[{"data":1,"prerenderedAt":791},["ShallowReactive",2],{"/en-us/blog/gitlab-open-sources-protocol-fuzz-test-engine":3,"navigation-en-us":36,"banner-en-us":436,"footer-en-us":446,"blog-post-authors-en-us-Sam Kerr":688,"blog-related-posts-en-us-gitlab-open-sources-protocol-fuzz-test-engine":702,"assessment-promotions-en-us":742,"next-steps-en-us":781},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":24,"isFeatured":12,"meta":25,"navigation":26,"path":27,"publishedDate":20,"seo":28,"stem":32,"tagSlugs":33,"__hash__":35},"blogPosts/en-us/blog/gitlab-open-sources-protocol-fuzz-test-engine.yml","Gitlab Open Sources Protocol Fuzz Test Engine",[7],"sam-kerr",null,"news",{"slug":11,"featured":12,"template":13},"gitlab-open-sources-protocol-fuzz-test-engine",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"We're open sourcing Protocol Fuzzer Community Edition!","GitLab is releasing an open source protocol fuzz testing repository.",[18],"Sam Kerr","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749667243/Blog/Hero%20Images/open-source-community.png","2021-03-23","\n\n[GitLab acquired Peach Tech](/press/releases/2020-06-11-gitlab-acquires-peach-tech-and-fuzzit-to-expand-devsecops-offering.html), the industry leader in protocol and API fuzz testing, last year.\n\nWe were thrilled to release [API fuzz testing](https://docs.gitlab.com/ee/user/application_security/api_fuzzing/) as part of our [13.4 release](/releases/2020/09/22/gitlab-13-4-released/#api-fuzz-testing-with-openapi-specs-or-har-files).\nSince then we’ve made tons of improvements, such as [adding Postman support](https://about.gitlab.com/releases/2020/11/22/gitlab-13-6-released/#postman-collection-support-for-api-fuzz-testing)\nand [supporting runtime value overrides](https://gitlab.com/gitlab-org/gitlab/-/issues/273111), and we've received great feedback.\nWe’ve also heard the questions about the Peach protocol fuzz testing\ncapabilities and what is going to happen to them.\n\nToday, we are incredibly excited to announce that we are releasing the core\nprotocol fuzz testing engine of Peach as [GitLab Protocol Fuzzer Community Edition](https://gitlab.com/gitlab-org/security-products/protocol-fuzzer-ce), and it's open source! This edition has many\ncapabilities previously only available with a commercial Peach license.\nIt contains the engine to run and orchestrate fuzz tests as well as the\npieces needed to define your own protocols.\n\n## This is a major gain for the open source community\n\nPreviously, the only way\nto get access to many of these tools was to pay for the commercial\nversion of Peach Fuzzer, or to use an older, unmaintained version of Peach Fuzzer\nCommunity that lacked many of the features and bug fixes available in the commercial version.\nBy open sourcing much of what\nwas previously available only with a paid license, we are thrilled to\nenable more security researchers, students, and developers to experiment\nwith and use protocol fuzz testing to find vulnerabilities and bugs\nthat other tools will not. This also enables everyone to contribute and\nhelp advance the state of the art even further!\n\n## What is fuzz testing?\n\nFuzz testing is an automated software testing technique that provides invalid, unexpected, or random data to a computer program. Like black box testing, a fuzzing tool injects these unexpected inputs into the system and monitors for negative reactions such as crashes or information leakage, which could indicate security, performance, or quality gaps or issues.\nThe goal is to reveal software defects and vulnerabilities.\n\nThe name “fuzzing” dates back to 1988 when the University of Wisconsin - Madison Professor Barton Miller noticed significant interference on the signal while logging into a UNIX system via a dial-up network during a storm. The interference ultimately resulted in a crash.\n\nLater, Miller decided to have his students conduct a simulation of his experience with the idea that external “noise” couldn’t be tolerated by code. They blasted UNIX, Mac, and Windows systems with noise using a fuzz generator to see if they would crash.\n\n## What is a peach fuzzer?\n\nPeach is a SmartFuzzer that provides a way to define the format of data that should be generated as well as how and when the fuzzed data should be generated.\nIt requires the creation of Peach Pit files, which are XML files that contain complete information about the data structure, type of information, and the relationship of the data. The files define the structure, type of information, and relationships in the data to be fuzzed.\nAdditionally, it allows for the configuration of a fuzzing run, including selecting a data transport ([Publisher](https://peachtech.gitlab.io/peach-fuzzer-community/v3/Publisher.html)), logging interface, etc.\nPeach has been under development since 2004.\n\n### What a peach fuzzer does\n\nA peach fuzzer is capable of performing both [generation and mutation-based](https://peachtech.gitlab.io/peach-fuzzer-community/GenerationMutationFuzzing.html) fuzzing.\n\n### Benefits of a peach fuzzer\n\nA peach fuzzer tool is easy to use and allows for efficient testing and standardized reporting suitable for all stakeholders. Tests are repeatable, and findings can be verified and validated across multiple testing sessions.\n\n## Benefits and challenges of fuzz testing\n\nBecause of its random nature, experts believe fuzz testing is most likely to find bugs that other conventional tests and manual audits miss. Some of its other many benefits include:\n- Providing a good overall picture of the quality of the target system and software. Fuzzing tools let you easily assess the robustness and security risk posture of the system and software being tested.\n- Fuzzing is the main technique malicious hackers use to find software vulnerabilities. When used in a security program, it helps prevent zero-day exploits from unknown bugs and weaknesses in your system.\n- Reduced cost and time. Once a fuzzer is up and running, it can start to look for bugs on its own, with no manual intervention, and can continue to do so for as long as needed.\n\nSetup and data analysis are the two main challenges practitioners face when trying to implement fuzz testing. It also isn’t easy to set up fuzz testing--it requires complex testing “harnesses” that can be even more tricky to create if the fuzz testing isn’t actually located within an existing toolchain.\n\nFurther, fuzz testing can generate a lot of data, including potentially false positives. So it’s critical that a testing team is prepared to deal with the onslaught of information.\n\nThere is also a perception issue. Because it is less easy to document, negative attitudes toward the “vague” nature of fuzz testing persist in the QA community.\n\n## How to get started with fuzz testing\n\nFuzzing, like another aspect of a software project, requires planning, maintenance, and commitment.\nFirst, figure out what you want to fuzz, what you want to find, and how you are going to fuzz. Then you will want to make sure the tool you’re going to use is flexible enough to cover all uses.