[{"data":1,"prerenderedAt":789},["ShallowReactive",2],{"/en-us/blog/git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab":3,"navigation-en-us":37,"banner-en-us":436,"footer-en-us":446,"blog-post-authors-en-us-Atlassian Bitbucket, GitHub, GitLab":688,"blog-related-posts-en-us-git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab":703,"assessment-promotions-en-us":741,"next-steps-en-us":779},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":26,"isFeatured":12,"meta":27,"navigation":28,"path":29,"publishedDate":20,"seo":30,"stem":34,"tagSlugs":35,"__hash__":36},"blogPosts/en-us/blog/git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab.yml","Git Ransom Campaign Incident Report Atlassian Bitbucket Github Gitlab",[7],"atlassian-bitbucket-github-gitlab",null,"company",{"slug":11,"featured":12,"template":13},"git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"Git ransom campaign incident report","This is a coordinated effort to help educate and inform users on secure best practices relating to the recent Git ransomware incident.",[18],"Atlassian Bitbucket, GitHub, GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749663397/Blog/Hero%20Images/logoforblogpost.jpg","2019-05-14","\n\nToday, Atlassian Bitbucket, GitHub, and GitLab are issuing a joint blog post, in a coordinated effort to help educate and inform users of the three platforms on secure best practices relating to the recent Git ransomware incident. Though there is no evidence Atlassian Bitbucket, GitHub, or GitLab products were compromised in any way, we believe it’s important to help the software development community better understand and collectively take steps to protect against this threat.\n\nOn Thursday, May 2, the security teams of Atlassian Bitbucket, GitHub, and GitLab learned of a series of user account compromises across all three platforms. These account compromises resulted in a number of public and private repositories being held for ransom by an unknown actor. Each of the teams investigated and assessed that all account compromises were the result of unintentional user credential leakage by users or other third parties, likely on systems external to Bitbucket, GitHub, or GitLab.\n\nThe security and support teams of all three companies have taken and continue to take steps to notify, protect, and help affected users recover from these events. Further, the security teams of all three companies are also collaborating closely to further investigate these events in the interest of the greater Git community. At this time, we are confident that we understand how the account compromises and subsequent ransom events were conducted. This coordinated blog post will outline the details of the ransom event, provide additional information on how our organizations protect users, and arm users with information on recovering from this event and preventing others.\n\n## Event details\n\nOn the evening of May 2 (UTC), all three companies began responding to reports that user repositories, both public and private, were being wiped and replaced with a single file containing the following ransom note:\n\n> To recover your lost data and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.\n\nThrough immediate independent investigations, all three companies observed that user accounts were compromised using legitimate credentials including passwords, app passwords, API keys, and personal access tokens. Subsequently, the bad actor performed command line Git pushes to repositories accessible to these accounts at very high rates, indicating automated methods. These pushes overwrote the repository contents with the ransom note above and erased the commit history of the remote repository. Incident responders from each of the three companies began collaborating to protect users, share intelligence, and identify the source of the activity. All three companies notified the affected users and temporarily suspended or reset those accounts in order to prevent further malicious activity.\n\nDuring the course of the investigation, we identified a third-party credential dump being hosted by the same hosting provider where the account compromise activity had originated. That credential dump comprised roughly one third of the accounts affected by the ransom campaign. All three companies acted to invalidate the credentials contained in that public dump.\n\nFurther investigation showed that continuous scanning for publicly exposed `.git/config` and other environment files has been and continues to be conducted by the same IP address that conducted the account compromises, as recently as May 10. These files can contain sensitive credentials and personal access tokens if care is not taken to prevent their inclusion, and they should not be publicly accessible in repositories or on web servers. This [problem](https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/) is [not](https://laravel-news.com/psa-hide-your-gitconfig-directory) a new one. More information on the `.git` directory and the `.git/config` file is available [here](https://git-scm.com/docs/gitrepository-layout) and [here](https://git-scm.com/docs/git-config#_configuration_file). Additional IPs residing on the same hosting provider are also exhibiting similar scanning behavior. We are confident that this activity is the source of at least a portion of the compromised credentials.