[{"data":1,"prerenderedAt":791},["ShallowReactive",2],{"/en-us/blog/devops-strategy":3,"navigation-en-us":40,"banner-en-us":439,"footer-en-us":449,"blog-post-authors-en-us-Mark Pundsack":689,"blog-related-posts-en-us-devops-strategy":703,"assessment-promotions-en-us":742,"next-steps-en-us":781},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":26,"isFeatured":12,"meta":27,"navigation":28,"path":29,"publishedDate":20,"seo":30,"stem":34,"tagSlugs":35,"__hash__":39},"blogPosts/en-us/blog/devops-strategy.yml","Devops Strategy",[7],"mark-pundsack",null,"company",{"slug":11,"featured":12,"template":13},"devops-strategy",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"Beyond CI/CD: GitLab's DevOps vision","How we're building GitLab into the complete DevOps toolchain.",[18],"Mark Pundsack","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749670214/Blog/Hero%20Images/devops-nova-scotia-cover.jpg","2017-10-04","\n\nWith GitLab 10.0, we shipped [Auto DevOps](https://docs.gitlab.com/ee/topics/autodevops/) for the Community and Enterprise\nEditions. Read on for an in-depth look at our strategy behind it, and beyond.\n\n\u003C!-- more -->\n\nI recently met with my colleagues\n[Joe](/company/team/#JAScheuermann) and\n[Courtland](/company/team/#mktinghipster) to give them the\nlowdown on GitLab's DevOps vision: where we've come from and where we're headed.\nYou can watch the video of our discussion or check out the lightly edited\ntranscript below. You can also jump into the rabbit hole, starting with the meta\nissue for [GitLab DevOps](https://gitlab.com/gitlab-org/gitlab-ce/issues/32639).\n\n\u003Ciframe width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/zMAB42g4MPI\" frameborder=\"0\" allowfullscreen>\u003C/iframe>\n\n\n## CI/CD: Where we've come from\n\n![CI/CD/Beyond CD](https://about.gitlab.com/images/blogimages/devops-strategy-ci-scope.svg)\n\nWhen I joined GitLab about a year ago, I created a [vision document for\nCI/CD](/direction/#ci--cd), and outlined a lot of the\nkey things that I thought were missing in [CI/CD in general](/topics/ci-cd/), and going beyond CD.\nI literally called one section \"beyond CD\" because I didn’t have a name for it\nthen.\n\nAnd in that document, I create an example pipeline to characterize all this\nstuff, to show how the pieces fit together into a development lifecycle.\n\n![Example pipeline](https://about.gitlab.com/images/blogimages/devops-strategy-example-pipeline.png)\n\nI love this diagram not only because it's complex and scary, but because when we\nstarted, we had maybe four boxes filled in, and now we have 10 or 12 filled in. To\nstart with, we had code management and, obviously, builds and tests. And we kind\nof did deployment, but not really.\n\nSince then, we’ve added review apps – a specific example of deployments – which\nis really awesome. We also added a more formalized mechanism for doing\ndeployments; actually recording deployments and deployment histories, keeping\ntrack of environments, and everything else. Then we added Canary Deployments in\n9.2 and code quality in 9.3. We added system monitoring with Prometheus in 9.0.\n\nWe don’t yet have what I called \"business monitoring,\" which could mean\nmonitoring revenue, or clicks, or whatever you care about; but that’s coming. We\ndon't yet have load testing, but the Prometheus team is thinking about that.\nWe don't yet have a plan for feature flags, but I think it's a really important\npart.\n\nAnd then we have this other dimension of pipelines, which is the relationship\nbetween different codebases (or projects), and in 9.3 we introduced the first\nversion of multi-project pipelines.\n\nSo we've gone from a core view of three or four boxes to where 90 percent is\ncomplete. That's pretty awesome.\n\nIt became obvious to me that we were viewing the scope with this hard line:\ndeveloper focused rather than an ops focused. For example, we’ll deploy into production,\nand we might even watch the metrics related to your code in production, but\nwe’re not going to monitor your entire production app, because that’s\noperations, and that’s clearly out of scope, right?\n\n## Where we're headed: Beyond CD\n\nWhat hit me a few months ago is, \"Why is that out of scope? That’s ridiculous.\nNo, we’re going to keep going. We're going to go past production into\noperations.\" Most of this still applies, but instead of just monitoring the\nsystem as it relates to a merge request, what about monitoring the system for\nnetwork errors, outages, or dependency problems? What if we don't stop at\nproduction, and monitor things that are typically ops related that may not\ninvolve a developer at all?\n\nThen I realized that this thing I called Beyond CD, maybe it's really [DevOps](/topics/devops/).\nMaybe the whole thing is DevOps.\n\n### The DevOps tool chain\n\nTo offer some context: DevOps is hard to define, because everybody defines it\nslightly differently. Sometimes DevOps is defined as the intersection of\ndevelopment, operations, and quality assurance.\n\n![DevOps Venn diagram](https://about.gitlab.com/images/blogimages/devops-strategy-venn-diagram.png)\n\n*\u003Csmall>Image by Rajiv.Pant, derived from Devops.png:, [CC BY 3.0](https://commons.wikimedia.org/w/index.php?curid=20202905)\u003C/small>*\n\nFor the most part, my personal interest in DevOps has been in that intersection.\nWe do great code management; we’ve done that for quite a while. How do we get\nthat code into production? How do we get it into QA?\n\nReview apps are a great example that fits squarely in that tiny, little triangle\nin the middle of the Venn diagram. You take your code, you deploy it, which is\nan operations thing, but you have it deployed in a temporary, ephemeral, app,\njust for QA people (or designers, product managers, or anyone who is not a\nprimary coder), so they can test your application for quality assurance, feature\nassurance, or whatever.\n\nBut now, I'm looking beyond the intersection. Here's the [DevOps tool chain\ndefinition](https://en.wikipedia.org/wiki/DevOps_toolchain) from Wikipedia:\n\n![DevOps Toolchain](https://about.gitlab.com/images/blogimages/devops-strategy-devops-toolchain.png)\n\n*\u003Csmall>Image by Kharnagy (Own work) [CC BY-SA 4.0](http://creativecommons.org/licenses/by-sa/4.0), via Wikimedia Commons\u003C/small>*\n\nWell, that’s everything! That’s not the intersection; that’s the union of\neverything from code, to releasing, to monitoring. And that's where things get\nconfusing. Sometimes when people talk about DevOps, they’re not talking about\nall of your code stuff. It’s the intersection parts that are the interesting\nparts of DevOps. It’s the parts where we let developers get their code into\nproduction easily. That slice, that intersection, of the Venn diagram, that’s\nthe interesting part about DevOps.\n\nHaving said that, as a product company, we are going to deliver things that are\npretty squarely on the development side, and, eventually, we’re going to deliver\nthings that are pretty squarely in the operations side. At some point, we may\nhave an operations dashboard that lets you understand your dependencies in your\nnetwork infrastructure, and your routers, and your whatever. That’s pretty far\nfetched at this point, but it could happen. Why not? Just have GitLab be\nyour one operations dashboard, and then it’s not just about the intersection of\nthe DevOps, it’s the whole DevOps tool chain.\n\nSo, that is the whirlwind, high-level summary of where we've been, and a little\nbit about where we’re going. Now let's get into specific issues.\n\n### The Ops Dashboard – [#1788](https://gitlab.com/gitlab-org/gitlab-ee/issues/1788)\n\nWe have a monitoring dashboard that's very developer centric. What about\ntaking that same content and slicing it from the operator's perspective? For a\nmoment, ignore all the stuff below, let’s just pretend there’s only the four\nboxes at the top:\n\n![Ops view of monitoring and deploy board](https://about.gitlab.com/images/blogimages/devops-strategy-monitoring-deploy-board.png)\n\nSo an operator might want to know, \"What’s the state of production?