[{"data":1,"prerenderedAt":794},["ShallowReactive",2],{"/en-us/blog/gitlab-is-an-sca-contender":3,"navigation-en-us":44,"banner-en-us":443,"footer-en-us":453,"blog-post-authors-en-us-Cindy Blake":694,"blog-related-posts-en-us-gitlab-is-an-sca-contender":708,"assessment-promotions-en-us":746,"next-steps-en-us":784},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":29,"isFeatured":12,"meta":30,"navigation":31,"path":32,"publishedDate":20,"seo":33,"stem":38,"tagSlugs":39,"__hash__":43},"blogPosts/en-us/blog/gitlab-is-an-sca-contender.yml","Gitlab Is An Sca Contender",[7],"cindy-blake",null,"company",{"slug":11,"featured":12,"template":13},"gitlab-is-an-sca-contender",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"GitLab is named a Challenger in The Forrester Wave™: Software Composition Analysis, Q2 2019","GitLab has been recognized by analysts as a challenger in Software Composition Analysis.",[18],"Cindy Blake","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669950/Blog/Hero%20Images/security-cameras.jpg","2019-04-12","\n\nWhile GitLab is best known in the traditional DevOps space, we have also begun to grow out our expertise in application security, which may come as a [surprise to security professionals](https://www.linkedin.com/pulse/ciso-cheat-sheet-git-cindy-blake-cissp), who may not have encountered us previously. We may have started out focused on traditional developer tools, however, as GitLab has added capabilities to cover the entire Software Development\nLifecycle (SDLC), this now includes not only a market-leading [Continuous Integration](/blog/gitlab-leader-continuous-integration-forrester-wave/)\nsolution but also, more recently, integrated [application security testing built into the CI/CD pipeline](/solutions/application-security-testing/).\nOur single, end-to-end application enables security testing that is tightly aligned to today’s\nrapid, [iterative cycles of DevOps](/solutions/application-security-testing/) development and the modern\ninfrastructure that accompanies cloud native applications.\n\n## Who was included?\n\nFor The Forrester Wave™: Software Composition Analysis, Q2 2019, participating vendors were required to\nhave most of the following capabilities out of the box:\n- Ability to provide remediation advice on both open source license risk and vulnerabilities;\n- Ability to integrate into SDLC automation tools;\n- Ability to provide proactive vulnerability management;\n- Ability to edit and create policies; and\n- Ability to visually report on open source risk.\n\nParticipating vendors were also required to have more than $10M in revenue and have\ninterest from Forrester clients or relevance to them.\n\n## GitLab is a new challenger\n\nHaving only added security capabilities in December 2017, GitLab has been excluded from\nother analyst application security reports that only look at more established players.\nIn our first official security-oriented analyst evaluation, we are excited not only to get the\nword out about GitLab’s security capabilities, but also to have this opportunity for analyst\nfeedback and insight into how GitLab compares. We take to heart not only areas where we\nshine – but also where improvement is needed. With GitLab,\n“[everyone can contribute](/community/contribute/),” and the feedback gained from\nForrester is another valuable contribution. We also welcome [your participation](/community/contribute/) and invite you to help us\nunderstand what you would like to see as our security capabilities grow.\n\nBased on this analyst report and analyst interaction feedback, we are already addressing improvement opportunities in our\n[roadmap](/direction/application_security_testing/#upcoming-releases) and [vision](/direction/application_security_testing/#direction).\n\n**Check out our [complete SCA response](/blog/gitlab-is-an-sca-contender/) for links to specific updates and response comments.**\n\nAs a company dedicated to releasing incrementally, delivering first on breadth and then\non depth, it is not uncommon for GitLab to initially place in more of a challenger position,\nas our feature set generally does not have the same maturity as established players in the space.\nHowever, when GitLab enters a space, we do so boldly, with clear intentions and a solid strategy.\nGitLab’s strategy for application security testing and software composition analysis focuses\nmore equally on both the developer and the security professional than traditional solutions.\nYou will find some areas in strategy where we were not scored as highly as we believe we\nshould be, due to our more aggressive focus on development.\n\n## Updates since the evaluation\n\nGitLab has shipped a [major new release every month](/releases/categories/releases/)\nfor 90 consecutive months. Forrester evaluated GitLab 11.6 for this report while versions\n[11.7](/releases/2019/01/22/gitlab-11-7-released/), [11.8](/releases/2019/02/22/gitlab-11-8-released/), and\n[11.9](/releases/2019/03/22/gitlab-11-9-released/) have since been released. You will find several features\nthat Forrester felt were lacking have already been added, including improvements to the\nsecurity dashboard, additional languages added to SAST scanning, and secrets detection.