\n\nKnown ransom activity ceased on May 2. All known affected users have had credentials reset or revoked, and all known affected users have been notified by all three companies.\n\n## How to protect yourself\n\nEnable multi-factor authentication on your software development platform of choice.\n- [Bitbucket](https://confluence.atlassian.com/bitbucket/two-step-verification-777023203.html)\n- [GitHub](https://help.github.com/en/articles/securing-your-account-with-two-factor-authentication-2fa)\n- [GitLab](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html)\n\nUse strong and unique passwords for every service.\nStrong and unique passwords prevent credential reuse if a third party experiences a breach and leaks credentials.\nUse a password manager (if approved by your organization) to make this easier!\n\nUnderstand the risks associated with the use of personal access tokens.\nPersonal access tokens, used via Git or the API, circumvent multi-factor authentication.\nTokens have may have read/write access to repositories depending on scope and should be treated like passwords.\nIf you enter your token into the clone URL when cloning or adding a remote, Git writes it to your `.git/config` file in plain text, which may carry a security risk if the `.git/config` file is publicly exposed.\nWhen working with the API, use tokens as environment variables instead of hardcoding them into your programs.\n\nDo not expose `.git` directories and `.git/config` files containing credentials or tokens in public repositories or on web servers.\n[Information on securing `.git/config` files on popular web servers is available here](https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/).\n\n## How to recover an affected repository\n\nIf you have a full, current copy of the repository on your computer, you can force push to the current HEAD of your local copy using:\n`git push origin HEAD:master --force`.\n\nOtherwise, you can still clone the repository and make use of:\n[`git reflog`](https://git-scm.com/docs/git-reflog) or\n[`git fsck`](https://git-scm.com/docs/git-fsck) to find your last commit and change the `HEAD`.\n\nAdditional assistance on Git usage is available in the following resources:\n- [Git documentation](https://git-scm.com/doc)\n- [How to move `HEAD`](https://stackoverflow.com/questions/34519665/how-to-move-head-back-to-a-previous-location-detached-head-undo-commits/34519716#34519716)\n- [Use `git fsck` to recover a deleted branch](https://opensolitude.com/2012/02/29/recover-git-branch.html)\n\nShould you require additional assistance recovering your repository contents, please refer to the following:\n- Bitbucket:\nPlease contact Bitbucket Support by filing a request at [support.atlassian.com/contact/#/](https://support.atlassian.com/contact/#/) and selecting “Bitbucket Cloud” when prompted for a product.\n- GitHub:\nPlease contact GitHub Support at [github.com/contact](https://github.com/contact).\n- GitLab:\nPlease contact GitLab Support via [support.gitlab.com](https://support.gitlab.com/).\n\n## What the software development platform community is doing to protect users\n\nAll three platforms provide robust multi-factor authentication options:\n- [Bitbucket](https://confluence.atlassian.com/bitbucket/two-step-verification-777023203.html)\n- [GitHub](https://help.github.com/en/articles/securing-your-account-with-two-factor-authentication-2fa)\n- [GitLab](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html)\n\n**Bitbucket** provides the ability for admins to require two-factor authentication (2FA) and the ability to restrict access to users on certain IP addresses ([IP Whitelisting](https://confluence.atlassian.com/bitbucket/control-access-to-your-private-content-862621261.html)) on their Premium plan.\n\n**GitHub** provides [token scanning](https://help.github.com/en/articles/about-token-scanning) to notify a variety of service providers if secrets are published to public GitHub repositories. GitHub also provides [extensive guidance on preventing unauthorized account access](https://help.github.com/en/articles/preventing-unauthorized-access). We encourage all users to [enable two-factor authentication](https://help.github.com/en/articles/about-two-factor-authentication).\n\n**GitLab** provides secrets detection in 11.9 as part of the [SAST functionality](/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository). We also encourage users to [enable 2FA here](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html), and set up [SSH keys](https://docs.gitlab.com/ee/ssh/).\n\nThanks to the security and support teams of Atlassian Bitbucket, GitHub, and GitLab, including the following individuals for their contributions to this investigation and blog post: Mark Adams, Ethan Dodge, Sean McLucas, Elisabeth Nagy, Gary Sackett, Andrew Wurster (Atlassian Bitbucket); Matt Anderson, Howard Draper, Jay Swan, John Swanson (GitHub); Paul Harrison, Anthony Saba, Jayson Salazar, Jan Urbanc, Kathy Wang (GitLab).