[{"data":1,"prerenderedAt":800},["ShallowReactive",2],{"/en-us/blog/automate-embedded-systems-compliance-with-gitlab-and-codesonar":3,"navigation-en-us":37,"banner-en-us":437,"footer-en-us":447,"blog-post-authors-en-us-Mark Hermeling|Darwin Sanoy":689,"blog-related-posts-en-us-automate-embedded-systems-compliance-with-gitlab-and-codesonar":718,"assessment-promotions-en-us":751,"next-steps-en-us":790},{"id":4,"title":5,"authorSlugs":6,"body":9,"categorySlug":10,"config":11,"content":15,"description":9,"extension":27,"isFeatured":12,"meta":28,"navigation":12,"path":29,"publishedDate":23,"seo":30,"stem":33,"tagSlugs":34,"__hash__":36},"blogPosts/en-us/blog/automate-embedded-systems-compliance-with-gitlab-and-codesonar.yml","Automate Embedded Systems Compliance With Gitlab And Codesonar",[7,8],"mark-hermeling","darwin-sanoy",null,"product",{"featured":12,"template":13,"slug":14},true,"BlogPost","automate-embedded-systems-compliance-with-gitlab-and-codesonar",{"title":16,"description":17,"authors":18,"heroImage":21,"body":22,"date":23,"category":10,"tags":24},"Automate embedded systems compliance with GitLab and CodeSonar","Continuous compliance verification for ISO 26262, DO-178C, MISRA, and other code quality and functional safety standards.",[19,20],"Mark Hermeling","Darwin Sanoy","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659978/Blog/Hero%20Images/automation.png","Embedded systems development teams face a persistent challenge: maintaining development velocity while meeting stringent functional safety and code quality requirements. Standards like ISO 26262, IEC 62304, DO-178C, and IEC 61508 demand rigorous verification processes that are often manual and time-consuming. Compliance reviews against coding standards like MISRA C/C++, isolated scanning workflows, and post-development verification create bottlenecks. Teams are forced to choose between speed and safety.\n\n[GitLab's integration with CodeSonar](https://gitlab.com/explore/catalog/codesonar/components/codesonar-ci) (from AdaCore) addresses this challenge by automating compliance workflows and enabling continuous verification throughout the development lifecycle.\n\n## Specialized scanning for safety-critical systems\n\nSafety-critical systems require deep analysis of C/C++ code compiled with specialized embedded tools. These systems must demonstrate compliance with coding standards (MISRA C/C++, CERT C/C++, AUTOSAR C++) and functional safety frameworks (ISO 26262, DO-178C, IEC 61508\\) that require detailed evidence trails. Beyond aligning with coding standards, teams also need to address security concerns. This means testing for memory problems as well as a host of other problems like uninitialized variables and command injection.\n\n[CodeSonar](https://www.adacore.com/codesonar) performs whole program analysis with specialized scanning capabilities for these standards. Pairing CodeSonar with GitLab enables teams to automate compliance workflows and maintain comprehensive audit trails throughout the development lifecycle.\n\n## Automating compliance from commit to merge\n\nThe GitLab and CodeSonar integration provides a compliance-as-code approach that automates policy enforcement from the earliest stages of development. CodeSonar functions as an additional scanner within [GitLab CI/CD pipelines](https://docs.gitlab.com/ci/), analyzing code in every commit and merge request.\n\nBecause CodeSonar was purpose-built for embedded systems, it performs deep control flow and data flow analysis across entire programs, identifying vulnerabilities like buffer overruns, data taint, uninitialized variables, use-after-free conditions, and command injection — the root causes of most security incidents in embedded systems.\n\nThe integration works through GitLab's CI/CD configuration. When developers push code changes, the pipeline triggers CodeSonar scanning. For C and C++ firmware, CodeSonar observes compiler invocations during the actual build process, creating an internal representation of the code that enables sophisticated analysis. Results are converted from SARIF format to GitLab's Static Application Security Testing ([SAST](https://docs.gitlab.com/user/application_security/sast/)) format and surfaced directly in merge requests, where they feed into GitLab Ultimate's Security Dashboard, Vulnerability Management, and [Compliance Frameworks](https://docs.gitlab.com/user/compliance/compliance_frameworks/).\n\n## Example workflow: ISO 26262 ASIL-D compliance\n\nThe demo video below shows the complete workflow for an embedded system subject to ISO 26262 ASIL-D requirements. The scenario illustrates how embedded development teams can implement continuous compliance without compromising development velocity.