[{"data":1,"prerenderedAt":796},["ShallowReactive",2],{"/en-us/blog/building-gitlab-with-gitlab-expanding-our-security-certification-portfolio":3,"navigation-en-us":38,"banner-en-us":438,"footer-en-us":448,"blog-post-authors-en-us-Madeline Lake":690,"blog-related-posts-en-us-building-gitlab-with-gitlab-expanding-our-security-certification-portfolio":704,"assessment-promotions-en-us":748,"next-steps-en-us":786},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":26,"isFeatured":12,"meta":27,"navigation":28,"path":29,"publishedDate":20,"seo":30,"stem":34,"tagSlugs":35,"__hash__":37},"blogPosts/en-us/blog/building-gitlab-with-gitlab-expanding-our-security-certification-portfolio.yml","Building Gitlab With Gitlab Expanding Our Security Certification Portfolio",[7],"madeline-lake",null,"agile-planning",{"slug":11,"featured":12,"template":13},"building-gitlab-with-gitlab-expanding-our-security-certification-portfolio",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"Building GitLab with GitLab: Expanding our security certification portfolio","Learn how the Security Compliance team uses the Agile planning and security features in the GitLab DevSecOps Platform to manage the certification process.\n\n",[18],"Madeline Lake","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659740/Blog/Hero%20Images/building-gitlab-with-gitlab-no-type.png","2024-04-04","We recently expanded [our compliance certification portfolio](https://about.gitlab.com/security/) to include the automotive industry's [TISAX](https://about.gitlab.com/blog/gitlab-drives-automotive-industry-information-security-with-tisax/) and to support the issuance of the first [GitLab Dedicated](https://about.gitlab.com/dedicated/) [SOC 2 Type 2](https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2). GitLab's Security Compliance team is a proponent of [dogfooding](https://handbook.gitlab.com/handbook/values/#dogfooding) our platform, including our integrated project management and security features, so we accomplished this expansion using the GitLab DevSecOps Platform.\n\nIn this blog, we'll share the details of how we successfully leveraged GitLab's native features to implement security controls, enabling us to scale our compliance efforts and deliver results faster. You'll also learn how you can put these features to work in your own organization.\n\n> Start using GitLab for compliance today with [a free trial](https://gitlab.com/-/trials/).\n\n## Agile planning\n\nOur security certifications structure is built upon GitLab's [Agile planning](https://about.gitlab.com/solutions/agile-delivery/) features, allowing us to deliver results faster by managing requirements centrally and streamlining our workflows. Using Agile planning features also enables end-to-end visibility throughout compliance audits.\n\n1. **[Epics](https://docs.gitlab.com/ee/user/group/epics/), [issues](https://docs.gitlab.com/ee/user/project/issues/), and [labels](https://docs.gitlab.com/ee/user/project/labels.html).** We leverage a parent epic to outline all the external certifications that are ongoing, and child epics for each individual certification. Each child epic contains issues for each work stream related to the certification, as well as evidence requests from the external auditor. Parent and child epics allow for project management and visibility across the organization on the audit cycle's current status.\n\n2. **Recurring issues.** Every audit has standard request items and tasks that need to be performed. Therefore, to increase efficiency, we have a variety of recurring issues that are automatically created for each audit cycle that populate the task and/or request details, assignee, and due date. Recurring issues can be configured in a [CI pipeline](https://docs.gitlab.com/ee/ci/pipelines/schedules.html).\n\n3. **[Labels](https://docs.gitlab.com/ee/user/project/labels.html) and [issue boards](https://docs.gitlab.com/ee/user/project/issue_board.html).** Labels and issue boards are used to plan, organize, and visualize workflows. The Security Compliance team leverages issue boards to not only track status, but also to track and group identified deficiencies relating to our compliance requirements. Issue boards allow for visibility of all issues related to a given program by their risk classification and current remediation status.\n\nThese Agile planning features ensure that compliance teams are able to leverage the same platform as their engineers, promoting transparency and efficient delivery of results.\n\n## Security\n\nEach of GitLab’s security certifications has security and compliance requirements that must be operating effectively to achieve certification.\n\nGitLab offers native features within the platform that enable security and the achievement of industry-standard requirements.\n\nWe leveraged these key security features for our certifications and you can, too:\n\n1. **[Merge request approval settings](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html).** These settings can be configured to limit merge request approvals, enforce segregation of duties responsibilities, and force password authentication. For our certifications, merge request approval settings were inspected for relevant projects to support the following requirements: \n    - [AICPA Trust Service Critieria (TSC)](https://www.aicpa-cima.com/resources/download/2017-trust-services-criteria-with-revised-points-of-focus-2022) CC8.1\n\n    - [ISO 27001:2022](https://www.iso.org/standard/27001) 5.3, 8.32\n\n    - [TISAX](https://portal.enx.com/en-us/tisax/) 5.2.1\n\n2. **[Protected branch settings](https://docs.gitlab.com/ee/user/project/protected_branches.html#protected-branches).** These configuration settings allow administrators to set branch protections and limit what users can do based on their configured permissions. For our certifications, protected branches were inspected for relevant projects to support the following requirements: \n    - AICPA TSC CC8.1\n    - ISO 27001:2022 8.32\n    - TISAX 5.2.1, 5.2.2\n\n3. **[Code owners](https://docs.gitlab.com/ee/user/project/codeowners/).** This feature specifies the users or groups responsible for specific files and directories in a repository. The CODEOWNERS file can be enabled to identify owners of a file or directory and require owners to approve changes. Code owners can be implemented in conjunction with your approval rules. For our certifications, CODEOWNERS files were inspected for relevant projects to support the following requirements:\n    - AICPA TSC CC8.1\n    - ISO 27001:2022 8.32\n    - TISAX 5.2.1\n\n4. **Static application security testing ([SAST](https://docs.gitlab.com/ee/user/application_security/sast/))/dynamic application security testing ([DAST](https://docs.gitlab.com/ee/user/application_security/dast/)).