\n",[23,24,25],"git","news","security","yml",{},true,"/en-us/blog/git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":31,"ogSiteName":32,"ogType":33,"canonicalUrls":31},"https://about.gitlab.com/blog/git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab","https://about.gitlab.com","article","en-us/blog/git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab",[23,24,25],"dkI0RXvIVaeIBxtgzhxAlMo6JeZaEQGJQeTVapW8sAw",{"data":38},{"logo":39,"freeTrial":44,"sales":49,"login":54,"items":59,"search":366,"minimal":397,"duo":416,"pricingDeployment":426},{"config":40},{"href":41,"dataGaName":42,"dataGaLocation":43},"/","gitlab logo","header",{"text":45,"config":46},"Get free trial",{"href":47,"dataGaName":48,"dataGaLocation":43},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":50,"config":51},"Talk to sales",{"href":52,"dataGaName":53,"dataGaLocation":43},"/sales/","sales",{"text":55,"config":56},"Sign in",{"href":57,"dataGaName":58,"dataGaLocation":43},"https://gitlab.com/users/sign_in/","sign in",[60,87,182,187,288,347],{"text":61,"config":62,"cards":64},"Platform",{"dataNavLevelOne":63},"platform",[65,71,79],{"title":61,"description":66,"link":67},"The intelligent orchestration platform for DevSecOps",{"text":68,"config":69},"Explore our Platform",{"href":70,"dataGaName":63,"dataGaLocation":43},"/platform/",{"title":72,"description":73,"link":74},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":75,"config":76},"Meet GitLab Duo",{"href":77,"dataGaName":78,"dataGaLocation":43},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":80,"description":81,"link":82},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":83,"config":84},"Learn more",{"href":85,"dataGaName":86,"dataGaLocation":43},"/why-gitlab/","why gitlab",{"text":88,"left":28,"config":89,"link":91,"lists":95,"footer":164},"Product",{"dataNavLevelOne":90},"solutions",{"text":92,"config":93},"View all Solutions",{"href":94,"dataGaName":90,"dataGaLocation":43},"/solutions/",[96,120,143],{"title":97,"description":98,"link":99,"items":104},"Automation","CI/CD and automation to accelerate deployment",{"config":100},{"icon":101,"href":102,"dataGaName":103,"dataGaLocation":43},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[105,109,112,116],{"text":106,"config":107},"CI/CD",{"href":108,"dataGaLocation":43,"dataGaName":106},"/solutions/continuous-integration/",{"text":72,"config":110},{"href":77,"dataGaLocation":43,"dataGaName":111},"gitlab duo agent platform - product menu",{"text":113,"config":114},"Source Code Management",{"href":115,"dataGaLocation":43,"dataGaName":113},"/solutions/source-code-management/",{"text":117,"config":118},"Automated Software Delivery",{"href":102,"dataGaLocation":43,"dataGaName":119},"Automated software delivery",{"title":121,"description":122,"link":123,"items":128},"Security","Deliver code faster without compromising security",{"config":124},{"href":125,"dataGaName":126,"dataGaLocation":43,"icon":127},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[129,133,138],{"text":130,"config":131},"Application Security Testing",{"href":125,"dataGaName":132,"dataGaLocation":43},"Application security testing",{"text":134,"config":135},"Software Supply Chain Security",{"href":136,"dataGaLocation":43,"dataGaName":137},"/solutions/supply-chain/","Software supply chain security",{"text":139,"config":140},"Software Compliance",{"href":141,"dataGaName":142,"dataGaLocation":43},"/solutions/software-compliance/","software compliance",{"title":144,"link":145,"items":150},"Measurement",{"config":146},{"icon":147,"href":148,"dataGaName":149,"dataGaLocation":43},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[151,155,159],{"text":152,"config":153},"Visibility & Measurement",{"href":148,"dataGaLocation":43,"dataGaName":154},"Visibility and Measurement",{"text":156,"config":157},"Value Stream Management",{"href":158,"dataGaLocation":43,"dataGaName":156},"/solutions/value-stream-management/",{"text":160,"config":161},"Analytics & Insights",{"href":162,"dataGaLocation":43,"dataGaName":163},"/solutions/analytics-and-insights/","Analytics and insights",{"title":165,"items":166},"GitLab for",[167,172,177],{"text":168,"config":169},"Enterprise",{"href":170,"dataGaLocation":43,"dataGaName":171},"/enterprise/","enterprise",{"text":173,"config":174},"Small Business",{"href":175,"dataGaLocation":43,"dataGaName":176},"/small-business/","small business",{"text":178,"config":179},"Public Sector",{"href":180,"dataGaLocation":43,"dataGaName":181},"/solutions/public-sector/","public sector",{"text":183,"config":184},"Pricing",{"href":185,"dataGaName":186,"dataGaLocation":43,"dataNavLevelOne":186},"/pricing/","pricing",{"text":188,"config":189,"link":191,"lists":195,"feature":275},"Resources",{"dataNavLevelOne":190},"resources",{"text":192,"config":193},"View all resources",{"href":194,"dataGaName":190,"dataGaLocation":43},"/resources/",[196,229,247],{"title":197,"items":198},"Getting started",[199,204,209,214,219,224],{"text":200,"config":201},"Install",{"href":202,"dataGaName":203,"dataGaLocation":43},"/install/","install",{"text":205,"config":206},"Quick start guides",{"href":207,"dataGaName":208,"dataGaLocation":43},"/get-started/","quick setup checklists",{"text":210,"config":211},"Learn",{"href":212,"dataGaLocation":43,"dataGaName":213},"https://university.gitlab.com/","learn",{"text":215,"config":216},"Product