\n\n\u003Cdiv>\u003Ciframe src=\"https://player.vimeo.com/video/1139086924?badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"Automated Compliance for Embedded Systems using GitLab and CodeSonar\">\u003C/iframe>\u003C/div>\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>`\n\nThe workflow begins with a developer submitting a merge request for firmware changes. GitLab's CI/CD pipeline automatically triggers CodeSonar scanning, which performs deep C/C++ analysis against custom ISO 26262 policies configured in the pipeline. When CodeSonar identifies an ASIL-D relevant vulnerability, the pipeline halts automatically per the compliance policy, with clear documentation explaining the issue. The complete scan results, issue tracking, and approval workflow are maintained in GitLab as a single source of truth for audit trails.\n\nDevelopers can use both the CodeSonar hub interface and [GitLab Duo AI](https://docs.gitlab.com/user/gitlab_duo/) to understand the vulnerability. CodeSonar provides detailed information about the path through the source code that leads to the problem, along with code navigation features to isolate the root cause. GitLab Duo [explains the vulnerability](https://docs.gitlab.com/user/application_security/vulnerabilities/#vulnerability-explanation) and provides specific [remediation recommendations](https://docs.gitlab.com/user/application_security/vulnerabilities/#vulnerability-resolution). After the developer implements the fix and validates the resolution, the code merges successfully with full compliance evidence automatically collected throughout the process.\n\n## Benefits of the integration\n\nOrganizations implementing this integrated compliance with GitLab and CodeSonar will see significant improvements in both development velocity and compliance confidence. \n\n* **Efficiency gains:** Development teams reduce time-to-market by catching coding standard compliance issues early when they're less expensive to fix. Automated security policy enforcement decreases manual security review overhead, freeing specialists to focus on complex problems rather than routine checks. Audit readiness improves through automated evidence collection. Compliance artifacts are generated as a by-product of normal development rather than through separate documentation efforts.\n\n* **Compliance maturity:** This integrated approach helps organizations maintain continuous compliance with industry standards and regulations. By embedding verification into every code change, teams build comprehensive audit trails that demonstrate adherence to ISO 26262, DO-178C, MISRA C/C++, and other requirements. The automated workflow transforms compliance from a periodic checkpoint into an ongoing verification process.\n\n## Implementation considerations\n\nImplementing the GitLab and CodeSonar integration requires access to GitLab Ultimate, a CodeSonar hub, GitLab runners where code can be compiled and analyzed, and appropriate mechanisms for managing analysis data files. Both GitLab and CodeSonar fully support **on-premises and air-gapped environments** and can be deployed to auto-scalable cloud environments as well.\n\nTeams should configure [Custom Compliance Frameworks](https://about.gitlab.com/blog/introducing-custom-compliance-frameworks-in-gitlab/) in GitLab to define specific policies for their relevant standards: ISO 26262 for automotive, DO-178C for aerospace, IEC 62304 for medical devices, and others. These frameworks enable automated enforcement of compliance requirements through merge request approval rules, vulnerability thresholds, and scan policy gates.\n\n# Get started\n\nThe [CodeSonar GitLab CI component](https://gitlab.com/explore/catalog/codesonar/components/codesonar-ci) is available through GitLab's CI/CD Catalog. Detailed integration documentation provides platform-specific setup instructions for Linux, Docker, and Windows environments. For organizations evaluating this solution, the implementation demonstrates how specialized embedded systems tools can integrate with a modern DevSecOps platform to deliver both development velocity and compliance rigor.\n\nFor more information about implementing GitLab with CodeSonar for your embedded systems development, visit the [CodeSonar integration documentation](https://support-resources.codesecure.com/integrations/gitlab/documentation/). You can also [request a trial of CodeSonar](https://www.adacore.com/request-a-codesonar-trial).","2025-12-02",[25,26,10],"embedded DevOps","tutorial","yml",{},"/en-us/blog/automate-embedded-systems-compliance-with-gitlab-and-codesonar",{"config":31,"title":16,"description":17},{"noIndex":32},false,"en-us/blog/automate-embedded-systems-compliance-with-gitlab-and-codesonar",[35,26,10],"embedded-devops","lIm0xbe1kdSApJdnxzasHiMGDLiJJskomwtNnqkRDDU",{"data":38},{"logo":39,"freeTrial":44,"sales":49,"login":54,"items":59,"search":367,"minimal":398,"duo":417,"pricingDeployment":427},{"config":40},{"href":41,"dataGaName":42,"dataGaLocation":43},"/","gitlab