\" If I'm a\ndeveloper I can go into a project, into environments, see the production\nenvironment for that project, and I can see what the status is. But what if I\nwant to see all production environments? As an operations person, I care a\nlittle less about individual projects than I care about \"production.\" So this is\ngiving me the overview of \"production.\" All of these little boxes would\nrepresent production deploys of projects that you have in your GitLab\ninfrastructure.\n\nThe view is explicitly convoluted because we had just introduced sub-groups and\nI wanted to make sure this mechanism expanded. So ignore all the stuff below and\njust look at the top-level dashboards. Or maybe one level down, which is already\nstill pretty complicated, but let’s say your marketing organization had\ndifferent properties than your other developer operations; you’d be able to see\nreally quickly what the status is. If something’s red, you’d be able to click\ndown, and see details.\n\n![Ops view - service health](https://about.gitlab.com/images/blogimages/devops-strategy-service-health.png)\n\n![Ops view - pod health](https://about.gitlab.com/images/blogimages/devops-strategy-pod-health.png)\n\nYou’d be able to see graphs like this, which are similar to what we already\nprovide, but from the other angle. As a developer I’m looking at the deploy, and\nsaying, \"Oh, how did my deploy affect my performance?\" But this is saying,\n\"How’s production? Is anything wrong with my entire production suite?\"\n\nThis is really just scratching the surface of the ops views of things, but I\nthink it's going to become much more important as people embrace DevOps. You\nwant your developers to be talking the same language as your operations people.\nIn a lot of organizations, it’s already the same people – there are no separate\noperations people. Developers push code to production, and they're paged if\nsomething goes wrong. In others, developers and operators are separate, but they\nwant to work together towards DevOps.\n\nEither way, you want to be using the same tools. You want to be able to point\nto, for example, a memory bump that your operations people should also be able\nto see. But if they’re using completely different tools, like New Relic and\nDatadog, that kind of sucks. So let’s give them the same tools.\n\n### Pipeline view of environments – [#28698](https://gitlab.com/gitlab-org/gitlab-ce/issues/28698)\n\nI particularly love this proposal, and I really want to see this happen soon.\n\nThe environments page today is just a list of environments showing the last\ndeployment. The picture tells you who deployed, which is good, and you can see\nthat the commit is from the same SHA as staging, which is kind of nice. I can\nsee the deploy board, and if there's a deploy ongoing, I’m able to see the state\nas it rolls out. We don’t yet show you the current health of these pods; once\nthey're deployed, all we know is that they're deployed. This is how the\nenvironment view is today, and it's centered around deployments.\n\n![Environments list](https://about.gitlab.com/images/blogimages/devops-strategy-environments-list.png)\n*\u003Csmall>Current Environment view\u003C/small>*\n\nYou can click through to see the deployment history and this is actually really\nvaluable because I can see who deployed things, how long ago, and if something\nwent wrong in production I can really quickly roll back and let the developers\nhave some space to go and figure out what went wrong.\n\n![Deployment history](https://about.gitlab.com/images/blogimages/devops-strategy-deployment-history.png)\n*\u003Csmall>Current Deployment History view\u003C/small>*\n\nBut this proposal turns it around to have more of a DevOps view of the thing.\n\n![Pipeline view of environments](https://about.gitlab.com/images/blogimages/devops-strategy-pipeline-view-environments.png)\n*\u003Csmall>Proposed pipeline view of Environments\u003C/small>*\n\nThe idea is to take the same application, and instead of just looking at a list\nof environments, I’d be looking at columns with lots of review apps, and some\nnumber of staging environments, and a production environment. Instead of just\nshowing you the SHA, we would show you, for example, what merge requests have\nbeen merged into staging that are not yet in production. That’s a great\nmarriage of these two views, that you’d be able to see the diff between them.\n\nThis list, although it’s just a mockup, shows maybe the last five things that\nwere in production, or what was included in the last deploy, or whatever works\nbest for your environment. Showing what’s in the last deploy might be enough,\nbut for people who deploy 17 times a day, maybe that’s a little less useful, and\nwe just show history.\n\nBut then what about building in more of the operations kind of stuff, and\nsaying, \"Alright, what’s the state of my pods?\" Here we were flagging where the\nerror rate exceeded a threshold and there’s some alert that popped up. And here\nwe’re showing this automatic rollback kind of stuff, but basically just really\nbuilding on this ops view. Of course this is still a DevOps view, in the sense\nthat I’m looking at an individual project. So, one permutation of that would\nmarry that ops view of all of production. Or if I’m looking at a [microservices](/topics/microservices/)\nkind of thing, where there are five or 100 different projects, and I want to see\nthe status of all those really quickly. See\n[#28707](https://gitlab.com/gitlab-org/gitlab-ce/issues/28707).\n\n### Dependency security – [#28566](https://gitlab.com/gitlab-org/gitlab-ce/issues/28566)\n\nSo, here, the idea is that you've deployed something in production, and some\nmodule or something that you depend on has been updated, not by you, but by the\ncommunity, or someone else.\n\nThe easiest and most naive way to approach this is that with the next merge\nrequest, or next CI/CD run, we would go and check to see if anything’s outdated.\nAnd we might fail your CI/CD because of this.\n\nIt would make much more sense to run this stuff automatically. Even if, for\nexample, nobody pushes for seven days, and in the middle of that, there’s a\nsecurity release; just proactively run stuff and notify me. So, that's sort of a\nsecond iteration of thinking about how you would notify somebody, and tell them,\n\"Oh, you’ve got a security change. You should go in and do something about it.\"\n\nNow, the third iteration is, \"Well, what would you do with that information?\"\nYou’d go and maybe give it to your junior developer to go and make the change,\nand point to the new version. And then, of course, you need to test that it\nworks. So, you’re going to create a merge request, and then test it, to make\nsure that it still functions properly.\n\nWell, why notify somebody, and tell the junior developer to go and do this? Why\ndon’t we just do it for you? Why don’t we just go and submit the merge request\nfor you, and then tell you what the results are. And, in fact, let’s go further,\nand say, \"Hey it passed. We just deployed into production for you.\" Why would\nyou have security vulnerability in place any longer than necessary?\n\nAnd instead of having 100 alerts about 100 projects or microservices that all\nneed to get updated, you just get alerts about three of them that fail, that\nactually have some weird dependency that it didn’t work on. And then, you can\nfocus on real problems.\n\n![Dependency security](https://about.gitlab.com/images/blogimages/devops-strategy-dependency-security.png)\n\nSo, that’s a glimpse at how we’re thinking about this.\n\nThis would definitely be an enterprise-level feature. And again, we've fleshed\nout some ideas and it’s unscheduled, but it does really tie into the ops\nmindset.\n\n### Question: Enterprise Edition features\n\nCourtland: You mentioned that sort of automation would be an enterprise edition\nfeature. Can you talk a little bit more about why a smaller development team,\nlike under 100 developers, wouldn’t get value out of something like that?