[{"data":1,"prerenderedAt":791},["ShallowReactive",2],{"/en-us/blog/gitlab-flow-duo":3,"navigation-en-us":41,"banner-en-us":440,"footer-en-us":450,"blog-post-authors-en-us-Cesar Saavedra":689,"blog-related-posts-en-us-gitlab-flow-duo":703,"assessment-promotions-en-us":743,"next-steps-en-us":781},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":27,"isFeatured":12,"meta":28,"navigation":29,"path":30,"publishedDate":20,"seo":31,"stem":35,"tagSlugs":36,"__hash__":40},"blogPosts/en-us/blog/gitlab-flow-duo.yml","Gitlab Flow Duo",[7],"cesar-saavedra",null,"ai-ml",{"slug":11,"featured":12,"template":13},"gitlab-flow-duo",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22,"updatedDate":26},"Combine GitLab Flow and GitLab Duo for a workflow powerhouse ","Add the AI-powered capabilities of GitLab Duo to GitLab Flow to boost the efficiency of DevSecOps workflows. This is a guide for deployment in your environment, including a video tutorial.",[18],"Cesar Saavedra","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662840/Blog/Hero%20Images/ai-experiment-stars.png","2023-07-27","Starting out with DevSecOps requires a well-thought-out workflow, but that can sometimes seem like a daunting challenge. Luckily, there are two things that can help: GitLab Flow and GitLab Duo. GitLab Flow is a prescribed approach to help organizations successfully apply DevSecOps processes. GitLab Duo is a [powerful set of AI-powered capabilities](https://about.gitlab.com/blog/supercharge-productivity-with-gitlab-duo/) within the GitLab DevSecOps Platform that can help organizations develop code, improve operations, and secure software more efficiently. Combined, GitLab Flow and GitLab Duo can help organizations achieve significant improvements in end-to-end workflow efficiency, which can lead to even higher levels of productivity, deployment frequency, code quality and overall security, and production resiliency and availability.\nIn this article, we delve into how GitLab Flow and GitLab Duo can be used together to help organizations be successful with DevSecOps.\n\n> Discover the future of AI-driven software development with our GitLab 17 virtual launch event. [Watch today!](https://about.gitlab.com/eighteen/)\n\n## What is GitLab Flow?\nGitLab Flow is a prescribed and opinionated end-to-end workflow for the development lifecycle of applications when using GitLab, an AI-powered DevSecOps platform with a single user interface and a single data model. GitLab Flow is based on best practices and lessons learned from customer feedback and our dogfooding. Furthermore, GitLab Flow spans across the [stages of the DevSecOps lifecycle](https://about.gitlab.com/stages-devops-lifecycle/), forming an efficient workflow with an inner feedback loop for reviewing a specific update and an outer feedback loop for improving the entire application, as well as the development lifecycle itself.\n![The GitLab Flow inner and outer loops](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/The-GitLab-Flow-2023-feedback-loops.png)\n\u003Ccenter>The GitLab Flow inner and outer loops\u003C/center>\u003Cp>\u003C/p>\n\nAs you can see by the many stages in GitLab Flow, there is much more to developing software than writing code. Below, we'll dive into each step of GitLab Flow and how GitLab Duo can help.\n### Planning\nThe first portion of GitLab Flow is planning, which sits on the outer feedback loop of GitLab Flow. It encompasses issues, merge requests, epics, milestones, iterations, release, release evidence, and more. Let’s cover what roles these components play in GitLab Flow and how GitLab Duo can help.\n\n![Planning - first portion of GitLab Flow](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/The-GitLab-Flow-2023-planning-portion.png)\n\u003Ccenter>Planning - first portion of GitLab Flow\u003C/center>\u003Cp>\u003C/p>\n\n#### Issues\nIssues are where product problems or new features are defined and where team members can collaborate. As an issue is created, you can populate its title and then leverage GitLab Duo **Issue description generation** capability to help enrich the description field, saving time and effort. Because many stakeholders can participate in comment threads on an issue, **Discussion summary** is an AI-powered capability in GitLab Duo that can summarize hundreds of comments on an issue into a concise paragraph so that a stakeholder can quickly get caught up with the conversation, jump into the discussion, and become productive right away.\n\nIssues can be organized and visualized in issue boards, which are a software project management tool that can be used as kanban or Scrum boards. These boards help teams plan, organize, and visualize a workflow for a feature or product release. Different categories of boards can be created and issues can be moved from one board to another one with a simple drag and drop.\n\n#### Merge requests\nMerge requests are where solutions are developed. As release components, issues and merge requests provide the auditability and tracking of application changes done by stakeholders, such as DevOps and platform engineers, system and database administrators, security engineers, and developers. In addition, issues and merge requests are key inputs for the release planning process.\n\nMerge requests can be individually created or created from an issue. Creating a merge request from an issue automatically relates it to that issue so when the merge request is merged its associated issue is automatically closed. Merge requests can also be manually related to an issue.\n\n![Merged merge request will close issue](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/mr-with-its-issue.png)\n\u003Ccenter>Merged merge request will close issue\u003C/center>\u003Cp>\u003C/p>\n\nLike issues, merge requests can include a long list of updates to a feature branch by many stakeholders. Collaborators who need to familiarize themselves with or understand all of the updates included in a merge request can take advantage of the **Merge request summary** capability in GitLab Duo to quickly get caught up on the changes. In addition, collaborators can invoke GitLab Duo **Code Merge request template population**, which uses a pre-created merge request template and automatically fills in the content for sections in it. Description templates provide a way to standardize and optimize collaboration and communication across the development lifecycle and GitLab Duo speeds this up even more!\n\nIssues with the same theme can be grouped together in an epic to organize the work to be done. Epics can have child issues and sub-epics and/or be linked to epics across the organization. Iterations can be used to track sprints of work, and can be manually scheduled or scheduled automatically using GitLab iteration cadences to streamline planning workflows. In addition, iterations include burndown and burnup charts. Burndown charts help track overall progress towards a project's total scope, while burnup charts track the daily total count and weight of issues added to and completed in a given timebox.\n\n#### Milestones\nTeams can use milestones to organize issues and merge requests into a cohesive group with an optional start date and an optional due date. Milestones are typically used to track releases and can track issues and merge requests at a project level or group level. Similar to iterations, milestones also provide burndown and burnup charts to show progress.\n\nMilestones can be associated with a release, whose automated creation generates many artifacts, including the release evidence. The release evidence is an automatically collected snapshot of data that’s related to the release. In addition to test artifacts and linked milestones, job artifacts can optionally be included in the release evidence, which can facilitate internal processes such as external audits.\n\nEpics, milestones, and iterations can be visualized via the Roadmaps page, which helps track release progress and streamline the release process.\nOnce the planning takes place, the work towards the resolution of a problem or a new feature can start. This happens in merge requests. Let’s delve deeper into how that happens in GitLab Flow.\n> [Learn more by trying GitLab Flow and GitLab Duo](https://gitlab.com/-/trials/new?glm_content=default-saas-trial&glm_source=about.gitlab.com%2Fblog%2F).\n\n### Merge requests and pushing code\n\n![Merge requests and pushing code - second portion of GitLab Flow](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/The-GitLab-Flow-2023-mr-pushing-code-portion.png)\n\u003Ccenter>Merge requests and pushing code - second portion of GitLab Flow\u003C/center>\u003Cp>\u003C/p>\n\nThe second portion of GitLab Flow is related to merge requests and pushing code. As mentioned earlier, merge requests are where solutions are developed through collaboration among stakeholders across the organization. This collaboration can happen in a distributed manner and asynchronously. Participants can take advantage of collaborative capabilities, such as tagging, inline suggestions, inline comments, merge request comments, review threads, and review requests, which can help improve code quality, availability, reliability, and performance. Right after the creation of the merge request is the start of the GitLab Flow inner feedback loop, which is where code and fix pushes, test and scan runs, and collaboration and update reviews take place.\n\n#### Pipelines\nAs updates are applied to a feature branch via merge requests, pipelines — if defined — are automatically executed. Pipelines can have multiple stages and jobs to build and test, and then deploy the application or microservice to a review environment. In that review environment, the updates can be dynamically verified before they are merged to the main branch. This automation helps streamline the application update and review processes.