logo","header",{"text":45,"config":46},"Get free trial",{"href":47,"dataGaName":48,"dataGaLocation":43},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":50,"config":51},"Talk to sales",{"href":52,"dataGaName":53,"dataGaLocation":43},"/sales/","sales",{"text":55,"config":56},"Sign in",{"href":57,"dataGaName":58,"dataGaLocation":43},"https://gitlab.com/users/sign_in/","sign in",[60,87,182,187,288,348],{"text":61,"config":62,"cards":64},"Platform",{"dataNavLevelOne":63},"platform",[65,71,79],{"title":61,"description":66,"link":67},"The intelligent orchestration platform for DevSecOps",{"text":68,"config":69},"Explore our Platform",{"href":70,"dataGaName":63,"dataGaLocation":43},"/platform/",{"title":72,"description":73,"link":74},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":75,"config":76},"Meet GitLab Duo",{"href":77,"dataGaName":78,"dataGaLocation":43},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":80,"description":81,"link":82},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":83,"config":84},"Learn more",{"href":85,"dataGaName":86,"dataGaLocation":43},"/why-gitlab/","why gitlab",{"text":88,"left":12,"config":89,"link":91,"lists":95,"footer":164},"Product",{"dataNavLevelOne":90},"solutions",{"text":92,"config":93},"View all Solutions",{"href":94,"dataGaName":90,"dataGaLocation":43},"/solutions/",[96,120,143],{"title":97,"description":98,"link":99,"items":104},"Automation","CI/CD and automation to accelerate deployment",{"config":100},{"icon":101,"href":102,"dataGaName":103,"dataGaLocation":43},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[105,109,112,116],{"text":106,"config":107},"CI/CD",{"href":108,"dataGaLocation":43,"dataGaName":106},"/solutions/continuous-integration/",{"text":72,"config":110},{"href":77,"dataGaLocation":43,"dataGaName":111},"gitlab duo agent platform - product menu",{"text":113,"config":114},"Source Code Management",{"href":115,"dataGaLocation":43,"dataGaName":113},"/solutions/source-code-management/",{"text":117,"config":118},"Automated Software Delivery",{"href":102,"dataGaLocation":43,"dataGaName":119},"Automated software delivery",{"title":121,"description":122,"link":123,"items":128},"Security","Deliver code faster without compromising security",{"config":124},{"href":125,"dataGaName":126,"dataGaLocation":43,"icon":127},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[129,133,138],{"text":130,"config":131},"Application Security Testing",{"href":125,"dataGaName":132,"dataGaLocation":43},"Application security testing",{"text":134,"config":135},"Software Supply Chain Security",{"href":136,"dataGaLocation":43,"dataGaName":137},"/solutions/supply-chain/","Software supply chain security",{"text":139,"config":140},"Software Compliance",{"href":141,"dataGaName":142,"dataGaLocation":43},"/solutions/software-compliance/","software compliance",{"title":144,"link":145,"items":150},"Measurement",{"config":146},{"icon":147,"href":148,"dataGaName":149,"dataGaLocation":43},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[151,155,159],{"text":152,"config":153},"Visibility & Measurement",{"href":148,"dataGaLocation":43,"dataGaName":154},"Visibility and Measurement",{"text":156,"config":157},"Value Stream Management",{"href":158,"dataGaLocation":43,"dataGaName":156},"/solutions/value-stream-management/",{"text":160,"config":161},"Analytics & Insights",{"href":162,"dataGaLocation":43,"dataGaName":163},"/solutions/analytics-and-insights/","Analytics and insights",{"title":165,"items":166},"GitLab for",[167,172,177],{"text":168,"config":169},"Enterprise",{"href":170,"dataGaLocation":43,"dataGaName":171},"/enterprise/","enterprise",{"text":173,"config":174},"Small Business",{"href":175,"dataGaLocation":43,"dataGaName":176},"/small-business/","small business",{"text":178,"config":179},"Public Sector",{"href":180,"dataGaLocation":43,"dataGaName":181},"/solutions/public-sector/","public sector",{"text":183,"config":184},"Pricing",{"href":185,"dataGaName":186,"dataGaLocation":43,"dataNavLevelOne":186},"/pricing/","pricing",{"text":188,"config":189,"link":191,"lists":195,"feature":275},"Resources",{"dataNavLevelOne":190},"resources",{"text":192,"config":193},"View all resources",{"href":194,"dataGaName":190,"dataGaLocation":43},"/resources/",[196,229,247],{"title":197,"items":198},"Getting started",[199,204,209,214,219,224],{"text":200,"config":201},"Install",{"href":202,"dataGaName":203,"dataGaLocation":43},"/install/","install",{"text":205,"config":206},"Quick start guides",{"href":207,"dataGaName":208,"dataGaLocation":43},"/get-started/","quick setup checklists",{"text":210,"config":211},"Learn",{"href":212,"dataGaLocation":43,"dataGaName":213},"https://university.gitlab.com/","learn",{"text":215,"config":216},"Product