\n\nMark:\tSo, this is where things get a little tricky, because of course,\nsmaller developer teams would get value out of that too. Everybody would get\nvalue out of that. Some of it has to do with proportionality. One test I like to\nuse is: is there some other way you could achieve the same thing, using\nworkarounds, and we’re just making it easier? And that’s a good case, here. You\ncan already do this, but we’re going to automate it. And automation is something\nthat affects larger companies a lot more, because they’ve got hundreds of\nprojects, with thousands of developers. And they just can’t deal with the scale,\nor it’s worth dealing with the automation. Whereas, if you’ve got a small\ndeveloper, with a single project, you’re pretty much on top of it. And if\nsomething changes, yeah, you just go ahead and fix it; you’re aware of it. The\nbigger challenges are when you’re just not aware of how this thing might affect\none project that somebody’s almost forgotten about.\n\nThe other thing is that, just to be blunt, our concept that Enterprise Edition\nis only for more than X people, is a little flawed. It’s that it\napplies more to those companies, that those people value it more, and they’d be\nwilling to pay for it more, or however you judge your value there. Clearly,\nsmall companies would value all this automation, and everything else, but\nthey’re not going to get as much incremental value out of it, as a larger\ncompany would.\n\n~~The other way to look at it is that this is pretty advanced stuff, and frankly,\nit doesn’t deserve to be, free, open source. It’s probably really complicated\nstuff, and you’re going to have to pay there.~~ *[Editor's note: Advancedness is not a criteria in open sourcing or not open sourcing. There are advanced features that are open source, such as [Review Apps](https://docs.gitlab.com/ee/ci/review_apps/). There are basic features that are proprietary, such as [File Locking](https://docs.gitlab.com/user/project/file_lock/). The criteria we use to decide which version the features go in are documented on our [stewardship page](https://handbook.gitlab.com/handbook/company/stewardship/#what-features-are-paid-only).]* Maybe there’d be levels to it,\nright? There’d be a version that gives you an alert: we’ll run this test once a\nday. Or even just have a blog post about how to do this: you set up a recurring,\nscheduled pipeline job, once a day, to test if any of your dependencies have\nbeen updated. And you can do that today and then it would alert you. But to\nautomate it, to actually, create a merge request for you, and everything else?\nWell, that’s in the Enterprise feature. It’s not that version checking isn’t\nimportant for everybody, but the automation around it really, really matters for\nlarger companies. Does that make sense?\n\nCourtland:\tYeah, I mean, I think that the first way you described it, in that,\n\"Yeah, everyone gets some value out a feature like this, but the overwhelming\nvalue and use for this is in larger development teams,\" that resonated.\n\n### SLO and auto revert – [#1661](https://gitlab.com/gitlab-org/gitlab-ee/issues/1661)\n\nThis is a feature showing how we’re thinking about auto reverting something.\nWe’ve got canary deployments, and we have another feature we’re not currently\nworking on or scheduled, but it’s incremental rollout, so that you would not\njust rollout to a single canary, or a bucket of canaries, but it would slowly\nincrement: 1 percent, then 5 percent, then 25 percent. But let’s say, at some point, during my\nrollout, you detect an error.\n\n![Revert](https://about.gitlab.com/images/blogimages/devops-strategy-revert.png)\n\nThis a mockup of what it would look like. You’re like, \"Oh, error rates\nincreased by something above our threshold; let’s revert that one, go back, and\ncreate a new issue, and alert somebody to take a look at it.\" Lately, I’m\nthinking that I don’t know if I really want to automatically roll back, versus\njust stop it in its canary form, and say, \"Well, it’s canary. Let’s let canary\nbe there, so you can debug the canary, but just don’t let the canary go on\nfurther.\"\n\nError rate exceeding is a pretty tough one. But let’s say memory bumps up, and\nyou might be like, \"Yeah, we added something, and it’s using more memory, and\nwe’re okay with that. Don’t stop my deploy just because it’s using more memory.\"\nThere might need to be human intervention in there, but somewhere along this\nline we’re automating a lot of the deploy stuff.\n\n### Onboarding and adoption – [#32638](https://gitlab.com/gitlab-org/gitlab-ce/issues/32638)\n\nOnboarding and adoption is a really big issue, with lots of different ideas for\nhow to improve onboarding, how to get people actually using idea to production,\nimproving auto deploy. Not a lot of visuals, so I won’t really talk about it,\nbut it’s definitely one of our top priorities; the next most important thing\nwe’re working on.\n\n### Cloud development – [#32637](https://gitlab.com/gitlab-org/gitlab-ce/issues/32637)\n\nCloud development is the idea that setting up your local host machine is\nactually kind of a pain sometimes. Especially with microservices, where each\nservice can be in their own language, you don’t want to maintain Java, and Ruby,\nand Node, and all these other versions of dependencies, and every time something\nswitches, you’ve got to reinstall a new version of stuff. Or even these days,\nyou might develop on an iPad, and you don’t have a local host to compile things.\n\nCloud9 is the biggest, well known thing, from an IDE perspective, and Amazon\nbought them a little while ago. But even aside from the IDE portion of it, it’s\njust being able to develop in the cloud, and being able to make some changes,\nand then push them back; commit them to a repo.\n\nWe have a little bit of a demo like this, right now, with our web terminal. So,\nif you have Kubernetes, you see this terminal button, and it just pops up the\nterminal right in the staging server. And I can actually go ahead and edit a\nfile there, and... I just made a live change into my staging app.\n\nNow, generally speaking, I would not actually recommend you do that, because\nI’m messing with my staging app, that’s not what it's for. It makes an awesome\nlittle demo, but it’s not what you should do. What we want to do is come up with\na way that people could do that, but have it be not on your staging app, but in\nmaybe a dev environment that is specifically for this purpose. But that also,\nafter you make your changes, and test them, and run them live, you can then go\nand commit them back to [version control](/topics/version-control/), and close that loop. So there’s a whole\nbunch of issues related to that. And to be honest, it was what we were hoping\nthat Koding would have provided for us, and we have an integration\nwith them, but it hasn’t worked out, really, the way that we had hoped. And so,\nwe’re looking at alternatives, and we think we can probably do this ourselves.\n\nAnyway, that’s a big thing to flesh out.\n\n### GitLab PaaS – [#32820](https://gitlab.com/gitlab-org/gitlab-ce/issues/32820)\n\nHeroku is awesome, because it gives you this really great platform that’s easy\nto use, and gives you all this functionality on top of Amazon. Five or six years\nago it was super, brain-meltingly awesome to get people to do ops. For a\ndeveloper, I don’t have to be aware of how to do ops; Heroku just does ops\nfor us.\n\nGitLab PaaS is basically the idea that you’ve got a lot of these components, and\nwe’re not going to invent them all from scratch. We’re going to rely on\nKubernetes, for example. But on top of Kubernetes, we could make an awesome\nenvironment for ops. An ops environment, or a platform as a service. And so,\nthere’s an issue to discuss what it would take to do that. At some point in\ntime, this is a big item for us. If we can make it super really easy for you to\nfully manage your ops environment via GitLab, and maybe, for example, never\ntouch the Kubernetes dashboard; never touch any of the tools, just use the\nGitLab tools to do this. That’s pretty powerful.