** A part of using GitLab CI/CD, SAST and DAST are available to check your source code for known vulnerabilities. For our certifications, We leveraged SAST/DAST to support the following requirements:\n    - AICPA TSC CC3.2, CC7.1, CC9.2\n    - ISO 27001:2022 8.28, 8.29\n    - TISAX 5.2.5\n\n5. [Audit events](https://docs.gitlab.com/ee/administration/audit_events.html). This feature is used to track important events, including who performed what action and when. Audit events can be used to support the following requirements:\n    - AICPA TSC CC8.1\n    - ISO 27001:2022 8.15, 8.16\n    - TISAX 5.2.4\n\n## Get started today\nGitLab makes compliance easier than ever. Agile planning enables end-to-end visibility throughout the audit. and security is integrated into the design of the product, leading to faster, more comprehensive achievement of compliance requirements.\n\nHere at GitLab we are always pursuing the expansion of our security certification portfolio to give our customers and community additional assurance as well as additional transparency into our information security practices.\n\n> Have a certification you’d like to see us work towards? Have questions about how your organization can set up your GitLab instance to utilize our compliance features? Drop us a line by emailing customer-assurance@gitlab.com, we’d love to hear from you!\n\n## More Building GitLab with GitLab\n\n* [Building GitLab with GitLab: How GitLab.com inspired Dedicated](https://about.gitlab.com/blog/building-gitlab-with-gitlabcom-how-gitlab-inspired-dedicated/)\n* [Building GitLab with GitLab: Web API Fuzz Testing](https://about.gitlab.com/blog/building-gitlab-with-gitlab-api-fuzzing-workflow/)\n* [Building GitLab with GitLab: Why there is no MLOps without DevSecOps](https://about.gitlab.com/blog/there-is-no-mlops-without-devsecops/)\n* [Building GitLab with GitLab: Stress-testing Product Analytics](https://about.gitlab.com/blog/building-gitlab-with-gitlab-stress-testing-product-analytics/)",[23,24,25],"agile","security","embedded DevOps","yml",{},true,"/en-us/blog/building-gitlab-with-gitlab-expanding-our-security-certification-portfolio",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":31,"ogSiteName":32,"ogType":33,"canonicalUrls":31},"https://about.gitlab.com/blog/building-gitlab-with-gitlab-expanding-our-security-certification-portfolio","https://about.gitlab.com","article","en-us/blog/building-gitlab-with-gitlab-expanding-our-security-certification-portfolio",[23,24,36],"embedded-devops","yF4rEr9Q2pkbEqMwknDp5E4jCR37nUxG8oaFqLBVMCM",{"data":39},{"logo":40,"freeTrial":45,"sales":50,"login":55,"items":60,"search":368,"minimal":399,"duo":418,"pricingDeployment":428},{"config":41},{"href":42,"dataGaName":43,"dataGaLocation":44},"/","gitlab logo","header",{"text":46,"config":47},"Get free trial",{"href":48,"dataGaName":49,"dataGaLocation":44},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":51,"config":52},"Talk to sales",{"href":53,"dataGaName":54,"dataGaLocation":44},"/sales/","sales",{"text":56,"config":57},"Sign in",{"href":58,"dataGaName":59,"dataGaLocation":44},"https://gitlab.com/users/sign_in/","sign in",[61,88,183,188,289,349],{"text":62,"config":63,"cards":65},"Platform",{"dataNavLevelOne":64},"platform",[66,72,80],{"title":62,"description":67,"link":68},"The intelligent orchestration platform for DevSecOps",{"text":69,"config":70},"Explore our Platform",{"href":71,"dataGaName":64,"dataGaLocation":44},"/platform/",{"title":73,"description":74,"link":75},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":76,"config":77},"Meet GitLab Duo",{"href":78,"dataGaName":79,"dataGaLocation":44},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":81,"description":82,"link":83},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":84,"config":85},"Learn more",{"href":86,"dataGaName":87,"dataGaLocation":44},"/why-gitlab/","why gitlab",{"text":89,"left":28,"config":90,"link":92,"lists":96,"footer":165},"Product",{"dataNavLevelOne":91},"solutions",{"text":93,"config":94},"View all Solutions",{"href":95,"dataGaName":91,"dataGaLocation":44},"/solutions/",[97,121,144],{"title":98,"description":99,"link":100,"items":105},"Automation","CI/CD and automation to accelerate deployment",{"config":101},{"icon":102,"href":103,"dataGaName":104,"dataGaLocation":44},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[106,110,113,117],{"text":107,"config":108},"CI/CD",{"href":109,"dataGaLocation":44,"dataGaName":107},"/solutions/continuous-integration/",{"text":73,"config":111},{"href":78,"dataGaLocation":44,"dataGaName":112},"gitlab duo agent platform - product menu",{"text":114,"config":115},"Source Code Management",{"href":116,"dataGaLocation":44,"dataGaName":114},"/solutions/source-code-management/",{"text":118,"config":119},"Automated Software Delivery",{"href":103,"dataGaLocation":44,"dataGaName":120},"Automated software delivery",{"title":122,"description":123,"link":124,"items":129},"Security","Deliver code faster without compromising security",{"config":125},{"href":126,"dataGaName":127,"dataGaLocation":44,"icon":128},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[130,134,139],{"text":131,"config":132},"Application Security Testing",{"href":126,"dataGaName":133,"dataGaLocation":44},"Application security testing",{"text":135,"config":136},"Software Supply Chain Security",{"href":137,"dataGaLocation":44,"dataGaName":138},"/solutions/supply-chain/","Software supply chain security",{"text":140,"config":141},"Software Compliance",{"href":142,"dataGaName":143,"dataGaLocation":44},"/solutions/software-compliance/","software compliance",{"title":145,"link":146,"items":151},"Measurement",{"config":147},{"icon":148,"href":149,"dataGaName":150,"dataGaLocation":44},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[152,156,160],{"text":153,"config":154},"Visibility & Measurement",{"href":149,"dataGaLocation":44,"dataGaName":155},"Visibility and Measurement",{"text":157,"config":158},"Value Stream Management",{"href":159,"dataGaLocation":44,"dataGaName":157},"/solutions/value-stream-management/",{"text":161,"config":162},"Analytics & Insights",{"href":163,"dataGaLocation":44,"dataGaName":164},"/solutions/analytics-and-insights/","Analytics and insights",{"title":166,"items":167},"GitLab for",[168,173,178],{"text":169,"config":170},"Enterprise",{"href":171,"dataGaLocation":44,"dataGaName":172},"/enterprise/","enterprise",{"text":174,"config":175},"Small Business",{"href":176,"dataGaLocation":44,"dataGaName":177},"/small-business/","small business",{"text":179,"config":180},"Public Sector",{"href":181,"dataGaLocation":44,"dataGaName":182},"/solutions/public-sector/","public sector",{"text":184,"config":185},"Pricing",{"href":186,"dataGaName":187,"dataGaLocation":44,"dataNavLevelOne":187},"/pricing/","pricing",{"text":189,"config":190,"link":192,"lists":196,"feature":276},"Resources",{"dataNavLevelOne":191},"resources",{"text":193,"config":194},"View all resources",{"href":195,"dataGaName":191,"dataGaLocation":44},"/resources/",[197,230,248],{"title":198,"items":199},"Getting started",[200,205,210,215,220,225],{"text":201,"config":202},"Install",{"href":203,"dataGaName":204,"dataGaLocation":44},"/install/","install",{"text":206,"config":207},"Quick start guides",{"href":208,"dataGaName":209,"dataGaLocation":44},"/get-started/","quick setup checklists",{"text":211,"config":212},"Learn",{"href":213,"dataGaLocation":44,"dataGaName":214},"https://university.gitlab.com/","learn",{"text":216,"config":217},"Product documentation",{"href":218,"dataGaName":219,"dataGaLocation":44},"https://docs.gitlab.com/","product