\n\nIf you are setting up a fuzzing system but aren’t one of the developers who will actually fix the results found, communicating with the people will be. Ask about the kind of information they want to receive in a bug report from fuzz testing.\n\nAt the very least, a bug report should contain all the information required to reproduce the issue. This may include test case, configuration, operating system used, version or build number of the target, CPU and memory information, and, where applicable, compiler options and debug flags.\nIf no new bugs are found after running the fuzz test for a long period of time, this might indicate your fuzzing is either doing a great job, and the robustness of your target is increasing—or that the fuzz is stuck.\n\n## Some fuzz testing best practices\n\nTo ensure the efficiency of your fuzz software and security testing, make sure to follow these best practices:\n\n- Determine what the target software is to be developed\n- Identify the inputs for the data to be tested\n- Generate your fuzz data\n- Use the generated fuzz data to execute the test\n- Monitor the system for potential security vulnerabilities, crashes, and memory leaks\n- Check defects in the log so they can be addressed before the product is released\n\n## How to use fuzz testing in GitLab\n\nGitlab recommends doing fuzz testing in addition to the other security scanners in [GitLab Secure](https://docs.gitlab.com/ee/user/application_security/index.html) and your own test processes. If you’re using [GitLab CI/CD](https://docs.gitlab.com/ee/ci/index.html), you can run your coverage-guided fuzz testing as part of your CI/CD workflow.\nWeb API fuzzing runs in the fuzz stage of the CI/CD pipeline. To ensure API fuzzing scans the latest code, your CI/CD pipeline should deploy changes to a test environment in one of the stages preceding the fuzz stage.\n\nThe following changes have been made to the API fuzzing template:\n\n- In GitLab 14.0 and later, you must define a fuzz stage in your .gitlab-ci.yml file.\n- In GitLab 13.12 and earlier, the API fuzzing template defines the build, test, deploy, and fuzz stages. The fuzz stage runs last by default. The predefined stages were deprecated and removed from the API-Fuzzing.latest.gitlab-ci.yml template. They will be removed in a future GitLab version.\n\nIf your pipeline is configured to deploy to the same web server on each run, running a pipeline while another is still running could cause a race condition in which one pipeline overwrites the code from another. The API to scan should be excluded from changes for the duration of a fuzzing scan.\nThe only changes to the API should be from the fuzzing scanner. Any changes made to the API (for example, by users, scheduled tasks, database changes, code changes, other pipelines, or other scanners) during a scan could cause inaccurate results.\n\nYou can run a [Web API fuzzing scan](https://docs.gitlab.com/ee/user/application_security/api_fuzzing/) using the following methods:\n\n- OpenAPI Specification - versions 2 and 3.\n- GraphQL Schema\n- HTTP Archive (HAR)\n- Postman Collection - versions 2.0 or 2.1\n\nExample projects using these methods are available:\n\n- Example OpenAPI v2 Specification project\n- Example HTTP Archive (HAR) project\n- Example Postman Collection project\n- Example GraphQL project\n- Example SOAP project\n\nMore information about web API fuzz testing in GitLab can be found [here](https://docs.gitlab.com/ee/user/application_security/api_fuzzing/).\n\n## Future plans for fuzz testing\n\nWe plan to add additional capabilities to the Community Edition in the future\nand integrate it into GitLab the product. You can read more details about our\nfuture plans on our [fuzz testing direction page](/direction/application_security_testing/dynamic-analysis/fuzz-testing/).\nWe will keep our [stewardship policy](https://handbook.gitlab.com/handbook/company/stewardship/) in mind as we [determine which tiers of GitLab that specific features\nare added to](https://handbook.gitlab.com/handbook/product/product-processes/tiering-guidance-for-features/). Some of the capabilities you can look forward to are\nindustry-specific features, tighter integration with the CI process and vulnerability\nmanagement, as well as pre-built support for many common network protocols.\n\nOne of our values at GitLab is [iteration](https://handbook.gitlab.com/handbook/values/#iteration) and we wanted to share the Community\nEdition as soon as we could so everyone can contribute sooner! We would\nlove for you to check it out and provide feedback and your own contributions.\n",[23,9],"open source","yml",{},true,"/en-us/blog/gitlab-open-sources-protocol-fuzz-test-engine",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":29,"ogSiteName":30,"ogType":31,"canonicalUrls":29},"https://about.gitlab.com/blog/gitlab-open-sources-protocol-fuzz-test-engine","https://about.gitlab.com","article","en-us/blog/gitlab-open-sources-protocol-fuzz-test-engine",[34,9],"open-source","8xPLZp-zpnmDLBxuNxp1YWc3nHnjB_Tz9UsKHH6xnts",{"data":37},{"logo":38,"freeTrial":43,"sales":48,"login":53,"items":58,"search":366,"minimal":397,"duo":416,"pricingDeployment":426},{"config":39},{"href":40,"dataGaName":41,"dataGaLocation":42},"/","gitlab logo","header",{"text":44,"config":45},"Get free trial",{"href":46,"dataGaName":47,"dataGaLocation":42},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":49,"config":50},"Talk to sales",{"href":51,"dataGaName":52,"dataGaLocation":42},"/sales/","sales",{"text":54,"config":55},"Sign in",{"href":56,"dataGaName":57,"dataGaLocation":42},"https://gitlab.com/users/sign_in/","sign in",[59,86,181,186,287,347],{"text":60,"config":61,"cards":63},"Platform",{"dataNavLevelOne":62},"platform",[64,70,78],{"title":60,"description":65,"link":66},"The intelligent orchestration platform for DevSecOps",{"text":67,"config":68},"Explore our Platform",{"href":69,"dataGaName":62,"dataGaLocation":42},"/platform/",{"title":71,"description":72,"link":73},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":74,"config":75},"Meet GitLab Duo",{"href":76,"dataGaName":77,"dataGaLocation":42},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":79,"description":80,"link":81},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":82,"config":83},"Learn more",{"href":84,"dataGaName":85,"dataGaLocation":42},"/why-gitlab/","why gitlab",{"text":87,"left":26,"config":88,"link":90,"lists":94,"footer":163},"Product",{"dataNavLevelOne":89},"solutions",{"text":91,"config":92},"View all Solutions",{"href":93,"dataGaName":89,"dataGaLocation":42},"/solutions/",[95,119,142],{"title":96,"description":97,"link":98,"items":103},"Automation","CI/CD and automation to accelerate deployment",{"config":99},{"icon":100,"href":101,"dataGaName":102,"dataGaLocation":42},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[104,108,111,115],{"text":105,"config":106},"CI/CD",{"href":107,"dataGaLocation":42,"dataGaName":105},"/solutions/continuous-integration/",{"text":71,"config":109},{"href":76,"dataGaLocation":42,"dataGaName":110},"gitlab duo agent platform - product menu",{"text":112,"config":113},"Source Code