\n\nIn addition, as DevSecOps teams make updates to the application via merge requests, they have a variety of AI-powered capabilities at their disposal. As they write or update code, GitLab Duo **Code Suggestions** recommends code that should come next and the developer can choose to accept or ignore the recommendation. Code Suggestions support code generation via prompts as well as code completion as you type. Code Suggestions can help improve the programming experience by reducing errors and helping developers write code faster, which can help enhance production code quality. Code Suggestions also can lead to higher developer productivity and faster iterations and rollouts.\n\nAs different stakeholders within the organization participate in the development or review of applications, they may encounter code that is poorly documented, complex or difficult to understand, or is written in a programming language unfamiliar to them. The GitLab Duo **Code explanation** capability explains code in natural language so that everyone can understand the code and get up to speed quickly.\n\nMoreover, when updates are committed to the feature branch, the GitLab Duo **Suggested reviewers** capability uses the changes in a merge request and a project’s contribution graph to suggest appropriate reviewers in the reviewer dropdown in the merge request sidebar. The list includes users that are knowledgeable about a specific aspect of the application and would be the best candidates to review the updates. Developers save time by not having to search and identify adequate reviewers, streamlining the review process and avoiding delays and low-quality reviews.\n\nWhen developers make changes to the code, they often don't include a comment in the merge request about the specific changes they made. The GitLab Duo **Merge request summary** capability allows the author of merge request changes to use AI to generate a natural-language comment that summarizes the updates to the code. Reviewers then can better understand the changes and streamline the entire review process\n\nAs reviewers review updates to the code in a merge request, they can create a review block, which can consist of many comments spanning many source files. To help the original author of the updates better understand the feedback provided by the reviewer in a long review block, the GitLab Duo **Code review summary** capability generates a natural-language summary of the reviewer’s feedback. This enables better handoff between authors and reviewers, streamlining the review process.\n\nFurthermore, when developers add new code via a merge request, they can leverage the GitLab Duo **Test generation** capability to use AI to generate unit tests for the new code. This can help to increase developer productivity, improve test coverage, and catch bugs early in the development lifecycle. Developers can also leverage GitLab Duo **Chat**, which is always accessible, to refactor code and generate in-line documentation, e.g. docstrings, for their source code.\n\nWhile pipelines execute on branch updates, they can include automated tests and scans, which helps in shifting security left.\n\n### Shifting security left\n\n![Shifting security left - third portion of GitLab Flow](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/The-GitLab-Flow-2023-shift-sec-left-portion.png)\n\u003Ccenter>Shifting security left - third portion of GitLab Flow\u003C/center>\u003Cp>\u003C/p>\n\nThe third portion of GitLab Flow is shifting security left, which is also part of the GitLab Flow inner feedback loop.\n\nIn addition to DevOps and platform engineers, system and database administrators, and developers, some of the stakeholders collaborating in a merge request may be concerned about security and compliance, which is where automated tests and security scans play a role. Scans can be simply included in a pipeline via readily available templates and/or can be automatically executed within a merge request pipeline. GitLab provides a broad set of built-in security scanners and analyzers that can be leveraged by GitLab Flow, but the DevSecOps platform can also accommodate third-party and custom scanners.\n\nGitLab Flow shifts security left in the pipeline to detect and resolve defects as early as possible in the software development process. It is much simpler and cheaper to fix vulnerabilities early in the development cycle than once the application is in production, where an unscheduled outage can affect your users and revenue.\n\nThe built-in security scanners and analyzers provided by GitLab include: unit testing, infrastructure-as-code (IaC) scanning, static application security testing (SAST) scanners, dependency scanning, secret detection, container scanning, API security, web API fuzz testing, and coverage-guided fuzz testing. In addition, GitLab provides a variety of security dashboards and reports to manage and visualize vulnerabilities, such as the Dependencies list, Security dashboard, Vulnerability Report, and vulnerability pages.\n\nTo help developers and security engineers better understand and remediate vulnerabilities more efficiently, the GitLab Duo **Vulnerability explanation** capability provides an explanation about a specific vulnerability, how it can be exploited, and, most importantly, a recommendation on how to fix the vulnerability. Developers can also take advantage of GitLab Duo **Vulnerability resolution**, which automatically creates a merge request that includes code changes to fix the vulnerability. These AI-powered capabilities can help streamline and optimize the process of securing and hardening an application to prevent vulnerabilities that can be exploited by cyber attacks in production.\n\nBesides SAST scanners, GitLab provides dynamic application security testing (DAST) scanners, which require a running application. When leveraging these scanners, GitLab is capable of automatically provisioning a DAST environment for the DAST scans and then performing a complete cleanup of all resources post-DAST testing. In addition, for running containers, GitLab provides operational container scanning, which scans container images in your cluster for security vulnerabilities.\n\nThe scans mentioned above can be executed automatically within a merge request pipeline or, in some cases, can be scheduled for execution via scan execution and merge request approval policies. These policies can be defined via the GitLab UI or YAML files and are configured in a separate project, allowing segregation of duties for reusability, maintenance, and management. Scan execution policies require that security scans be run on a specified schedule or with the project pipeline, and merge request approval policies take action based on scan results. Security engineers or teams can define these policies to enforce security processes across the organization and GitLab Flow may encounter or leverage these as it spans through its steps.\n\nTo enforce security and compliance across projects in your organization, you can use compliance labels and pipelines. Compliance labels and pipelines can be made mandatory to execute before a project’s own pipeline. With this approach, you can ensure that all teams within your organization meet your security and compliance standards. In addition, you can secure your applications against cyber attacks, conform to government compliance standards, and always be audit-ready.\n\nThe main goal of all of these GitLab Flow security prescriptions is to fix vulnerabilities early in the development cycle rather than once the application is in production, where remediating a vulnerability can prove to be very costly in reputation and revenue.\n\nAs vulnerabilities are mitigated within the GitLab Flow inner feedback loop and more updates are applied to the application in the feature branch, stakeholders need to re-review these updates to ensure that the updates have taken place and no regressions have inadvertently been introduced.\n\n### Continuous review\n\n![Reviews - fourth portion of GitLab Flow](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/The-GitLab-Flow-2023-reviewing-features-portion.png)\n\u003Ccenter>Reviews - fourth portion of GitLab Flow\u003C/center>\u003Cp>\u003C/p>\n\nThe next portion of GitLab Flow is reviewing features, which prescribes the continuous review of applications. Reviewing features involves the ability to stand up a review environment to which the interim application (feature branch) is deployed so that stakeholders can review it in real time and provide feedback. The interim application can then be continuously adjusted until it is ready to be merged to the main branch. GitLab Flow also prescribes the cleanup of all provisioned review environment resources at the moment when the merge request is merged to the main branch.\n\nThis iterative automated review process is part of the inner feedback loop in GitLab Flow. As mentioned above, within the inner feedback loop, GitLab Duo capabilities like Code explanation, Code Suggestions, Suggested reviewers, Merge request summary, Merge request template population, Code review summary, Vulnerability explanation, Vulnerability resolution, and Root cause analysis are prescribed by GitLab Flow to enable a better handoff between authors and reviewers and streamline the entire review process.\n\nThe GitLab Flow inner feedback loop terminates when all review items are addressed and the merge request is approved and merged to the main branch, which triggers the deployment of the application to production.\n\n### Deploying applications and infrastructure\n\n![Deploying - fifth portion of GitLab Flow](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/The-GitLab-Flow-2023-deploy-apps-portion.png)\n\u003Ccenter>Deploying - fifth portion of GitLab Flow\u003C/center>\u003Cp>\u003C/p>\n\nDepending on an organization’s needs, either continuous delivery or continuous deployment is prescribed by GitLab Flow. Whereas continuous delivery is the frequent release of code by triggering the deployments manually (e.g., to production), continuous deployment is the automated release of code (e.g., to production) without human intervention. Let’s cover continuous delivery first.