documentation",{"text":221,"config":222},"Best practice videos",{"href":223,"dataGaName":224,"dataGaLocation":44},"/getting-started-videos/","best practice videos",{"text":226,"config":227},"Integrations",{"href":228,"dataGaName":229,"dataGaLocation":44},"/integrations/","integrations",{"title":231,"items":232},"Discover",[233,238,243],{"text":234,"config":235},"Customer success stories",{"href":236,"dataGaName":237,"dataGaLocation":44},"/customers/","customer success stories",{"text":239,"config":240},"Blog",{"href":241,"dataGaName":242,"dataGaLocation":44},"/blog/","blog",{"text":244,"config":245},"Remote",{"href":246,"dataGaName":247,"dataGaLocation":44},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":249,"items":250},"Connect",[251,256,261,266,271],{"text":252,"config":253},"GitLab Services",{"href":254,"dataGaName":255,"dataGaLocation":44},"/services/","services",{"text":257,"config":258},"Community",{"href":259,"dataGaName":260,"dataGaLocation":44},"/community/","community",{"text":262,"config":263},"Forum",{"href":264,"dataGaName":265,"dataGaLocation":44},"https://forum.gitlab.com/","forum",{"text":267,"config":268},"Events",{"href":269,"dataGaName":270,"dataGaLocation":44},"/events/","events",{"text":272,"config":273},"Partners",{"href":274,"dataGaName":275,"dataGaLocation":44},"/partners/","partners",{"backgroundColor":277,"textColor":278,"text":279,"image":280,"link":284},"#2f2a6b","#fff","Insights for the future of software development",{"altText":281,"config":282},"the source promo card",{"src":283},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":285,"config":286},"Read the latest",{"href":287,"dataGaName":288,"dataGaLocation":44},"/the-source/","the source",{"text":290,"config":291,"lists":293},"Company",{"dataNavLevelOne":292},"company",[294],{"items":295},[296,301,307,309,314,319,324,329,334,339,344],{"text":297,"config":298},"About",{"href":299,"dataGaName":300,"dataGaLocation":44},"/company/","about",{"text":302,"config":303,"footerGa":306},"Jobs",{"href":304,"dataGaName":305,"dataGaLocation":44},"/jobs/","jobs",{"dataGaName":305},{"text":267,"config":308},{"href":269,"dataGaName":270,"dataGaLocation":44},{"text":310,"config":311},"Leadership",{"href":312,"dataGaName":313,"dataGaLocation":44},"/company/team/e-group/","leadership",{"text":315,"config":316},"Team",{"href":317,"dataGaName":318,"dataGaLocation":44},"/company/team/","team",{"text":320,"config":321},"Handbook",{"href":322,"dataGaName":323,"dataGaLocation":44},"https://handbook.gitlab.com/","handbook",{"text":325,"config":326},"Investor relations",{"href":327,"dataGaName":328,"dataGaLocation":44},"https://ir.gitlab.com/","investor relations",{"text":330,"config":331},"Trust Center",{"href":332,"dataGaName":333,"dataGaLocation":44},"/security/","trust center",{"text":335,"config":336},"AI Transparency Center",{"href":337,"dataGaName":338,"dataGaLocation":44},"/ai-transparency-center/","ai transparency center",{"text":340,"config":341},"Newsletter",{"href":342,"dataGaName":343,"dataGaLocation":44},"/company/contact/#contact-forms","newsletter",{"text":345,"config":346},"Press",{"href":347,"dataGaName":348,"dataGaLocation":44},"/press/","press",{"text":350,"config":351,"lists":352},"Contact us",{"dataNavLevelOne":292},[353],{"items":354},[355,358,363],{"text":51,"config":356},{"href":53,"dataGaName":357,"dataGaLocation":44},"talk to sales",{"text":359,"config":360},"Support portal",{"href":361,"dataGaName":362,"dataGaLocation":44},"https://support.gitlab.com","support portal",{"text":364,"config":365},"Customer portal",{"href":366,"dataGaName":367,"dataGaLocation":44},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":369,"login":370,"suggestions":377},"Close",{"text":371,"link":372},"To search repositories and projects, login to",{"text":373,"config":374},"gitlab.com",{"href":58,"dataGaName":375,"dataGaLocation":376},"search login","search",{"text":378,"default":379},"Suggestions",[380,382,386,388,392,396],{"text":73,"config":381},{"href":78,"dataGaName":73,"dataGaLocation":376},{"text":383,"config":384},"Code Suggestions (AI)",{"href":385,"dataGaName":383,"dataGaLocation":376},"/solutions/code-suggestions/",{"text":107,"config":387},{"href":109,"dataGaName":107,"dataGaLocation":376},{"text":389,"config":390},"GitLab on AWS",{"href":391,"dataGaName":389,"dataGaLocation":376},"/partners/technology-partners/aws/",{"text":393,"config":394},"GitLab on Google Cloud",{"href":395,"dataGaName":393,"dataGaLocation":376},"/partners/technology-partners/google-cloud-platform/",{"text":397,"config":398},"Why GitLab?",{"href":86,"dataGaName":397,"dataGaLocation":376},{"freeTrial":400,"mobileIcon":405,"desktopIcon":410,"secondaryButton":413},{"text":401,"config":402},"Start free trial",{"href":403,"dataGaName":49,"dataGaLocation":404},"https://gitlab.com/-/trials/new/","nav",{"altText":406,"config":407},"Gitlab Icon",{"src":408,"dataGaName":409,"dataGaLocation":404},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":406,"config":411},{"src":412,"dataGaName":409,"dataGaLocation":404},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":414,"config":415},"Get Started",{"href":416,"dataGaName":417,"dataGaLocation":404},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":419,"mobileIcon":424,"desktopIcon":426},{"text":420,"config":421},"Learn more about GitLab Duo",{"href":422,"dataGaName":423,"dataGaLocation":404},"/gitlab-duo/","gitlab duo",{"altText":406,"config":425},{"src":408,"dataGaName":409,"dataGaLocation":404},{"altText":406,"config":427},{"src":412,"dataGaName":409,"dataGaLocation":404},{"freeTrial":429,"mobileIcon":434,"desktopIcon":436},{"text":430,"config":431},"Back to pricing",{"href":186,"dataGaName":432,"dataGaLocation":404,"icon":433},"back to pricing","GoBack",{"altText":406,"config":435},{"src":408,"dataGaName":409,"dataGaLocation":404},{"altText":406,"config":437},{"src":412,"dataGaName":409,"dataGaLocation":404},{"title":439,"button":440,"config":445},"See how agentic AI transforms software delivery",{"text":441,"config":442},"Watch GitLab Transcend now",{"href":443,"dataGaName":444,"dataGaLocation":44},"/events/transcend/virtual/","transcend event",{"layout":446,"icon":447},"release","AiStar",{"data":449},{"text":450,"source":451,"edit":457,"contribute":462,"config":467,"items":472,"minimal":679},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":452,"config":453},"View page source",{"href":454,"dataGaName":455,"dataGaLocation":456},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":458,"config":459},"Edit this page",{"href":460,"dataGaName":461,"dataGaLocation":456},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":463,"config":464},"Please contribute",{"href":465,"dataGaName":466,"dataGaLocation":456},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":468,"facebook":469,"youtube":470,"linkedin":471},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[473,520,574,618,645],{"title":184,"links":474,"subMenu":489},[475,479,484],{"text":476,"config":477},"View plans",{"href":186,"dataGaName":478,"dataGaLocation":456},"view plans",{"text":480,"config":481},"Why Premium?",{"href":482,"dataGaName":483,"dataGaLocation":456},"/pricing/premium/","why