\nWhen using Forrester’s scoring tool, be sure to adjust the criteria for our current capabilities.\nA list of what’s been added since Forrester’s evaluation can be found on our [complete SCA response](/blog/gitlab-is-an-sca-contender/).\n\n## Forrester’s key takeaway: “Remediation, policy management, and reporting are key differentiators”\n\nForrester says, “As developers continue to use open source to accelerate the release of new\napplication functionality, remediation, policy management, and reporting will dictate which\nproviders will lead the pack. Vendors that can provide developers with remediation advice\nand even create patches position themselves to significantly reduce business risk.”\n\nThis takeaway is closely aligned with GitLab's [vision for application security testing](/direction/application_security_testing/#direction)\nand our work in progress for [auto remediation](https://gitlab.com/groups/gitlab-org/-/epics/133). While not available in the evaluated version (11.6), today’s GA release, (11.9), [can detect a more current patch available](/releases/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request) and\nenable the developer to create a [new branch and apply the patch](https://docs.gitlab.com/ee/user/application_security/security_dashboard/#create-a-merge-request-from-a-vulnerability)\nwith one click. Upcoming versions will [automatically run the pipeline and present the results](https://gitlab.com/groups/gitlab-org/-/epics/275) to the developer to accept or reject.\nBy automating remediations that are readily apparent, developers and security can focus on\nvulnerabilities whose remediation is not as straightforward.\n\nThe fact that GitLab is a [single application](/) for the entire SDLC enables us to take\nremediation even further – actually running the pipeline in a separate branch,\neven [measuring the performance impact](https://gitlab.com/gitlab-org/gitlab-ee/issues/9382)\nof the patch. We isolate the cause and effect: the developer makes a code change, that code is\ntested and they see the results before merging the code with others’. It also allows us to do [Dynamic scanning](https://docs.gitlab.com/ee/user/application_security/dast/) in the same manner, before the\ncode is merged with anyone else’s. We do this by spinning up a\n[review app](https://docs.gitlab.com/ee/ci/review_apps/) in the pipeline report.\nThis fully functioning app reflects the developer’s code changes and can be used for user testing,\nperformance testing, and dynamic app security scanning.\n\n## GitLab's advice\n\nWe believe GitLab is ideal for enterprises who are:\n\n* Using GitLab for CI/CD.\n* Practicing iterative development via DevOps.\n* Using containers and serverless.\n\nFor the enterprise that has not invested in app sec tools, GitLab can quickly provide\nscanning, often necessary for regulatory compliance, with a single application.\nGitLab offers SAST, DAST, Dependency, Container Scanning, and License Management [with one app](/solutions/application-security-testing/) – no need to evaluate and buy from multiple vendors, then stitch together integration with the DevOps toolchain. In fact, GitLab customer, [Glympse Inc.](https://glympse.com/),\nstood up 40 repos with automated security testing, using all of the GitLab scans, in less time\nthan they could have installed just the individual tools – and as a bonus, they impressed their\nauditors with their process.\n\nFor the enterprise already deeply invested in traditional app sec tools, GitLab affords a\nbroader and [earlier scanning effort](/solutions/application-security-testing/), using a tool that\ndevelopers are already using. GitLab can scan every code change, much the way that\nevery airplane passenger gets scanned through security. Save the deeper scans for\nlater and/or less frequent evaluation by the security team. Consider using GitLab on select\nprojects to experience the more efficient workflow and potentially reduce your scanning costs from costlier tools.\n\n## Our response\n\n We invite you to see our [complete response](/blog/gitlab-is-an-sca-contender/), and as always, welcome\n [your contributions](/community/contribute/)!\n\n Cover image by [Scott Webb](https://unsplash.com/@scottwebb) on [Unsplash](https://unsplash.com/photos/yekGLpc3vro)\n",[23,24,25,26,27,28],"cloud native","inside GitLab","open source","news","security","testing","yml",{},true,"/en-us/blog/gitlab-is-an-sca-contender",{"title":34,"description":16,"ogTitle":34,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":35,"ogSiteName":36,"ogType":37,"canonicalUrls":35},"Forrester names GitLab challenger in software composition","https://about.gitlab.com/blog/gitlab-is-an-sca-contender","https://about.gitlab.com","article","en-us/blog/gitlab-is-an-sca-contender",[40,41,42,26,27,28],"cloud-native","inside-gitlab","open-source","iI3yIxOjZ0xhgZMzoyWUWLA6uI5gFCjX7x4ycom26W0",{"data":45},{"logo":46,"freeTrial":51,"sales":56,"login":61,"items":66,"search":373,"minimal":404,"duo":423,"pricingDeployment":433},{"config":47},{"href":48,"dataGaName":49,"dataGaLocation":50},"/","gitlab