documentation",{"href":217,"dataGaName":218,"dataGaLocation":43},"https://docs.gitlab.com/","product documentation",{"text":220,"config":221},"Best practice videos",{"href":222,"dataGaName":223,"dataGaLocation":43},"/getting-started-videos/","best practice videos",{"text":225,"config":226},"Integrations",{"href":227,"dataGaName":228,"dataGaLocation":43},"/integrations/","integrations",{"title":230,"items":231},"Discover",[232,237,242],{"text":233,"config":234},"Customer success stories",{"href":235,"dataGaName":236,"dataGaLocation":43},"/customers/","customer success stories",{"text":238,"config":239},"Blog",{"href":240,"dataGaName":241,"dataGaLocation":43},"/blog/","blog",{"text":243,"config":244},"Remote",{"href":245,"dataGaName":246,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":248,"items":249},"Connect",[250,255,260,265,270],{"text":251,"config":252},"GitLab Services",{"href":253,"dataGaName":254,"dataGaLocation":43},"/services/","services",{"text":256,"config":257},"Community",{"href":258,"dataGaName":259,"dataGaLocation":43},"/community/","community",{"text":261,"config":262},"Forum",{"href":263,"dataGaName":264,"dataGaLocation":43},"https://forum.gitlab.com/","forum",{"text":266,"config":267},"Events",{"href":268,"dataGaName":269,"dataGaLocation":43},"/events/","events",{"text":271,"config":272},"Partners",{"href":273,"dataGaName":274,"dataGaLocation":43},"/partners/","partners",{"backgroundColor":276,"textColor":277,"text":278,"image":279,"link":283},"#2f2a6b","#fff","Insights for the future of software development",{"altText":280,"config":281},"the source promo card",{"src":282},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":284,"config":285},"Read the latest",{"href":286,"dataGaName":287,"dataGaLocation":43},"/the-source/","the source",{"text":289,"config":290,"lists":291},"Company",{"dataNavLevelOne":9},[292],{"items":293},[294,299,305,307,312,317,322,327,332,337,342],{"text":295,"config":296},"About",{"href":297,"dataGaName":298,"dataGaLocation":43},"/company/","about",{"text":300,"config":301,"footerGa":304},"Jobs",{"href":302,"dataGaName":303,"dataGaLocation":43},"/jobs/","jobs",{"dataGaName":303},{"text":266,"config":306},{"href":268,"dataGaName":269,"dataGaLocation":43},{"text":308,"config":309},"Leadership",{"href":310,"dataGaName":311,"dataGaLocation":43},"/company/team/e-group/","leadership",{"text":313,"config":314},"Team",{"href":315,"dataGaName":316,"dataGaLocation":43},"/company/team/","team",{"text":318,"config":319},"Handbook",{"href":320,"dataGaName":321,"dataGaLocation":43},"https://handbook.gitlab.com/","handbook",{"text":323,"config":324},"Investor relations",{"href":325,"dataGaName":326,"dataGaLocation":43},"https://ir.gitlab.com/","investor relations",{"text":328,"config":329},"Trust Center",{"href":330,"dataGaName":331,"dataGaLocation":43},"/security/","trust center",{"text":333,"config":334},"AI Transparency Center",{"href":335,"dataGaName":336,"dataGaLocation":43},"/ai-transparency-center/","ai transparency center",{"text":338,"config":339},"Newsletter",{"href":340,"dataGaName":341,"dataGaLocation":43},"/company/contact/#contact-forms","newsletter",{"text":343,"config":344},"Press",{"href":345,"dataGaName":346,"dataGaLocation":43},"/press/","press",{"text":348,"config":349,"lists":350},"Contact us",{"dataNavLevelOne":9},[351],{"items":352},[353,356,361],{"text":50,"config":354},{"href":52,"dataGaName":355,"dataGaLocation":43},"talk to sales",{"text":357,"config":358},"Support portal",{"href":359,"dataGaName":360,"dataGaLocation":43},"https://support.gitlab.com","support portal",{"text":362,"config":363},"Customer portal",{"href":364,"dataGaName":365,"dataGaLocation":43},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":367,"login":368,"suggestions":375},"Close",{"text":369,"link":370},"To search repositories and projects, login to",{"text":371,"config":372},"gitlab.com",{"href":57,"dataGaName":373,"dataGaLocation":374},"search login","search",{"text":376,"default":377},"Suggestions",[378,380,384,386,390,394],{"text":72,"config":379},{"href":77,"dataGaName":72,"dataGaLocation":374},{"text":381,"config":382},"Code Suggestions (AI)",{"href":383,"dataGaName":381,"dataGaLocation":374},"/solutions/code-suggestions/",{"text":106,"config":385},{"href":108,"dataGaName":106,"dataGaLocation":374},{"text":387,"config":388},"GitLab on AWS",{"href":389,"dataGaName":387,"dataGaLocation":374},"/partners/technology-partners/aws/",{"text":391,"config":392},"GitLab on Google Cloud",{"href":393,"dataGaName":391,"dataGaLocation":374},"/partners/technology-partners/google-cloud-platform/",{"text":395,"config":396},"Why GitLab?",{"href":85,"dataGaName":395,"dataGaLocation":374},{"freeTrial":398,"mobileIcon":403,"desktopIcon":408,"secondaryButton":411},{"text":399,"config":400},"Start free trial",{"href":401,"dataGaName":48,"dataGaLocation":402},"https://gitlab.com/-/trials/new/","nav",{"altText":404,"config":405},"Gitlab Icon",{"src":406,"dataGaName":407,"dataGaLocation":402},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":404,"config":409},{"src":410,"dataGaName":407,"dataGaLocation":402},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":412,"config":413},"Get