premium",{"text":485,"config":486},"Why Ultimate?",{"href":487,"dataGaName":488,"dataGaLocation":456},"/pricing/ultimate/","why ultimate",[490],{"title":491,"links":492},"Contact Us",[493,496,498,500,505,510,515],{"text":494,"config":495},"Contact sales",{"href":53,"dataGaName":54,"dataGaLocation":456},{"text":359,"config":497},{"href":361,"dataGaName":362,"dataGaLocation":456},{"text":364,"config":499},{"href":366,"dataGaName":367,"dataGaLocation":456},{"text":501,"config":502},"Status",{"href":503,"dataGaName":504,"dataGaLocation":456},"https://status.gitlab.com/","status",{"text":506,"config":507},"Terms of use",{"href":508,"dataGaName":509,"dataGaLocation":456},"/terms/","terms of use",{"text":511,"config":512},"Privacy statement",{"href":513,"dataGaName":514,"dataGaLocation":456},"/privacy/","privacy statement",{"text":516,"config":517},"Cookie preferences",{"dataGaName":518,"dataGaLocation":456,"id":519,"isOneTrustButton":28},"cookie preferences","ot-sdk-btn",{"title":89,"links":521,"subMenu":530},[522,526],{"text":523,"config":524},"DevSecOps platform",{"href":71,"dataGaName":525,"dataGaLocation":456},"devsecops platform",{"text":527,"config":528},"AI-Assisted Development",{"href":422,"dataGaName":529,"dataGaLocation":456},"ai-assisted development",[531],{"title":532,"links":533},"Topics",[534,539,544,549,554,559,564,569],{"text":535,"config":536},"CICD",{"href":537,"dataGaName":538,"dataGaLocation":456},"/topics/ci-cd/","cicd",{"text":540,"config":541},"GitOps",{"href":542,"dataGaName":543,"dataGaLocation":456},"/topics/gitops/","gitops",{"text":545,"config":546},"DevOps",{"href":547,"dataGaName":548,"dataGaLocation":456},"/topics/devops/","devops",{"text":550,"config":551},"Version Control",{"href":552,"dataGaName":553,"dataGaLocation":456},"/topics/version-control/","version control",{"text":555,"config":556},"DevSecOps",{"href":557,"dataGaName":558,"dataGaLocation":456},"/topics/devsecops/","devsecops",{"text":560,"config":561},"Cloud Native",{"href":562,"dataGaName":563,"dataGaLocation":456},"/topics/cloud-native/","cloud native",{"text":565,"config":566},"AI for Coding",{"href":567,"dataGaName":568,"dataGaLocation":456},"/topics/devops/ai-for-coding/","ai for coding",{"text":570,"config":571},"Agentic AI",{"href":572,"dataGaName":573,"dataGaLocation":456},"/topics/agentic-ai/","agentic ai",{"title":575,"links":576},"Solutions",[577,579,581,586,590,593,597,600,602,605,608,613],{"text":131,"config":578},{"href":126,"dataGaName":131,"dataGaLocation":456},{"text":120,"config":580},{"href":103,"dataGaName":104,"dataGaLocation":456},{"text":582,"config":583},"Agile development",{"href":584,"dataGaName":585,"dataGaLocation":456},"/solutions/agile-delivery/","agile delivery",{"text":587,"config":588},"SCM",{"href":116,"dataGaName":589,"dataGaLocation":456},"source code management",{"text":535,"config":591},{"href":109,"dataGaName":592,"dataGaLocation":456},"continuous integration & delivery",{"text":594,"config":595},"Value stream management",{"href":159,"dataGaName":596,"dataGaLocation":456},"value stream management",{"text":540,"config":598},{"href":599,"dataGaName":543,"dataGaLocation":456},"/solutions/gitops/",{"text":169,"config":601},{"href":171,"dataGaName":172,"dataGaLocation":456},{"text":603,"config":604},"Small business",{"href":176,"dataGaName":177,"dataGaLocation":456},{"text":606,"config":607},"Public sector",{"href":181,"dataGaName":182,"dataGaLocation":456},{"text":609,"config":610},"Education",{"href":611,"dataGaName":612,"dataGaLocation":456},"/solutions/education/","education",{"text":614,"config":615},"Financial services",{"href":616,"dataGaName":617,"dataGaLocation":456},"/solutions/finance/","financial services",{"title":189,"links":619},[620,622,624,626,629,631,633,635,637,639,641,643],{"text":201,"config":621},{"href":203,"dataGaName":204,"dataGaLocation":456},{"text":206,"config":623},{"href":208,"dataGaName":209,"dataGaLocation":456},{"text":211,"config":625},{"href":213,"dataGaName":214,"dataGaLocation":456},{"text":216,"config":627},{"href":218,"dataGaName":628,"dataGaLocation":456},"docs",{"text":239,"config":630},{"href":241,"dataGaName":242,"dataGaLocation":456},{"text":234,"config":632},{"href":236,"dataGaName":237,"dataGaLocation":456},{"text":244,"config":634},{"href":246,"dataGaName":247,"dataGaLocation":456},{"text":252,"config":636},{"href":254,"dataGaName":255,"dataGaLocation":456},{"text":257,"config":638},{"href":259,"dataGaName":260,"dataGaLocation":456},{"text":262,"config":640},{"href":264,"dataGaName":265,"dataGaLocation":456},{"text":267,"config":642},{"href":269,"dataGaName":270,"dataGaLocation":456},{"text":272,"config":644},{"href":274,"dataGaName":275,"dataGaLocation":456},{"title":290,"links":646},[647,649,651,653,655,657,659,663,668,670,672,674],{"text":297,"config":648},{"href":299,"dataGaName":292,"dataGaLocation":456},{"text":302,"config":650},{"href":304,"dataGaName":305,"dataGaLocation":456},{"text":310,"config":652},{"href":312,"dataGaName":313,"dataGaLocation":456},{"text":315,"config":654},{"href":317,"dataGaName":318,"dataGaLocation":456},{"text":320,"config":656},{"href":322,"dataGaName":323,"dataGaLocation":456},{"text":325,"config":658},{"href":327,"dataGaName":328,"dataGaLocation":456},{"text":660,"config":661},"Sustainability",{"href":662,"dataGaName":660,"dataGaLocation":456},"/sustainability/",{"text":664,"config":665},"Diversity, inclusion and belonging (DIB)",{"href":666,"dataGaName":667,"dataGaLocation":456},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":330,"config":669},{"href":332,"dataGaName":333,"dataGaLocation":456},{"text":340,"config":671},{"href":342,"dataGaName":343,"dataGaLocation":456},{"text":345,"config":673},{"href":347,"dataGaName":348,"dataGaLocation":456},{"text":675,"config":676},"Modern Slavery Transparency Statement",{"href":677,"dataGaName":678,"dataGaLocation":456},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":680},[681,684,687],{"text":682,"config":683},"Terms",{"href":508,"dataGaName":509,"dataGaLocation":456},{"text":685,"config":686},"Cookies",{"dataGaName":518,"dataGaLocation":456,"id":519,"isOneTrustButton":28},{"text":688,"config":689},"Privacy",{"href":513,"dataGaName":514,"dataGaLocation":456},[691],{"id":692,"title":18,"body":8,"config":693,"content":695,"description":8,"extension":26,"meta":699,"navigation":28,"path":700,"seo":701,"stem":702,"__hash__":703},"blogAuthors/en-us/blog/authors/madeline-lake.yml",{"template":694},"BlogAuthor",{"name":18,"config":696},{"headshot":697,"ctfId":698},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659736/Blog/Author%20Headshots/madlake-headshot.jpg","madlake",{},"/en-us/blog/authors/madeline-lake",{},"en-us/blog/authors/madeline-lake","wc1XeqlglUDVgKznqVDbvWqojsm8nt25Olw0crrDwxk",[705,721,736],{"content":706,"config":719},{"title":707,"description":708,"heroImage":709,"date":710,"body":711,"category":9,"tags":712,"authors":716},"Ace your planning without the context-switching","Learn how GitLab Duo Planner Agent simplifies tasks and saves time by helping product and engineering managers focus on the work that matters most.