documentation",{"href":217,"dataGaName":218,"dataGaLocation":43},"https://docs.gitlab.com/","product documentation",{"text":220,"config":221},"Best practice videos",{"href":222,"dataGaName":223,"dataGaLocation":43},"/getting-started-videos/","best practice videos",{"text":225,"config":226},"Integrations",{"href":227,"dataGaName":228,"dataGaLocation":43},"/integrations/","integrations",{"title":230,"items":231},"Discover",[232,237,242],{"text":233,"config":234},"Customer success stories",{"href":235,"dataGaName":236,"dataGaLocation":43},"/customers/","customer success stories",{"text":238,"config":239},"Blog",{"href":240,"dataGaName":241,"dataGaLocation":43},"/blog/","blog",{"text":243,"config":244},"Remote",{"href":245,"dataGaName":246,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":248,"items":249},"Connect",[250,255,260,265,270],{"text":251,"config":252},"GitLab Services",{"href":253,"dataGaName":254,"dataGaLocation":43},"/services/","services",{"text":256,"config":257},"Community",{"href":258,"dataGaName":259,"dataGaLocation":43},"/community/","community",{"text":261,"config":262},"Forum",{"href":263,"dataGaName":264,"dataGaLocation":43},"https://forum.gitlab.com/","forum",{"text":266,"config":267},"Events",{"href":268,"dataGaName":269,"dataGaLocation":43},"/events/","events",{"text":271,"config":272},"Partners",{"href":273,"dataGaName":274,"dataGaLocation":43},"/partners/","partners",{"backgroundColor":276,"textColor":277,"text":278,"image":279,"link":283},"#2f2a6b","#fff","Insights for the future of software development",{"altText":280,"config":281},"the source promo card",{"src":282},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":284,"config":285},"Read the latest",{"href":286,"dataGaName":287,"dataGaLocation":43},"/the-source/","the source",{"text":289,"config":290,"lists":292},"Company",{"dataNavLevelOne":291},"company",[293],{"items":294},[295,300,306,308,313,318,323,328,333,338,343],{"text":296,"config":297},"About",{"href":298,"dataGaName":299,"dataGaLocation":43},"/company/","about",{"text":301,"config":302,"footerGa":305},"Jobs",{"href":303,"dataGaName":304,"dataGaLocation":43},"/jobs/","jobs",{"dataGaName":304},{"text":266,"config":307},{"href":268,"dataGaName":269,"dataGaLocation":43},{"text":309,"config":310},"Leadership",{"href":311,"dataGaName":312,"dataGaLocation":43},"/company/team/e-group/","leadership",{"text":314,"config":315},"Team",{"href":316,"dataGaName":317,"dataGaLocation":43},"/company/team/","team",{"text":319,"config":320},"Handbook",{"href":321,"dataGaName":322,"dataGaLocation":43},"https://handbook.gitlab.com/","handbook",{"text":324,"config":325},"Investor relations",{"href":326,"dataGaName":327,"dataGaLocation":43},"https://ir.gitlab.com/","investor relations",{"text":329,"config":330},"Trust Center",{"href":331,"dataGaName":332,"dataGaLocation":43},"/security/","trust center",{"text":334,"config":335},"AI Transparency Center",{"href":336,"dataGaName":337,"dataGaLocation":43},"/ai-transparency-center/","ai transparency center",{"text":339,"config":340},"Newsletter",{"href":341,"dataGaName":342,"dataGaLocation":43},"/company/contact/#contact-forms","newsletter",{"text":344,"config":345},"Press",{"href":346,"dataGaName":347,"dataGaLocation":43},"/press/","press",{"text":349,"config":350,"lists":351},"Contact us",{"dataNavLevelOne":291},[352],{"items":353},[354,357,362],{"text":50,"config":355},{"href":52,"dataGaName":356,"dataGaLocation":43},"talk to sales",{"text":358,"config":359},"Support portal",{"href":360,"dataGaName":361,"dataGaLocation":43},"https://support.gitlab.com","support portal",{"text":363,"config":364},"Customer portal",{"href":365,"dataGaName":366,"dataGaLocation":43},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":368,"login":369,"suggestions":376},"Close",{"text":370,"link":371},"To search repositories and projects, login to",{"text":372,"config":373},"gitlab.com",{"href":57,"dataGaName":374,"dataGaLocation":375},"search login","search",{"text":377,"default":378},"Suggestions",[379,381,385,387,391,395],{"text":72,"config":380},{"href":77,"dataGaName":72,"dataGaLocation":375},{"text":382,"config":383},"Code Suggestions (AI)",{"href":384,"dataGaName":382,"dataGaLocation":375},"/solutions/code-suggestions/",{"text":106,"config":386},{"href":108,"dataGaName":106,"dataGaLocation":375},{"text":388,"config":389},"GitLab on AWS",{"href":390,"dataGaName":388,"dataGaLocation":375},"/partners/technology-partners/aws/",{"text":392,"config":393},"GitLab on Google Cloud",{"href":394,"dataGaName":392,"dataGaLocation":375},"/partners/technology-partners/google-cloud-platform/",{"text":396,"config":397},"Why GitLab?",{"href":85,"dataGaName":396,"dataGaLocation":375},{"freeTrial":399,"mobileIcon":404,"desktopIcon":409,"secondaryButton":412},{"text":400,"config":401},"Start free