\n\nAs you release your software using continuous delivery, you have a few deployment options. You can establish a freeze window and then deploy using advanced deployment techniques, such as canary, blue/green, timed, and incremental rollouts. Incremental rollouts can lower the risk of production outages delivering a better user experience and customer satisfaction. Advanced deployment techniques can also improve development and delivery efficiency, streamlining the release process.\n\nAs you release your software using continuous deployment, all changes/updates go directly to production. Progressive delivery approaches like feature flags, which allow you to separate the delivery of specific features from a launch, are a good way to reduce risk and manage what functionality to make available to production users. Feature flags support multiple programming languages and allow developer experimentation and controlled testing. You can even use feature flags to roll out features to specific users.\n\nAlthough GitLab supports all these deployment approaches, GitLab Flow allows for the adoption of the approach that best fits the organization and/or specific project needs.\n\n### Monitoring applications and DevSecOps processes\nOnce your application has been deployed to production, it needs to be continuously monitored to ensure its stability, performance, and availability. In addition, as the DevSecOps processes execute, they are measured, providing the opportunity to improve their performance and efficiency. The monitoring capabilities are provided by GitLab and, as such, can be leveraged by GitLab Flow.\n\nFor running containers, GitLab provides operational container scanning (OCS), which scans container images in your cluster for security vulnerabilities. These scans can be automated by scheduling them when to run and any found vulnerabilities are automatically displayed in a security dashboard. The OCS can help keep your cluster applications secure and preempt any cyber attacks that can lead to leaks of private data and even cause unexpected outages.\n\nError tracking allows developers to discover and view errors generated by their application. All errors generated by your application are displayed in the Error Tracking list in GitLab. Error tracking can help with availability and performance of your applications by detecting and resolving unexpected application conditions fast.\n\nGitLab can accept alerts from any monitoring source, including Prometheus, via a webhook receiver. As alerts come in, they are displayed in the GitLab Alerts list, from which you can manually manage them. Alerts can also automatically trigger the creation of incidents, ChatOps, and email messages to appropriate individuals or groups. All these capabilities streamline the alert resolution and management process.\n\nAs incidents are created, due to production problems, they appear in the GitLab Incidents list for incident management. You can manage one or more incidents, sort them, search them, assign them, set their statuses, and even see their SLA preset countdown timer. Moreover, you can create on-call schedules and rotations, escalation policies, and set up paging and notifications to handle incidents. In addition, you can link an incident to an alert so that when the incident is closed, its associated alert is automatically resolved. Incident timelines are another capability for executives and external viewers to see what happened during an incident, and which steps were taken for it to be resolved. All these capabilities streamline the incident management process so that they can be resolved as quickly as possible.\n\nAudit events track important events, including who performed the related action and when in GitLab. These events are displayed in the GitLab Audit Events list and provide, among others, the action that was taken on an object, who did it, and the date and time of its occurrence.\n\nAll the lists and dashboards mentioned above can help preempt out-of-compliance scenarios to avoid penalties as well as streamline audit processes. For your running applications, they generate the data and metrics that can be used in the GitLab Flow outer feedback loop to help improve and optimize your applications and lower the risk of unscheduled production outages.\n\n### Continuous improvement\nWhen applying GitLab Flow, you also have the opportunity to use the insight that GitLab provides in the form of end-to-end process metrics dashboards to continuously improve not just your application but also your software delivery performance. These dashboards and their metrics are auto-generated by GitLab and are always available.\n\n### The Value Stream Analytics dashboard\n\nYou can track and monitor your application development lifecycle through the Value Stream Analytics Dashboard, where you can check project or group statistics over time. This dashboard is customizable but you can get started quickly by creating a value stream using a GitLab-provided default template. The default dashboard displays metrics for each of the pre-defined stages of your value stream analytics, namely Issue, Plan, Code, Test, Review, and Staging, as well as a graph with the average time to completion for each. It also shows the value stream analytics key metrics: lead time, cycle time, new issues, commits, and deploys. You can use these metrics to find areas of improvement in the stages of your value stream.\n\n### DORA metrics dashboard\n\nTo view the performance metrics that measure the effectiveness of your organization’s development and delivery practices, GitLab provides the [DORA](https://about.gitlab.com/solutions/value-stream-management/dora/) (DevOps Research and Assessment) metrics dashboard, which displays four key metrics: Deployment Frequency, Lead Time for Changes, Time to Restore Service, and Change Failure Rate. Deployment Frequency measures how often your organization deploys code to production or releases it to end users. Lead Time for Changes measures how long it takes to go from code committed to code successfully running in production. Time to Restore Service measures the time needed to restore services to the level they were previously, in case of an incident. Finally, Change Failure Rate is the percentage of changes to production or released to users that resulted in a degraded service (for example, a change that caused a service impairment or outage) and subsequently required remediation (required a hotfix, rollback, patch). These four key metrics are outcomes of your current processes and give you the opportunity to improve the factors and capabilities that drive them.\n\n### Customize your dashboard\n\nAnother dashboard is the Value Streams Dashboard, which is a customizable dashboard that enables decision-makers to identify trends, patterns, and opportunities for software development improvements. The metrics shown are the DORA metrics followed by the value stream analytics flow metrics and counts for critical and high vulnerabilities for the month to date, the two preceding months, and the past six months.\n\nGitLab Duo can also help in your continuous improvement efforts. For example, the **Value stream forecasting** capability takes historical data and uses data trends across your development lifecycle to predict the future behavior of your value stream metrics. You can use these predictive analyses in your optimization initiatives.\n\nAll these dashboards and the metrics they report on are part of the GitLab Flow outer feedback loop to help you lower the risk of unscheduled production outages and improve and optimize your applications and DevSecOps workflows.\n\n### AI impact analytics\nTo better understand the impact of the use of GitLab Duo (or AI) along the entire development life cycle, you can check the [AI Impact analytics](https://about.gitlab.com/blog/developing-gitlab-duo-ai-impact-analytics-dashboard-measures-the-roi-of-ai/), from where you can see how the adoption of GitLab Duo Code Suggestions impacts other performance, quality and security metrics. You can visualize the last six months of AI adoption and its impact on other metrics, such as cycle time, lead time, deployment frequency, change failure rate, and critical vulnerabilities over time.\n\nAI impact analytics help to measure adoption, effectiveness and benefits that AI brings to teams and organizations and also to identify areas for improvement.\n\n## Why use GitLab Flow?\nGitLab Flow is a prescribed approach, practiced by our customers and users worldwide, that can provide the following benefits: - Higher productivity via the automation capabilities provided by GitLab and its single user interface and data model, all leveraged by GitLab Flow\n- Accurate insights into the end-to-end DevSecOps lifecycle to support continuous improvement\n- Built-in dashboards and metrics that can help you optimize your applications and DevSecOps processes\n- Higher code quality and improved reliability and availability of your applications\n- Better application security through built-in security scanners and capabilities\n- Compliance- and audit-readiness via built-in compliance features\n- Shorter cycle times that can help you increase deployment frequency\n- Continuous review enabled by the GitLab Flow inner feedback loop\n- The GitLab Flow inner feedback loop can help you optimize application updates leading to better code quality and higher reliability and availability of your applications\n- The GitLab Flow outer feedback loop can help you improve your applications as well as the development lifecycle itself\n- High levels of collaboration among stakeholders in your organization\n- Shifting security left to help find vulnerabilities in applications before they make it to production to avoid costly, unscheduled outages\n- Lower risk when deploying to production via the advanced deployment techniques and progressive delivery approaches supported by GitLab\n- AI-powered capabilities that span across the entire development lifecycle and can boost productivity, code quality, continuous improvement, security and compliance, and more\n- Support for cloud-native and non-cloud-native applications\n- Multi-cloud support for hybrid/multi-cloud applications\n- Shifting security left to help you find vulnerabilities in your applications before they make it to production so that you can avoid costly unscheduled outages\n\nHow can you get started with GitLab Flow? Leveraging GitLab Auto DevOps or parts of it is a good starting point for applying GitLab Flow principles to your application development lifecycle.