\n\n","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098354/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%281%29_5XrohmuWBNuqL89BxVUzWm_1750098354056.png","2025-10-28","Software development teams face a challenging balancing act: dozens of tasks, limited time, and constant pressure to pick the right thing to work on next. \n\nThe planning overhead of structuring requirements, managing backlogs, tracking delivery, and writing status updates steals hours from strategic thinking. \n\nThe result? Less time for the high-value decisions that actually drive products forward.\n\nThat’s why we developed [GitLab Duo Planner](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/planner/), an AI agent built on [GitLab Duo Agent Platform](https://about.gitlab.com/gitlab-duo-agent-platform/) to support product managers directly within GitLab.\n\nGitLab Duo Planner isn't another generic AI assistant. GitLab's product and engineering teams, who live these challenges daily like many of our customers, purpose-built GitLab Duo Planner to orchestrate planning workflows and reduce overhead while improving alignment and predictability.\n\n## Your new planning teammate\n\nToday’s planning workflows face three major problems:\n\n1. Prone to drift -  Unplanned and orphaned work reduce trust in the plan.  \n2. Disruptive to developers - Constant interruptions for status updates break flow.  \n3. Opaque - Hidden risks surface too late to course-correct.\n\nTransforming the way teams work, GitLab Duo Planner turns manual overhead like vague ideas into structured requirements in minutes. Surface hidden backlog problems before they derail sprints. Apply RICE and MoSCoW frameworks instantly to make confident prioritization decisions. With awareness of GitLab context across the platform, every interaction with GitLab Duo Planner saves time and improves decision quality. This is possible because of the foundational agent architecture, bringing deep domain expertise and context awareness specific to GitLab.\n\n## Built for teams\n\nGitLab Duo Planner leverages work items (epics, issues, tasks) and understands the nuances of work breakdown structures, dependency analysis, and effort estimation, making it well positioned to improve visibility, alignment, and confidence in delivery.\n\n* Platform approach - Unlike point solutions, Duo Planner orchestrates across your entire GitLab platform, from planning through development and testing, driving visibility across teams and workflows. \n\n* Embedded in the flow - No more context-switching between tools or diving deep into GitLab to retrieve information. Duo Planner enables contributions, collaboration, and transparency from users across the software development lifecycle. \n\n* Saves time and effort - Use Duo Planner to free your teams from repetitive coordination work, improving delivery predictability, reducing missed commitments while bringing in focus on what actually moves the needle.\n\n## From chaos to clarity\n\nGitLab Duo Planner can help at different stages of software planning and delivery while operating within the planning scope, providing a safe, bounded environment with project visibility.\n\nThe agent can help with six flows:\n\n* Prioritization - Apply frameworks like RICE, MoSCoW, or WSJF to rank work items intelligently\n\n* Work breakdown - Decompose initiatives into epics, features, and user stories to structure requirements\n\n* Dependency analysis - Identify blocked work and understand relationships between items to maintain velocity\n\n* Planning -  Organize sprints, milestones, or quarterly planning \n\n* Status reporting -  Generate summaries of project progress, risks, and blockers to track delivery\n\n* Backlog management -  Identify stale issues, duplicates, or items needing refinement to improve data hygiene\n\n\nHere is an example how GitLab Duo Planner can check the status of an initiative:\n\n\u003Cdiv>\u003Ciframe src=\"https://player.vimeo.com/video/1131065078?badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"GitLab Duo Planner Agent\">\u003C/iframe>\u003C/div>\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>\n\n\u003Cp>\u003C/p>\n\nDuo Planner is available as a custom agent in the Duo Chat side panel, with the current page context.\n\n\u003Cp>\u003C/p>\n\n![Duo Planner as a custom agent in the Duo Chat side panel](https://res.cloudinary.com/about-gitlab-com/image/upload/v1761323689/ener1mkyj9shg6zvtp4f.png)\n\n\u003Cp>\u003C/p>\n\nLet’s ask Duo Planner about the status of an initiative by providing the epic link:\n\n![Asking Duo Planner about the status of an initiative by providing the epic link](https://res.cloudinary.com/about-gitlab-com/image/upload/v1761323689/gzv2xudegtjhtesz1oaz.png)\n\n\u003Cp>\u003C/p>\n\nWe receive a structured summary with an overview, current status of milestones, in-progress items, dependencies, and blockers, along with actionable recommendations.\n\n![Structured summary](https://res.cloudinary.com/about-gitlab-com/image/upload/v1761323690/guoyqe1b9bstmbjzunez.png)\n\n\u003Cp>\u003C/p>\n\nNext, let’s ask for an executive summary to share with stakeholders:\nGitLab Duo Planner eliminates hours of manual analysis and reporting effort, helping to make decisions faster and keep all stakeholders updated.\n\n![Ask for executive summary](https://res.cloudinary.com/about-gitlab-com/image/upload/v1761323689/xs9zxawqrytfu54ejx2b.png)\n\n\n\u003Cp>\u003C/p>\n\n![Output of executive summary](https://res.cloudinary.com/about-gitlab-com/image/upload/v1761323690/bsbpvjaqnymobzg4knhu.png)\n\n\u003Cp>\u003C/p>\n\nHere are a few more prompts you can try with GitLab Duo Planner:\n\n* “Which of the bugs with a “boards” label should we fix first, considering user impact?”  \n* “Rank these epics by strategic value for Q1.”  \n* “Help me prioritize technical debt against new features.”  \n* “What tasks are needed to implement this user story?”  \n* “Suggest a phased approach for this project: (insert URL).”\n\n## What's next\n\nGitLab Duo Planner focuses intentionally on product managers and engineering managers working in Agile environments. Why? Because specificity drives performance. By training Duo Planner deeply on GitLab's planning workflows and Agile frameworks, we deliver reliable, actionable insights rather than generic suggestions.\n\nAs we evolve the platform, we envision a family of specialized agents, each optimized for specific workflows while contributing to a unified intelligence layer. Today's planner for software teams is just the beginning of how AI will transform work prioritization across all teams.\n\n> If you’re an existing GitLab customer and would like to try GitLab Duo Planner with a prompt of your own, visit our [documentation](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/planner/) where we cover prerequisites, use cases, and more.",[713,23,714,715],"AI/ML","features","product",[717,718],"Aathira Nair","Amanda Rueda",{"featured":28,"template":13,"slug":720},"ace-your-planning-without-the-context-switching",{"content":722,"config":734},{"title":723,"description":724,"authors":725,"date":729,"body":730,"category":9,"tags":731,"heroImage":733},"Embedded views: The future of work tracking in GitLab","Learn how embedded views, powered by GitLab Query Language, help GitLab teams work more efficiently, make data-driven decisions, and maintain visibility across complex workflows.",[726,727,728],"Matthew Macfarlane","Himanshu Kapoor","Alex Fracazo","2025-08-21","Ever find yourself switching between tabs in GitLab just to keep track of what’s happening in your project? Maybe you’re checking on an issue, then jumping to a merge request, then over to an epic to see how everything connects. Before you know it, you’ve got a browser full of tabs and you’ve lost your train of thought.