trial",{"href":402,"dataGaName":48,"dataGaLocation":403},"https://gitlab.com/-/trials/new/","nav",{"altText":405,"config":406},"Gitlab Icon",{"src":407,"dataGaName":408,"dataGaLocation":403},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":405,"config":410},{"src":411,"dataGaName":408,"dataGaLocation":403},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":413,"config":414},"Get Started",{"href":415,"dataGaName":416,"dataGaLocation":403},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":418,"mobileIcon":423,"desktopIcon":425},{"text":419,"config":420},"Learn more about GitLab Duo",{"href":421,"dataGaName":422,"dataGaLocation":403},"/gitlab-duo/","gitlab duo",{"altText":405,"config":424},{"src":407,"dataGaName":408,"dataGaLocation":403},{"altText":405,"config":426},{"src":411,"dataGaName":408,"dataGaLocation":403},{"freeTrial":428,"mobileIcon":433,"desktopIcon":435},{"text":429,"config":430},"Back to pricing",{"href":185,"dataGaName":431,"dataGaLocation":403,"icon":432},"back to pricing","GoBack",{"altText":405,"config":434},{"src":407,"dataGaName":408,"dataGaLocation":403},{"altText":405,"config":436},{"src":411,"dataGaName":408,"dataGaLocation":403},{"title":438,"button":439,"config":444},"See how agentic AI transforms software delivery",{"text":440,"config":441},"Watch GitLab Transcend now",{"href":442,"dataGaName":443,"dataGaLocation":43},"/events/transcend/virtual/","transcend event",{"layout":445,"icon":446},"release","AiStar",{"data":448},{"text":449,"source":450,"edit":456,"contribute":461,"config":466,"items":471,"minimal":678},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":451,"config":452},"View page source",{"href":453,"dataGaName":454,"dataGaLocation":455},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":457,"config":458},"Edit this page",{"href":459,"dataGaName":460,"dataGaLocation":455},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":462,"config":463},"Please contribute",{"href":464,"dataGaName":465,"dataGaLocation":455},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":467,"facebook":468,"youtube":469,"linkedin":470},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[472,519,573,617,644],{"title":183,"links":473,"subMenu":488},[474,478,483],{"text":475,"config":476},"View plans",{"href":185,"dataGaName":477,"dataGaLocation":455},"view plans",{"text":479,"config":480},"Why Premium?",{"href":481,"dataGaName":482,"dataGaLocation":455},"/pricing/premium/","why premium",{"text":484,"config":485},"Why Ultimate?",{"href":486,"dataGaName":487,"dataGaLocation":455},"/pricing/ultimate/","why ultimate",[489],{"title":490,"links":491},"Contact Us",[492,495,497,499,504,509,514],{"text":493,"config":494},"Contact sales",{"href":52,"dataGaName":53,"dataGaLocation":455},{"text":358,"config":496},{"href":360,"dataGaName":361,"dataGaLocation":455},{"text":363,"config":498},{"href":365,"dataGaName":366,"dataGaLocation":455},{"text":500,"config":501},"Status",{"href":502,"dataGaName":503,"dataGaLocation":455},"https://status.gitlab.com/","status",{"text":505,"config":506},"Terms of use",{"href":507,"dataGaName":508,"dataGaLocation":455},"/terms/","terms of use",{"text":510,"config":511},"Privacy statement",{"href":512,"dataGaName":513,"dataGaLocation":455},"/privacy/","privacy statement",{"text":515,"config":516},"Cookie preferences",{"dataGaName":517,"dataGaLocation":455,"id":518,"isOneTrustButton":12},"cookie preferences","ot-sdk-btn",{"title":88,"links":520,"subMenu":529},[521,525],{"text":522,"config":523},"DevSecOps platform",{"href":70,"dataGaName":524,"dataGaLocation":455},"devsecops platform",{"text":526,"config":527},"AI-Assisted Development",{"href":421,"dataGaName":528,"dataGaLocation":455},"ai-assisted development",[530],{"title":531,"links":532},"Topics",[533,538,543,548,553,558,563,568],{"text":534,"config":535},"CICD",{"href":536,"dataGaName":537,"dataGaLocation":455},"/topics/ci-cd/","cicd",{"text":539,"config":540},"GitOps",{"href":541,"dataGaName":542,"dataGaLocation":455},"/topics/gitops/","gitops",{"text":544,"config":545},"DevOps",{"href":546,"dataGaName":547,"dataGaLocation":455},"/topics/devops/","devops",{"text":549,"config":550},"Version Control",{"href":551,"dataGaName":552,"dataGaLocation":455},"/topics/version-control/","version control",{"text":554,"config":555},"DevSecOps",{"href":556,"dataGaName":557,"dataGaLocation":455},"/topics/devsecops/","devsecops",{"text":559,"config":560},"Cloud Native",{"href":561,"dataGaName":562,"dataGaLocation":455},"/topics/cloud-native/","cloud native",{"text":564,"config":565},"AI for Coding",{"href":566,"dataGaName":567,"dataGaLocation":455},"/topics/devops/ai-for-coding/","ai for coding",{"text":569,"config":570},"Agentic AI",{"href":571,"dataGaName":572,"dataGaLocation":455},"/topics/agentic-ai/","agentic