logo","header",{"text":52,"config":53},"Get free trial",{"href":54,"dataGaName":55,"dataGaLocation":50},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":57,"config":58},"Talk to sales",{"href":59,"dataGaName":60,"dataGaLocation":50},"/sales/","sales",{"text":62,"config":63},"Sign in",{"href":64,"dataGaName":65,"dataGaLocation":50},"https://gitlab.com/users/sign_in/","sign in",[67,94,189,194,295,354],{"text":68,"config":69,"cards":71},"Platform",{"dataNavLevelOne":70},"platform",[72,78,86],{"title":68,"description":73,"link":74},"The intelligent orchestration platform for DevSecOps",{"text":75,"config":76},"Explore our Platform",{"href":77,"dataGaName":70,"dataGaLocation":50},"/platform/",{"title":79,"description":80,"link":81},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":82,"config":83},"Meet GitLab Duo",{"href":84,"dataGaName":85,"dataGaLocation":50},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":87,"description":88,"link":89},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":90,"config":91},"Learn more",{"href":92,"dataGaName":93,"dataGaLocation":50},"/why-gitlab/","why gitlab",{"text":95,"left":31,"config":96,"link":98,"lists":102,"footer":171},"Product",{"dataNavLevelOne":97},"solutions",{"text":99,"config":100},"View all Solutions",{"href":101,"dataGaName":97,"dataGaLocation":50},"/solutions/",[103,127,150],{"title":104,"description":105,"link":106,"items":111},"Automation","CI/CD and automation to accelerate deployment",{"config":107},{"icon":108,"href":109,"dataGaName":110,"dataGaLocation":50},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[112,116,119,123],{"text":113,"config":114},"CI/CD",{"href":115,"dataGaLocation":50,"dataGaName":113},"/solutions/continuous-integration/",{"text":79,"config":117},{"href":84,"dataGaLocation":50,"dataGaName":118},"gitlab duo agent platform - product menu",{"text":120,"config":121},"Source Code Management",{"href":122,"dataGaLocation":50,"dataGaName":120},"/solutions/source-code-management/",{"text":124,"config":125},"Automated Software Delivery",{"href":109,"dataGaLocation":50,"dataGaName":126},"Automated software delivery",{"title":128,"description":129,"link":130,"items":135},"Security","Deliver code faster without compromising security",{"config":131},{"href":132,"dataGaName":133,"dataGaLocation":50,"icon":134},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[136,140,145],{"text":137,"config":138},"Application Security Testing",{"href":132,"dataGaName":139,"dataGaLocation":50},"Application security testing",{"text":141,"config":142},"Software Supply Chain Security",{"href":143,"dataGaLocation":50,"dataGaName":144},"/solutions/supply-chain/","Software supply chain security",{"text":146,"config":147},"Software Compliance",{"href":148,"dataGaName":149,"dataGaLocation":50},"/solutions/software-compliance/","software compliance",{"title":151,"link":152,"items":157},"Measurement",{"config":153},{"icon":154,"href":155,"dataGaName":156,"dataGaLocation":50},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[158,162,166],{"text":159,"config":160},"Visibility & Measurement",{"href":155,"dataGaLocation":50,"dataGaName":161},"Visibility and Measurement",{"text":163,"config":164},"Value Stream Management",{"href":165,"dataGaLocation":50,"dataGaName":163},"/solutions/value-stream-management/",{"text":167,"config":168},"Analytics & Insights",{"href":169,"dataGaLocation":50,"dataGaName":170},"/solutions/analytics-and-insights/","Analytics and insights",{"title":172,"items":173},"GitLab for",[174,179,184],{"text":175,"config":176},"Enterprise",{"href":177,"dataGaLocation":50,"dataGaName":178},"/enterprise/","enterprise",{"text":180,"config":181},"Small Business",{"href":182,"dataGaLocation":50,"dataGaName":183},"/small-business/","small business",{"text":185,"config":186},"Public Sector",{"href":187,"dataGaLocation":50,"dataGaName":188},"/solutions/public-sector/","public sector",{"text":190,"config":191},"Pricing",{"href":192,"dataGaName":193,"dataGaLocation":50,"dataNavLevelOne":193},"/pricing/","pricing",{"text":195,"config":196,"link":198,"lists":202,"feature":282},"Resources",{"dataNavLevelOne":197},"resources",{"text":199,"config":200},"View all resources",{"href":201,"dataGaName":197,"dataGaLocation":50},"/resources/",[203,236,254],{"title":204,"items":205},"Getting started",[206,211,216,221,226,231],{"text":207,"config":208},"Install",{"href":209,"dataGaName":210,"dataGaLocation":50},"/install/","install",{"text":212,"config":213},"Quick start guides",{"href":214,"dataGaName":215,"dataGaLocation":50},"/get-started/","quick setup checklists",{"text":217,"config":218},"Learn",{"href":219,"dataGaLocation":50,"dataGaName":220},"https://university.gitlab.com/","learn",{"text":222,"config":223},"Product documentation",{"href":224,"dataGaName":225,"dataGaLocation":50},"https://docs.gitlab.com/","product documentation",{"text":227,"config":228},"Best practice videos",{"href":229,"dataGaName":230,"dataGaLocation":50},"/getting-started-videos/","best practice