\n\nIf that sounds familiar, you’re definitely not alone. So many teams waste time and energy flipping through various items in their project management software, just trying to get a handle on their work.\n\nThat's why we created [embedded views](https://docs.gitlab.com/user/glql/#embedded-views), powered by [GitLab Query Language (GLQL)](https://docs.gitlab.com/user/glql/). With embedded views, [available in 18.3](https://about.gitlab.com/releases/2025/08/21/gitlab-18-3-released/), you get live, relevant information right where you’re already working in GitLab. No more endless context switching. No more outdated reports. Just the info you need, right when you need it.\n## Why embedded views matter\nEmbedded views are more than just a new feature, they're a fundamental shift in how teams understand and track their work within GitLab. With embedded views, teams can maintain context while accessing real-time information, creating shared understanding, and improving collaboration without ever leaving their current workflow. It’s about making work tracking feel natural and effortless, so you can focus on what matters.\n## How it works: Real-time data right where you need it the most\nEmbedded views let you insert live GLQL queries in Markdown code blocks throughout wiki pages, epics, issues, and merge requests. Here's what makes them so useful:\n### Always up to date\nGLQL queries are dynamic, pulling fresh data each time the page loads, so your embedded views always reflect the current state of your work, not the state when you embedded the view. When changes happen to issues, merge requests, or milestones, a page refresh will show those updates in your embedded view.\n### Contextual awareness\nUse functions like `currentUser()` and `today()` to make queries context-specific. Your embedded views automatically adapt to show relevant information for whoever is viewing them, creating personalized experiences without manual configuration.\n### Powerful filtering\nFilter by fields like assignee, author, label, milestone, health status, creation date, and more. Use logical expressions to get exactly the data you want. We support more than 30 fields as of 18.3.\n### Customizable display\nYou can display your data as a table, a list, or a numbered list. Choose which fields to show, set a limit on the number of items, and specify the sort order to keep your view focused and actionable.\n### Availability\nYou can use embedded views in group and project wikis, epic and issue descriptions, merge requests, and comments. GLQL is available across all GitLab tiers: Free, Premium, and Ultimate, on GitLab.com, GitLab Self-Managed, and GitLab Dedicated. Certain functionality, such as displaying epics, status, custom fields, iterations, and weights, is available in the Premium and Ultimate tiers. Displaying health status is available only in Ultimate.\n## See embedded views in action\nThe syntax of an embedded view's source is a superset of YAML that consists of:\n- The `query` parameter: Expressions joined together with a logical operator, such as `and`.\n- Parameters related to the presentation layer, like `display`, `limit`, or `fields`, `title`, and `description`\n  represented as YAML.\n\nA view is defined in Markdown as a code block, similar to other code blocks like Mermaid.\nFor example:\n- Display a table of first 5 open issues assigned to the authenticated user in `gitlab-org/gitlab`.\n- Display columns `title`, `state`, `health`, `description`, `epic`, `milestone`, `weight`, and `updated`.\n````markdown\n```glql\ndisplay: table\ntitle: GLQL table 🎉\ndescription: This view lists my open issues\nfields: title, state, health, epic, milestone, weight, updated\nlimit: 5\nquery: project = \"gitlab-org/gitlab\" AND assignee = currentUser() AND state = opened\n```\n````\nThis source should render a table like the one below:\n![](https://res.cloudinary.com/about-gitlab-com/image/upload/v1755193172/ibzfopvpztpglnccwrjj.png)\n\nAn easy way to create your first embedded view is to navigate to the **More options** dropdown in the rich text editor toolbar. Once in this toolbar, select **Embedded view**, which populates the following query in a Markdown code block:\n````markdown\n```glql\nquery: assignee = currentUser()\nfields: title, createdAt, milestone, assignee\ntitle: Issues assigned to current user\n```\n````\nSave your changes to the comment or description where the code block appears, and you're done! You've successfully created your first embedded view!\n## How GitLab uses embedded views\nWhether tracking merge requests targeting security releases, triaging bugs to improve backlog hygiene, or managing team onboarding and milestone planning, we rely on embedded views for mission-critical processes every day. This isn't just a feature we built, it's a tool we depend on to run our business effectively. When you adopt embedded views, you're getting a tested solution that's already helping GitLab teams work more efficiently, make data-driven decisions, and maintain visibility across complex workflows. Simply stated, embedded views can transform how your team accesses and analyzes the work that matters most to your success.\n\nTo learn and see more about how GitLab is using embedded views internally, check out [How GitLab measures Red Team impact: The adoption rate metric](https://about.gitlab.com/blog/how-gitlab-measures-red-team-impact-the-adoption-rate-metric/), and Global Search Release Planning issues for the [18.1](https://gitlab.com/gitlab-org/search-team/team-tasks/-/issues/239), [18.2](https://gitlab.com/gitlab-org/search-team/team-tasks/-/issues/241), and [18.3](https://gitlab.com/gitlab-org/search-team/team-tasks/-/issues/245) milestones.\n## What's next\nEmbedded views are just the start of [Knowledge Group's](https://about.gitlab.com/direction/plan/knowledge/) vision for work tracking. Learn more about what we're focusing on next in the [embedded views post-GA epic](https://gitlab.com/groups/gitlab-org/-/epics/15249). As embedded views evolve we're committed to making them even more powerful and [accessible](https://gitlab.com/gitlab-org/gitlab/-/issues/548722).\n## Share your experience\nShare your feedback in the [embedded views GA feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/509792) or via the [embedded views GA survey](https://gitlab.fra1.qualtrics.com/jfe/form/SV_6PFhgZMBA06kr7E). Whether you've discovered innovative use cases, encountered challenges, or have ideas for improvements, we want to hear from you.