\n\n## GitLab Flow and Auto DevOps\n\n![Auto DevOps - an instantiation of GitLab Flow](https://about.gitlab.com/images/blogimages/gitlab-flow-duo/ado-pipeline.png)\n\u003Ccenter>Auto DevOps - an instantiation of GitLab Flow\u003C/center>\u003Cp>\u003C/p>\n\n[Auto DevOps](https://docs.gitlab.com/ee/topics/autodevops/) applies GitLab Flow throughout all its stages and jobs. You can think of it as a good example for the instantiation of GitLab Flow.\n\nAuto DevOps is a collection of predefined, out-of-the-box CI/CD templates that auto-discover the source code you have. Based on best practices, these templates automatically detect, build, test, deploy, and monitor your applications.\n\nThe Auto DevOps pipeline shifts work left to find and prevent defects as early as possible in the software delivery process. The pipeline then deploys the application to staging for verification and then to production in an incremental/timed fashion.\n\nAuto DevOps gets you started quickly, increasing developer productivity, and it can be easily customized to your needs, with support for the most common programming frameworks and languages. Auto DevOps is modular, customizable, and extensible, which allows you to leverage pieces of it in your pipelines or apply all of it for your application.\n\n## Get started\n[Combine GitLab Flow and GitLab Duo today](https://gitlab.com/-/trials/new?glm_content=default-saas-trial&glm_source=about.gitlab.com%2Fblog%2F) to achieve significant improvements in end-to-end workflow efficiency that can lead to even higher levels of productivity, deployment frequency, code quality and overall security, and production resiliency and availability.\nIf you'd like to see a workflow in action that combines GitLab Flow and GitLab Duo and how it can benefit you, watch the following video:\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/CKrZ4_tKY4I?si=Kf6QsYFIzKkJZpJd\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n",[23,24,25],"CI/CD","AI/ML","DevSecOps","2024-06-18","yml",{},true,"/en-us/blog/gitlab-flow-duo",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":32,"ogSiteName":33,"ogType":34,"canonicalUrls":32},"https://about.gitlab.com/blog/gitlab-flow-duo","https://about.gitlab.com","article","en-us/blog/gitlab-flow-duo",[37,38,39],"cicd","aiml","devsecops","ORtwZmJAwCWujGPXHZ8kH1_x2uIhghpsf6lPxEHcOKY",{"data":42},{"logo":43,"freeTrial":48,"sales":53,"login":58,"items":63,"search":370,"minimal":401,"duo":420,"pricingDeployment":430},{"config":44},{"href":45,"dataGaName":46,"dataGaLocation":47},"/","gitlab logo","header",{"text":49,"config":50},"Get free trial",{"href":51,"dataGaName":52,"dataGaLocation":47},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":54,"config":55},"Talk to sales",{"href":56,"dataGaName":57,"dataGaLocation":47},"/sales/","sales",{"text":59,"config":60},"Sign in",{"href":61,"dataGaName":62,"dataGaLocation":47},"https://gitlab.com/users/sign_in/","sign in",[64,91,185,190,291,351],{"text":65,"config":66,"cards":68},"Platform",{"dataNavLevelOne":67},"platform",[69,75,83],{"title":65,"description":70,"link":71},"The intelligent orchestration platform for DevSecOps",{"text":72,"config":73},"Explore our Platform",{"href":74,"dataGaName":67,"dataGaLocation":47},"/platform/",{"title":76,"description":77,"link":78},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":79,"config":80},"Meet GitLab Duo",{"href":81,"dataGaName":82,"dataGaLocation":47},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":84,"description":85,"link":86},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":87,"config":88},"Learn more",{"href":89,"dataGaName":90,"dataGaLocation":47},"/why-gitlab/","why gitlab",{"text":92,"left":29,"config":93,"link":95,"lists":99,"footer":167},"Product",{"dataNavLevelOne":94},"solutions",{"text":96,"config":97},"View all Solutions",{"href":98,"dataGaName":94,"dataGaLocation":47},"/solutions/",[100,123,146],{"title":101,"description":102,"link":103,"items":108},"Automation","CI/CD and automation to accelerate deployment",{"config":104},{"icon":105,"href":106,"dataGaName":107,"dataGaLocation":47},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[109,112,115,119],{"text":23,"config":110},{"href":111,"dataGaLocation":47,"dataGaName":23},"/solutions/continuous-integration/",{"text":76,"config":113},{"href":81,"dataGaLocation":47,"dataGaName":114},"gitlab duo agent platform - product menu",{"text":116,"config":117},"Source Code Management",{"href":118,"dataGaLocation":47,"dataGaName":116},"/solutions/source-code-management/",{"text":120,"config":121},"Automated Software Delivery",{"href":106,"dataGaLocation":47,"dataGaName":122},"Automated software delivery",{"title":124,"description":125,"link":126,"items":131},"Security","Deliver code faster without compromising security",{"config":127},{"href":128,"dataGaName":129,"dataGaLocation":47,"icon":130},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[132,136,141],{"text":133,"config":134},"Application Security Testing",{"href":128,"dataGaName":135,"dataGaLocation":47},"Application security testing",{"text":137,"config":138},"Software Supply Chain Security",{"href":139,"dataGaLocation":47,"dataGaName":140},"/solutions/supply-chain/","Software supply chain security",{"text":142,"config":143},"Software Compliance",{"href":144,"dataGaName":145,"dataGaLocation":47},"/solutions/software-compliance/","software compliance",{"title":147,"link":148,"items":153},"Measurement",{"config":149},{"icon":150,"href":151,"dataGaName":152,"dataGaLocation":47},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[154,158,162],{"text":155,"config":156},"Visibility & Measurement",{"href":151,"dataGaLocation":47,"dataGaName":157},"Visibility and Measurement",{"text":159,"config":160},"Value Stream Management",{"href":161,"dataGaLocation":47,"dataGaName":159},"/solutions/value-stream-management/",{"text":163,"config":164},"Analytics & Insights",{"href":165,"dataGaLocation":47,"dataGaName":166},"/solutions/analytics-and-insights/","Analytics and insights",{"title":168,"items":169},"GitLab for",[170,175,180],{"text":171,"config":172},"Enterprise",{"href":173,"dataGaLocation":47,"dataGaName":174},"/enterprise/","enterprise",{"text":176,"config":177},"Small Business",{"href":178,"dataGaLocation":47,"dataGaName":179},"/small-business/","small business",{"text":181,"config":182},"Public Sector",{"href":183,"dataGaLocation":47,"dataGaName":184},"/solutions/public-sector/","public sector",{"text":186,"config":187},"Pricing",{"href":188,"dataGaName":189,"dataGaLocation":47,"dataNavLevelOne":189},"/pricing/","pricing",{"text":191,"config":192,"link":194,"lists":198,"feature":278},"Resources",{"dataNavLevelOne":193},"resources",{"text":195,"config":196},"View all resources",{"href":197,"dataGaName":193,"dataGaLocation":47},"/resources/",[199,232,250],{"title":200,"items":201},"Getting started",[202,207,212,217,222,227],{"text":203,"config":204},"Install",{"href":205,"dataGaName":206,"dataGaLocation":47},"/install/","install",{"text":208,"config":209},"Quick start guides",{"href":210,"dataGaName":211,"dataGaLocation":47},"/get-started/","quick setup checklists",{"text":213,"config":214},"Learn",{"href":215,"dataGaLocation":47,"dataGaName":216},"https://university.gitlab.com/","learn",{"text":218,"config":219},"Product documentation",{"href":220,"dataGaName":221,"dataGaLocation":47},"https://docs.gitlab.com/","product documentation",{"text":223,"config":224},"Best practice videos",{"href":225,"dataGaName":226,"dataGaLocation":47},"/getting-started-videos/","best practice videos",{"text":228,"config":229},"Integrations",{"href":230,"dataGaName":231,"dataGaLocation":47},"/integrations/","integrations",{"title":233,"items":234},"Discover",[235,240,245],{"text":236,"config":237},"Customer success stories",{"href":238,"dataGaName":239,"dataGaLocation":47},"/customers/","customer success stories",{"text":241,"config":242},"Blog",{"href":243,"dataGaName":244,"dataGaLocation":47},"/blog/","blog",{"text":246,"config":247},"Remote",{"href":248,"dataGaName":249,"dataGaLocation":47},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":251,"items":252},"Connect",[253,258,263,268,273],{"text":254,"config":255},"GitLab Services",{"href":256,"dataGaName":257,"dataGaLocation":47},"/services/","services",{"text":259,"config":260},"Community",{"href":261,"dataGaName":262,"dataGaLocation":47},"/community/","community",{"text":264,"config":265},"Forum",{"href":266,"dataGaName":267,"dataGaLocation":47},"https://forum.gitlab.com/","forum",{"text":269,"config":270},"Events",{"href":271,"dataGaName":272,"dataGaLocation":47},"/events/","events",{"text":274,"config":275},"Partners",{"href":276,"dataGaName":277,"dataGaLocation":47},"/partners/","partners",{"backgroundColor":279,"textColor":280,"text":281,"image":282,"link":286},"#2f2a6b","#fff","Insights for the future of software development",{"altText":283,"config":284},"the source promo card",{"src":285},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":287,"config":288},"Read the latest",{"href":289,"dataGaName":290,"dataGaLocation":47},"/the-source/","the