\n\nSort of related is an idea in the onboarding stuff, that on GitLab.com\nwe can actually provide you with a Kubernetes cluster; maybe a shared cluster. We\nhave to worry about security, of course. But imagine if you were a brand new\nuser on GitLab.com, and you push up an app, and you have nothing in there\nspecifically for GitLab, you just push up your code, and GitLab is like, \"Oh,\nthat’s a Ruby app. Okay, I know how to build Ruby apps. Oh, and I also know how\nto test Ruby apps. I’m just going to go and test them automatically for you.\"\nAnd, \"Oh, by the way, I know how to deploy this. I’m just going to go ahead and\ndeploy this to production.\" And we’ll make a\nproduction.project-name.ephemeral-gitlabapps.com, whatever the hell, some domain\nso that it’s not going to affect your actual production. But if you wanted to,\nyou would just point your DNS over to this production app, and you've got the\nproduction app running on GitLab infrastructure. And that’s, really, what Heroku\nprovided, right?\n\nBut that also is an onboarding thing for us to make it really easy. Because if\nwe want everybody to have CI, well, let’s turn it on for you. That’s pretty\nawesome. If we want everybody to have CD, we can’t just turn it on for you,\nbecause you have to have a place to deploy it to. So, if we just provided you a\nKubernetes cluster (\"everybody gets a cluster\"), then you just got a place. And,\nI mean, we’ll severely limit it. We’ll make it limited in some way, so that\nyou’re not going to run the production stuff for long there. Or if you do, you have\nto pay for it. But we’re not going to try and make money off of the production\nresources. We want to make money off of making it really easy. So, really, what\nwe want to do is encourage you to, then, go and spin up your own Kubernetes\ncluster, say, on Google. And we’ll make a nice little link that says, \"Go and\nspin up a cluster on GKE.\" We’ll make that really, really easy, but to make it\nsuper easy, for some number of days, we can just provide you that cluster,\nautomatically.\n\n### Feature flags – [#779](https://gitlab.com/gitlab-org/gitlab-ee/issues/779)\n\nFeature flags are really about decoupling delivery from deployment. It’s the\nidea that you make your code, you deploy it, but you haven’t turned it on, so\nit’s not delivered yet. And the idea there is that it means you can merge in the\nmain line, more often, because it’s not affecting anybody. And, also, it really\nhelps because you can do things like: when I do deliver, I can deliver it for\ncertain people; just GitLab employees or just the Beta group, and then I can\ncontrol that rollout. So then, if there's an error rate spike, well, it’s just\na few a people and I know who they are, and they’re going to complain to me.\nIt’s no big deal. But I can test things out, get it polished, fix the problems,\nbefore rolling it out. And then, you can also do things like, roll it out to 10 percent\nof the people, 50 percent of the people, whatever. It’s all about reducing risk, and\nimproving quality, and fundamentally about getting things into your mainline\nquicker. So, it’s ops-ish, in that sense, but it’s, really, still pretty fully\non dev.\n\n### Artifact management – [#2752](https://gitlab.com/gitlab-org/gitlab-ee/issues/2752)\n\nArtifact management has become a hot topic lately. We already have a container\nregistry for Docker image artifacts, and we also have file-based artifacts that\nyou can pass between jobs, and pass between pipelines, and even pass between\ncross project pipelines. And we have ways to download them, and browse them, but\nif those artifacts happen to be things like Maven or Ruby or node modules, and\nyou want to publish them, and then consume them in other pipelines, we don’t\nhave a formal way to do that.\n\nAnd you could, obviously, publish to the open source, RubyGems, for example. But\nif you want a private Gem, that is only consumed by your team... Maybe that's\nnot as big for Ruby developers, but Java developers do that all the time. A lot\nof Java developers use Artifactory or Sonatype Nexus. In order to complete the\nDevOps tool chain, we need to have some first class support for that, either by\nbundling in one of these other providers, or by adding layers, and APIs, on top\nof our existing artifacts. My personal pet favorite right now is, let’s say we\ncan just tag our existing artifact, and say, \"Oh, this is Maven type of\nartifact,\" and then we expose that via an API and so then you can declare that\nin another project, and it would just consume the APIs, and just know how to do\nthat. But it would also use our built-in authentication so you don’t have to set\nup creds and do all this declaration; you can be like, \"Oh, I’ve got access to\nthis project and this project, so I can get the artifacts, and I can consume it\nall really easily.\"\n\n### Auto DevOps – [#35712](https://gitlab.com/gitlab-org/gitlab-ce/issues/35712)\n\n*Note: We shipped the first iteration of Auto DevOps in [10.0](/releases/2017/09/22/gitlab-10-0-released/#auto-devops)*\n\nSo, let’s talk about Auto DevOps. This spans from the near-term to the very\nlong-term. It’s great that we do a lot of DevOps, and in a very simplistic way,\nit’s like, \"Oh, but shouldn’t we just make this stuff automatic?\" The way I\nphrase it is, we should provide the best practices in an easy and default way.\nYou can set up a GitLab CI YAML, but you have to actively go and do that. But,\nreally, every project should be running some kind of CI. So, why don’t we just\ndetect when you’ve pushed up a project; we’ll just build it, and we’ll go and\ntest it, because we know how to do testing. Today, with Auto Deploy, we already\nuse Auto Build, with build packs. We will automatically detect, I think, one of\nseven different languages, and automatically build your Java app, or Ruby, or\nNode... and we use Heroku’s build packs, actually, to do this build. And so we\nbuild that up, and when using Auto Deploy, we’ll go ahead and deploy that. You\nstill have to, obviously, have a Kubernetes cluster in order to do that, so it’s\nnot fully automated if you don’t have that. But if you’ve got Kubernetes, hey,\nthis is a literally one click. You pick from a menu, say, \"Oh, I’m on\nKubernetes,\" and then hit submit, and you’ve got Auto Deploy and Auto Build.\n\nBut one of the things we don’t have is Auto CI. And that’s a little annoying,\nbut it’s one of the things we want to pick up, and actually, hopefully our CTO,\nDmitriy, is going to pick that up in Q3; it's one of his OKRs. Heroku,\nthemselves, actually extended build packs to do testing, and so that means that\nthere’s at least five build packs that know how to test these languages. And so,\nhey, let’s use that. But even if that doesn’t work, there’s a lot of other\nthings we can do. Other companies have all this stuff automated, as well. So if\nwe can’t use Heroku CI, being able to say, \"Oh, this is this language; we know\nhow to test this language,\" we'll be making that automatic.\n\nAutomatic is multiple levels of things. Is it a wizard that configures this\nstuff for me? Is it one click checkbox, that says, \"Yes, turn on auto CI,\" or is\nit templates that I can easily add into my GitLab CI YAML? I think, in order to\nqualify as auto, what we have to do here is that it shouldn’t be templates. It\nshouldn’t be blog posts that tell me how to do it. That’s just CI. It should be,\nliterally, just \"I pushed and it worked;\" or at most a checkbox or two.\n\nLet’s go further, what other thing could we just automate here? And not automate\nstrictly for the purposes of automation, but about bringing best practices to\npeople. So, you have to actively work hard, to turn these things off. If you\ndon’t want CI, then shut it off, but by default you should have this.\n\nSo, this is a really, really long list of things that will take us forever to\nget to. The first ones have links, because we’re tracking real issues for this.\nAuto Metrics is a great one. If you’re running certain languages, you should\njust be able to, really easily, go and just pull the right information out of\nthere. But whatever, the list is huge.