videos",{"text":232,"config":233},"Integrations",{"href":234,"dataGaName":235,"dataGaLocation":50},"/integrations/","integrations",{"title":237,"items":238},"Discover",[239,244,249],{"text":240,"config":241},"Customer success stories",{"href":242,"dataGaName":243,"dataGaLocation":50},"/customers/","customer success stories",{"text":245,"config":246},"Blog",{"href":247,"dataGaName":248,"dataGaLocation":50},"/blog/","blog",{"text":250,"config":251},"Remote",{"href":252,"dataGaName":253,"dataGaLocation":50},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":255,"items":256},"Connect",[257,262,267,272,277],{"text":258,"config":259},"GitLab Services",{"href":260,"dataGaName":261,"dataGaLocation":50},"/services/","services",{"text":263,"config":264},"Community",{"href":265,"dataGaName":266,"dataGaLocation":50},"/community/","community",{"text":268,"config":269},"Forum",{"href":270,"dataGaName":271,"dataGaLocation":50},"https://forum.gitlab.com/","forum",{"text":273,"config":274},"Events",{"href":275,"dataGaName":276,"dataGaLocation":50},"/events/","events",{"text":278,"config":279},"Partners",{"href":280,"dataGaName":281,"dataGaLocation":50},"/partners/","partners",{"backgroundColor":283,"textColor":284,"text":285,"image":286,"link":290},"#2f2a6b","#fff","Insights for the future of software development",{"altText":287,"config":288},"the source promo card",{"src":289},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":291,"config":292},"Read the latest",{"href":293,"dataGaName":294,"dataGaLocation":50},"/the-source/","the source",{"text":296,"config":297,"lists":298},"Company",{"dataNavLevelOne":9},[299],{"items":300},[301,306,312,314,319,324,329,334,339,344,349],{"text":302,"config":303},"About",{"href":304,"dataGaName":305,"dataGaLocation":50},"/company/","about",{"text":307,"config":308,"footerGa":311},"Jobs",{"href":309,"dataGaName":310,"dataGaLocation":50},"/jobs/","jobs",{"dataGaName":310},{"text":273,"config":313},{"href":275,"dataGaName":276,"dataGaLocation":50},{"text":315,"config":316},"Leadership",{"href":317,"dataGaName":318,"dataGaLocation":50},"/company/team/e-group/","leadership",{"text":320,"config":321},"Team",{"href":322,"dataGaName":323,"dataGaLocation":50},"/company/team/","team",{"text":325,"config":326},"Handbook",{"href":327,"dataGaName":328,"dataGaLocation":50},"https://handbook.gitlab.com/","handbook",{"text":330,"config":331},"Investor relations",{"href":332,"dataGaName":333,"dataGaLocation":50},"https://ir.gitlab.com/","investor relations",{"text":335,"config":336},"Trust Center",{"href":337,"dataGaName":338,"dataGaLocation":50},"/security/","trust center",{"text":340,"config":341},"AI Transparency Center",{"href":342,"dataGaName":343,"dataGaLocation":50},"/ai-transparency-center/","ai transparency center",{"text":345,"config":346},"Newsletter",{"href":347,"dataGaName":348,"dataGaLocation":50},"/company/contact/#contact-forms","newsletter",{"text":350,"config":351},"Press",{"href":352,"dataGaName":353,"dataGaLocation":50},"/press/","press",{"text":355,"config":356,"lists":357},"Contact us",{"dataNavLevelOne":9},[358],{"items":359},[360,363,368],{"text":57,"config":361},{"href":59,"dataGaName":362,"dataGaLocation":50},"talk to sales",{"text":364,"config":365},"Support portal",{"href":366,"dataGaName":367,"dataGaLocation":50},"https://support.gitlab.com","support portal",{"text":369,"config":370},"Customer portal",{"href":371,"dataGaName":372,"dataGaLocation":50},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":374,"login":375,"suggestions":382},"Close",{"text":376,"link":377},"To search repositories and projects, login to",{"text":378,"config":379},"gitlab.com",{"href":64,"dataGaName":380,"dataGaLocation":381},"search login","search",{"text":383,"default":384},"Suggestions",[385,387,391,393,397,401],{"text":79,"config":386},{"href":84,"dataGaName":79,"dataGaLocation":381},{"text":388,"config":389},"Code Suggestions (AI)",{"href":390,"dataGaName":388,"dataGaLocation":381},"/solutions/code-suggestions/",{"text":113,"config":392},{"href":115,"dataGaName":113,"dataGaLocation":381},{"text":394,"config":395},"GitLab on AWS",{"href":396,"dataGaName":394,"dataGaLocation":381},"/partners/technology-partners/aws/",{"text":398,"config":399},"GitLab on Google Cloud",{"href":400,"dataGaName":398,"dataGaLocation":381},"/partners/technology-partners/google-cloud-platform/",{"text":402,"config":403},"Why GitLab?",{"href":92,"dataGaName":402,"dataGaLocation":381},{"freeTrial":405,"mobileIcon":410,"desktopIcon":415,"secondaryButton":418},{"text":406,"config":407},"Start free trial",{"href":408,"dataGaName":55,"dataGaLocation":409},"https://gitlab.com/-/trials/new/","nav",{"altText":411,"config":412},"Gitlab Icon",{"src":413,"dataGaName":414,"dataGaLocation":409},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":411,"config":416},{"src":417,"dataGaName":414,"dataGaLocation":409},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":419,"config":420},"Get Started",{"href":421,"dataGaName":422,"dataGaLocation":409},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":424,"mobileIcon":429,"desktopIcon":431},{"text":425,"config":426},"Learn more about GitLab Duo",{"href":427,"dataGaName":428,"dataGaLocation":409},"/gitlab-duo/","gitlab