Management",{"href":114,"dataGaLocation":42,"dataGaName":112},"/solutions/source-code-management/",{"text":116,"config":117},"Automated Software Delivery",{"href":101,"dataGaLocation":42,"dataGaName":118},"Automated software delivery",{"title":120,"description":121,"link":122,"items":127},"Security","Deliver code faster without compromising security",{"config":123},{"href":124,"dataGaName":125,"dataGaLocation":42,"icon":126},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[128,132,137],{"text":129,"config":130},"Application Security Testing",{"href":124,"dataGaName":131,"dataGaLocation":42},"Application security testing",{"text":133,"config":134},"Software Supply Chain Security",{"href":135,"dataGaLocation":42,"dataGaName":136},"/solutions/supply-chain/","Software supply chain security",{"text":138,"config":139},"Software Compliance",{"href":140,"dataGaName":141,"dataGaLocation":42},"/solutions/software-compliance/","software compliance",{"title":143,"link":144,"items":149},"Measurement",{"config":145},{"icon":146,"href":147,"dataGaName":148,"dataGaLocation":42},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[150,154,158],{"text":151,"config":152},"Visibility & Measurement",{"href":147,"dataGaLocation":42,"dataGaName":153},"Visibility and Measurement",{"text":155,"config":156},"Value Stream Management",{"href":157,"dataGaLocation":42,"dataGaName":155},"/solutions/value-stream-management/",{"text":159,"config":160},"Analytics & Insights",{"href":161,"dataGaLocation":42,"dataGaName":162},"/solutions/analytics-and-insights/","Analytics and insights",{"title":164,"items":165},"GitLab for",[166,171,176],{"text":167,"config":168},"Enterprise",{"href":169,"dataGaLocation":42,"dataGaName":170},"/enterprise/","enterprise",{"text":172,"config":173},"Small Business",{"href":174,"dataGaLocation":42,"dataGaName":175},"/small-business/","small business",{"text":177,"config":178},"Public Sector",{"href":179,"dataGaLocation":42,"dataGaName":180},"/solutions/public-sector/","public sector",{"text":182,"config":183},"Pricing",{"href":184,"dataGaName":185,"dataGaLocation":42,"dataNavLevelOne":185},"/pricing/","pricing",{"text":187,"config":188,"link":190,"lists":194,"feature":274},"Resources",{"dataNavLevelOne":189},"resources",{"text":191,"config":192},"View all resources",{"href":193,"dataGaName":189,"dataGaLocation":42},"/resources/",[195,228,246],{"title":196,"items":197},"Getting started",[198,203,208,213,218,223],{"text":199,"config":200},"Install",{"href":201,"dataGaName":202,"dataGaLocation":42},"/install/","install",{"text":204,"config":205},"Quick start guides",{"href":206,"dataGaName":207,"dataGaLocation":42},"/get-started/","quick setup checklists",{"text":209,"config":210},"Learn",{"href":211,"dataGaLocation":42,"dataGaName":212},"https://university.gitlab.com/","learn",{"text":214,"config":215},"Product documentation",{"href":216,"dataGaName":217,"dataGaLocation":42},"https://docs.gitlab.com/","product documentation",{"text":219,"config":220},"Best practice videos",{"href":221,"dataGaName":222,"dataGaLocation":42},"/getting-started-videos/","best practice videos",{"text":224,"config":225},"Integrations",{"href":226,"dataGaName":227,"dataGaLocation":42},"/integrations/","integrations",{"title":229,"items":230},"Discover",[231,236,241],{"text":232,"config":233},"Customer success stories",{"href":234,"dataGaName":235,"dataGaLocation":42},"/customers/","customer success stories",{"text":237,"config":238},"Blog",{"href":239,"dataGaName":240,"dataGaLocation":42},"/blog/","blog",{"text":242,"config":243},"Remote",{"href":244,"dataGaName":245,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":247,"items":248},"Connect",[249,254,259,264,269],{"text":250,"config":251},"GitLab Services",{"href":252,"dataGaName":253,"dataGaLocation":42},"/services/","services",{"text":255,"config":256},"Community",{"href":257,"dataGaName":258,"dataGaLocation":42},"/community/","community",{"text":260,"config":261},"Forum",{"href":262,"dataGaName":263,"dataGaLocation":42},"https://forum.gitlab.com/","forum",{"text":265,"config":266},"Events",{"href":267,"dataGaName":268,"dataGaLocation":42},"/events/","events",{"text":270,"config":271},"Partners",{"href":272,"dataGaName":273,"dataGaLocation":42},"/partners/","partners",{"backgroundColor":275,"textColor":276,"text":277,"image":278,"link":282},"#2f2a6b","#fff","Insights for the future of software development",{"altText":279,"config":280},"the source promo card",{"src":281},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":283,"config":284},"Read the latest",{"href":285,"dataGaName":286,"dataGaLocation":42},"/the-source/","the source",{"text":288,"config":289,"lists":291},"Company",{"dataNavLevelOne":290},"company",[292],{"items":293},[294,299,305,307,312,317,322,327,332,337,342],{"text":295,"config":296},"About",{"href":297,"dataGaName":298,"dataGaLocation":42},"/company/","about",{"text":300,"config":301,"footerGa":304},"Jobs",{"href":302,"dataGaName":303,"dataGaLocation":42},"/jobs/","jobs",{"dataGaName":303},{"text":265,"config":306},{"href":267,"dataGaName":268,"dataGaLocation":42},{"text":308,"config":309},"Leadership",{"href":310,"dataGaName":311,"dataGaLocation":42},"/company/team/e-group/","leadership",{"text":313,"config":314},"Team",{"href":315,"dataGaName":316,"dataGaLocation":42},"/company/team/","team",{"text":318,"config":319},"Handbook",{"href":320,"dataGaName":321,"dataGaLocation":42},"https://handbook.gitlab.com/","handbook",{"text":323,"config":324},"Investor relations",{"href":325,"dataGaName":326,"dataGaLocation":42},"https://ir.gitlab.com/","investor relations",{"text":328,"config":329},"Trust Center",{"href":330,"dataGaName":331,"dataGaLocation":42},"/security/","trust center",{"text":333,"config":334},"AI Transparency Center",{"href":335,"dataGaName":336,"dataGaLocation":42},"/ai-transparency-center/","ai transparency center",{"text":338,"config":339},"Newsletter",{"href":340,"dataGaName":341,"dataGaLocation":42},"/company/contact/#contact-forms","newsletter",{"text":343,"config":344},"Press",{"href":345,"dataGaName":346,"dataGaLocation":42},"/press/","press",{"text":348,"config":349,"lists":350},"Contact us",{"dataNavLevelOne":290},[351],{"items":352},[353,356,361],{"text":49,"config":354},{"href":51,"dataGaName":355,"dataGaLocation":42},"talk to sales",{"text":357,"config":358},"Support portal",{"href":359,"dataGaName":360,"dataGaLocation":42},"https://support.gitlab.com","support portal",{"text":362,"config":363},"Customer portal",{"href":364,"dataGaName":365,"dataGaLocation":42},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":367,"login":368,"suggestions":375},"Close",{"text":369,"link":370},"To search repositories and projects, login to",{"text":371,"config":372},"gitlab.com",{"href":56,"dataGaName":373,"dataGaLocation":374},"search login","search",{"text":376,"default":377},"Suggestions",[378,380,384,386,390,394],{"text":71,"config":379},{"href":76,"dataGaName":71,"dataGaLocation":374},{"text":381,"config":382},"Code Suggestions (AI)",{"href":383,"dataGaName":381,"dataGaLocation":374},"/solutions/code-suggestions/",{"text":105,"config":385},{"href":107,"dataGaName":105,"dataGaLocation":374},{"text":387,"config":388},"GitLab