\n\nBut the idea is that we can build up this Auto DevOps, even the marketing term,\nand start talking about it in that way, and to not just say that GitLab is great\nfor your DevOps and is a complete DevOps tool chain. But, in fact, we do all\nthis stuff for you automatically.\n\nThere’s a lot to be done to make this fully automated. And what percentage of\nprojects can we really do? Auto Deploy is a great example that only works for\nweb apps. If it’s not a web app, we can’t just deploy it. What would it mean? We\ndeploy it, and it just wouldn’t function. If you made a command line app, what\nwould deploy even mean? Or if it’s a Maven, or really any kind of module that\nyou bundled up and released, that’s not the same thing as a deploy. So, maybe we\nneed an Auto Release. It’s not on this list, but maybe it should be. But within\nthe web app space, we can do some of this stuff automatically.\n\nSo that’s it. Everything you ever wanted to know about DevOps.\n",[23,24,25],"inside GitLab","DevOps","CI","yml",{},true,"/en-us/blog/devops-strategy",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":31,"ogSiteName":32,"ogType":33,"canonicalUrls":31},"https://about.gitlab.com/blog/devops-strategy","https://about.gitlab.com","article","en-us/blog/devops-strategy",[36,37,38],"inside-gitlab","devops","ci","1xJlfQPR8pU6RpD0UecNez9Pkx36K8KVUJp0TDOwVpo",{"data":41},{"logo":42,"freeTrial":47,"sales":52,"login":57,"items":62,"search":369,"minimal":400,"duo":419,"pricingDeployment":429},{"config":43},{"href":44,"dataGaName":45,"dataGaLocation":46},"/","gitlab logo","header",{"text":48,"config":49},"Get free trial",{"href":50,"dataGaName":51,"dataGaLocation":46},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":53,"config":54},"Talk to sales",{"href":55,"dataGaName":56,"dataGaLocation":46},"/sales/","sales",{"text":58,"config":59},"Sign in",{"href":60,"dataGaName":61,"dataGaLocation":46},"https://gitlab.com/users/sign_in/","sign in",[63,90,185,190,291,350],{"text":64,"config":65,"cards":67},"Platform",{"dataNavLevelOne":66},"platform",[68,74,82],{"title":64,"description":69,"link":70},"The intelligent orchestration platform for DevSecOps",{"text":71,"config":72},"Explore our Platform",{"href":73,"dataGaName":66,"dataGaLocation":46},"/platform/",{"title":75,"description":76,"link":77},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":78,"config":79},"Meet GitLab Duo",{"href":80,"dataGaName":81,"dataGaLocation":46},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":83,"description":84,"link":85},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":86,"config":87},"Learn more",{"href":88,"dataGaName":89,"dataGaLocation":46},"/why-gitlab/","why gitlab",{"text":91,"left":28,"config":92,"link":94,"lists":98,"footer":167},"Product",{"dataNavLevelOne":93},"solutions",{"text":95,"config":96},"View all Solutions",{"href":97,"dataGaName":93,"dataGaLocation":46},"/solutions/",[99,123,146],{"title":100,"description":101,"link":102,"items":107},"Automation","CI/CD and automation to accelerate deployment",{"config":103},{"icon":104,"href":105,"dataGaName":106,"dataGaLocation":46},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[108,112,115,119],{"text":109,"config":110},"CI/CD",{"href":111,"dataGaLocation":46,"dataGaName":109},"/solutions/continuous-integration/",{"text":75,"config":113},{"href":80,"dataGaLocation":46,"dataGaName":114},"gitlab duo agent platform - product menu",{"text":116,"config":117},"Source Code Management",{"href":118,"dataGaLocation":46,"dataGaName":116},"/solutions/source-code-management/",{"text":120,"config":121},"Automated Software Delivery",{"href":105,"dataGaLocation":46,"dataGaName":122},"Automated software delivery",{"title":124,"description":125,"link":126,"items":131},"Security","Deliver code faster without compromising security",{"config":127},{"href":128,"dataGaName":129,"dataGaLocation":46,"icon":130},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[132,136,141],{"text":133,"config":134},"Application Security Testing",{"href":128,"dataGaName":135,"dataGaLocation":46},"Application security testing",{"text":137,"config":138},"Software Supply Chain Security",{"href":139,"dataGaLocation":46,"dataGaName":140},"/solutions/supply-chain/","Software supply chain security",{"text":142,"config":143},"Software Compliance",{"href":144,"dataGaName":145,"dataGaLocation":46},"/solutions/software-compliance/","software compliance",{"title":147,"link":148,"items":153},"Measurement",{"config":149},{"icon":150,"href":151,"dataGaName":152,"dataGaLocation":46},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[154,158,162],{"text":155,"config":156},"Visibility & Measurement",{"href":151,"dataGaLocation":46,"dataGaName":157},"Visibility and Measurement",{"text":159,"config":160},"Value Stream Management",{"href":161,"dataGaLocation":46,"dataGaName":159},"/solutions/value-stream-management/",{"text":163,"config":164},"Analytics & Insights",{"href":165,"dataGaLocation":46,"dataGaName":166},"/solutions/analytics-and-insights/","Analytics and insights",{"title":168,"items":169},"GitLab for",[170,175,180],{"text":171,"config":172},"Enterprise",{"href":173,"dataGaLocation":46,"dataGaName":174},"/enterprise/","enterprise",{"text":176,"config":177},"Small Business",{"href":178,"dataGaLocation":46,"dataGaName":179},"/small-business/","small business",{"text":181,"config":182},"Public Sector",{"href":183,"dataGaLocation":46,"dataGaName":184},"/solutions/public-sector/","public sector",{"text":186,"config":187},"Pricing",{"href":188,"dataGaName":189,"dataGaLocation":46,"dataNavLevelOne":189},"/pricing/","pricing",{"text":191,"config":192,"link":194,"lists":198,"feature":278},"Resources",{"dataNavLevelOne":193},"resources",{"text":195,"config":196},"View all resources",{"href":197,"dataGaName":193,"dataGaLocation":46},"/resources/",[199,232,250],{"title":200,"items":201},"Getting started",[202,207,212,217,222,227],{"text":203,"config":204},"Install",{"href":205,"dataGaName":206,"dataGaLocation":46},"/install/","install",{"text":208,"config":209},"Quick start guides",{"href":210,"dataGaName":211,"dataGaLocation":46},"/get-started/","quick setup checklists",{"text":213,"config":214},"Learn",{"href":215,"dataGaLocation":46,"dataGaName":216},"https://university.gitlab.com/","learn",{"text":218,"config":219},"Product documentation",{"href":220,"dataGaName":221,"dataGaLocation":46},"https://docs.gitlab.com/","product documentation",{"text":223,"config":224},"Best practice videos",{"href":225,"dataGaName":226,"dataGaLocation":46},"/getting-started-videos/","best practice videos",{"text":228,"config":229},"Integrations",{"href":230,"dataGaName":231,"dataGaLocation":46},"/integrations/","integrations",{"title":233,"items":234},"Discover",[235,240,245],{"text":236,"config":237},"Customer success stories",{"href":238,"dataGaName":239,"dataGaLocation":46},"/customers/","customer success stories",{"text":241,"config":242},"Blog",{"href":243,"dataGaName":244,"dataGaLocation":46},"/blog/","blog",{"text":246,"config":247},"Remote",{"href":248,"dataGaName":249,"dataGaLocation":46},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":251,"items":252},"Connect",[253,258,263,268,273],{"text":254,"config":255},"GitLab Services",{"href":256,"dataGaName":257,"dataGaLocation":46},"/services/","services",{"text":259,"config":260},"Community",{"href":261,"dataGaName":262,"dataGaLocation":46},"/community/","community",{"text":264,"config":265},"Forum",{"href":266,"dataGaName":267,"dataGaLocation":46},"https://forum.gitlab.com/","forum",{"text":269,"config":270},"Events",{"href":271,"dataGaName":272,"dataGaLocation":46},"/events/","events",{"text":274,"config":275},"Partners",{"href":276,"dataGaName":277,"dataGaLocation":46},"/partners/","partners",{"backgroundColor":279,"textColor":280,"text":281,"image":282,"link":286},"#2f2a6b","#fff","Insights for the future of software development",{"altText":283,"config":284},"the source promo card",{"src":285},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":287,"config":288},"Read the latest",{"href":289,"dataGaName":290,"dataGaLocation":46},"/the-source/","the