duo",{"altText":411,"config":430},{"src":413,"dataGaName":414,"dataGaLocation":409},{"altText":411,"config":432},{"src":417,"dataGaName":414,"dataGaLocation":409},{"freeTrial":434,"mobileIcon":439,"desktopIcon":441},{"text":435,"config":436},"Back to pricing",{"href":192,"dataGaName":437,"dataGaLocation":409,"icon":438},"back to pricing","GoBack",{"altText":411,"config":440},{"src":413,"dataGaName":414,"dataGaLocation":409},{"altText":411,"config":442},{"src":417,"dataGaName":414,"dataGaLocation":409},{"title":444,"button":445,"config":450},"See how agentic AI transforms software delivery",{"text":446,"config":447},"Watch GitLab Transcend now",{"href":448,"dataGaName":449,"dataGaLocation":50},"/events/transcend/virtual/","transcend event",{"layout":451,"icon":452},"release","AiStar",{"data":454},{"text":455,"source":456,"edit":462,"contribute":467,"config":472,"items":477,"minimal":683},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":457,"config":458},"View page source",{"href":459,"dataGaName":460,"dataGaLocation":461},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":463,"config":464},"Edit this page",{"href":465,"dataGaName":466,"dataGaLocation":461},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":468,"config":469},"Please contribute",{"href":470,"dataGaName":471,"dataGaLocation":461},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":473,"facebook":474,"youtube":475,"linkedin":476},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[478,525,578,622,649],{"title":190,"links":479,"subMenu":494},[480,484,489],{"text":481,"config":482},"View plans",{"href":192,"dataGaName":483,"dataGaLocation":461},"view plans",{"text":485,"config":486},"Why Premium?",{"href":487,"dataGaName":488,"dataGaLocation":461},"/pricing/premium/","why premium",{"text":490,"config":491},"Why Ultimate?",{"href":492,"dataGaName":493,"dataGaLocation":461},"/pricing/ultimate/","why ultimate",[495],{"title":496,"links":497},"Contact Us",[498,501,503,505,510,515,520],{"text":499,"config":500},"Contact sales",{"href":59,"dataGaName":60,"dataGaLocation":461},{"text":364,"config":502},{"href":366,"dataGaName":367,"dataGaLocation":461},{"text":369,"config":504},{"href":371,"dataGaName":372,"dataGaLocation":461},{"text":506,"config":507},"Status",{"href":508,"dataGaName":509,"dataGaLocation":461},"https://status.gitlab.com/","status",{"text":511,"config":512},"Terms of use",{"href":513,"dataGaName":514,"dataGaLocation":461},"/terms/","terms of use",{"text":516,"config":517},"Privacy statement",{"href":518,"dataGaName":519,"dataGaLocation":461},"/privacy/","privacy statement",{"text":521,"config":522},"Cookie preferences",{"dataGaName":523,"dataGaLocation":461,"id":524,"isOneTrustButton":31},"cookie preferences","ot-sdk-btn",{"title":95,"links":526,"subMenu":535},[527,531],{"text":528,"config":529},"DevSecOps platform",{"href":77,"dataGaName":530,"dataGaLocation":461},"devsecops platform",{"text":532,"config":533},"AI-Assisted Development",{"href":427,"dataGaName":534,"dataGaLocation":461},"ai-assisted development",[536],{"title":537,"links":538},"Topics",[539,544,549,554,559,564,568,573],{"text":540,"config":541},"CICD",{"href":542,"dataGaName":543,"dataGaLocation":461},"/topics/ci-cd/","cicd",{"text":545,"config":546},"GitOps",{"href":547,"dataGaName":548,"dataGaLocation":461},"/topics/gitops/","gitops",{"text":550,"config":551},"DevOps",{"href":552,"dataGaName":553,"dataGaLocation":461},"/topics/devops/","devops",{"text":555,"config":556},"Version Control",{"href":557,"dataGaName":558,"dataGaLocation":461},"/topics/version-control/","version control",{"text":560,"config":561},"DevSecOps",{"href":562,"dataGaName":563,"dataGaLocation":461},"/topics/devsecops/","devsecops",{"text":565,"config":566},"Cloud Native",{"href":567,"dataGaName":23,"dataGaLocation":461},"/topics/cloud-native/",{"text":569,"config":570},"AI for Coding",{"href":571,"dataGaName":572,"dataGaLocation":461},"/topics/devops/ai-for-coding/","ai for coding",{"text":574,"config":575},"Agentic AI",{"href":576,"dataGaName":577,"dataGaLocation":461},"/topics/agentic-ai/","agentic ai",{"title":579,"links":580},"Solutions",[581,583,585,590,594,597,601,604,606,609,612,617],{"text":137,"config":582},{"href":132,"dataGaName":137,"dataGaLocation":461},{"text":126,"config":584},{"href":109,"dataGaName":110,"dataGaLocation":461},{"text":586,"config":587},"Agile development",{"href":588,"dataGaName":589,"dataGaLocation":461},"/solutions/agile-delivery/","agile delivery",{"text":591,"config":592},"SCM",{"href":122,"dataGaName":593,"dataGaLocation":461},"source code management",{"text":540,"config":595},{"href":115,"dataGaName":596,"dataGaLocation":461},"continuous integration & delivery",{"text":598,"config":599},"Value stream management",{"href":165,"dataGaName":600,"dataGaLocation":461},"value stream management",{"text":545,"config":602},{"href":603,"dataGaName":548,"dataGaLocation":461},"/solutions/gitops/",{"text":175,"config":605},{"href":177,"dataGaName":178,"dataGaLocation":461},{"text":607,"config":608},"Small business",{"href":182,"dataGaName":183,"dataGaLocation":461},{"text":610,"config":611},"Public