Started",{"href":414,"dataGaName":415,"dataGaLocation":402},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":417,"mobileIcon":422,"desktopIcon":424},{"text":418,"config":419},"Learn more about GitLab Duo",{"href":420,"dataGaName":421,"dataGaLocation":402},"/gitlab-duo/","gitlab duo",{"altText":404,"config":423},{"src":406,"dataGaName":407,"dataGaLocation":402},{"altText":404,"config":425},{"src":410,"dataGaName":407,"dataGaLocation":402},{"freeTrial":427,"mobileIcon":432,"desktopIcon":434},{"text":428,"config":429},"Back to pricing",{"href":185,"dataGaName":430,"dataGaLocation":402,"icon":431},"back to pricing","GoBack",{"altText":404,"config":433},{"src":406,"dataGaName":407,"dataGaLocation":402},{"altText":404,"config":435},{"src":410,"dataGaName":407,"dataGaLocation":402},{"title":437,"button":438,"config":443},"See how agentic AI transforms software delivery",{"text":439,"config":440},"Watch GitLab Transcend now",{"href":441,"dataGaName":442,"dataGaLocation":43},"/events/transcend/virtual/","transcend event",{"layout":444,"icon":445},"release","AiStar",{"data":447},{"text":448,"source":449,"edit":455,"contribute":460,"config":465,"items":470,"minimal":677},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":450,"config":451},"View page source",{"href":452,"dataGaName":453,"dataGaLocation":454},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":456,"config":457},"Edit this page",{"href":458,"dataGaName":459,"dataGaLocation":454},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":461,"config":462},"Please contribute",{"href":463,"dataGaName":464,"dataGaLocation":454},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":466,"facebook":467,"youtube":468,"linkedin":469},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[471,518,572,616,643],{"title":183,"links":472,"subMenu":487},[473,477,482],{"text":474,"config":475},"View plans",{"href":185,"dataGaName":476,"dataGaLocation":454},"view plans",{"text":478,"config":479},"Why Premium?",{"href":480,"dataGaName":481,"dataGaLocation":454},"/pricing/premium/","why premium",{"text":483,"config":484},"Why Ultimate?",{"href":485,"dataGaName":486,"dataGaLocation":454},"/pricing/ultimate/","why ultimate",[488],{"title":489,"links":490},"Contact Us",[491,494,496,498,503,508,513],{"text":492,"config":493},"Contact sales",{"href":52,"dataGaName":53,"dataGaLocation":454},{"text":357,"config":495},{"href":359,"dataGaName":360,"dataGaLocation":454},{"text":362,"config":497},{"href":364,"dataGaName":365,"dataGaLocation":454},{"text":499,"config":500},"Status",{"href":501,"dataGaName":502,"dataGaLocation":454},"https://status.gitlab.com/","status",{"text":504,"config":505},"Terms of use",{"href":506,"dataGaName":507,"dataGaLocation":454},"/terms/","terms of use",{"text":509,"config":510},"Privacy statement",{"href":511,"dataGaName":512,"dataGaLocation":454},"/privacy/","privacy statement",{"text":514,"config":515},"Cookie preferences",{"dataGaName":516,"dataGaLocation":454,"id":517,"isOneTrustButton":28},"cookie preferences","ot-sdk-btn",{"title":88,"links":519,"subMenu":528},[520,524],{"text":521,"config":522},"DevSecOps platform",{"href":70,"dataGaName":523,"dataGaLocation":454},"devsecops platform",{"text":525,"config":526},"AI-Assisted Development",{"href":420,"dataGaName":527,"dataGaLocation":454},"ai-assisted development",[529],{"title":530,"links":531},"Topics",[532,537,542,547,552,557,562,567],{"text":533,"config":534},"CICD",{"href":535,"dataGaName":536,"dataGaLocation":454},"/topics/ci-cd/","cicd",{"text":538,"config":539},"GitOps",{"href":540,"dataGaName":541,"dataGaLocation":454},"/topics/gitops/","gitops",{"text":543,"config":544},"DevOps",{"href":545,"dataGaName":546,"dataGaLocation":454},"/topics/devops/","devops",{"text":548,"config":549},"Version Control",{"href":550,"dataGaName":551,"dataGaLocation":454},"/topics/version-control/","version control",{"text":553,"config":554},"DevSecOps",{"href":555,"dataGaName":556,"dataGaLocation":454},"/topics/devsecops/","devsecops",{"text":558,"config":559},"Cloud Native",{"href":560,"dataGaName":561,"dataGaLocation":454},"/topics/cloud-native/","cloud native",{"text":563,"config":564},"AI for Coding",{"href":565,"dataGaName":566,"dataGaLocation":454},"/topics/devops/ai-for-coding/","ai for coding",{"text":568,"config":569},"Agentic AI",{"href":570,"dataGaName":571,"dataGaLocation":454},"/topics/agentic-ai/","agentic ai",{"title":573,"links":574},"Solutions",[575,577,579,584,588,591,595,598,600,603,606,611],{"text":130,"config":576},{"href":125,"dataGaName":130,"dataGaLocation":454},{"text":119,"config":578},{"href":102,"dataGaName":103,"dataGaLocation":454},{"text":580,"config":581},"Agile development",{"href":582,"dataGaName":583,"dataGaLocation":454},"/solutions/agile-delivery/","agile delivery",{"text":585,"config":586},"SCM",{"href":115,"dataGaName":587,"dataGaLocation":454},"source code management",{"text":533,"config":589},{"href":108,"dataGaName":590,"dataGaLocation":454},"continuous integration & delivery",{"text":592,"config":593},"Value stream management",{"href":158,"dataGaName":594,"dataGaLocation":454},"value stream management",{"text":538,"config":596},{"href":597,"dataGaName":541,"dataGaLocation":454},"/solutions/gitops/",{"text":168,"config":599},{"href":170,"dataGaName":171,"dataGaLocation":454},{"text":601,"config":602},"Small