source",{"text":292,"config":293,"lists":295},"Company",{"dataNavLevelOne":294},"company",[296],{"items":297},[298,303,309,311,316,321,326,331,336,341,346],{"text":299,"config":300},"About",{"href":301,"dataGaName":302,"dataGaLocation":47},"/company/","about",{"text":304,"config":305,"footerGa":308},"Jobs",{"href":306,"dataGaName":307,"dataGaLocation":47},"/jobs/","jobs",{"dataGaName":307},{"text":269,"config":310},{"href":271,"dataGaName":272,"dataGaLocation":47},{"text":312,"config":313},"Leadership",{"href":314,"dataGaName":315,"dataGaLocation":47},"/company/team/e-group/","leadership",{"text":317,"config":318},"Team",{"href":319,"dataGaName":320,"dataGaLocation":47},"/company/team/","team",{"text":322,"config":323},"Handbook",{"href":324,"dataGaName":325,"dataGaLocation":47},"https://handbook.gitlab.com/","handbook",{"text":327,"config":328},"Investor relations",{"href":329,"dataGaName":330,"dataGaLocation":47},"https://ir.gitlab.com/","investor relations",{"text":332,"config":333},"Trust Center",{"href":334,"dataGaName":335,"dataGaLocation":47},"/security/","trust center",{"text":337,"config":338},"AI Transparency Center",{"href":339,"dataGaName":340,"dataGaLocation":47},"/ai-transparency-center/","ai transparency center",{"text":342,"config":343},"Newsletter",{"href":344,"dataGaName":345,"dataGaLocation":47},"/company/contact/#contact-forms","newsletter",{"text":347,"config":348},"Press",{"href":349,"dataGaName":350,"dataGaLocation":47},"/press/","press",{"text":352,"config":353,"lists":354},"Contact us",{"dataNavLevelOne":294},[355],{"items":356},[357,360,365],{"text":54,"config":358},{"href":56,"dataGaName":359,"dataGaLocation":47},"talk to sales",{"text":361,"config":362},"Support portal",{"href":363,"dataGaName":364,"dataGaLocation":47},"https://support.gitlab.com","support portal",{"text":366,"config":367},"Customer portal",{"href":368,"dataGaName":369,"dataGaLocation":47},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":371,"login":372,"suggestions":379},"Close",{"text":373,"link":374},"To search repositories and projects, login to",{"text":375,"config":376},"gitlab.com",{"href":61,"dataGaName":377,"dataGaLocation":378},"search login","search",{"text":380,"default":381},"Suggestions",[382,384,388,390,394,398],{"text":76,"config":383},{"href":81,"dataGaName":76,"dataGaLocation":378},{"text":385,"config":386},"Code Suggestions (AI)",{"href":387,"dataGaName":385,"dataGaLocation":378},"/solutions/code-suggestions/",{"text":23,"config":389},{"href":111,"dataGaName":23,"dataGaLocation":378},{"text":391,"config":392},"GitLab on AWS",{"href":393,"dataGaName":391,"dataGaLocation":378},"/partners/technology-partners/aws/",{"text":395,"config":396},"GitLab on Google Cloud",{"href":397,"dataGaName":395,"dataGaLocation":378},"/partners/technology-partners/google-cloud-platform/",{"text":399,"config":400},"Why GitLab?",{"href":89,"dataGaName":399,"dataGaLocation":378},{"freeTrial":402,"mobileIcon":407,"desktopIcon":412,"secondaryButton":415},{"text":403,"config":404},"Start free trial",{"href":405,"dataGaName":52,"dataGaLocation":406},"https://gitlab.com/-/trials/new/","nav",{"altText":408,"config":409},"Gitlab Icon",{"src":410,"dataGaName":411,"dataGaLocation":406},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":408,"config":413},{"src":414,"dataGaName":411,"dataGaLocation":406},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":416,"config":417},"Get Started",{"href":418,"dataGaName":419,"dataGaLocation":406},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":421,"mobileIcon":426,"desktopIcon":428},{"text":422,"config":423},"Learn more about GitLab Duo",{"href":424,"dataGaName":425,"dataGaLocation":406},"/gitlab-duo/","gitlab duo",{"altText":408,"config":427},{"src":410,"dataGaName":411,"dataGaLocation":406},{"altText":408,"config":429},{"src":414,"dataGaName":411,"dataGaLocation":406},{"freeTrial":431,"mobileIcon":436,"desktopIcon":438},{"text":432,"config":433},"Back to pricing",{"href":188,"dataGaName":434,"dataGaLocation":406,"icon":435},"back to pricing","GoBack",{"altText":408,"config":437},{"src":410,"dataGaName":411,"dataGaLocation":406},{"altText":408,"config":439},{"src":414,"dataGaName":411,"dataGaLocation":406},{"title":441,"button":442,"config":447},"See how agentic AI transforms software delivery",{"text":443,"config":444},"Watch GitLab Transcend now",{"href":445,"dataGaName":446,"dataGaLocation":47},"/events/transcend/virtual/","transcend event",{"layout":448,"icon":449},"release","AiStar",{"data":451},{"text":452,"source":453,"edit":459,"contribute":464,"config":469,"items":474,"minimal":678},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":454,"config":455},"View page source",{"href":456,"dataGaName":457,"dataGaLocation":458},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":460,"config":461},"Edit this page",{"href":462,"dataGaName":463,"dataGaLocation":458},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":465,"config":466},"Please contribute",{"href":467,"dataGaName":468,"dataGaLocation":458},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":470,"facebook":471,"youtube":472,"linkedin":473},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[475,522,573,617,644],{"title":186,"links":476,"subMenu":491},[477,481,486],{"text":478,"config":479},"View plans",{"href":188,"dataGaName":480,"dataGaLocation":458},"view plans",{"text":482,"config":483},"Why Premium?",{"href":484,"dataGaName":485,"dataGaLocation":458},"/pricing/premium/","why premium",{"text":487,"config":488},"Why Ultimate?",{"href":489,"dataGaName":490,"dataGaLocation":458},"/pricing/ultimate/","why ultimate",[492],{"title":493,"links":494},"Contact Us",[495,498,500,502,507,512,517],{"text":496,"config":497},"Contact sales",{"href":56,"dataGaName":57,"dataGaLocation":458},{"text":361,"config":499},{"href":363,"dataGaName":364,"dataGaLocation":458},{"text":366,"config":501},{"href":368,"dataGaName":369,"dataGaLocation":458},{"text":503,"config":504},"Status",{"href":505,"dataGaName":506,"dataGaLocation":458},"https://status.gitlab.com/","status",{"text":508,"config":509},"Terms of use",{"href":510,"dataGaName":511,"dataGaLocation":458},"/terms/","terms of use",{"text":513,"config":514},"Privacy statement",{"href":515,"dataGaName":516,"dataGaLocation":458},"/privacy/","privacy statement",{"text":518,"config":519},"Cookie preferences",{"dataGaName":520,"dataGaLocation":458,"id":521,"isOneTrustButton":29},"cookie preferences","ot-sdk-btn",{"title":92,"links":523,"subMenu":532},[524,528],{"text":525,"config":526},"DevSecOps platform",{"href":74,"dataGaName":527,"dataGaLocation":458},"devsecops platform",{"text":529,"config":530},"AI-Assisted Development",{"href":424,"dataGaName":531,"dataGaLocation":458},"ai-assisted development",[533],{"title":534,"links":535},"Topics",[536,540,545,550,555,558,563,568],{"text":537,"config":538},"CICD",{"href":539,"dataGaName":37,"dataGaLocation":458},"/topics/ci-cd/",{"text":541,"config":542},"GitOps",{"href":543,"dataGaName":544,"dataGaLocation":458},"/topics/gitops/","gitops",{"text":546,"config":547},"DevOps",{"href":548,"dataGaName":549,"dataGaLocation":458},"/topics/devops/","devops",{"text":551,"config":552},"Version Control",{"href":553,"dataGaName":554,"dataGaLocation":458},"/topics/version-control/","version control",{"text":25,"config":556},{"href":557,"dataGaName":39,"dataGaLocation":458},"/topics/devsecops/",{"text":559,"config":560},"Cloud Native",{"href":561,"dataGaName":562,"dataGaLocation":458},"/topics/cloud-native/","cloud native",{"text":564,"config":565},"AI for Coding",{"href":566,"dataGaName":567,"dataGaLocation":458},"/topics/devops/ai-for-coding/","ai for coding",{"text":569,"config":570},"Agentic AI",{"href":571,"dataGaName":572,"dataGaLocation":458},"/topics/agentic-ai/","agentic ai",{"title":574,"links":575},"Solutions",[576,578,580,585,589,592,596,599,601,604,607,612],{"text":133,"config":577},{"href":128,"dataGaName":133,"dataGaLocation":458},{"text":122,"config":579},{"href":106,"dataGaName":107,"dataGaLocation":458},{"text":581,"config":582},"Agile development",{"href":583,"dataGaName":584,"dataGaLocation":458},"/solutions/agile-delivery/","agile delivery",{"text":586,"config":587},"SCM",{"href":118,"dataGaName":588,"dataGaLocation":458},"source code management",{"text":537,"config":590},{"href":111,"dataGaName":591,"dataGaLocation":458},"continuous integration & delivery",{"text":593,"config":594},"Value stream management",{"href":161,"dataGaName":595,"dataGaLocation":458},"value stream management",{"text":541,"config":597},{"href":598,"dataGaName":544,"dataGaLocation":458},"/solutions/gitops/",{"text":171,"config":600},{"href":173,"dataGaName":174,"dataGaLocation":458},{"text":602,"config":603},"Small business",{"href":178,"dataGaName":179,"dataGaLocation":458},{"text":605,"config":606},"Public sector",{"href":183,"dataGaName":184,"dataGaLocation":458},{"text":608,"config":609},"Education",{"href":610,"dataGaName":611,"dataGaLocation":458},"/solutions/education/","education",{"text":613,"config":614},"Financial services",{"href":615,"dataGaName":616,"dataGaLocation":458},"/solutions/finance/","financial services",{"title":191,"links":618},[619,621,623,625,628,630,632,634,636,638,640,642],{"text":203,"config":620},{"href":205,"dataGaName":206,"dataGaLocation":458},{"text":208,"config":622},{"href":210,"dataGaName":211,"dataGaLocation":458},{"text":213,"config":624},{"href":215,"dataGaName":216,"dataGaLocation":458},{"text":218,"config":626},{"href":220,"dataGaName":627,"dataGaLocation":458},"docs",{"text":241,"config":629},{"href":243,"dataGaName":244,"dataGaLocation":458},{"text":236,"config":631},{"href":238,"dataGaName":239,"dataGaLocation":458},{"text":246,"config":633},{"href":248,"dataGaName":249,"dataGaLocation":458},{"text":254,"config":635},{"href":256,"dataGaName":257,"dataGaLocation":458},{"text":259,"config":637},{"href":261,"dataGaName":262,"dataGaLocation":458},{"text":264,"config":639},{"href":266,"dataGaName":267,"dataGaLocation":458},{"text":269,"config":641},{"href":271,"dataGaName":272,"dataGaLocation":458},{"text":274,"config":643},{"href":276,"dataGaName":277,"dataGaLocation":458},{"title":292,"links":645},[646,648,650,652,654,656,658,662,667,669,671,673],{"text":299,"config":647},{"href":301,"dataGaName":294,"dataGaLocation":458},{"text":304,"config":649},{"href":306,"dataGaName":307,"dataGaLocation":458},{"text":312,"config":651},{"href":314,"dataGaName":315,"dataGaLocation":458},{"text":317,"config":653},{"href":319,"dataGaName":320,"dataGaLocation":458},{"text":322,"config":655},{"href":324,"dataGaName":325,"dataGaLocation":458},{"text":327,"config":657},{"href":329,"dataGaName":330,"dataGaLocation":458},{"text":659,"config":660},"Sustainability",{"href":661,"dataGaName":659,"dataGaLocation":458},"/sustainability/",{"text":663,"config":664},"Diversity, inclusion