ai",{"title":574,"links":575},"Solutions",[576,578,580,585,589,592,596,599,601,604,607,612],{"text":130,"config":577},{"href":125,"dataGaName":130,"dataGaLocation":455},{"text":119,"config":579},{"href":102,"dataGaName":103,"dataGaLocation":455},{"text":581,"config":582},"Agile development",{"href":583,"dataGaName":584,"dataGaLocation":455},"/solutions/agile-delivery/","agile delivery",{"text":586,"config":587},"SCM",{"href":115,"dataGaName":588,"dataGaLocation":455},"source code management",{"text":534,"config":590},{"href":108,"dataGaName":591,"dataGaLocation":455},"continuous integration & delivery",{"text":593,"config":594},"Value stream management",{"href":158,"dataGaName":595,"dataGaLocation":455},"value stream management",{"text":539,"config":597},{"href":598,"dataGaName":542,"dataGaLocation":455},"/solutions/gitops/",{"text":168,"config":600},{"href":170,"dataGaName":171,"dataGaLocation":455},{"text":602,"config":603},"Small business",{"href":175,"dataGaName":176,"dataGaLocation":455},{"text":605,"config":606},"Public sector",{"href":180,"dataGaName":181,"dataGaLocation":455},{"text":608,"config":609},"Education",{"href":610,"dataGaName":611,"dataGaLocation":455},"/solutions/education/","education",{"text":613,"config":614},"Financial services",{"href":615,"dataGaName":616,"dataGaLocation":455},"/solutions/finance/","financial services",{"title":188,"links":618},[619,621,623,625,628,630,632,634,636,638,640,642],{"text":200,"config":620},{"href":202,"dataGaName":203,"dataGaLocation":455},{"text":205,"config":622},{"href":207,"dataGaName":208,"dataGaLocation":455},{"text":210,"config":624},{"href":212,"dataGaName":213,"dataGaLocation":455},{"text":215,"config":626},{"href":217,"dataGaName":627,"dataGaLocation":455},"docs",{"text":238,"config":629},{"href":240,"dataGaName":241,"dataGaLocation":455},{"text":233,"config":631},{"href":235,"dataGaName":236,"dataGaLocation":455},{"text":243,"config":633},{"href":245,"dataGaName":246,"dataGaLocation":455},{"text":251,"config":635},{"href":253,"dataGaName":254,"dataGaLocation":455},{"text":256,"config":637},{"href":258,"dataGaName":259,"dataGaLocation":455},{"text":261,"config":639},{"href":263,"dataGaName":264,"dataGaLocation":455},{"text":266,"config":641},{"href":268,"dataGaName":269,"dataGaLocation":455},{"text":271,"config":643},{"href":273,"dataGaName":274,"dataGaLocation":455},{"title":289,"links":645},[646,648,650,652,654,656,658,662,667,669,671,673],{"text":296,"config":647},{"href":298,"dataGaName":291,"dataGaLocation":455},{"text":301,"config":649},{"href":303,"dataGaName":304,"dataGaLocation":455},{"text":309,"config":651},{"href":311,"dataGaName":312,"dataGaLocation":455},{"text":314,"config":653},{"href":316,"dataGaName":317,"dataGaLocation":455},{"text":319,"config":655},{"href":321,"dataGaName":322,"dataGaLocation":455},{"text":324,"config":657},{"href":326,"dataGaName":327,"dataGaLocation":455},{"text":659,"config":660},"Sustainability",{"href":661,"dataGaName":659,"dataGaLocation":455},"/sustainability/",{"text":663,"config":664},"Diversity, inclusion and belonging (DIB)",{"href":665,"dataGaName":666,"dataGaLocation":455},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":329,"config":668},{"href":331,"dataGaName":332,"dataGaLocation":455},{"text":339,"config":670},{"href":341,"dataGaName":342,"dataGaLocation":455},{"text":344,"config":672},{"href":346,"dataGaName":347,"dataGaLocation":455},{"text":674,"config":675},"Modern Slavery Transparency Statement",{"href":676,"dataGaName":677,"dataGaLocation":455},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":679},[680,683,686],{"text":681,"config":682},"Terms",{"href":507,"dataGaName":508,"dataGaLocation":455},{"text":684,"config":685},"Cookies",{"dataGaName":517,"dataGaLocation":455,"id":518,"isOneTrustButton":12},{"text":687,"config":688},"Privacy",{"href":512,"dataGaName":513,"dataGaLocation":455},[690,704],{"id":691,"title":19,"body":9,"config":692,"content":694,"description":9,"extension":27,"meta":699,"navigation":12,"path":700,"seo":701,"stem":702,"__hash__":703},"blogAuthors/en-us/blog/authors/mark-hermeling.yml",{"template":693},"BlogAuthor",{"name":19,"config":695,"bio":697,"role":698},{"headshot":696},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1764087517/ay8u8nobvaebiibelkzx.jpg","","Head of Technical Marketing, AdaCore (parent company of CodeSonar product)",{},"/en-us/blog/authors/mark-hermeling",{},"en-us/blog/authors/mark-hermeling","OqPJzf741jcekkwi_E_9NsCfboiDZfeXfhk9d18WbDc",{"id":705,"title":20,"body":9,"config":706,"content":707,"description":9,"extension":27,"meta":713,"navigation":12,"path":714,"seo":715,"stem":716,"__hash__":717},"blogAuthors/en-us/blog/authors/darwin-sanoy.yml",{"template":693},{"role":708,"name":20,"config":709},"Field Chief Cloud