocation":473},"/solutions/gitops/","gitops",{"text":183,"config":553},{"href":185,"dataGaName":186,"dataGaLocation":473},{"text":555,"config":556},"Small business",{"href":190,"dataGaName":191,"dataGaLocation":473},{"text":558,"config":559},"Public sector",{"href":195,"dataGaName":196,"dataGaLocation":473},{"text":561,"config":562},"Education",{"href":563,"dataGaName":564,"dataGaLocation":473},"/solutions/education/","education",{"text":566,"config":567},"Financial services",{"href":568,"dataGaName":569,"dataGaLocation":473},"/solutions/finance/","financial services",{"title":203,"links":571},[572,574,576,578,581,583,585,587,589,591,593,595,597],{"text":215,"config":573},{"href":217,"dataGaName":218,"dataGaLocation":473},{"text":220,"config":575},{"href":222,"dataGaName":223,"dataGaLocation":473},{"text":225,"config":577},{"href":227,"dataGaName":228,"dataGaLocation":473},{"text":230,"config":579},{"href":232,"dataGaName":580,"dataGaLocation":473},"docs",{"text":253,"config":582},{"href":255,"dataGaName":5,"dataGaLocation":473},{"text":248,"config":584},{"href":250,"dataGaName":251,"dataGaLocation":473},{"text":257,"config":586},{"href":259,"dataGaName":260,"dataGaLocation":473},{"text":270,"config":588},{"href":272,"dataGaName":273,"dataGaLocation":473},{"text":262,"config":590},{"href":264,"dataGaName":265,"dataGaLocation":473},{"text":275,"config":592},{"href":277,"dataGaName":278,"dataGaLocation":473},{"text":280,"config":594},{"href":282,"dataGaName":283,"dataGaLocation":473},{"text":285,"config":596},{"href":287,"dataGaName":288,"dataGaLocation":473},{"text":290,"config":598},{"href":292,"dataGaName":293,"dataGaLocation":473},{"title":308,"links":600},[601,603,605,607,609,611,613,617,622,624,626,628],{"text":315,"config":602},{"href":317,"dataGaName":310,"dataGaLocation":473},{"text":320,"config":604},{"href":322,"dataGaName":323,"dataGaLocation":473},{"text":328,"config":606},{"href":330,"dataGaName":331,"dataGaLocation":473},{"text":333,"config":608},{"href":335,"dataGaName":336,"dataGaLocation":473},{"text":338,"config":610},{"href":340,"dataGaName":341,"dataGaLocation":473},{"text":343,"config":612},{"href":345,"dataGaName":346,"dataGaLocation":473},{"text":614,"config":615},"Sustainability",{"href":616,"dataGaName":614,"dataGaLocation":473},"/sustainability/",{"text":618,"config":619},"Diversity, inclusion and belonging (DIB)",{"href":620,"dataGaName":621,"dataGaLocation":473},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":348,"config":623},{"href":350,"dataGaName":351,"dataGaLocation":473},{"text":358,"config":625},{"href":360,"dataGaName":361,"dataGaLocation":473},{"text":363,"config":627},{"href":365,"dataGaName":366,"dataGaLocation":473},{"text":629,"config":630},"Modern Slavery Transparency Statement",{"href":631,"dataGaName":632,"dataGaLocation":473},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":634,"links":635},"Contact Us",[636,639,641,643,648,653,658],{"text":637,"config":638},"Contact an expert",{"href":49,"dataGaName":50,"dataGaLocation":473},{"text":377,"config":640},{"href":379,"dataGaName":380,"dataGaLocation":473},{"text":382,"config":642},{"href":384,"dataGaName":385,"dataGaLocation":473},{"text":644,"config":645},"Status",{"href":646,"dataGaName":647,"dataGaLocation":473},"https://status.gitlab.com/","status",{"text":649,"config":650},"Terms of use",{"href":651,"dataGaName":652,"dataGaLocation":473},"/terms/","terms of use",{"text":654,"config":655},"Privacy statement",{"href":656,"dataGaName":657,"dataGaLocation":473},"/privacy/","privacy statement",{"text":659,"config":660},"Cookie preferences",{"dataGaName":661,"dataGaLocation":473,"id":662,"isOneTrustButton":103},"cookie preferences","ot-sdk-btn",{"items":664},[665,667,669],{"text":649,"config":666},{"href":651,"dataGaName":652,"dataGaLocation":473},{"text":654,"config":668},{"href":656,"dataGaName":657,"dataGaLocation":473},{"text":659,"config":670},{"dataGaName":661,"dataGaLocation":473,"id":662,"isOneTrustButton":103},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[676],{"_path":677,"_dir":678,"_draft":6,"_partial":6,"_locale":7,"content":679,"config":683,"_id":685,"_type":26,"title":18,"_source":28,"_file":686,"_stem":687,"_extension":31},"/en-us/blog/authors/fernando-diaz","authors",{"name":18,"config":680},{"headshot":681,"ctfId":682},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659556/Blog/Author%20Headshots/fern_diaz.png","fjdiaz",{"template":684},"BlogAuthor","content:en-us:blog:authors:fernando-diaz.yml","en-us/blog/authors/fernando-diaz.yml","en-us/blog/authors/fernando-diaz",{"_path":689,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"header":690,"eyebrow":691,"blurb":692,"button":693,"secondaryButton":697,"_id":699,"_type":26,"title":700,"_source":28,"_file":701,"_stem":702,"_extension":31},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":42,"config":694},{"href":695,"dataGaName":45,"dataGaLocation":696},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":47,"config":698},{"href":49,"dataGaName":50,"dataGaLocation":696},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1753981631675]