on AWS",{"href":389,"dataGaName":387,"dataGaLocation":374},"/partners/technology-partners/aws/",{"text":391,"config":392},"GitLab on Google Cloud",{"href":393,"dataGaName":391,"dataGaLocation":374},"/partners/technology-partners/google-cloud-platform/",{"text":395,"config":396},"Why GitLab?",{"href":84,"dataGaName":395,"dataGaLocation":374},{"freeTrial":398,"mobileIcon":403,"desktopIcon":408,"secondaryButton":411},{"text":399,"config":400},"Start free trial",{"href":401,"dataGaName":47,"dataGaLocation":402},"https://gitlab.com/-/trials/new/","nav",{"altText":404,"config":405},"Gitlab Icon",{"src":406,"dataGaName":407,"dataGaLocation":402},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":404,"config":409},{"src":410,"dataGaName":407,"dataGaLocation":402},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":412,"config":413},"Get Started",{"href":414,"dataGaName":415,"dataGaLocation":402},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":417,"mobileIcon":422,"desktopIcon":424},{"text":418,"config":419},"Learn more about GitLab Duo",{"href":420,"dataGaName":421,"dataGaLocation":402},"/gitlab-duo/","gitlab duo",{"altText":404,"config":423},{"src":406,"dataGaName":407,"dataGaLocation":402},{"altText":404,"config":425},{"src":410,"dataGaName":407,"dataGaLocation":402},{"freeTrial":427,"mobileIcon":432,"desktopIcon":434},{"text":428,"config":429},"Back to pricing",{"href":184,"dataGaName":430,"dataGaLocation":402,"icon":431},"back to pricing","GoBack",{"altText":404,"config":433},{"src":406,"dataGaName":407,"dataGaLocation":402},{"altText":404,"config":435},{"src":410,"dataGaName":407,"dataGaLocation":402},{"title":437,"button":438,"config":443},"See how agentic AI transforms software delivery",{"text":439,"config":440},"Watch GitLab Transcend now",{"href":441,"dataGaName":442,"dataGaLocation":42},"/events/transcend/virtual/","transcend event",{"layout":444,"icon":445},"release","AiStar",{"data":447},{"text":448,"source":449,"edit":455,"contribute":460,"config":465,"items":470,"minimal":677},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":450,"config":451},"View page source",{"href":452,"dataGaName":453,"dataGaLocation":454},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":456,"config":457},"Edit this page",{"href":458,"dataGaName":459,"dataGaLocation":454},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":461,"config":462},"Please contribute",{"href":463,"dataGaName":464,"dataGaLocation":454},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":466,"facebook":467,"youtube":468,"linkedin":469},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[471,518,572,616,643],{"title":182,"links":472,"subMenu":487},[473,477,482],{"text":474,"config":475},"View plans",{"href":184,"dataGaName":476,"dataGaLocation":454},"view plans",{"text":478,"config":479},"Why Premium?",{"href":480,"dataGaName":481,"dataGaLocation":454},"/pricing/premium/","why premium",{"text":483,"config":484},"Why Ultimate?",{"href":485,"dataGaName":486,"dataGaLocation":454},"/pricing/ultimate/","why ultimate",[488],{"title":489,"links":490},"Contact Us",[491,494,496,498,503,508,513],{"text":492,"config":493},"Contact sales",{"href":51,"dataGaName":52,"dataGaLocation":454},{"text":357,"config":495},{"href":359,"dataGaName":360,"dataGaLocation":454},{"text":362,"config":497},{"href":364,"dataGaName":365,"dataGaLocation":454},{"text":499,"config":500},"Status",{"href":501,"dataGaName":502,"dataGaLocation":454},"https://status.gitlab.com/","status",{"text":504,"config":505},"Terms of use",{"href":506,"dataGaName":507,"dataGaLocation":454},"/terms/","terms of use",{"text":509,"config":510},"Privacy statement",{"href":511,"dataGaName":512,"dataGaLocation":454},"/privacy/","privacy statement",{"text":514,"config":515},"Cookie preferences",{"dataGaName":516,"dataGaLocation":454,"id":517,"isOneTrustButton":26},"cookie preferences","ot-sdk-btn",{"title":87,"links":519,"subMenu":528},[520,524],{"text":521,"config":522},"DevSecOps platform",{"href":69,"dataGaName":523,"dataGaLocation":454},"devsecops platform",{"text":525,"config":526},"AI-Assisted Development",{"href":420,"dataGaName":527,"dataGaLocation":454},"ai-assisted development",[529],{"title":530,"links":531},"Topics",[532,537,542,547,552,557,562,567],{"text":533,"config":534},"CICD",{"href":535,"dataGaName":536,"dataGaLocation":454},"/topics/ci-cd/","cicd",{"text":538,"config":539},"GitOps",{"href":540,"dataGaName":541,"dataGaLocation":454},"/topics/gitops/","gitops",{"text":543,"config":544},"DevOps",{"href":545,"dataGaName":546,"dataGaLocation":454},"/topics/devops/","devops",{"text":548,"config":549},"Version Control",{"href":550,"dataGaName":551,"dataGaLocation":454},"/topics/version-control/","version control",{"text":553,"config":554},"DevSecOps",{"href":555,"dataGaName":556,"dataGaLocation":454},"/topics/devsecops/","devsecops",{"text":558,"config":559},"Cloud Native",{"href":560,"dataGaName":561,"dataGaLocation":454},"/topics/cloud-native/","cloud native",{"text":563,"config":564},"AI for Coding",{"href":565,"dataGaName":566,"dataGaLocation":454},"/topics/devops/ai-for-coding/","ai for coding",{"text":568,"config":569},"Agentic AI",{"href":570,"dataGaName":571,"dataGaLocation":454},"/topics/agentic-ai/","agentic ai",{"title":573,"links":574},"Solutions",[575,577,579,584,588,591,595,598,600,603,606,611],{"text":129,"config":576},{"href":124,"dataGaName":129,"dataGaLocation":454},{"text":118,"config":578},{"href":101,"dataGaName":102,"dataGaLocation":454},{"text":580,"config":581},"Agile development",{"href":582,"dataGaName":583,"dataGaLocation":454},"/solutions/agile-delivery/","agile delivery",{"text":585,"config":586},"SCM",{"href":114,"dataGaName":587,"dataGaLocation":454},"source code management",{"text":533,"config":589},{"href":107,"dataGaName":590,"dataGaLocation":454},"continuous integration & delivery",{"text":592,"config":593},"Value stream management",{"href":157,"dataGaName":594,"dataGaLocation":454},"value stream management",{"text":538,"config":596},{"href":597,"dataGaName":541,"dataGaLocation":454},"/solutions/gitops/",{"text":167,"config":599},{"href":169,"dataGaName":170,"dataGaLocation":454},{"text":601,"config":602},"Small business",{"href":174,"dataGaName":175,"dataGaLocation":454},{"text":604,"config":605},"Public sector",{"href":179,"dataGaName":180,"dataGaLocation":454},{"text":607,"config":608},"Education",{"href":609,"dataGaName":610,"dataGaLocation":454},"/solutions/education/","education",{"text":612,"config":613},"Financial services",{"href":614,"dataGaName":615,"dataGaLocation":454},"/solutions/finance/","financial