source",{"text":292,"config":293,"lists":294},"Company",{"dataNavLevelOne":9},[295],{"items":296},[297,302,308,310,315,320,325,330,335,340,345],{"text":298,"config":299},"About",{"href":300,"dataGaName":301,"dataGaLocation":46},"/company/","about",{"text":303,"config":304,"footerGa":307},"Jobs",{"href":305,"dataGaName":306,"dataGaLocation":46},"/jobs/","jobs",{"dataGaName":306},{"text":269,"config":309},{"href":271,"dataGaName":272,"dataGaLocation":46},{"text":311,"config":312},"Leadership",{"href":313,"dataGaName":314,"dataGaLocation":46},"/company/team/e-group/","leadership",{"text":316,"config":317},"Team",{"href":318,"dataGaName":319,"dataGaLocation":46},"/company/team/","team",{"text":321,"config":322},"Handbook",{"href":323,"dataGaName":324,"dataGaLocation":46},"https://handbook.gitlab.com/","handbook",{"text":326,"config":327},"Investor relations",{"href":328,"dataGaName":329,"dataGaLocation":46},"https://ir.gitlab.com/","investor relations",{"text":331,"config":332},"Trust Center",{"href":333,"dataGaName":334,"dataGaLocation":46},"/security/","trust center",{"text":336,"config":337},"AI Transparency Center",{"href":338,"dataGaName":339,"dataGaLocation":46},"/ai-transparency-center/","ai transparency center",{"text":341,"config":342},"Newsletter",{"href":343,"dataGaName":344,"dataGaLocation":46},"/company/contact/#contact-forms","newsletter",{"text":346,"config":347},"Press",{"href":348,"dataGaName":349,"dataGaLocation":46},"/press/","press",{"text":351,"config":352,"lists":353},"Contact us",{"dataNavLevelOne":9},[354],{"items":355},[356,359,364],{"text":53,"config":357},{"href":55,"dataGaName":358,"dataGaLocation":46},"talk to sales",{"text":360,"config":361},"Support portal",{"href":362,"dataGaName":363,"dataGaLocation":46},"https://support.gitlab.com","support portal",{"text":365,"config":366},"Customer portal",{"href":367,"dataGaName":368,"dataGaLocation":46},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":370,"login":371,"suggestions":378},"Close",{"text":372,"link":373},"To search repositories and projects, login to",{"text":374,"config":375},"gitlab.com",{"href":60,"dataGaName":376,"dataGaLocation":377},"search login","search",{"text":379,"default":380},"Suggestions",[381,383,387,389,393,397],{"text":75,"config":382},{"href":80,"dataGaName":75,"dataGaLocation":377},{"text":384,"config":385},"Code Suggestions (AI)",{"href":386,"dataGaName":384,"dataGaLocation":377},"/solutions/code-suggestions/",{"text":109,"config":388},{"href":111,"dataGaName":109,"dataGaLocation":377},{"text":390,"config":391},"GitLab on AWS",{"href":392,"dataGaName":390,"dataGaLocation":377},"/partners/technology-partners/aws/",{"text":394,"config":395},"GitLab on Google Cloud",{"href":396,"dataGaName":394,"dataGaLocation":377},"/partners/technology-partners/google-cloud-platform/",{"text":398,"config":399},"Why GitLab?",{"href":88,"dataGaName":398,"dataGaLocation":377},{"freeTrial":401,"mobileIcon":406,"desktopIcon":411,"secondaryButton":414},{"text":402,"config":403},"Start free trial",{"href":404,"dataGaName":51,"dataGaLocation":405},"https://gitlab.com/-/trials/new/","nav",{"altText":407,"config":408},"Gitlab Icon",{"src":409,"dataGaName":410,"dataGaLocation":405},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":407,"config":412},{"src":413,"dataGaName":410,"dataGaLocation":405},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":415,"config":416},"Get Started",{"href":417,"dataGaName":418,"dataGaLocation":405},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":420,"mobileIcon":425,"desktopIcon":427},{"text":421,"config":422},"Learn more about GitLab Duo",{"href":423,"dataGaName":424,"dataGaLocation":405},"/gitlab-duo/","gitlab duo",{"altText":407,"config":426},{"src":409,"dataGaName":410,"dataGaLocation":405},{"altText":407,"config":428},{"src":413,"dataGaName":410,"dataGaLocation":405},{"freeTrial":430,"mobileIcon":435,"desktopIcon":437},{"text":431,"config":432},"Back to pricing",{"href":188,"dataGaName":433,"dataGaLocation":405,"icon":434},"back to pricing","GoBack",{"altText":407,"config":436},{"src":409,"dataGaName":410,"dataGaLocation":405},{"altText":407,"config":438},{"src":413,"dataGaName":410,"dataGaLocation":405},{"title":440,"button":441,"config":446},"See how agentic AI transforms software delivery",{"text":442,"config":443},"Watch GitLab Transcend now",{"href":444,"dataGaName":445,"dataGaLocation":46},"/events/transcend/virtual/","transcend event",{"layout":447,"icon":448},"release","AiStar",{"data":450},{"text":451,"source":452,"edit":458,"contribute":463,"config":468,"items":473,"minimal":678},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":453,"config":454},"View page source",{"href":455,"dataGaName":456,"dataGaLocation":457},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":459,"config":460},"Edit this page",{"href":461,"dataGaName":462,"dataGaLocation":457},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":464,"config":465},"Please contribute",{"href":466,"dataGaName":467,"dataGaLocation":457},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":469,"facebook":470,"youtube":471,"linkedin":472},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[474,521,573,617,644],{"title":186,"links":475,"subMenu":490},[476,480,485],{"text":477,"config":478},"View plans",{"href":188,"dataGaName":479,"dataGaLocation":457},"view plans",{"text":481,"config":482},"Why Premium?",{"href":483,"dataGaName":484,"dataGaLocation":457},"/pricing/premium/","why premium",{"text":486,"config":487},"Why Ultimate?",{"href":488,"dataGaName":489,"dataGaLocation":457},"/pricing/ultimate/","why ultimate",[491],{"title":492,"links":493},"Contact Us",[494,497,499,501,506,511,516],{"text":495,"config":496},"Contact sales",{"href":55,"dataGaName":56,"dataGaLocation":457},{"text":360,"config":498},{"href":362,"dataGaName":363,"dataGaLocation":457},{"text":365,"config":500},{"href":367,"dataGaName":368,"dataGaLocation":457},{"text":502,"config":503},"Status",{"href":504,"dataGaName":505,"dataGaLocation":457},"https://status.gitlab.com/","status",{"text":507,"config":508},"Terms of use",{"href":509,"dataGaName":510,"dataGaLocation":457},"/terms/","terms of use",{"text":512,"config":513},"Privacy statement",{"href":514,"dataGaName":515,"dataGaLocation":457},"/privacy/","privacy statement",{"text":517,"config":518},"Cookie preferences",{"dataGaName":519,"dataGaLocation":457,"id":520,"isOneTrustButton":28},"cookie preferences","ot-sdk-btn",{"title":91,"links":522,"subMenu":531},[523,527],{"text":524,"config":525},"DevSecOps platform",{"href":73,"dataGaName":526,"dataGaLocation":457},"devsecops platform",{"text":528,"config":529},"AI-Assisted Development",{"href":423,"dataGaName":530,"dataGaLocation":457},"ai-assisted development",[532],{"title":533,"links":534},"Topics",[535,540,545,548,553,558,563,568],{"text":536,"config":537},"CICD",{"href":538,"dataGaName":539,"dataGaLocation":457},"/topics/ci-cd/","cicd",{"text":541,"config":542},"GitOps",{"href":543,"dataGaName":544,"dataGaLocation":457},"/topics/gitops/","gitops",{"text":24,"config":546},{"href":547,"dataGaName":37,"dataGaLocation":457},"/topics/devops/",{"text":549,"config":550},"Version Control",{"href":551,"dataGaName":552,"dataGaLocation":457},"/topics/version-control/","version control",{"text":554,"config":555},"DevSecOps",{"href":556,"dataGaName":557,"dataGaLocation":457},"/topics/devsecops/","devsecops",{"text":559,"config":560},"Cloud Native",{"href":561,"dataGaName":562,"dataGaLocation":457},"/topics/cloud-native/","cloud native",{"text":564,"config":565},"AI for Coding",{"href":566,"dataGaName":567,"dataGaLocation":457},"/topics/devops/ai-for-coding/","ai for coding",{"text":569,"config":570},"Agentic AI",{"href":571,"dataGaName":572,"dataGaLocation":457},"/topics/agentic-ai/","agentic ai",{"title":574,"links":575},"Solutions",[576,578,580,585,589,592,596,599,601,604,607,612],{"text":133,"config":577},{"href":128,"dataGaName":133,"dataGaLocation":457},{"text":122,"config":579},{"href":105,"dataGaName":106,"dataGaLocation":457},{"text":581,"config":582},"Agile