Architect",{"headshot":710,"linkedin":711,"ctfId":712},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659751/Blog/Author%20Headshots/Darwin-Sanoy-headshot-395-square-gitlab-teampage-avatar.png","https://linkedin.com/in/darwinsanoy","DarwinJS",{},"/en-us/blog/authors/darwin-sanoy",{},"en-us/blog/authors/darwin-sanoy","UkMMwmU5o2e6Y-wBltA9E_z96LvHuB-bG6VW9DsLzIY",[719,732,742],{"content":720,"config":730},{"title":721,"description":722,"authors":723,"heroImage":725,"body":726,"date":727,"category":10,"tags":728},"New GitLab metrics and registry features help reduce CI/CD bottlenecks","See how CI/CD Job Performance Metrics and Container Virtual Registry, currently in beta, help platform teams quickly spot slow jobs and simplify multi-registry container pulls.",[724],"Talia Armato-Helle","https://res.cloudinary.com/about-gitlab-com/image/upload/v1771438388/t6sts5qw4z8561gtlxiq.png","Platform and DevOps engineers spend too much time piecing together visibility across fragmented tools and managing infrastructure that should just work.\n\nTwo new GitLab features currently in beta tackle this from different angles but share the same goal: giving practitioners direct control over the CI/CD infrastructure they depend on, without adding another third-party tool. One surfaces job-level performance data right where you monitor pipelines. The other simplifies how you pull container images from multiple registries with built-in caching.\n\nBoth features are open for feedback now. Your input will help shape what ships next.\n\n## CI/CD Job Performance Metrics\n\n* **Available tiers:** GitLab Premium, GitLab Ultimate\n* **Status:** Limited-availability beta on GitLab.com; available on GitLab Self-Managed and GitLab Dedicated when ClickHouse is configured\n\nToday, there’s no simple way to see when a particular job’s duration starts increasing or which jobs are quietly dragging down your pipeline runtimes. Most teams either build custom dashboards or manually dig through logs to answer basic questions like:\n\n* Which jobs are slowest?  \n* Where are failure rates climbing?  \n* Which stage is the real bottleneck?\n\nCI/CD Job Performance Metrics changes that by adding a new job-focused panel to the CI/CD analytics page at the project level.\n\nFor each job in your pipelines, you can see:\n\n* Typical (P50, median) and worst‑case (P95) job duration, so you can quickly view normal versus slowest runs  \n* Failure rate, so you can spot fragile or flaky jobs  \n* Job name and stage, covering the last 30 days by default\n\nThe table is sortable, searchable by job name, and paginated, so platform teams get a single view to answer questions that previously required separate tools or custom reporting.\n\n**Try it now**\n\n* Navigate to your project and select **Analyze \\> CI/CD analytics**.  \n* Look for the CI/CD job performance metrics panel and sort by duration or failure rate to find your slowest or least reliable jobs.\n\n**Documentation**\n\n* [CI/CD analytics – CI/CD job performance metrics](https://docs.gitlab.com/user/analytics/ci_cd_analytics/#cicd-job-performance-metrics)\n\n**What’s coming next**\n\nWe’re working on stage-level grouping, so you can view aggregated metrics across your build, test, and deploy stages, and quickly understand where to focus optimization work.\n\n**Share your feedback:**\n\n* [CI/CD job performance metrics epic](https://gitlab.com/groups/gitlab-org/-/work_items/18548)\n\n## Container Virtual Registry\n\n**Tier:** GitLab Premium, GitLab Ultimate\n**Status:** Beta, API-ready in 18.9\n\nMost organizations pulling container images into CI/CD pipelines rely on multiple registries: Docker Hub, Harbor, Quay, and internal registries, to name a few. Managing authentication, availability, and caching across all of them is operational overhead that slows pipelines down and introduces fragility.\n\nThe Container Virtual Registry lets you create a single GitLab endpoint that pulls from multiple upstream container sources with built-in caching.\n\nInstead of configuring credentials and availability for each registry individually in your pipeline configuration, you can:\n\n* Point your pipelines at one GitLab virtual registry endpoint  \n* Configure multiple upstream registries (Docker Hub, Harbor, Quay, and others using long-lived token authentication)  \n* Let GitLab resolve image pulls automatically, with pull-through caching to reduce bandwidth costs and improve reliability\n\nFor teams evaluating GitLab as a container registry replacement, this closes a critical capability gap. For teams already managing multi-registry container workflows, it centralizes image management into GitLab and cuts down on repeated pulls.