services",{"title":187,"links":617},[618,620,622,624,627,629,631,633,635,637,639,641],{"text":199,"config":619},{"href":201,"dataGaName":202,"dataGaLocation":454},{"text":204,"config":621},{"href":206,"dataGaName":207,"dataGaLocation":454},{"text":209,"config":623},{"href":211,"dataGaName":212,"dataGaLocation":454},{"text":214,"config":625},{"href":216,"dataGaName":626,"dataGaLocation":454},"docs",{"text":237,"config":628},{"href":239,"dataGaName":240,"dataGaLocation":454},{"text":232,"config":630},{"href":234,"dataGaName":235,"dataGaLocation":454},{"text":242,"config":632},{"href":244,"dataGaName":245,"dataGaLocation":454},{"text":250,"config":634},{"href":252,"dataGaName":253,"dataGaLocation":454},{"text":255,"config":636},{"href":257,"dataGaName":258,"dataGaLocation":454},{"text":260,"config":638},{"href":262,"dataGaName":263,"dataGaLocation":454},{"text":265,"config":640},{"href":267,"dataGaName":268,"dataGaLocation":454},{"text":270,"config":642},{"href":272,"dataGaName":273,"dataGaLocation":454},{"title":288,"links":644},[645,647,649,651,653,655,657,661,666,668,670,672],{"text":295,"config":646},{"href":297,"dataGaName":290,"dataGaLocation":454},{"text":300,"config":648},{"href":302,"dataGaName":303,"dataGaLocation":454},{"text":308,"config":650},{"href":310,"dataGaName":311,"dataGaLocation":454},{"text":313,"config":652},{"href":315,"dataGaName":316,"dataGaLocation":454},{"text":318,"config":654},{"href":320,"dataGaName":321,"dataGaLocation":454},{"text":323,"config":656},{"href":325,"dataGaName":326,"dataGaLocation":454},{"text":658,"config":659},"Sustainability",{"href":660,"dataGaName":658,"dataGaLocation":454},"/sustainability/",{"text":662,"config":663},"Diversity, inclusion and belonging (DIB)",{"href":664,"dataGaName":665,"dataGaLocation":454},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":328,"config":667},{"href":330,"dataGaName":331,"dataGaLocation":454},{"text":338,"config":669},{"href":340,"dataGaName":341,"dataGaLocation":454},{"text":343,"config":671},{"href":345,"dataGaName":346,"dataGaLocation":454},{"text":673,"config":674},"Modern Slavery Transparency Statement",{"href":675,"dataGaName":676,"dataGaLocation":454},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":678},[679,682,685],{"text":680,"config":681},"Terms",{"href":506,"dataGaName":507,"dataGaLocation":454},{"text":683,"config":684},"Cookies",{"dataGaName":516,"dataGaLocation":454,"id":517,"isOneTrustButton":26},{"text":686,"config":687},"Privacy",{"href":511,"dataGaName":512,"dataGaLocation":454},[689],{"id":690,"title":18,"body":8,"config":691,"content":693,"description":8,"extension":24,"meta":697,"navigation":26,"path":698,"seo":699,"stem":700,"__hash__":701},"blogAuthors/en-us/blog/authors/sam-kerr.yml",{"template":692},"BlogAuthor",{"name":18,"config":694},{"headshot":695,"ctfId":696},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749668841/Blog/Author%20Headshots/stkerr-headshot.jpg","stkerr",{},"/en-us/blog/authors/sam-kerr",{},"en-us/blog/authors/sam-kerr","Uy_fuPl-EwaUBm9ppfxsmwgZvhXQR9HumvuLsv4cbko",[703,715,729],{"content":704,"config":713},{"title":705,"description":706,"authors":707,"heroImage":709,"date":710,"body":711,"category":9,"tags":712},"Introducing the GitLab Managed Service Provider (MSP) Partner Program","Build a profitable, services-led DevSecOps practice - backed by GitLab.",[708],"Karishma Kumar","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772047747/ntihfmnu2fepamqemaas.png","2026-02-26","*This blog is written for managed service providers (MSPs) looking to build a GitLab practice. If you’re a developer or engineering leader, this is the program that can empower the partners who help teams like yours scale and move faster.*\n\nMany organizations know they need a modern DevSecOps platform. What they often don't have is the bandwidth to deploy, manage, and continuously optimize one while shipping software at the pace the business demands. That's a real opportunity for MSPs, and now GitLab has a defined program to support them.\n\nWe're excited to introduce the **GitLab MSP Partner Program**, a new global program that enables qualified MSPs to deliver GitLab as a fully managed service to their customers.\n\n## Why this matters for partners and customers\n\nFor the first time, GitLab has a formally defined, globally available program built specifically for MSPs. This means clear requirements, structured enablement, dedicated support, and real financial benefits, so partners can confidently invest in building a GitLab managed services practice.\n\nThe timing is right. Organizations are accelerating their DevSecOps journeys, but many are navigating complex migrations, sprawling toolchains, and growing security requirements on top of their core work of building and shipping software.\n\nGitLab MSP partners handle the operational side of running the platform, including deployment, migration, administration, and ongoing support, so development teams can stay focused on what they do best.\n\n## What MSP partners get\n\n**Financial benefits**: MSP partners earn GitLab partner margins plus an additional MSP premium on all transactions, new business, and renewals. You also retain 100% of the service fees you charge customers for deployment, migration, training, enablement, and strategic consulting. That's multiple recurring revenue streams built around a single platform.\n\n**Enablement and education**: Partners have access to quarterly technical bootcamps covering version updates, new features, best practices, ongoing roadmap updates, and peer sharing. Recommended cloud certifications (AWS Solutions Architect Associate, GCP Associate Cloud Engineer) round out the technical foundation.\n\n**Go-to-market support**: MSPs receive a GitLab Certified MSP Partner badge, co-brandable assets, eligibility for joint customer case studies, a Partner Locator listing, and access to Marketing Development Funds (MDF) for qualified demand generation activities.\n\n## What customers can expect\n\nCustomers working with a GitLab MSP partner get a structured, managed DevSecOps experience, documented and repeatable implementation methodologies, regular business reviews, and support with clearly defined response and escalation paths.\n\nThe result: Development teams can stay focused on building great software while their MSP partner focuses on running and optimizing the platform.\n\n## A new opportunity around AI\n\nOrganizations are increasingly looking to safely introduce AI into their software development workflows, and even experienced teams can benefit from a structured approach to rolling it out at scale. GitLab MSP partners are well-positioned to guide customers through GitLab Duo Agent Platform as part of a broader managed services offering.\n\nBy combining GitLab's DevSecOps platform with MSP-delivered operational expertise, customers can experiment with AI-assisted workflows in a governed environment, meet data residency and compliance requirements, and scale AI adoption across teams without overburdening internal resources.\n\n## Is this right for your business?\n\nThe GitLab MSP Partner Program is a strong fit if you:\n\n* Already deliver managed services in cloud, infrastructure, or application operations  \n* Want to add high-value DevSecOps to your portfolio  \n* Have or want to build technical talent interested in modern development platforms  \n* Prefer long-term customer relationships over one-time transactions\n\nIf you're already a GitLab Select and Professional Services Partner, the MSP program gives you a structured way to turn your existing expertise into a repeatable managed offering.