and belonging (DIB)",{"href":665,"dataGaName":666,"dataGaLocation":458},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":332,"config":668},{"href":334,"dataGaName":335,"dataGaLocation":458},{"text":342,"config":670},{"href":344,"dataGaName":345,"dataGaLocation":458},{"text":347,"config":672},{"href":349,"dataGaName":350,"dataGaLocation":458},{"text":674,"config":675},"Modern Slavery Transparency Statement",{"href":676,"dataGaName":677,"dataGaLocation":458},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":679},[680,683,686],{"text":681,"config":682},"Terms",{"href":510,"dataGaName":511,"dataGaLocation":458},{"text":684,"config":685},"Cookies",{"dataGaName":520,"dataGaLocation":458,"id":521,"isOneTrustButton":29},{"text":687,"config":688},"Privacy",{"href":515,"dataGaName":516,"dataGaLocation":458},[690],{"id":691,"title":18,"body":8,"config":692,"content":694,"description":8,"extension":27,"meta":698,"navigation":29,"path":699,"seo":700,"stem":701,"__hash__":702},"blogAuthors/en-us/blog/authors/cesar-saavedra.yml",{"template":693},"BlogAuthor",{"name":18,"config":695},{"headshot":696,"ctfId":697},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659600/Blog/Author%20Headshots/csaavedra1-headshot.jpg","csaavedra1",{},"/en-us/blog/authors/cesar-saavedra",{},"en-us/blog/authors/cesar-saavedra","SMqRf-z0W5m5GROz_dXGjmuIb3YaOwm_n_RfeK16GcA",[704,717,730],{"content":705,"config":715},{"title":706,"description":707,"authors":708,"heroImage":710,"date":711,"body":712,"category":9,"tags":713},"10 AI prompts to speed your team’s software delivery","Eliminate review backlogs, security delays, and coordination overhead with ready-to-use AI prompts covering every stage of the software lifecycle.",[709],"Chandler Gibbons","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772632341/duj8vaznbhtyxxhodb17.png","2026-03-04","AI-assisted coding tools are helping developers generate code faster than ever. So why aren’t teams _shipping_ faster?\n\nBecause coding is only 20% of the software delivery lifecycle, the remaining 80% becomes the bottleneck: code review backlogs grow, security scanning can’t keep pace, documentation falls behind, and manual coordination overhead increases.\n\nThe good news is that the same AI capabilities that accelerate individual coding can eliminate these team-level delays. You just need to apply AI across your entire software lifecycle, not only during the coding phase.\n\nBelow are 10 ready-to-use prompts from the [GitLab Duo Agent Platform Prompt Library](https://about.gitlab.com/gitlab-duo/prompt-library/) that help teams overcome common obstacles to faster software delivery. Each prompt addresses a specific slowdown that emerges when individual productivity increases without corresponding improvements in team processes.\n\n## How do you move code review from bottleneck to accelerator?\nDevelopers generate merge requests faster with AI assistance, but human reviewers can quickly become overwhelmed as code review cycles stretch from hours to days. AI can handle routine review tasks, freeing reviewers to focus on architecture and business logic instead of catching basic logical errors and API contract violations.\n\n### Review MR for logical errors\n**Complexity**: Beginner\n\n**Category**: Code Review\n\n**Prompt from library**:\n\n\n```text\nReview this MR for logical errors, edge cases, and potential bugs: [MR URL or paste code]\n```\n\n**Why it helps**: Automated linters catch syntax issues, but logical errors require understanding intent. This prompt catches bugs before human reviewers even look at the code, reducing review cycles from multiple rounds to often just one approval.\n\n### Identify breaking changes in MR\n**Complexity**: Beginner\n\n**Category**: Code Review\n\n**Prompt from library**:\n\n\n```text\nDoes this MR introduce any breaking changes?\n\nChanges:\n[PASTE CODE DIFF]\n\nCheck for:\n1. API signature changes\n2. Removed or renamed public methods\n3. Changed return types\n4. Modified database schemas\n5. Breaking configuration changes\n```\n\n**Why it helps**: Breaking changes discovered during deployment can cause rollbacks and incidents. This prompt shifts that discovery left to the MR stage, when fixes are faster and less expensive.\n\n## How can you shift security left without slowing down?\nSecurity scans generate hundreds of findings. Security teams manually triage each one while developers wait for approval to deploy. Most findings are false positives or low-risk issues, but identifying the real threats requires expertise and time. AI can prioritize findings by actual exploitability and auto-remediate common vulnerabilities, allowing security teams to focus on the threats that matter.\n\n### Analyze security scan results\n**Complexity**: Intermediate\n\n**Category**: Security\n\n**Agent**: Duo Security Analyst\n\n**Prompt from library**:\n\n\n```text\n@security_analyst Analyze these security scan results:\n\n[PASTE SCAN OUTPUT]\n\nFor each finding:\n1. Assess real risk vs false positive\n2. Explain the vulnerability\n3. Suggest remediation\n4. Prioritize by severity\n```\n\n**Why it helps**: Most security scan findings are false positives or low-risk issues. This prompt helps security teams focus on the findings that actually matter, reducing remediation time from weeks to days.\n\n### Review code for security issues\n**Complexity**: Intermediate\n\n**Category**: Security\n\n**Agent**: Duo Security Analyst\n\n**Prompt from library**:\n\n```text\n@security_analyst Review this code for security issues:\n\n[PASTE CODE]\n\nCheck for:\n1. Injection vulnerabilities\n2. Authentication/authorization flaws\n3. Data exposure risks\n4. Insecure dependencies\n5. Cryptographic issues\n```\n\n**Why it helps**: Traditional security reviews happen after code is written. This prompt enables developers to find and fix security issues before creating an MR, eliminating the back and forth that delays deployments.\n\n## How do you keep documentation current as code changes?\nCode changes faster than documentation. Onboarding new developers takes weeks because docs are outdated or missing. Teams know documentation is important, but it always gets deferred when deadlines approach. Automating documentation generation and updates as part of your standard workflow ensures docs stay current without adding manual work.\n\n### Generate release notes from MRs\n**Complexity**: Beginner\n\n**Category**: Documentation\n\n**Prompt from library**:\n\n```text\nGenerate release notes for these merged MRs:\n[LIST MR URLs or paste titles]\n\nGroup by:\n1. New features\n2. Bug fixes\n3. Performance improvements\n4. Breaking changes\n5. Deprecations\n```\n\n**Why it helps**: Manual release note compilation takes hours and often includes errors or omissions. Automated generation ensures every release has comprehensive notes without adding work to your release process.\n\n### Update documentation after code changes\n**Complexity**: Beginner\n\n**Category**: Documentation\n\n**Prompt from library**:\n\n```text\nI changed this code:\n\n[PASTE CODE CHANGES]\n\nWhat documentation needs updating? Check:\n1. README files\n2. API documentation\n3. Architecture diagrams\n4. Onboarding guides\n```\n\n**Why it helps**: Documentation drift happens because teams forget which docs need updates after code changes. This prompt makes documentation maintenance part of your development workflow, not a separate task that gets deferred.\n\n## How do you break down planning complexity?\nLarge features get stuck in planning. Teams spend weeks in meetings trying to scope work and identify dependencies. The complexity feels overwhelming, and it's hard to know where to start. AI can systematically decompose complex work into concrete, implementable tasks with clear dependencies and acceptance criteria, transforming weeks of planning into focused implementation.\n\n### Break down epic into issues\n**Complexity**: Intermediate\n\n**Category**: Documentation\n\n**Agent**: Duo Planner\n\n**Prompt from library**:\n\n```text\nBreak down this epic into implementable issues:\n\n[EPIC DESCRIPTION]\n\nConsider:\n1. Technical dependencies\n2. Reasonable issue sizes\n3. Clear acceptance criteria\n4. Logical implementation order\n```\n\n**Why it helps**: This prompt transforms a week of planning meetings into 30 minutes of AI-assisted decomposition followed by team review. Teams start implementation sooner with clearer direction.\n\n## How can you expand test coverage without expanding effort?\nDevelopers are writing code faster, but if testing doesn't keep pace, test coverage decreases and bugs slip through. Writing comprehensive tests manually is time-consuming, and developers often miss edge cases under deadline pressure. Generating tests automatically means developers can review and refine rather than write from scratch, maintaining quality without sacrificing velocity.\n\n### Generate unit tests\n**Complexity**: Beginner\n\n**Category**: Testing\n\n**Prompt from library**:\n\n```text\nGenerate unit tests for this function:\n\n[PASTE FUNCTION]\n\nInclude tests for:\n1. Happy path\n2. Edge cases\n3. Error conditions\n4. Boundary values\n5. Invalid inputs\n```\n\n**Why it helps**: Writing tests manually is time consuming, and developers often miss edge cases. This prompt generates thorough test suites in seconds, which developers can review and adjust rather than write from scratch.