business",{"href":175,"dataGaName":176,"dataGaLocation":454},{"text":604,"config":605},"Public sector",{"href":180,"dataGaName":181,"dataGaLocation":454},{"text":607,"config":608},"Education",{"href":609,"dataGaName":610,"dataGaLocation":454},"/solutions/education/","education",{"text":612,"config":613},"Financial services",{"href":614,"dataGaName":615,"dataGaLocation":454},"/solutions/finance/","financial services",{"title":188,"links":617},[618,620,622,624,627,629,631,633,635,637,639,641],{"text":200,"config":619},{"href":202,"dataGaName":203,"dataGaLocation":454},{"text":205,"config":621},{"href":207,"dataGaName":208,"dataGaLocation":454},{"text":210,"config":623},{"href":212,"dataGaName":213,"dataGaLocation":454},{"text":215,"config":625},{"href":217,"dataGaName":626,"dataGaLocation":454},"docs",{"text":238,"config":628},{"href":240,"dataGaName":241,"dataGaLocation":454},{"text":233,"config":630},{"href":235,"dataGaName":236,"dataGaLocation":454},{"text":243,"config":632},{"href":245,"dataGaName":246,"dataGaLocation":454},{"text":251,"config":634},{"href":253,"dataGaName":254,"dataGaLocation":454},{"text":256,"config":636},{"href":258,"dataGaName":259,"dataGaLocation":454},{"text":261,"config":638},{"href":263,"dataGaName":264,"dataGaLocation":454},{"text":266,"config":640},{"href":268,"dataGaName":269,"dataGaLocation":454},{"text":271,"config":642},{"href":273,"dataGaName":274,"dataGaLocation":454},{"title":289,"links":644},[645,647,649,651,653,655,657,661,666,668,670,672],{"text":295,"config":646},{"href":297,"dataGaName":9,"dataGaLocation":454},{"text":300,"config":648},{"href":302,"dataGaName":303,"dataGaLocation":454},{"text":308,"config":650},{"href":310,"dataGaName":311,"dataGaLocation":454},{"text":313,"config":652},{"href":315,"dataGaName":316,"dataGaLocation":454},{"text":318,"config":654},{"href":320,"dataGaName":321,"dataGaLocation":454},{"text":323,"config":656},{"href":325,"dataGaName":326,"dataGaLocation":454},{"text":658,"config":659},"Sustainability",{"href":660,"dataGaName":658,"dataGaLocation":454},"/sustainability/",{"text":662,"config":663},"Diversity, inclusion and belonging (DIB)",{"href":664,"dataGaName":665,"dataGaLocation":454},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":328,"config":667},{"href":330,"dataGaName":331,"dataGaLocation":454},{"text":338,"config":669},{"href":340,"dataGaName":341,"dataGaLocation":454},{"text":343,"config":671},{"href":345,"dataGaName":346,"dataGaLocation":454},{"text":673,"config":674},"Modern Slavery Transparency Statement",{"href":675,"dataGaName":676,"dataGaLocation":454},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":678},[679,682,685],{"text":680,"config":681},"Terms",{"href":506,"dataGaName":507,"dataGaLocation":454},{"text":683,"config":684},"Cookies",{"dataGaName":516,"dataGaLocation":454,"id":517,"isOneTrustButton":28},{"text":686,"config":687},"Privacy",{"href":511,"dataGaName":512,"dataGaLocation":454},[689],{"id":690,"title":691,"body":8,"config":692,"content":694,"description":8,"extension":26,"meta":698,"navigation":28,"path":699,"seo":700,"stem":701,"__hash__":702},"blogAuthors/en-us/blog/authors/atlassian-bitbucket-github-gitlab.yml","Atlassian Bitbucket Github Gitlab",{"template":693},"BlogAuthor",{"name":18,"config":695},{"headshot":696,"ctfId":697},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","Atlassian-Bitbucket-GitHub-GitLab",{},"/en-us/blog/authors/atlassian-bitbucket-github-gitlab",{},"en-us/blog/authors/atlassian-bitbucket-github-gitlab","zZVdaSWGDrgcL0ePH6bm29qY2p2nH4hvBXb6ASy39fU",[704,716,727],{"content":705,"config":714},{"title":706,"description":707,"authors":708,"heroImage":710,"date":711,"body":712,"category":9,"tags":713,"updatedDate":711},"GitLab names Bill Staples as new CEO","Co-founder Sid Sijbrandij transitions to Executive Chair of the Board.",[709],"Sid Sijbrandij","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665388/Blog/Hero%20Images/Revised2.png","2024-12-05","__This message from Sid Sijbrandij and Bill Staples was shared with GitLab team members earlier today.__ \n\n__Sid:__ On today’s earnings call, I announced that I am stepping down as CEO and will remain Executive Chair of the Board. I also introduced GitLab’s new CEO, [Bill Staples](https://www.linkedin.com/in/williamstaples/). \n\nAs a Board, we routinely do succession planning. This includes conversations with a number of top executives. We’ve been having these conversations in greater earnest since my cancer returned. Through these discussions, we identified someone uniquely qualified to lead GitLab. I want more time to focus on my cancer treatment and health. My treatments are going well, my cancer is not metastatic, and I'm working towards making a full recovery. Stepping down from a role that I love is not easy, but I believe that it is the right decision for GitLab.