\n",[23,523,732],"workflow","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750099072/Blog/Hero%20Images/Blog/Hero%20Images/agile_agile.png_1750099072322.png",{"featured":12,"template":13,"slug":735},"embedded-views-the-future-of-work-tracking-in-gitlab",{"content":737,"config":746},{"title":738,"description":739,"authors":740,"heroImage":741,"date":742,"body":743,"category":9,"tags":744},"SAFe without silos in GitLab","Learn how to map the Scaled Agile Framework to the native capabilities of the DevSecOps platform and the advantages that come from doing so.",[718],"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097569/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%2811%29_2hcwWx49wQ7CHfvhhkVH6S_1750097569126.png","2025-04-08","Let's talk about what happens when your organization adopts the Scaled Agile\nFramework (SAFe) to scale to enterprise levels. You've got multiple teams working on complex products, and you need a way to coordinate all that work.\nBut here's a common headache: Your planning happens in one tool, while your actual development work lives somewhere else entirely.\n\nThis divide creates real problems day-to-day. Developers jump between systems constantly. Product managers struggle to get an accurate picture of progress. And everyone wastes time manually copying information from one place to another. It's precisely the kind of disjointed experience that SAFe was designed to eliminate.\n\nWhile your development teams might already be using GitLab for source code management, CI/CD, and security, you may wonder whether GitLab can also support your planning needs within the SAFe framework. The good news is that\nGitLab's Agile project management capabilities offer strong support for\nSAFe, in this article, you'll learn how GitLab maps to SAFe concepts and ceremonies, all within the same DevSecOps platform your software developers already know and love.\n\n## What is SAFe?\n\nSAFe, or the Scaled Agile Framework, is a way to bring Agile principles to large organizations without losing speed, alignment, or customer focus. It takes the iterative and flexible teamwork model of small teams and applies its principles across big organizations that have multiple teams, roadmaps, and stakeholders. This brings the organization into alignment, all planning and executing in the same direction. For product managers, SAFe helps connect strategy to execution so you’re not just shipping fast, you’re shipping the right things, backed by clear priorities and cross-team alignment.\n\nSAFe reduces silos, encourages collaboration, and helps teams rally around customer outcomes, not just tasks. When integrated in GitLab, the magic really happens: visibility, traceability, and delivery all live in one place.\n\n## SAFe terminology in GitLab\n\nFirst, let's establish how SAFe concepts map to GitLab:\n\n| SAFe | GitLab |\n| :---- | :---- |\n| Epic | Top-level Epic |\n| Capability | Sub-epic (Level 1) |\n| Feature | Sub-epic (Level 2) |\n| User Story | Issue |\n| Task | Task |\n| Team | Custom Field / Scoped Label |\n| Sprint | Iteration |\n| Program Increment (PI) | Milestone |\n| Value Stream | Top-level Group |\n| Agile Release Train (ART) | Top-level Group |\n\n\u003Cbr>\u003C/br>\n\nWith this mapping as your guide, you can set up GitLab to mirror your SAFe implementation. The group structure lets you organize around your value streams and ARTs, while the work item hierarchy (with up to seven levels of nested epics!) gives you all the depth you need for complex product portfolios. Whether you're working at the portfolio level (with top-level groups), program level (with subgroups), or team level (with projects),\nGitLab's organizational structure aligns perfectly with SAFe's hierarchy.\n\n## Supporting SAFe ceremonies in GitLab\n\nNow for the fun part - how do you actually run your SAFe ceremonies in\nGitLab? Let's walk through each one.\n\n### PI planning\n\nTo facilitate the cross-team alignment and dependency management that makes\nPI planning successful, GitLab offers several capabilities:\n\n* Use the [Roadmap](https://docs.gitlab.com/user/group/roadmap/) view to\nvisualize features across teams and time periods\n\n* Assign features to the PI\n[milestone](https://docs.gitlab.com/user/project/milestones/)\n\n* Document and visualize cross-team\n[dependencies](https://docs.gitlab.com/user/project/issues/related_issues/#blocking-issues)\nas they're identified\n\nGitLab gives you flexibility for PI planning through both the Epic boards (which can be configured to show team assignments) and the Roadmap view (which shows features over time like a Gantt chart). You can switch between these views during your planning session depending on whether you're focusing on the timeline or team organization.\n\n![Roadmap view and epic board](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097577/Blog/Content%20Images/Blog/Content%20Images/image3_aHR0cHM6_1750097576746.gif)\n\n\u003Cbr>\u003C/br>\n\n![Roadmap view with Gantt chart](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097577/Blog/Content%20Images/Blog/Content%20Images/image5_aHR0cHM6_1750097576747.png)\n\n### Refinement\n\nAs a product manager, running effective refinement sessions means having clear visibility into your feature backlog. You can run your refinement session right inside GitLab. No more updating one tool during the meeting and then having to update another tool afterward.\n\nGitLab powers refinement sessions with:\n\n* [Epic boards](https://docs.gitlab.com/user/group/epics/epic_boards/) that\ngroup features based on status\n\n* The ability to view story points directly in the\n[overview](https://docs.gitlab.com/user/group/epics/epic_boards/#view-count-of-issues-weight-and-progress-of-an-epic)\n\n* Comprehensive [drawer\nviews](https://docs.gitlab.com/user/group/epics/manage_epics/#open-epics-in-a-drawer)\nthat let you interact with work items without losing context\n\n* The ability to create and link [child\nissues](https://docs.gitlab.com/user/group/epics/manage_epics/#add-an-issue-to-an-epic)\ndirectly from epics\n\n![SAFe - image 3](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097577/Blog/Content%20Images/Blog/Content%20Images/image2_aHR0cHM6_1750097576749.gif)\n\n### Sprint planning\n\nWhen it's time to figure out what your team can tackle in the next sprint,\nGitLab gives you:\n\n* [Issue boards](https://docs.gitlab.com/user/project/issue_board/) that\nprovide a comprehensive view of your backlog\n\n* [Total\nweight](https://docs.gitlab.com/user/project/issue_board/#sum-of-issue-weights)\nof user stories displayed directly on boards\n\n* The ability to easily move issues between iterations\n\n* A collapsible view that simplifies moving stories between sprints\n\nThis means you can keep everything in one place and spend your planning meetings actually planning instead of jumping between tools.\n\n![Sprint planning with\nGitLab](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097577/Blog/Content%20Images/Blog/Content%20Images/image4_aHR0cHM6_1750097576751.gif)\n\n*💡 Check out [this tutorial on using GitLab to facilitate\nScrum](https://docs.gitlab.com/tutorials/scrum_events/) for a detailed glimpse into the power of GitLab in Agile planning and sprint tracking.