development",{"href":583,"dataGaName":584,"dataGaLocation":457},"/solutions/agile-delivery/","agile delivery",{"text":586,"config":587},"SCM",{"href":118,"dataGaName":588,"dataGaLocation":457},"source code management",{"text":536,"config":590},{"href":111,"dataGaName":591,"dataGaLocation":457},"continuous integration & delivery",{"text":593,"config":594},"Value stream management",{"href":161,"dataGaName":595,"dataGaLocation":457},"value stream management",{"text":541,"config":597},{"href":598,"dataGaName":544,"dataGaLocation":457},"/solutions/gitops/",{"text":171,"config":600},{"href":173,"dataGaName":174,"dataGaLocation":457},{"text":602,"config":603},"Small business",{"href":178,"dataGaName":179,"dataGaLocation":457},{"text":605,"config":606},"Public sector",{"href":183,"dataGaName":184,"dataGaLocation":457},{"text":608,"config":609},"Education",{"href":610,"dataGaName":611,"dataGaLocation":457},"/solutions/education/","education",{"text":613,"config":614},"Financial services",{"href":615,"dataGaName":616,"dataGaLocation":457},"/solutions/finance/","financial services",{"title":191,"links":618},[619,621,623,625,628,630,632,634,636,638,640,642],{"text":203,"config":620},{"href":205,"dataGaName":206,"dataGaLocation":457},{"text":208,"config":622},{"href":210,"dataGaName":211,"dataGaLocation":457},{"text":213,"config":624},{"href":215,"dataGaName":216,"dataGaLocation":457},{"text":218,"config":626},{"href":220,"dataGaName":627,"dataGaLocation":457},"docs",{"text":241,"config":629},{"href":243,"dataGaName":244,"dataGaLocation":457},{"text":236,"config":631},{"href":238,"dataGaName":239,"dataGaLocation":457},{"text":246,"config":633},{"href":248,"dataGaName":249,"dataGaLocation":457},{"text":254,"config":635},{"href":256,"dataGaName":257,"dataGaLocation":457},{"text":259,"config":637},{"href":261,"dataGaName":262,"dataGaLocation":457},{"text":264,"config":639},{"href":266,"dataGaName":267,"dataGaLocation":457},{"text":269,"config":641},{"href":271,"dataGaName":272,"dataGaLocation":457},{"text":274,"config":643},{"href":276,"dataGaName":277,"dataGaLocation":457},{"title":292,"links":645},[646,648,650,652,654,656,658,662,667,669,671,673],{"text":298,"config":647},{"href":300,"dataGaName":9,"dataGaLocation":457},{"text":303,"config":649},{"href":305,"dataGaName":306,"dataGaLocation":457},{"text":311,"config":651},{"href":313,"dataGaName":314,"dataGaLocation":457},{"text":316,"config":653},{"href":318,"dataGaName":319,"dataGaLocation":457},{"text":321,"config":655},{"href":323,"dataGaName":324,"dataGaLocation":457},{"text":326,"config":657},{"href":328,"dataGaName":329,"dataGaLocation":457},{"text":659,"config":660},"Sustainability",{"href":661,"dataGaName":659,"dataGaLocation":457},"/sustainability/",{"text":663,"config":664},"Diversity, inclusion and belonging (DIB)",{"href":665,"dataGaName":666,"dataGaLocation":457},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":331,"config":668},{"href":333,"dataGaName":334,"dataGaLocation":457},{"text":341,"config":670},{"href":343,"dataGaName":344,"dataGaLocation":457},{"text":346,"config":672},{"href":348,"dataGaName":349,"dataGaLocation":457},{"text":674,"config":675},"Modern Slavery Transparency Statement",{"href":676,"dataGaName":677,"dataGaLocation":457},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":679},[680,683,686],{"text":681,"config":682},"Terms",{"href":509,"dataGaName":510,"dataGaLocation":457},{"text":684,"config":685},"Cookies",{"dataGaName":519,"dataGaLocation":457,"id":520,"isOneTrustButton":28},{"text":687,"config":688},"Privacy",{"href":514,"dataGaName":515,"dataGaLocation":457},[690],{"id":691,"title":18,"body":8,"config":692,"content":694,"description":8,"extension":26,"meta":698,"navigation":28,"path":699,"seo":700,"stem":701,"__hash__":702},"blogAuthors/en-us/blog/authors/mark-pundsack.yml",{"template":693},"BlogAuthor",{"name":18,"config":695},{"headshot":696,"ctfId":697},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","markpundsack",{},"/en-us/blog/authors/mark-pundsack",{},"en-us/blog/authors/mark-pundsack","0XkJx2hq2Kagj8C3zTex7xC4ZA-fT8eE1Uo1cML1zhU",[704,717,728],{"content":705,"config":715},{"title":706,"description":707,"authors":708,"heroImage":710,"date":711,"body":712,"category":9,"tags":713,"updatedDate":711},"GitLab names Bill Staples as new CEO","Co-founder Sid Sijbrandij transitions to Executive Chair of the Board.",[709],"Sid Sijbrandij","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665388/Blog/Hero%20Images/Revised2.png","2024-12-05","__This message from Sid Sijbrandij and Bill Staples was shared with GitLab team members earlier today.__ \n\n__Sid:__ On today’s earnings call, I announced that I am stepping down as CEO and will remain Executive Chair of the Board. I also introduced GitLab’s new CEO, [Bill Staples](https://www.linkedin.com/in/williamstaples/). \n\nAs a Board, we routinely do succession planning. This includes conversations with a number of top executives. We’ve been having these conversations in greater earnest since my cancer returned. Through these discussions, we identified someone uniquely qualified to lead GitLab. I want more time to focus on my cancer treatment and health. My treatments are going well, my cancer is not metastatic, and I'm working towards making a full recovery. Stepping down from a role that I love is not easy, but I believe that it is the right decision for GitLab.\n\nI couldn't be more excited to introduce you to Bill Staples, who will be leading GitLab into its next chapter. Bill will be GitLab’s CEO, effective today. He will also join the GitLab Board as a Director. Bill was most recently a public company CEO at New Relic. During his time there, he significantly increased the value of the company by accelerating revenue and driving increased profitability. He also brings decades of experience in leadership roles at Adobe and Microsoft. When I began speaking with Bill, I was immediately drawn to his customer-centric approach and deep product expertise. As I got to know him further, I knew that his shared value system made him the right person for this role, for our team members, for our customers, and for our shareholders. I feel fortunate that GitLab has found someone with a great leadership track record and strong DevOps expertise to lead GitLab into the future.\n\nWe have come so far from the early days when we launched GitLab.com. We have created the DevOps category and are the leader in the Gartner Magic Quadrant for both vision and execution. Millions of people now use GitLab to deliver software faster and more efficiently. We have integrated AI, Security, and Compliance into our platform to offer our enterprise customers the strongest AI-powered DevSecOps solution. We have also built GitLab in collaboration with our contributors. Last quarter, we had an all-time high of an estimated 1,800 code contributions from the wider community. It is incredible that as GitLab grew, our contributor community grew with us. We have done all of this while being a values-driven company, leading in all-remote work, championing transparency through our public handbook and culture, and co-creating with the wider community.\n\nI feel many things today, but more than anything else, I am grateful. I want to thank our customers. Driving results for them has been at the core of GitLab’s values, and I greatly appreciate their trust in us. I want to thank the wider GitLab community for their trust and enthusiasm. Their tens of thousands of contributions have greatly enhanced GitLab and its value for all users. Thank you, GitLab team members. Your contributions are at the core of GitLab’s success and the value we drive for our customers. Thank you, E-Group. You are amazing partners and collaborators in leading GitLab and our team members to achieve our very best. Thank you, GitLab Board. I have appreciated your support throughout my time as CEO and look forward to our ongoing partnership as I continue to serve as Executive Chair. And, thank you, Bill. I am excited for you to lead our next phase of growth. I am here to support you and the company in GitLab’s next chapter!