\n\nI couldn't be more excited to introduce you to Bill Staples, who will be leading GitLab into its next chapter. Bill will be GitLab’s CEO, effective today. He will also join the GitLab Board as a Director. Bill was most recently a public company CEO at New Relic. During his time there, he significantly increased the value of the company by accelerating revenue and driving increased profitability. He also brings decades of experience in leadership roles at Adobe and Microsoft. When I began speaking with Bill, I was immediately drawn to his customer-centric approach and deep product expertise. As I got to know him further, I knew that his shared value system made him the right person for this role, for our team members, for our customers, and for our shareholders. I feel fortunate that GitLab has found someone with a great leadership track record and strong DevOps expertise to lead GitLab into the future.\n\nWe have come so far from the early days when we launched GitLab.com. We have created the DevOps category and are the leader in the Gartner Magic Quadrant for both vision and execution. Millions of people now use GitLab to deliver software faster and more efficiently. We have integrated AI, Security, and Compliance into our platform to offer our enterprise customers the strongest AI-powered DevSecOps solution. We have also built GitLab in collaboration with our contributors. Last quarter, we had an all-time high of an estimated 1,800 code contributions from the wider community. It is incredible that as GitLab grew, our contributor community grew with us. We have done all of this while being a values-driven company, leading in all-remote work, championing transparency through our public handbook and culture, and co-creating with the wider community.\n\nI feel many things today, but more than anything else, I am grateful. I want to thank our customers. Driving results for them has been at the core of GitLab’s values, and I greatly appreciate their trust in us. I want to thank the wider GitLab community for their trust and enthusiasm. Their tens of thousands of contributions have greatly enhanced GitLab and its value for all users. Thank you, GitLab team members. Your contributions are at the core of GitLab’s success and the value we drive for our customers. Thank you, E-Group. You are amazing partners and collaborators in leading GitLab and our team members to achieve our very best. Thank you, GitLab Board. I have appreciated your support throughout my time as CEO and look forward to our ongoing partnership as I continue to serve as Executive Chair. And, thank you, Bill. I am excited for you to lead our next phase of growth. I am here to support you and the company in GitLab’s next chapter!\n\nI couldn't be more thrilled about Bill and what's ahead for GitLab with him at the helm. We have an incredible opportunity in front of us. Software has never mattered more, and GitLab is well-positioned to be the platform that best enables folks to create, secure, and operate it. I look forward to staying part of the company and being actively involved wherever Bill can use me. \n\n__Bill:__ Thanks, Sid, for the warm welcome! I greatly admire you and what you have accomplished. Very few people in the world have built a $10B market-cap technology company, taken it public, and scaled it to $750M in run-rate revenue. You have done incredible things with GitLab, and I’m grateful you will continue to play a meaningful role in the company. I appreciate your trust in me and commit to building upon the successes you and others should rightfully celebrate. \n\nI am so excited about GitLab and the opportunity ahead of us. Over the coming decade, we will see software-driven transformation around the world as AI accelerates and transforms the software revolution already in motion. GitLab and our mission are going to be more important than ever. I look forward to working with this team to scale GitLab well beyond where it is today.\n",[24],{"slug":715,"featured":28,"template":13},"gitlab-names-bill-staples-as-new-ceo",{"content":717,"config":725},{"title":718,"description":719,"authors":720,"heroImage":722,"date":723,"body":724,"category":9},"Our Privacy Policy has been updated","Our updated Privacy Policy clarifies our existing data processing activities.",[721],"GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664472/Blog/Hero%20Images/gitlabflatlogomap.png","2023-06-14","As part of our commitment to keeping our policies current, we made some updates to our [Privacy Policy](/privacy/) on June 14, 2022.  These updates are intended to clarify our existing data processing activities and to provide information on processing that may derive from new features.  Through this update, we continue to provide transparency to our data processing activities, in line with an evolving privacy landscape.  Specifically, these policy updates include the following:\n\n- Clarification about which processing activities apply to each respective GitLab product;\n- Information about when personal data may be collected to verify someone’s identity to enable certain product features;\n- Clarification about what personal data is collected to provide a license and maintain a subscription; \n- Additional information regarding our Service Usage data collection practices, and the inclusion of certain processing activities, such as Event Analytics and Call Recordings;\n- Additional information regarding the purposes for which personal data is collected;\n- Minor updates regarding our legal basis for processing your personal data in the European Union; \n- Updates to our data retention practices for inactive accounts; \n- Clarification about how to delete your personal data at GitLab and how deletion is effectuated for public projects; \n- An additional notice that details our processing and your rights under the California Consumer Privacy Act, including CCPA metrics reporting;\n\nOverall, we believe that these updates will empower our users to make informed decisions about their personal data.  