sector",{"href":187,"dataGaName":188,"dataGaLocation":461},{"text":613,"config":614},"Education",{"href":615,"dataGaName":616,"dataGaLocation":461},"/solutions/education/","education",{"text":618,"config":619},"Financial services",{"href":620,"dataGaName":621,"dataGaLocation":461},"/solutions/finance/","financial services",{"title":195,"links":623},[624,626,628,630,633,635,637,639,641,643,645,647],{"text":207,"config":625},{"href":209,"dataGaName":210,"dataGaLocation":461},{"text":212,"config":627},{"href":214,"dataGaName":215,"dataGaLocation":461},{"text":217,"config":629},{"href":219,"dataGaName":220,"dataGaLocation":461},{"text":222,"config":631},{"href":224,"dataGaName":632,"dataGaLocation":461},"docs",{"text":245,"config":634},{"href":247,"dataGaName":248,"dataGaLocation":461},{"text":240,"config":636},{"href":242,"dataGaName":243,"dataGaLocation":461},{"text":250,"config":638},{"href":252,"dataGaName":253,"dataGaLocation":461},{"text":258,"config":640},{"href":260,"dataGaName":261,"dataGaLocation":461},{"text":263,"config":642},{"href":265,"dataGaName":266,"dataGaLocation":461},{"text":268,"config":644},{"href":270,"dataGaName":271,"dataGaLocation":461},{"text":273,"config":646},{"href":275,"dataGaName":276,"dataGaLocation":461},{"text":278,"config":648},{"href":280,"dataGaName":281,"dataGaLocation":461},{"title":296,"links":650},[651,653,655,657,659,661,663,667,672,674,676,678],{"text":302,"config":652},{"href":304,"dataGaName":9,"dataGaLocation":461},{"text":307,"config":654},{"href":309,"dataGaName":310,"dataGaLocation":461},{"text":315,"config":656},{"href":317,"dataGaName":318,"dataGaLocation":461},{"text":320,"config":658},{"href":322,"dataGaName":323,"dataGaLocation":461},{"text":325,"config":660},{"href":327,"dataGaName":328,"dataGaLocation":461},{"text":330,"config":662},{"href":332,"dataGaName":333,"dataGaLocation":461},{"text":664,"config":665},"Sustainability",{"href":666,"dataGaName":664,"dataGaLocation":461},"/sustainability/",{"text":668,"config":669},"Diversity, inclusion and belonging (DIB)",{"href":670,"dataGaName":671,"dataGaLocation":461},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":335,"config":673},{"href":337,"dataGaName":338,"dataGaLocation":461},{"text":345,"config":675},{"href":347,"dataGaName":348,"dataGaLocation":461},{"text":350,"config":677},{"href":352,"dataGaName":353,"dataGaLocation":461},{"text":679,"config":680},"Modern Slavery Transparency Statement",{"href":681,"dataGaName":682,"dataGaLocation":461},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":684},[685,688,691],{"text":686,"config":687},"Terms",{"href":513,"dataGaName":514,"dataGaLocation":461},{"text":689,"config":690},"Cookies",{"dataGaName":523,"dataGaLocation":461,"id":524,"isOneTrustButton":31},{"text":692,"config":693},"Privacy",{"href":518,"dataGaName":519,"dataGaLocation":461},[695],{"id":696,"title":18,"body":8,"config":697,"content":699,"description":8,"extension":29,"meta":703,"navigation":31,"path":704,"seo":705,"stem":706,"__hash__":707},"blogAuthors/en-us/blog/authors/cindy-blake.yml",{"template":698},"BlogAuthor",{"name":18,"config":700},{"headshot":701,"ctfId":702},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","cblake",{},"/en-us/blog/authors/cindy-blake",{},"en-us/blog/authors/cindy-blake","y5o31WArVEOahArNxG6BRDGe-6ajjKeVuZ483c9qkmA",[709,721,732],{"content":710,"config":719},{"title":711,"description":712,"authors":713,"heroImage":715,"date":716,"body":717,"category":9,"tags":718,"updatedDate":716},"GitLab names Bill Staples as new CEO","Co-founder Sid Sijbrandij transitions to Executive Chair of the Board.",[714],"Sid Sijbrandij","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665388/Blog/Hero%20Images/Revised2.png","2024-12-05","__This message from Sid Sijbrandij and Bill Staples was shared with GitLab team members earlier today.__ \n\n__Sid:__ On today’s earnings call, I announced that I am stepping down as CEO and will remain Executive Chair of the Board. I also introduced GitLab’s new CEO, [Bill Staples](https://www.linkedin.com/in/williamstaples/). \n\nAs a Board, we routinely do succession planning. This includes conversations with a number of top executives. We’ve been having these conversations in greater earnest since my cancer returned. Through these discussions, we identified someone uniquely qualified to lead GitLab. I want more time to focus on my cancer treatment and health. My treatments are going well, my cancer is not metastatic, and I'm working towards making a full recovery. Stepping down from a role that I love is not easy, but I believe that it is the right decision for GitLab.\n\nI couldn't be more excited to introduce you to Bill Staples, who will be leading GitLab into its next chapter. Bill will be GitLab’s CEO, effective today. He will also join the GitLab Board as a Director. Bill was most recently a public company CEO at New Relic. During his time there, he significantly increased the value of the company by accelerating revenue and driving increased profitability. He also brings decades of experience in leadership roles at Adobe and Microsoft. When I began speaking with Bill, I was immediately drawn to his customer-centric approach and deep product expertise. As I got to know him further, I knew that his shared value system made him the right person for this role, for our team members, for our customers, and for our shareholders. I feel fortunate that GitLab has found someone with a great leadership track record and strong DevOps expertise to lead GitLab into the future.