\n\n## Getting started\n\nThe program launches with the **Certified MSP Partner** designation. There's no minimum ARR or customer count required to join. Here's how the path looks:\n\n1. **Confirm fit** - Verify you meet the business and technical requirements outlined in the [handbook page](https://handbook.gitlab.com/handbook/resellers/channel-program-guide/#the-gitlab-managed-service-provider-msp-partner-program).  \n2. **Apply via the GitLab Partner Portal** - Submit your application with business and technical documentation.  \n3. **Complete 90-day onboarding** - A structured onboarding journey covers contracts, technical enablement, sales training, and your first customer engagement.  \n4. **Launch your managed offering** - Package your services, set your SLAs, and begin engaging customers.\n\nCompleted applications are reviewed within approximately three business days.\n\n> Interested in building a GitLab managed services practice? New partners can apply [to become a GitLab Partner](https://about.gitlab.com/partners/). Existing partners can reach out to your GitLab representative to learn more about the program and tell us about the solutions you're currently offering customers through your MSP practice!\n",[553,9,273],{"featured":12,"template":13,"slug":714},"introducing-the-gitlab-managed-service-provider-msp-partner-program",{"content":716,"config":727},{"title":717,"authors":718,"date":722,"body":723,"category":9,"tags":724,"description":725,"heroImage":726},"DevSecOps-as-a-Service on Oracle Cloud Infrastructure by Data Intensity",[719,720,708,721],"Biju Thomas","Matt Genelin","Ryan Palmaro","2026-02-10","At GitLab, we know that many organizations choose GitLab Self-Managed for the control, customization, and security it provides. However, managing underlying infrastructure can be a significant operational challenge — especially for teams who want to focus on delivering software, not maintaining platforms.\n\nThat's why we're excited to work with [Oracle Cloud Infrastructure (OCI)](https://www.oracle.com/cloud/) and [Data Intensity](https://www.dataintensity.com/services/security-services/devsecops/), a trusted Oracle managed services provider, to offer a new managed service option, DevSecOps-as-a-Service, that brings together the best of both worlds: the control of GitLab Self-Managed with the operational ease of a fully managed service.\n\n## Why GitLab Self-Managed?\n\nGitLab Self-Managed gives you complete ownership of your DevSecOps platform. You control where your data lives, how your instance is configured, and can customize it to meet specific compliance, security, or operational requirements. This level of control is essential for organizations with strict regulatory requirements, data residency needs, or specific integration must-haves.\n\nThe challenge for some customers running on GitLab Self-Managed means managing servers, handling upgrades, ensuring high availability, and implementing disaster recovery. All require specialized expertise and dedicated resources.\n\n## A managed path to GitLab Self-Managed\n\nData Intensity's DevSecOps-as-a-Service on OCI removes these operational burdens while preserving the control benefits of GitLab Self-Managed. Instead of building and maintaining infrastructure yourself, you get a standalone GitLab instance managed by Data Intensity's team of experts, running on OCI's high-performance cloud infrastructure.\n\nHere's what's included:\n\n* Standalone GitLab instance on OCI infrastructure\n* 24x7 monitoring, alarming, and support\n* Quarterly patching scheduled during your chosen maintenance windows\n* Automated backups and disaster recovery protection\n\n## Scaling with your organization\n\nData Intensity’s managed service is designed to grow with your team, offering tiered architectures to match your specific user capacity and recovery requirements:\n\n| **Feature**        | **Standard**    | **Premier**     | **Premier +**   |\n|--------------------|-----------------|-----------------|-----------------|\n| **User Capacity**  | Up to 1,000     | Up to 2,000     | Up to 3,000     |\n| **Performance**    | 20 requests/sec | 40 requests/sec | 60 requests/sec |\n| **Availability**   | 99.9%           | 99.95%          | 99.99%          |\n| **Recovery (RTO)** | 48 hours        | 8 hours         | 4 hours         |\n\nFor more information, visit Data Intensity’s website to learn more about [DevSecOps-as-a-Service](https://www.dataintensity.com/services/security-services/devsecops/).\n\n## Why OCI for GitLab?\nOracle Cloud Infrastructure (OCI) provides a robust foundation for running GitLab Self-Managed, offering a secure, high-performance environment at a significantly lower cost than other hyperscalers. Organizations migrating workloads to OCI commonly realize infrastructure cost reductions of 40-50%, making it easier to fund and scale deployments.\n\nOCI supports a wide range of deployment models, from public cloud regions to specialized environments such as Government and EU Sovereign Clouds, as well as dedicated infrastructure deployed behind your firewall. These options come with consistent pricing, tooling, and operational experience, enabling teams to standardize GitLab deployments across regulated, hybrid, and global environments.\n\nThe combination of GitLab's comprehensive DevSecOps platform, OCI's high-performance infrastructure, and Data Intensity's managed services expertise provides a turnkey solution that lets your teams focus on what matters: building great software.\n\n## Is this right for your organization?\nConsider Data Intensity's DevSecOps-as-a-Service if you:\n* Want GitLab Self-Managed but need to minimize operational overhead\n* Require specific compliance, security, or data residency requirements\n* Need guaranteed SLAs and professional disaster recovery capabilities\n* Prefer predictable costs and expert management over building in-house infrastructure expertise\n* Are already using or planning to use OCI for your cloud infrastructure\n* Prioritize flexibility and control\n* Want a dedicated instance that’s managed externally but offers the control of a self-managed environment\n\n## Getting started\nOrganizations interested in running GitLab Self-Managed on OCI through Data Intensity's DevSecOps-as-a-Service can contact Data Intensity via the [Data Intensity website](https://www.dataintensity.com/services/security-services/devsecops/) to discuss specific requirements and begin deployment planning.\n\nModernizing your DevSecOps doesn't have to be complex. Data Intensity provides optional migration of code repositories and customizations to ensure a smooth transition to OCI.\n\nAs GitLab continues expanding our partner ecosystem, solutions like this demonstrate our commitment to giving organizations choice in how they deploy and manage GitLab — whether that's SaaS, self-managed, or managed services through trusted partners.",[273,521],"Run GitLab Self-Managed with minimal overhead. Data Intensity delivers DevSecOps-as-a-Service on OCI with expert management and disaster recovery.