*\n\n### Daily stand-ups\n\nYour team can gather around the board during daily stand-ups and actually see what everyone's working on, what's stuck, and what's ready for review – all in one view. For your dev team's daily stand-ups, GitLab lets you:\n\n* Create\n[iteration-scoped](https://docs.gitlab.com/user/project/issue_board/#iteration-lists)\nboards that show the current sprint's work\n\n* Display story points/weights directly on cards\n\n* Use the [drawer\nview](https://docs.gitlab.com/user/project/issues/managing_issues/#open-issues-in-a-drawer)\nto access details without leaving the context\n\n* Highlight tasks at risk through [health\nstatus](https://docs.gitlab.com/user/project/issues/managing_issues/#health-status)\n\n![Daily stand-up board](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097577/Blog/Content%20Images/Blog/Content%20Images/image6_aHR0cHM6_1750097576755.png)\n\n### Sprint review\n\nWant to know how your team is doing over time? GitLab provides comprehensive metrics with:\n\n* [Burndown and burnup\ncharts](https://docs.gitlab.com/user/group/iterations/#iteration-burndown-and-burnup-charts)\nfor iterations\n\n* Velocity tracking\n\n* [Lead and cycle\ntime](https://docs.gitlab.com/user/group/value_stream_analytics/#lifecycle-metrics)\nmetrics\n\n* Dashboards that can be scoped to teams\n\nThese metrics help you understand if your team is getting faster, where they're getting stuck, and what you might want to talk about in your next retrospective.\n\n![Burndown and burnup charts](https://res.cloudinary.com/about-gitlab-com/image/upload/v1750097577/Blog/Content%20Images/Blog/Content%20Images/image1_aHR0cHM6_1750097576758.png)\n\n## 5 reasons a unified platform provides an advantage\n\nI know there are plenty of planning tools that can handle SAFe ceremonies.\nBut there are game-changing reasons why I genuinely believe GitLab is different:\n\n1. **No more context switching** - Your planning, coding, testing, and\nsecurity all happen in one place.\n\n2. **Everything's connected** - You can trace work from the big epic down to\nthe code and deployment.\n\n3. **Everyone's on the same page** - Developers, product folks, and security\nteams all work together in the same tool.\n\n4. **Total visibility** - Stakeholders have one place to check for\nupdates.\n\n5. **The full picture** - You see planning and development metrics together,\nso you know what's really going on.\n\nIf your dev teams already love GitLab, why make them jump to another tool for planning or create some complex, cobbled-together integrations? Bringing your SAFe planning into GitLab creates a much smoother experience for everyone.\n\n## Implementation principles\n\nI've worked with teams transitioning from traditional SAFe tools to GitLab, and here's what I've learned: Focus on **what each ceremony is trying to accomplish**, not on recreating exact replicas of your old tools.\n\nThe teams that get the most out of GitLab are the ones who embrace its native capabilities instead of fighting against them. Yes, it takes some initial work to figure out how to map your SAFe concepts and set up your workflows. But once you do, you'll find your processes actually get simpler rather than more complex.\n\nThe key is defining conventions that everyone follows. Which labels mean what? How will you track teams? What goes in an epic versus an issue? With a little upfront investment in these decisions, you'll end up with an intuitive system that eliminates all that cross-tool coordination overhead.\n\n## Getting started\n\nReady to give this a shot? Here's how to start implementing SAFe in GitLab:\n\n1. **Set up your structure** - Create groups and subgroups that [match your\norganization](https://about.gitlab.com/blog/best-practices-to-set-up-organizational-hierarchies-that-scale/).\n\n2. **Define your work breakdown** - Decide how you'll use\n[epics](https://about.gitlab.com/blog/unlocking-agile-excellence-gitlab-epics-for-seamless-portfolio-management/), [issues](https://docs.gitlab.com/user/project/issues/managing_issues/), and [tasks](https://docs.gitlab.com/user/tasks/).\n\n3. **Create your iterations** - Set up your [sprint\nschedule](https://docs.gitlab.com/user/group/iterations/#create-an-iteration-cadence).\n\n4. **Add your milestones** -\n[Milestones](https://docs.gitlab.com/user/project/milestones/#create-a-milestone)\nwill represent your Program Increments in GitLab.\n\n5. **Build your boards** - Create different views for different\nceremonies.\n\n6. **Agree on conventions** - Document how you'll use labels and custom\nfields.\n\nTaking time to think through these decisions upfront will save you many headaches later. And remember, you don't have to perfect it on day one - you can always adjust as you learn.\n\n## Bringing it all together\n\nGitLab gives you a solid foundation for running SAFe, especially if your dev teams are already GitLab fans. When you bring planning and development into the same tool, you eliminate those painful handoffs, make collaboration way easier, and get everything moving faster.\n\nThe beauty of GitLab's planning tools is that they're flexible enough to adapt to your specific flavor of SAFe. You're not locked into rigid workflows - you can evolve your approach as your teams mature and your needs change.\n\n> Ready to see how much better life is without those planning silos? [Start\nyour free trial today](https://about.gitlab.com/free-trial/) and experience firsthand how GitLab can transform your SAFe implementation.\n\n*💡 If you liked this topic check out this related post - [GitLab for Agile\nSoftware\nDevelopment](https://about.gitlab.com/blog/gitlab-for-agile-software-development/)*\n",[23,523,714,715,745],"tutorial",{"slug":747,"featured":28,"template":13},"safe-without-silos-in-gitlab",{"promotions":749},[750,764,775],{"id":751,"categories":752,"header":754,"text":755,"button":756,"image":761},"ai-modernization",[753],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":757,"config":758},"Get your AI maturity score",{"href":759,"dataGaName":760,"dataGaLocation":242},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":762},{"src":763},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":765,"categories":766,"header":767,"text":755,"button":768,"image":772},"devops-modernization",[715,558],"Are you just managing tools or shipping innovation?",{"text":769,"config":770},"Get your DevOps maturity score",{"href":771,"dataGaName":760,"dataGaLocation":242},"/assessments/devops-modernization-assessment/",{"config":773},{"src":774},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":776,"categories":777,"header":778,"text":755,"button":779,"image":783},"security-modernization",[24],"Are you trading speed for security?",{"text":780,"config":781},"Get your security maturity score",{"href":782,"dataGaName":760,"dataGaLocation":242},"/assessments/security-modernization-assessment/",{"config":784},{"src":785},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":787,"blurb":788,"button":789,"secondaryButton":794},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":790,"config":791},"Get your free trial",{"href":792,"dataGaName":49,"dataGaLocation":793},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":494,"config":795},{"href":53,"dataGaName":54,"dataGaLocation":793},1772652080446]