\n\nWe have come so far from the early days when we launched GitLab.com. We have created the DevOps category and are the leader in the Gartner Magic Quadrant for both vision and execution. Millions of people now use GitLab to deliver software faster and more efficiently. We have integrated AI, Security, and Compliance into our platform to offer our enterprise customers the strongest AI-powered DevSecOps solution. We have also built GitLab in collaboration with our contributors. Last quarter, we had an all-time high of an estimated 1,800 code contributions from the wider community. It is incredible that as GitLab grew, our contributor community grew with us. We have done all of this while being a values-driven company, leading in all-remote work, championing transparency through our public handbook and culture, and co-creating with the wider community.\n\nI feel many things today, but more than anything else, I am grateful. I want to thank our customers. Driving results for them has been at the core of GitLab’s values, and I greatly appreciate their trust in us. I want to thank the wider GitLab community for their trust and enthusiasm. Their tens of thousands of contributions have greatly enhanced GitLab and its value for all users. Thank you, GitLab team members. Your contributions are at the core of GitLab’s success and the value we drive for our customers. Thank you, E-Group. You are amazing partners and collaborators in leading GitLab and our team members to achieve our very best. Thank you, GitLab Board. I have appreciated your support throughout my time as CEO and look forward to our ongoing partnership as I continue to serve as Executive Chair. And, thank you, Bill. I am excited for you to lead our next phase of growth. I am here to support you and the company in GitLab’s next chapter!\n\nI couldn't be more thrilled about Bill and what's ahead for GitLab with him at the helm. We have an incredible opportunity in front of us. Software has never mattered more, and GitLab is well-positioned to be the platform that best enables folks to create, secure, and operate it. I look forward to staying part of the company and being actively involved wherever Bill can use me. \n\n__Bill:__ Thanks, Sid, for the warm welcome! I greatly admire you and what you have accomplished. Very few people in the world have built a $10B market-cap technology company, taken it public, and scaled it to $750M in run-rate revenue. You have done incredible things with GitLab, and I’m grateful you will continue to play a meaningful role in the company. I appreciate your trust in me and commit to building upon the successes you and others should rightfully celebrate. \n\nI am so excited about GitLab and the opportunity ahead of us. Over the coming decade, we will see software-driven transformation around the world as AI accelerates and transforms the software revolution already in motion. GitLab and our mission are going to be more important than ever. I look forward to working with this team to scale GitLab well beyond where it is today.\n",[26],{"slug":720,"featured":31,"template":13},"gitlab-names-bill-staples-as-new-ceo",{"content":722,"config":730},{"title":723,"description":724,"authors":725,"heroImage":727,"date":728,"body":729,"category":9},"Our Privacy Policy has been updated","Our updated Privacy Policy clarifies our existing data processing activities.",[726],"GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664472/Blog/Hero%20Images/gitlabflatlogomap.png","2023-06-14","As part of our commitment to keeping our policies current, we made some updates to our [Privacy Policy](/privacy/) on June 14, 2022.  These updates are intended to clarify our existing data processing activities and to provide information on processing that may derive from new features.  Through this update, we continue to provide transparency to our data processing activities, in line with an evolving privacy landscape.  Specifically, these policy updates include the following:\n\n- Clarification about which processing activities apply to each respective GitLab product;\n- Information about when personal data may be collected to verify someone’s identity to enable certain product features;\n- Clarification about what personal data is collected to provide a license and maintain a subscription; \n- Additional information regarding our Service Usage data collection practices, and the inclusion of certain processing activities, such as Event Analytics and Call Recordings;\n- Additional information regarding the purposes for which personal data is collected;\n- Minor updates regarding our legal basis for processing your personal data in the European Union; \n- Updates to our data retention practices for inactive accounts; \n- Clarification about how to delete your personal data at GitLab and how deletion is effectuated for public projects; \n- An additional notice that details our processing and your rights under the California Consumer Privacy Act, including CCPA metrics reporting;\n\nOverall, we believe that these updates will empower our users to make informed decisions about their personal data.  