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098794/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%289%29_DoeBNJVrhv9FpF3WCsHNc_1750098793762.png",{"featured":26,"template":13,"slug":728},"devsecops-as-a-service-on-oracle-cloud-infrastructure-by-data-intensity",{"content":730,"config":740},{"title":731,"description":732,"authors":733,"heroImage":735,"date":736,"body":737,"category":9,"tags":738},"How we built and automated our new Japanese GitLab Docs site","Learn about our AI-assisted localization infrastructure – with docs-as-code principles – that expands access to critical product documentation.",[734],"Daniel Sullivan","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758812952/yxhgljkwljld0lyizmaz.png","2025-12-11","Today we are thrilled to announce the release of GitLab product documentation in Japanese at [docs.gitlab.com/ja-jp](http://docs.gitlab.com/ja-jp). This major step marks our first move toward making GitLab's extensive documentation accessible to our users worldwide.\n\n![Japanese GitLab Docs site](https://res.cloudinary.com/about-gitlab-com/image/upload/v1765299500/hya4bog8gllk1kimduac.png)\n\n## The unique challenge of the Japanese market\n\nJapan represents one of the world's largest economies and is a critical market for enterprise software. However, it also presents a distinctive challenge: despite its technological sophistication and massive developer community, English proficiency remains a significant barrier for many users.\n\nJapan's developers and DevSecOps teams often face challenges with English-only documentation, [as indicated by the country's ranking on the EF English Proficiency Index](https://www.ef.edu/epi/regions/asia/japan/). This language barrier can significantly impact the speed of learning and ultimately influence the decision to evaluate, adopt, and champion a platform within Japanese organizations.\n\nWe've heard directly from our Japanese customers and partners that English-only documentation wasn't merely an inconvenience, it was a barrier preventing them from getting the most out of GitLab. The impact rippled through every stage of the user journey: From initial evaluation where teams struggled to assess GitLab's capabilities, to daily operations where finding solutions took longer than necessary, to staying current with new features and best practices.\n\nIn a market as competitive and mature as in Japan, this language barrier directly affected GitLab's market penetration. When Japanese companies evaluate enterprise software, the availability of comprehensive Japanese documentation signals long-term commitment to the market. It demonstrates that a provider isn't just making a token effort, but is genuinely invested in supporting Japanese users throughout their entire journey.\n\nTo address this challenge and demonstrate our commitment to the Japanese market, we built localization infrastructure from the ground up, integrating with how we create and maintain documentation at GitLab.\n\n## Localization built on docs-as-code principles\n\nGitLab's documentation is treated like any other code contribution, residing alongside product code in GitLab projects and managed via merge requests. This system ensures documentation is version-controlled, collaboratively reviewed, and automatically tested through CI/CD pipelines, which includes checks for issues with language, formatting, and links. Both the English and Japanese documentation sites are dynamically generated using the Hugo static site generator and deployed after merging changes, guaranteeing users always access the latest information.\n\nThe documentation is extensive and comprehensive, drawing content from various source projects, including GitLab, GitLab Runner, Omnibus GitLab, GitLab Charts, GitLab Operator, and GitLab CLI (glab) ([see architecture for details](https://gitlab.com/gitlab-org/technical-writing/docs-gitlab-com/-/blob/main/doc/architecture.md)). This sheer scale and rapid update velocity presented a significant localization challenge. To keep pace with the continuous evolution of these source English projects, we had to design a localization infrastructure for our GitLab product documentation that could handle these unique complexities and provide an enterprise-grade solution for a fully localized site, all while adhering to our CI/CD pipeline requirements.\n\n## How we localized GitLab Documentation\n\nFor our initial Japanese localization, we adopted a strategy of integrating new folders within our existing English content structure. Specifically, we introduced `doc-locale/ja-jp` folders within each project that stores source Markdown files. This architecture [keeps the translations right alongside their source content](https://gitlab.com/gitlab-org/gitlab/-/tree/master/doc-locale/ja-jp) while maintaining a clear organizational separation. Not only that, but it also enables us to apply the same robust version control, established review and collaboration workflows, and even some of the automated quality checks used for our English documentation to the translated content.  \n\nThis [internationalization infrastructure built for Japanese documentation](https://handbook.gitlab.com/handbook/marketing/localization/tech_docs_localization/#multilingual-hugo-docs-implementation) provides a scalable foundation for future language expansion. With the architecture, tooling, and processes now in place, we are well-positioned to support additional languages as we continue our commitment to making GitLab accessible to users worldwide.\n\n## An AI-assisted  translation workflow that balances speed and quality\n\nWe adopted a strategic, phased approach to processing the content through translation, prioritizing pages based on their English-language page views. The highest-traffic pages underwent AI translation first, followed by comprehensive human linguistic review, and we intentionally paused subsequent phases until these priority pages completed the full human review cycle. This deliberate sequencing allowed us to build a robust, curated translation memory and termbase from our most important content. These linguistic assets accelerated and improved quality across all remaining content. In parallel, this initial phase served as our testing ground on the technical infrastructure on the GitLab side. We used it to iterate and reinforce our CI/CD pipelines, refine our translation and post-editing AI scripts, and solidify our Translation MR review process.\n\nTo provide our international users with the most current documentation while guaranteeing high-quality translated content, [we implemented an AI-assisted translation workflow with human post-editing](https://handbook.gitlab.com/handbook/marketing/localization/tech_docs_localization/#translation-workflow), consisting of:\n\n* Phase 1: AI-powered translation. We built a custom AI translation system enriched with GitLab-specific context including style guides, GitLab UI content translations, terminology databases, and original file context. This system intelligently handles GitLab's specialized markdown syntax (GLFM) and protects elements like placeholder variables, alert boxes, Hugo shortcodes, and GitLab-specific references that standard translation tools can't process out of the box.   \n* Phase 2: Human linguistic review. Professional Japanese translators specialized in technical content then review and refine the AI translations. They work with GitLab's Japanese style guide, translation memory, and terminology database to ensure accuracy, natural language flow, and cultural appropriateness. These human-reviewed translations progressively replace the AI versions on the site.\n\n## Technical challenges and solutions\n\nLocalizing GitLab's extensive documentation, while maintaining our docs-as-code principles and CI/CD-driven publishing workflow, required significant technical innovation. The challenges extended beyond translation itself: we needed to preserve complex markdown syntax, maintain automated testing standards, ensure seamless content fallbacks, and create sustainable processes for continuous updates across multiple source projects.\n\nThe English **markdown file syntax complexity** led us to developing custom code and regex in our Translation Management System (TMS) to protect codeblocks, URLs, and other functional elements that should not be exposed for translation.\n\n![Translation Management System](https://res.cloudinary.com/about-gitlab-com/image/upload/v1765299311/x3oglow15o5z6xthgxfn.png)\n\nDue to the dynamics of how the English content is generated, we established an **English fallback mechanism.** Essentially, when the Japanese translation is not ready yet, the localized site seamlessly displays English content with translated navigation and UI, preventing 404s and maintaining language context via Hugo’s rendering system.\n\nWe enhanced the localized navigation and linking so that it adjusts dynamically and would persist the locale. We added **anchor IDs** in the translated files by pre-processing the English file before it’s sent for translation. That improves the experience for people navigating to a docs page from a link. The consistent anchor ID means they can change to either language and still land in the correct place in the page.\n\n![English fallback mechanism](https://res.cloudinary.com/about-gitlab-com/image/upload/v1765299310/uqimyjm0ltvpcnc7bowk.png)\n\n[We also extended CI/CD pipelines](https://gitlab.com/groups/gitlab-com/localization/-/work_items/109) to test localized content in Translation MRs following the same quality standards as the English docs. It allows us to catch invalid Hugo shortcodes, spaces inside links, or bare URLs. It also identifies orphaned files and redirects files with no target files. You can see the jobs that run on the MRs containing translated documentation [on the GitLab project  `.gitlab/ci/docs.gitlab-ci.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/ci/docs.gitlab-ci.yml). \n\nA centralized translation request system orchestrates the workflow, monitors the English files, identifies new and updated content, routes files for translation, automatically creates translation merge requests, tracks file status in translation requests and maintains an audit trail. To get docs translated [we processed 430 Translation MRs](https://gitlab.com/groups/gitlab-com/localization/tech-docs-forked-projects/prod/-/merge_requests/?sort=updated_asc&state=merged&label_name%5B%5D=gitlab-translation-service&label_name%5B%5D=translation-upstream%3A%3A%20complete&first_page_size=100) with files ranging from 1-10 in each Translation MR.\n\n![Translation MRs](https://res.cloudinary.com/about-gitlab-com/image/upload/v1765299311/fgbrtapbmclj4pvdjh9k.png)\n\nThe result is a Japanese documentation experience that stays synchronized with English content updates, giving users faster access to critical information. Users can discover and navigate content fully in their language, with English appearing only for content that’s still in translation. They can trust GitLab’s quality standards while accessing the latest features quickly. All of this creates a sustainable, scalable foundation for future languages and documentation growth.\n\nLearn more about all the technical details in our [GitLab Product Documentation Handbook page](https://handbook.gitlab.com/handbook/marketing/localization/tech_docs_localization/).\n\n## Visit our Japanese docs site\n\nWhether you're a longtime GitLab user or just getting started, we hope this localized documentation makes your DevSecOps journey smoother and more accessible.\n\nThis is just the beginning of our localization efforts, and your feedback is invaluable in helping us improve. If you notice any translation issues, have suggestions for improvement, or simply want to share your experience using the Japanese documentation, please don't hesitate to reach out. You can provide comments in our [feedback issue](https://gitlab.com/gitlab-com/localization/docs-site-localization/-/work_items/782).\n\nAs we continue evolving this localization infrastructure, our immediate priorities include enhancing the search experience for Japanese users, and accelerating our continuous localization workflow to minimize the time gap between English updates and their Japanese translations. Thank you to our Japanese community for your continued support and patience as we work to serve you better. We're committed to making GitLab the best DevSecOps platform for Japanese teams, and comprehensive Japanese documentation is a crucial step in that journey.\n\n> Start exploring today at [docs.gitlab.com/ja-jp](https://docs.gitlab.com/ja-jp)!",[739,9],"product",{"featured":26,"template":13,"slug":741},"how-we-built-and-automated-our-new-japanese-gitlab-docs-site",{"promotions":743},[744,758,769],{"id":745,"categories":746,"header":748,"text":749,"button":750,"image":755},"ai-modernization",[747],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":751,"config":752},"Get your AI maturity score",{"href":753,"dataGaName":754,"dataGaLocation":240},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":756},{"src":757},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":759,"categories":760,"header":761,"text":749,"button":762,"image":766},"devops-modernization",[739,556],"Are you just managing tools or shipping innovation?",{"text":763,"config":764},"Get your DevOps maturity score",{"href":765,"dataGaName":754,"dataGaLocation":240},"/assessments/devops-modernization-assessment/",{"config":767},{"src":768},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":770,"categories":771,"header":773,"text":749,"button":774,"image":778},"security-modernization",[772],"security","Are you trading speed for security?",{"text":775,"config":776},"Get your security maturity score",{"href":777,"dataGaName":754,"dataGaLocation":240},"/assessments/security-modernization-assessment/",{"config":779},{"src":780},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":782,"blurb":783,"button":784,"secondaryButton":789},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":785,"config":786},"Get your free trial",{"href":787,"dataGaName":47,"dataGaLocation":788},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":492,"config":790},{"href":51,"dataGaName":52,"dataGaLocation":788},1772652064497]