\n\nI couldn't be more thrilled about Bill and what's ahead for GitLab with him at the helm. We have an incredible opportunity in front of us. Software has never mattered more, and GitLab is well-positioned to be the platform that best enables folks to create, secure, and operate it. I look forward to staying part of the company and being actively involved wherever Bill can use me. \n\n__Bill:__ Thanks, Sid, for the warm welcome! I greatly admire you and what you have accomplished. Very few people in the world have built a $10B market-cap technology company, taken it public, and scaled it to $750M in run-rate revenue. You have done incredible things with GitLab, and I’m grateful you will continue to play a meaningful role in the company. I appreciate your trust in me and commit to building upon the successes you and others should rightfully celebrate. \n\nI am so excited about GitLab and the opportunity ahead of us. Over the coming decade, we will see software-driven transformation around the world as AI accelerates and transforms the software revolution already in motion. GitLab and our mission are going to be more important than ever. I look forward to working with this team to scale GitLab well beyond where it is today.\n",[714],"news",{"slug":716,"featured":28,"template":13},"gitlab-names-bill-staples-as-new-ceo",{"content":718,"config":726},{"title":719,"description":720,"authors":721,"heroImage":723,"date":724,"body":725,"category":9},"Our Privacy Policy has been updated","Our updated Privacy Policy clarifies our existing data processing activities.",[722],"GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664472/Blog/Hero%20Images/gitlabflatlogomap.png","2023-06-14","As part of our commitment to keeping our policies current, we made some updates to our [Privacy Policy](/privacy/) on June 14, 2022.  These updates are intended to clarify our existing data processing activities and to provide information on processing that may derive from new features.  Through this update, we continue to provide transparency to our data processing activities, in line with an evolving privacy landscape.  Specifically, these policy updates include the following:\n\n- Clarification about which processing activities apply to each respective GitLab product;\n- Information about when personal data may be collected to verify someone’s identity to enable certain product features;\n- Clarification about what personal data is collected to provide a license and maintain a subscription; \n- Additional information regarding our Service Usage data collection practices, and the inclusion of certain processing activities, such as Event Analytics and Call Recordings;\n- Additional information regarding the purposes for which personal data is collected;\n- Minor updates regarding our legal basis for processing your personal data in the European Union; \n- Updates to our data retention practices for inactive accounts; \n- Clarification about how to delete your personal data at GitLab and how deletion is effectuated for public projects; \n- An additional notice that details our processing and your rights under the California Consumer Privacy Act, including CCPA metrics reporting;\n\nOverall, we believe that these updates will empower our users to make informed decisions about their personal data.  Please visit the complete text of our Privacy Policy and [Cookie Policy](/privacy/cookies/) to learn more about how GitLab processes personal data and your rights and choices regarding such processing.\n",{"slug":727,"featured":12,"template":13},"our-privacy-policy-has-been-updated",{"content":729,"config":740},{"title":730,"description":731,"authors":732,"heroImage":734,"date":735,"body":736,"category":9,"tags":737},"Rate limitations for unauthorized users of the Projects List API","Learn details about upcoming changes for unauthenticated users of the Projects List API.",[733],"Christina Lohr","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664087/Blog/Hero%20Images/tanukicover.jpg","2023-04-10","\n\nStarting on May 22 for self-managed GitLab, and May 8 for GitLab.com, unauthenticated users will be subject to rate limitations when using the Projects List API. This change has been made to ensure the stability and reliability of our platform for all users.\n\n**Note:** Authorized users are not affected by this change.\n\n## What is the the Projects List API?\n\nThe Projects List API provides information about GitLab projects, including name, description, and other metadata. This API is widely used by our community, including researchers, developers, and integrators, to retrieve and analyze information about GitLab projects. We value this usage and aim to support it as much as possible.\n\n## Rate limitation details\n\nIn recent months, we have observed that the frequency and intensity of requests made by unauthenticated, also known as anonymous, users to the Projects List API have increased significantly. This has resulted in an increased load on our servers, which has impacted the performance and stability of our platform for all users. To address this issue, we have decided to introduce rate limitations for unauthenticated users.\n\nAs a consequence of this change, unauthenticated users of the Projects List API will be limited to 400 requests per 10 minutes per unique IP address on GitLab.com. If an unauthenticated user exceeds this limit, the user will receive a \"429 Too Many Requests\" response. On GitLab.com, this limit cannot be changed. Users of self-managed GitLab instances have the same rate limitation set by default, but [admins can change the rate limits](https://docs.gitlab.com/ee/administration/settings/rate_limit_on_projects_api.html#rate-limit-on-projects-api) as they see fit via the UI or the application settings API. They can also set the rate limit to zero, which acts as if there is no rate limitation at all.\n\nWe understand that this change may impact some of our users who rely on the Projects List API, and we apologize for any inconvenience this may cause. We encourage users who need to make more than 400 requests per 10 minutes to the Projects List API to [sign up for a GitLab account](/pricing/), which provides higher rate limits and other benefits, such as access to additional APIs and integrations.\n\nIf you have any questions or concerns about this change, please do not hesitate to [leave feedback in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/404611).\n",[738,739,714],"product","features",{"slug":741,"featured":12,"template":13},"rate-limitation-for-unauthorized-users-projects-list-api",{"promotions":743},[744,758,769],{"id":745,"categories":746,"header":748,"text":749,"button":750,"image":755},"ai-modernization",[747],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":751,"config":752},"Get your AI maturity score",{"href":753,"dataGaName":754,"dataGaLocation":244},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":756},{"src":757},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":759,"categories":760,"header":761,"text":749,"button":762,"image":766},"devops-modernization",[738,557],"Are you just managing tools or shipping innovation?",{"text":763,"config":764},"Get your DevOps maturity score",{"href":765,"dataGaName":754,"dataGaLocation":244},"/assessments/devops-modernization-assessment/",{"config":767},{"src":768},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":770,"categories":771,"header":773,"text":749,"button":774,"image":778},"security-modernization",[772],"security","Are you trading speed for security?",{"text":775,"config":776},"Get your security maturity score",{"href":777,"dataGaName":754,"dataGaLocation":244},"/assessments/security-modernization-assessment/",{"config":779},{"src":780},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":782,"blurb":783,"button":784,"secondaryButton":789},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":785,"config":786},"Get your free trial",{"href":787,"dataGaName":51,"dataGaLocation":788},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":495,"config":790},{"href":55,"dataGaName":56,"dataGaLocation":788},1772652069188]