\n\n### Review test coverage gaps\n**Complexity**: Beginner\n\n**Category**: Testing\n\n**Prompt from library**:\n\n```text\nAnalyze test coverage for [MODULE/COMPONENT]:\n\nCurrent coverage: [PERCENTAGE]\n\nIdentify:\n1. Untested functions/methods\n2. Uncovered edge cases\n3. Missing error scenario tests\n4. Integration points without tests\n5. Priority areas to test next\n```\n\n**Why it helps**: This prompt reveals blind spots in your test suite before they cause production incidents. Teams can systematically improve coverage where it matters most.\n\n## How do you reduce mean time to resolution when debugging?\nProduction incidents take hours to diagnose. Developers wade through logs and stack traces while customers experience downtime. Every minute of debugging is a minute of lost productivity and potential revenue. AI can accelerate root cause analysis by parsing complex error messages and suggesting specific fixes, cutting diagnostic time from hours to minutes.\n\n### Debug failing pipeline\n**Complexity**: Beginner\n\n**Category**: Debugging\n\n**Prompt from library**:\n\n```text\nThis pipeline is failing:\n\nJob: [JOB NAME]\nStage: [STAGE]\nError: [PASTE ERROR MESSAGE/LOG]\n\nHelp me:\n1. Identify the root cause\n2. Suggest a fix\n3. Explain why it started failing\n4. Prevent similar issues\n```\n\n**Why it helps**: CI/CD failures block entire teams. This prompt diagnoses failures in seconds instead of the 15-30 minutes developers typically spend investigating, keeping deployment velocity high.\n\n## Moving from individual gains to team acceleration\nThese prompts represent a shift in how teams apply AI to software delivery. Rather than focusing solely on individual developer productivity, they address the coordination, quality, and knowledge-sharing challenges that actually constrain team velocity.\n\nThe [complete prompt library](https://about.gitlab.com/gitlab-duo/prompt-library/) contains more than 100 prompts across all stages of the software lifecycle: planning, development, security, testing, deployment, and operations. Each prompt is tagged by complexity level (Beginner, Intermediate, Advanced) and categorized by use case, making it easy to find the right starting point for your team.\n\nStart with prompts tagged “Beginner” that address your team’s most pressing obstacles. As your team builds confidence, explore intermediate and advanced prompts that enable more sophisticated workflows. The goal is not just faster coding — it's faster, safer, higher-quality software delivery from planning through production.",[24,714],"DevOps platform",{"featured":12,"template":13,"slug":716},"10-ai-prompts-to-speed-your-teams-software-delivery",{"content":718,"config":728},{"title":719,"description":720,"heroImage":721,"authors":722,"date":724,"body":725,"category":9,"tags":726},"AI can detect vulnerabilities, but who governs risk?","AI-assisted vulnerability detection is developing fast, but the harder challenges of enforcement, governance, and supply chain security require a holistic platform.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772195014/ooezwusxjl1f7ijfmbvj.png",[723],"Omer Azaria","2026-02-27","Anthropic recently announced Claude Code Security, an AI system that detects vulnerabilities and proposes fixes. The market reacted immediately, with security stocks dipping as investors questioned whether AI might replace traditional AppSec tools. The question on everyone's mind: If AI can write code and secure it, is application security about to become obsolete?\n\nIf security only meant scanning code, the answer might be yes. But enterprise security has never been about detection alone.\n\nOrganizations are not asking whether AI can find vulnerabilities. They are asking three much harder questions: \n\n* Is what we are about to ship safe?  \n* Has our risk posture changed as environments evolve and dependencies, third-party services, tools, and infrastructure continuously shift?  \n* How do we govern a codebase that is increasingly assembled by AI and third-party sources, and that we are still accountable for? \n\nThose questions require a platform answer: Detection surfaces risk, but governance determines what happens next. \n\n[GitLab](https://about.gitlab.com/) is the orchestration layer built to govern the software lifecycle end-to-end. It gives teams the enforcement, visibility, and auditability they need to keep pace with the speed of AI-assisted development.\n\n## Trusting AI requires governing risk\n\nAI systems are rapidly getting better at identifying vulnerabilities and suggesting fixes. This is a meaningful and welcome advancement, but analysis is not accountability.\n\nAI cannot enforce company policy or define acceptable risk on its own. Humans must set the boundaries, policies, and guardrails that agents operate within, establishing separation of duties, ensuring audit trails, and maintaining consistent controls across thousands of repositories and teams. Trust in agents comes not from autonomy alone, but from clearly defined governance set by people. \n\nIn an [agentic world](https://about.gitlab.com/topics/agentic-ai/), where software is increasingly written and modified by autonomous systems, governance becomes more important, not less. The more autonomy organizations grant to AI, the stronger the governance must be.\n\nGovernance is not friction. It is the foundation that makes AI-assisted development trustworthy at scale.\n\n## LLMs see code, but platforms see context\n\nA large language model ([LLM](https://about.gitlab.com/blog/what-is-a-large-language-model-llm/)) evaluates code in isolation. An enterprise application security platform understands context. This difference matters because risk decisions are contextual:\n\n* Who authored the change?  \n* How critical is the application to the business?  \n* How does it interact with infrastructure and dependencies?  \n* Does the vulnerability exist in code that is actually reachable in production, or is it buried in a dependency that never executes?  \n* Is it actually exploitable in production, given how the application runs, its APIs, and the environment around it?\n\nSecurity decisions depend on this context. Without it, detection produces noisy alerts that slow down development rather than reducing risk. With it, organizations can triage quickly and manage risk effectively. Context evolves continuously as software changes, which means governance cannot be a one-time decision. \n\n## Static scans can’t keep up with dynamic risk\n\nSoftware risk is dynamic. Dependencies change, environments evolve, and systems interact in ways no single analysis can fully predict. A clean scan at one moment does not guarantee safety at release.\n\nEnterprise security depends on continuous assurance: controls embedded directly into development workflows that evaluate risk as software is built, tested, and deployed.\n\nDetection provides insight. Governance provides trust. Continuous governance is what allows organizations to ship safely at scale.\n\n## Governing the agentic future\n\nAI is reshaping how software is created. The question is no longer whether teams will use AI, but how safely they can scale it.\n\nSoftware today is assembled as much as it is written, from AI-generated code, open-source libraries, and third-party dependencies that span thousands of projects. Governing what ships across all of those sources is the hardest and most consequential part of application security, and it is the part that no developer-side tool is built to address. \n\nAs an intelligent orchestration platform, GitLab is built to address this problem. GitLab Ultimate embeds governance, policy enforcement, security scanning, and auditability directly into the workflows where software is planned, built, and shipped, so security teams can govern at the speed of AI. \n\nAI will accelerate development dramatically. The organizations that benefit most from AI will not be those with the smartest assistants alone, but those that build trust through strong governance.\n\n> To learn how GitLab helps organizations [govern and ship AI-generated code](https://about.gitlab.com/solutions/software-compliance/?utm_medium=blog&utm_campaign=eg_global_x_x_security_en_) safely, [talk to our team today](https://about.gitlab.com/sales/?utm_medium=blog&utm_campaign=eg_global_x_x_security_en_)\n\n\n ## Related reading\n\n - [Integrating AI with DevOps for enhanced security](https://about.gitlab.com/topics/devops/ai-enhanced-security/)\n - [The GitLab AI Security Framework for security leaders](https://about.gitlab.com/blog/the-gitlab-ai-security-framework-for-security-leaders/)\n - [Improve AI security in GitLab with composite identities](https://about.gitlab.com/blog/improve-ai-security-in-gitlab-with-composite-identities/)",[24,727],"security",{"featured":29,"template":13,"slug":729},"ai-can-detect-vulnerabilities-but-who-governs-risk",{"content":731,"config":741},{"title":732,"description":733,"authors":734,"category":9,"tags":736,"date":738,"heroImage":739,"body":740},"Secure and fast deployments to Google Agent Engine with GitLab","Follow this step-by-step guide to build an AI agent with Google's Agent Development Kit and deploy to Agent Engine using GitLab.",[735],"Regnard Raquedan",[24,737,23,25],"google","2026-02-26","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772111172/mwhgbjawn62kymfwrhle.png","In this tutorial, you'll learn how to deploy an AI agent built with Google's Agent Development Kit ([ADK](https://google.github.io/adk-docs/)) to [Agent Engine](https://cloud.google.com/vertex-ai/generative-ai/docs/agent-engine/overview) using GitLab's native Google Cloud integration and CI/CD pipelines. We'll cover IAM configuration, pipeline setup, and testing your deployed agent.\n\n## What is Agent Engine and why does it matter?