Please visit the complete text of our Privacy Policy and [Cookie Policy](/privacy/cookies/) to learn more about how GitLab processes personal data and your rights and choices regarding such processing.\n",{"slug":726,"featured":12,"template":13},"our-privacy-policy-has-been-updated",{"content":728,"config":739},{"title":729,"description":730,"authors":731,"heroImage":733,"date":734,"body":735,"category":9,"tags":736},"Rate limitations for unauthorized users of the Projects List API","Learn details about upcoming changes for unauthenticated users of the Projects List API.",[732],"Christina Lohr","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664087/Blog/Hero%20Images/tanukicover.jpg","2023-04-10","\n\nStarting on May 22 for self-managed GitLab, and May 8 for GitLab.com, unauthenticated users will be subject to rate limitations when using the Projects List API. This change has been made to ensure the stability and reliability of our platform for all users.\n\n**Note:** Authorized users are not affected by this change.\n\n## What is the the Projects List API?\n\nThe Projects List API provides information about GitLab projects, including name, description, and other metadata. This API is widely used by our community, including researchers, developers, and integrators, to retrieve and analyze information about GitLab projects. We value this usage and aim to support it as much as possible.\n\n## Rate limitation details\n\nIn recent months, we have observed that the frequency and intensity of requests made by unauthenticated, also known as anonymous, users to the Projects List API have increased significantly. This has resulted in an increased load on our servers, which has impacted the performance and stability of our platform for all users. To address this issue, we have decided to introduce rate limitations for unauthenticated users.\n\nAs a consequence of this change, unauthenticated users of the Projects List API will be limited to 400 requests per 10 minutes per unique IP address on GitLab.com. If an unauthenticated user exceeds this limit, the user will receive a \"429 Too Many Requests\" response. On GitLab.com, this limit cannot be changed. Users of self-managed GitLab instances have the same rate limitation set by default, but [admins can change the rate limits](https://docs.gitlab.com/ee/administration/settings/rate_limit_on_projects_api.html#rate-limit-on-projects-api) as they see fit via the UI or the application settings API. They can also set the rate limit to zero, which acts as if there is no rate limitation at all.\n\nWe understand that this change may impact some of our users who rely on the Projects List API, and we apologize for any inconvenience this may cause. We encourage users who need to make more than 400 requests per 10 minutes to the Projects List API to [sign up for a GitLab account](/pricing/), which provides higher rate limits and other benefits, such as access to additional APIs and integrations.\n\nIf you have any questions or concerns about this change, please do not hesitate to [leave feedback in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/404611).\n",[737,738,24],"product","features",{"slug":740,"featured":12,"template":13},"rate-limitation-for-unauthorized-users-projects-list-api",{"promotions":742},[743,757,768],{"id":744,"categories":745,"header":747,"text":748,"button":749,"image":754},"ai-modernization",[746],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":750,"config":751},"Get your AI maturity score",{"href":752,"dataGaName":753,"dataGaLocation":241},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":755},{"src":756},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":758,"categories":759,"header":760,"text":748,"button":761,"image":765},"devops-modernization",[737,556],"Are you just managing tools or shipping innovation?",{"text":762,"config":763},"Get your DevOps maturity score",{"href":764,"dataGaName":753,"dataGaLocation":241},"/assessments/devops-modernization-assessment/",{"config":766},{"src":767},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":769,"categories":770,"header":771,"text":748,"button":772,"image":776},"security-modernization",[25],"Are you trading speed for security?",{"text":773,"config":774},"Get your security maturity score",{"href":775,"dataGaName":753,"dataGaLocation":241},"/assessments/security-modernization-assessment/",{"config":777},{"src":778},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":780,"blurb":781,"button":782,"secondaryButton":787},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":783,"config":784},"Get your free trial",{"href":785,"dataGaName":48,"dataGaLocation":786},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":492,"config":788},{"href":52,"dataGaName":53,"dataGaLocation":786},1772652061850]