Please visit the complete text of our Privacy Policy and [Cookie Policy](/privacy/cookies/) to learn more about how GitLab processes personal data and your rights and choices regarding such processing.\n",{"slug":731,"featured":12,"template":13},"our-privacy-policy-has-been-updated",{"content":733,"config":744},{"title":734,"description":735,"authors":736,"heroImage":738,"date":739,"body":740,"category":9,"tags":741},"Rate limitations for unauthorized users of the Projects List API","Learn details about upcoming changes for unauthenticated users of the Projects List API.",[737],"Christina Lohr","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664087/Blog/Hero%20Images/tanukicover.jpg","2023-04-10","\n\nStarting on May 22 for self-managed GitLab, and May 8 for GitLab.com, unauthenticated users will be subject to rate limitations when using the Projects List API. This change has been made to ensure the stability and reliability of our platform for all users.\n\n**Note:** Authorized users are not affected by this change.\n\n## What is the the Projects List API?\n\nThe Projects List API provides information about GitLab projects, including name, description, and other metadata. This API is widely used by our community, including researchers, developers, and integrators, to retrieve and analyze information about GitLab projects. We value this usage and aim to support it as much as possible.\n\n## Rate limitation details\n\nIn recent months, we have observed that the frequency and intensity of requests made by unauthenticated, also known as anonymous, users to the Projects List API have increased significantly. This has resulted in an increased load on our servers, which has impacted the performance and stability of our platform for all users. To address this issue, we have decided to introduce rate limitations for unauthenticated users.\n\nAs a consequence of this change, unauthenticated users of the Projects List API will be limited to 400 requests per 10 minutes per unique IP address on GitLab.com. If an unauthenticated user exceeds this limit, the user will receive a \"429 Too Many Requests\" response. On GitLab.com, this limit cannot be changed. Users of self-managed GitLab instances have the same rate limitation set by default, but [admins can change the rate limits](https://docs.gitlab.com/ee/administration/settings/rate_limit_on_projects_api.html#rate-limit-on-projects-api) as they see fit via the UI or the application settings API. They can also set the rate limit to zero, which acts as if there is no rate limitation at all.\n\nWe understand that this change may impact some of our users who rely on the Projects List API, and we apologize for any inconvenience this may cause. We encourage users who need to make more than 400 requests per 10 minutes to the Projects List API to [sign up for a GitLab account](/pricing/), which provides higher rate limits and other benefits, such as access to additional APIs and integrations.\n\nIf you have any questions or concerns about this change, please do not hesitate to [leave feedback in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/404611).\n",[742,743,26],"product","features",{"slug":745,"featured":12,"template":13},"rate-limitation-for-unauthorized-users-projects-list-api",{"promotions":747},[748,762,773],{"id":749,"categories":750,"header":752,"text":753,"button":754,"image":759},"ai-modernization",[751],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":755,"config":756},"Get your AI maturity score",{"href":757,"dataGaName":758,"dataGaLocation":248},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":760},{"src":761},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":763,"categories":764,"header":765,"text":753,"button":766,"image":770},"devops-modernization",[742,563],"Are you just managing tools or shipping innovation?",{"text":767,"config":768},"Get your DevOps maturity score",{"href":769,"dataGaName":758,"dataGaLocation":248},"/assessments/devops-modernization-assessment/",{"config":771},{"src":772},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":774,"categories":775,"header":776,"text":753,"button":777,"image":781},"security-modernization",[27],"Are you trading speed for security?",{"text":778,"config":779},"Get your security maturity score",{"href":780,"dataGaName":758,"dataGaLocation":248},"/assessments/security-modernization-assessment/",{"config":782},{"src":783},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":785,"blurb":786,"button":787,"secondaryButton":792},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":788,"config":789},"Get your free trial",{"href":790,"dataGaName":55,"dataGaLocation":791},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":499,"config":793},{"href":59,"dataGaName":60,"dataGaLocation":791},1772652063603]