\n\nAgent Engine is Google Cloud's managed runtime specifically designed for AI agents. Think of it as the production home for your agents — where they live, run, and scale without you having to manage the underlying infrastructure. Agent Engine handles infrastructure, scaling, session management, and memory storage so you can focus on building your agent — not managing servers. It also integrates natively with Google Cloud's logging, monitoring, and IAM.\n\n## Why use GitLab to deploy to Agent Engine?\n\nAI agent deployment is typically difficult to configure correctly. Security considerations, CI/CD orchestration, and cloud permissions create friction that slows down development cycles.\n\nGitLab streamlines this entire process while enhancing security:\n\n- **Built-in security scanning** — Every deployment is automatically scanned for vulnerabilities without additional configuration.\n- **Native Google Cloud integration** — Workload Identity Federation eliminates the need for service account keys.\n- **Simplified CI/CD** — GitLab's templates handle complex deployment logic.\n\n## Prerequisites\n\nBefore you begin, ensure you have:\n\n- A Google Cloud project with the following APIs enabled:\n  - Cloud Storage API\n  - Vertex AI API\n- A GitLab project for your source code and CI/CD pipeline\n- A Google Cloud Storage bucket for staging deployments\n- Google Cloud IAM integration configured in GitLab (see Step 1)\n\nHere are the steps to follow.\n\n## 1. Configure IAM integration\n\nThe foundation of secure deployment is proper IAM configuration between GitLab and Google Cloud using Workload Identity Federation.\n\nIn your GitLab project:\n\n1. Navigate to **Settings > Integrations**.\n2. Locate the **Google Cloud IAM** integration.\n3. Provide the following information:\n   - **Project ID**: Your Google Cloud project ID\n   - **Project Number**: Found in your Google Cloud console\n   - **Workload Identity Pool ID**: A unique identifier for your identity pool\n   - **Provider ID**: A unique identifier for your identity provider\n\nGitLab generates a script for you. Copy and run this script in Google Cloud Shell to establish the Workload Identity Federation between platforms.\n\n**Important:** Add these additional roles to your service principal for Agent Engine deployment:\n\n- `roles/aiplatform.user`\n- `roles/storage.objectAdmin`\n\nYou can add these roles using gcloud commands:\n\n```bash\nGCP_PROJECT_ID=\"\u003Cyour-project-id>\"\nGCP_PROJECT_NUMBER=\"\u003Cyour-project-number>\"\nGCP_WORKLOAD_IDENTITY_POOL=\"\u003Cyour-pool-id>\"\n\ngcloud projects add-iam-policy-binding ${GCP_PROJECT_ID} \\\n  --member=\"principalSet://iam.googleapis.com/projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GCP_WORKLOAD_IDENTITY_POOL}/attribute.developer_access/true\" \\\n  --role='roles/aiplatform.user'\n\ngcloud projects add-iam-policy-binding ${GCP_PROJECT_ID} \\\n  --member=\"principalSet://iam.googleapis.com/projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GCP_WORKLOAD_IDENTITY_POOL}/attribute.developer_access/true\" \\\n  --role='roles/storage.objectAdmin'\n```\n\n## 2. Create the CI/CD pipeline\n\nNow for the core of the deployment — the CI/CD pipeline. Create a `.gitlab-ci.yml` file in your project root:\n\n```yaml\nstages:\n  - test\n  - deploy\n\ncache:\n  paths:\n    - .cache/pip\n  key: ${CI_COMMIT_REF_SLUG}\n\nvariables:\n  GCP_PROJECT_ID: \"\u003Cyour-project-id>\"\n  GCP_REGION: \"us-central1\"\n  STORAGE_BUCKET: \"\u003Cyour-staging-bucket>\"\n  AGENT_NAME: \"Canada City Advisor\"\n  AGENT_ENTRY: \"canada_city_advisor\"\n\nimage: google/cloud-sdk:slim\n\n# Security scanning templates\ninclude:\n  - template: Jobs/Dependency-Scanning.gitlab-ci.yml\n  - template: Jobs/SAST.gitlab-ci.yml\n  - template: Jobs/Secret-Detection.gitlab-ci.yml\n\ndeploy-agent:\n  stage: deploy\n  identity: google_cloud\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n  before_script:\n    - gcloud config set core/disable_usage_reporting true\n    - gcloud config set component_manager/disable_update_check true\n    - pip install -q --no-cache-dir --upgrade pip google-genai google-cloud-aiplatform -r requirements.txt --break-system-packages\n  script:\n    - gcloud config set project $GCP_PROJECT_ID\n    - adk deploy agent_engine \n        --project=$GCP_PROJECT_ID \n        --region=$GCP_REGION \n        --staging_bucket=gs://$STORAGE_BUCKET \n        --display_name=\"$AGENT_NAME\" \n        $AGENT_ENTRY\n```\n\nThe pipeline consists of two stages:\n\n**Test stage** — GitLab's security scanners run automatically. The included templates provide dependency scanning, static application security testing (SAST), and secret detection without additional configuration.\n\n**Deploy stage** — Uses the ADK CLI to deploy your agent directly to Agent Engine. The staging bucket temporarily holds your application workload before Agent Engine picks it up for deployment.\n\n### Key configuration notes\n\n- The `identity: google_cloud` directive enables keyless authentication via Workload Identity Federation.\n- Security scanners are included as templates, meaning they run by default with no setup required.\n- The `adk deploy agent_engine` command handles all the complexity of packaging and deploying your agent.\n- Pipeline caching speeds up subsequent deployments by preserving pip dependencies.\n\n## 3. Deploy and verify\n\nWith your pipeline configured:\n\n1. Commit your agent code and `.gitlab-ci.yml` to GitLab.\n2. Navigate to **Build > Pipelines** to monitor execution.\n3. Watch the test stage complete security scans.\n4. Observe the deploy stage push your agent to Agent Engine.\n\nOnce the pipeline succeeds, verify your deployment in the Google Cloud Console:\n\n1. Navigate to **Vertex AI > Agent Engine**.\n2. Locate your deployed agent.\n3. Note the **resource name** — you'll need this for testing.\n\n## 4. Test your deployed agent\n\nTest your agent using a curl command. You'll need three pieces of information:\n\n- **Agent ID**: From the Agent Engine console (the resource name's numeric identifier)\n- **Project ID**: Your Google Cloud project\n- **Location**: The region where you deployed (e.g., `us-central1`)\n\n```bash\nPROJECT_ID=\"\u003Cyour-project-id>\"\nLOCATION=\"us-central1\"\nAGENT_ID=\"\u003Cyour-agent-id>\"\nTOKEN=$(gcloud auth print-access-token)\n\ncurl -X POST \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  \"https://${LOCATION}-aiplatform.googleapis.com/v1/projects/${PROJECT_ID}/locations/${LOCATION}/reasoningEngines/${AGENT_ID}:streamQuery\" \\\n  -d '{\n    \"input\": {\n      \"message\": \"I make $85,000 per year and I prefer cities with mild winters and a vibrant cultural scene. I also want to be near the coast if possible. What Canadian cities would you recommend?\",\n      \"user_id\": \"demo-user\"\n    }\n  }' | jq -r '.content.parts[0].text'\n```\n\nIf everything is configured correctly, your agent will respond with personalized city recommendations based on the budget and lifestyle preferences provided.\n\n## Security benefits of this approach\n\nThis deployment pattern provides several security advantages:\n\n- **No long-lived credentials**: Workload Identity Federation eliminates service account keys entirely.\n- **Automated vulnerability scanning**: Every deployment is scanned before reaching production.\n- **Complete audit trail**: GitLab maintains full visibility of who deployed what and when.\n- **Principle of least privilege**: Fine-grained IAM roles limit access to only what's needed.\n\n## Summary\n\nDeploying AI agents to production doesn't have to be complex. By combining GitLab's DevSecOps platform with Google Cloud's Agent Engine, you get:\n\n- A managed runtime that handles scaling and infrastructure\n- Built-in security scanning without additional tooling\n- Keyless authentication via native cloud integration\n- A streamlined deployment process that fits modern AI development workflows\n\nWatch the full demo:\n\n\n\u003Cfigure class=\"video_container\"> \u003Ciframe src=\"https://www.youtube.com/embed/sxVFa2Mk-x4?si=Oi3cUjhgd7FT2yEd\" frameborder=\"0\" allowfullscreen=\"true\" title=\"Deploy AI Agents to Agent Engine with GitLab\"> \u003C/iframe> \u003C/figure>\n\n> Ready to try it yourself? Use this tutorial's [complete code example](https://gitlab.com/gitlab-partners-public/google-cloud/demos/agent-engine-demo) to get started now. Not a GitLab customer yet? Explore the DevSecOps platform with [a free trial](https://about.gitlab.com/free-trial/).\n",{"featured":12,"template":13,"slug":742},"secure-and-fast-deployments-to-google-agent-engine-with-gitlab",{"promotions":744},[745,758,770],{"id":746,"categories":747,"header":748,"text":749,"button":750,"image":755},"ai-modernization",[9],"Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":751,"config":752},"Get your AI maturity score",{"href":753,"dataGaName":754,"dataGaLocation":244},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":756},{"src":757},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":759,"categories":760,"header":762,"text":749,"button":763,"image":767},"devops-modernization",[761,39],"product","Are you just managing tools or shipping innovation?",{"text":764,"config":765},"Get your DevOps maturity score",{"href":766,"dataGaName":754,"dataGaLocation":244},"/assessments/devops-modernization-assessment/",{"config":768},{"src":769},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":771,"categories":772,"header":773,"text":749,"button":774,"image":778},"security-modernization",[727],"Are you trading speed for security?",{"text":775,"config":776},"Get your security maturity score",{"href":777,"dataGaName":754,"dataGaLocation":244},"/assessments/security-modernization-assessment/",{"config":779},{"src":780},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":782,"blurb":783,"button":784,"secondaryButton":789},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":785,"config":786},"Get your free trial",{"href":787,"dataGaName":52,"dataGaLocation":788},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":496,"config":790},{"href":56,"dataGaName":57,"dataGaLocation":788},1772652070225]