\n\n**What the beta supports today**\n\n* Upstream registries using long-lived token authentication: Docker Hub, Harbor, Quay, and other compatible registries  \n* Pull-through caching so commonly used images are served from GitLab after the first pull  \n* API-first configuration, with UI management in progress++\n\nCloud provider registries requiring IAM authentication (such as Amazon Elastic Container Registry, Google Artifact Registry, and Azure Container Registry) are being considered for future iterations.\n\n**Test it today**\n\n* The Container Virtual Registry is API-ready in 18.9.  \n* SaaS (GitLab.com): Request access through your CSM or by commenting on the feedback issue below to have the feature flag enabled for your group.  \n* Self-managed: Enable the feature flag and configure the virtual registry using the API.\n\n**Documentation**\n\n* [Container Virtual Registry API](https://docs.gitlab.com/api/container_virtual_registries/)  \n* [Pull container images from the virtual registry](https://docs.gitlab.com/user/packages/virtual_registry/container/#pull-container-images-from-the-virtual-registry)\n\n\n Watch this walkthrough of the Container Virtual Registry Beta:\n   \n\n  \u003Ciframe src=\"https://player.vimeo.com/video/1167512082?title=0&byline=0&portrait=0&badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"20260223_Container Virtual Registry Beta_V1\">\u003C/iframe>\u003C\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>\n\n  \u003Cbr>\u003C/br>\n\n\n\n**Share your feedback:**\n\n* [Container virtual registry feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/589630)\n\n## Help us build what matters\n\nEveryone in the GitLab community is a contributor. We built these betas based on community requests.\n\n* **CI/CD Job Performance Metrics** came from teams who had no easy way to see when build times started trending in the wrong direction, or which jobs were hurting pipeline reliability.  \n* **Container Virtual Registry** came from enterprise customers managing multiple registries and looking to reduce tool sprawl and bandwidth costs while evaluating GitLab as a central registry.\n\nYour feedback shapes what we create next. Try one or both of these betas, and share your experience in the linked feedback issues.\n\nThis is the first in a series of Core DevOps betas we plan to highlight. More are coming throughout the year, and we hope you’ll help us make them as useful as possible.\n","2026-02-25",[106,10,729],"features",{"featured":12,"template":13,"slug":731},"new-gitlab-metrics-and-registry-features-help-reduce-ci-cd-bottlenecks",{"content":733,"config":740},{"title":734,"description":735,"heroImage":736,"date":727,"category":10,"tags":737},"GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5","Learn more about this patch release for GitLab Community Edition and Enterprise Edition.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg",[738,739],"patch releases","security releases",{"featured":32,"template":13,"externalUrl":741},"https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/",{"content":743,"config":749},{"title":744,"description":745,"heroImage":725,"date":746,"tags":747,"category":10},"GitLab 18.9 released","Read about GitLab Duo Agent Platform self-hosted models now available for cloud licenses, vulnerability resolution with GitLab Duo Agent Platform, and more.","2026-02-19",[10,748],"releases",{"featured":32,"template":13,"externalUrl":750},"https://about.gitlab.com/releases/2026/02/19/gitlab-18-9-released/",{"promotions":752},[753,767,778],{"id":754,"categories":755,"header":757,"text":758,"button":759,"image":764},"ai-modernization",[756],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":760,"config":761},"Get your AI maturity score",{"href":762,"dataGaName":763,"dataGaLocation":241},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":765},{"src":766},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":768,"categories":769,"header":770,"text":758,"button":771,"image":775},"devops-modernization",[10,557],"Are you just managing tools or shipping innovation?",{"text":772,"config":773},"Get your DevOps maturity score",{"href":774,"dataGaName":763,"dataGaLocation":241},"/assessments/devops-modernization-assessment/",{"config":776},{"src":777},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":779,"categories":780,"header":782,"text":758,"button":783,"image":787},"security-modernization",[781],"security","Are you trading speed for security?",{"text":784,"config":785},"Get your security maturity score",{"href":786,"dataGaName":763,"dataGaLocation":241},"/assessments/security-modernization-assessment/",{"config":788},{"src":789},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":791,"blurb":792,"button":793,"secondaryButton":798},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":794,"config":795},"Get your free trial",{"href":796,"dataGaName":48,"dataGaLocation":797},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":493,"config":799},{"href":52,"dataGaName":53,"dataGaLocation":797},1772652063449]