[{"data":1,"prerenderedAt":830},["ShallowReactive",2],{"/en-us/security/hardening":3,"navigation-en-us":179,"banner-en-us":578,"footer-en-us":588},{"id":4,"title":5,"body":6,"category":6,"config":6,"content":7,"description":6,"extension":172,"meta":173,"navigation":18,"path":174,"seo":175,"slug":6,"stem":177,"testContent":6,"type":6,"__hash__":178},"pages/en-us/security/hardening.yml","Hardening",null,[8,15],{"componentName":9,"componentContent":10},"CommonSingleColumnHero",{"title":11,"image":12},"Security - Hardening Your GitLab Instance",{"config":13},{"src":14},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751663599/yij1oln6vfso0rwafeij.svg",{"componentName":16,"componentContent":17},"CommonSideNavigationWithTree",{"alwaysExpanded":18,"config":19,"anchors":20,"components":156},true,{"noMargin":18},{"text":21,"data":22},"On this page",[23,56],{"text":24,"config":25,"nodes":27},"GitLab Self-Managed Hardening",{"href":26},"#gitlab-self-managed-hardening",[28,32,36,40,44,48,52],{"text":29,"config":30},"Enable multi-factor authentication",{"href":31},"#enable-multi-factor-authentication",{"text":33,"config":34},"Enforce additional sign-up checks",{"href":35},"#enforce-additional-sign-up-checks",{"text":37,"config":38},"Limit public visibility of your groups and projects",{"href":39},"#limit-public-visibility-of-your-groups-and-projects",{"text":41,"config":42},"Harden your SSH settings",{"href":43},"#harden-your-ssh-settings",{"text":45,"config":46},"Review the account and limit settings",{"href":47},"#review-the-account-and-limit-settings",{"text":49,"config":50},"Secure your CI secrets",{"href":51},"#secure-your-ci-secrets",{"text":53,"config":54},"Protect your pipelines for all branches",{"href":55},"#protect-your-pipelines-for-all-branches",{"text":57,"config":58,"nodes":60},"GitLab.com Hardening (Ultimate Tier)",{"href":59},"#gitlabcom-hardening-ultimate-tier",[61,92,96,100,104,134,152],{"text":62,"config":63,"nodes":65},"Group settings",{"href":64},"#group-settings",[66,83],{"text":67,"config":68,"nodes":70},"General settings",{"href":69},"#general-settings",[71,75,79],{"text":72,"config":73},"Make the group visibility level private",{"href":74},"#make-the-group-visibility-level-private",{"text":76,"config":77},"Permissions and group features",{"href":78},"#permissions-and-group-features",{"text":80,"config":81},"Merge request approvals",{"href":82},"#merge-request-approvals",{"text":84,"config":85,"nodes":87},"SAML SSO",{"href":86},"#saml-sso",[88],{"text":89,"config":90},"To configure SAML SSO:",{"href":91},"#to-configure-saml-sso",{"text":93,"config":94},"Group auditing and compliance",{"href":95},"#group-auditing-and-compliance",{"text":97,"config":98},"Group-level push rules",{"href":99},"#group-level-push-rules",{"text":101,"config":102},"CI/CD",{"href":103},"#cicd",{"text":105,"config":106,"nodes":108},"Project settings",{"href":107},"#project-settings",[109,113,121],{"text":110,"config":111},"Repository",{"href":112},"#repository",{"text":101,"config":114,"nodes":116},{"href":115},"#cicd-1",[117],{"text":118,"config":119},"General",{"href":120},"#general",{"text":122,"config":123,"nodes":125},"Protected environments",{"href":124},"#protected-environments",[126,130],{"text":127,"config":128},"Token access",{"href":129},"#token-access",{"text":131,"config":132},"Secure files",{"href":133},"#secure-files",{"text":135,"config":136,"nodes":138},"Project-level security testing and compliance",{"href":137},"#project-level-security-testing-and-compliance",[139],{"text":140,"config":141,"nodes":143},"Configuration",{"href":142},"#configuration",[144,148],{"text":145,"config":146},"Security testing",{"href":147},"#security-testing",{"text":149,"config":150},"Policies",{"href":151},"#policies",{"text":153,"config":154},"Additional Resources",{"href":155},"#additional-resources",[157,162,167],{"componentName":158,"componentContent":159},"CommonCopy",{"text":160,"config":161},"Every customers' deployment and configuration of GitLab is unique. The security settings that you configure will vary greatly depending on your use case, risk assessment, and your environment.\n\nHow does one get started? GitLab has you covered! We have a lot of [information on security settings](https://docs.gitlab.com/ee/security/) for both GitLab SaaS and GitLab Self-Managed instances in our Docs pages. Our Docs pages also offer a wealth of [hardening recommendations](https://docs.gitlab.com/ee/security/hardening.html) for self-managed instances, and many of these settings apply to GitLab SaaS instances as well.\n\nLooking for a consolidated list of hardening recommendations? Use the links below to view our quick-access hardening guides for GitLab Self-Managed and GitLab SaaS instances.\n\n  - [GitLab Self-Managed](#gitlab-self-managed-hardening)\n  - [GitLab.com](#gitlabcom-hardening-ultimate-tier)\n",{"noDecoration":18},{"componentName":158,"componentContent":163},{"title":24,"config":164,"text":166},{"id":165},"gitlab-self-managed-hardening","### Enable multi-factor authentication{id=enable-multi-factor-authentication}\n\n**Admin > Settings > General > Sign-in restrictions**\n\n  - Ensure that the checkbox next to Two-factor authentication (2FA) is checked. The default setting for Two-factor grace period is 48 hours. Adjust it to a lower value, such as 8 hours.\n  - Ensure the checkbox next to Enable admin mode is checked so that Admin Mode is active. Users with Admin access will have to use additional authentication to perform administrative tasks. With 2FA enabled, this will require additional 2FA authentication by the user.\n  - For more detailed information, refer to the documentation on [sign-in restrictions](https://docs.gitlab.com/ee/administration/settings/sign_in_restrictions.html).\n\n### Enforce additional sign-up checks{id=enforce-additional-sign-up-checks}\n\n**Admin > Settings > General > Sign-up restrictions**\n\n  - Next to Sign-up enabled ensure the checkbox is unchecked.\n  - Under Email confirmation settings ensure that Hard is selected. This will require the user to verify their email address during the sign-up process before their account is allowed access.\n  - The Minimum password length (number of characters) default setting of 12 characters is fine if additional authentication techniques are enforced. Options available for password complexity include Require numbers, Require uppercase letters, Require lowercase letters, and Require symbols. Check these boxes depending on your internal password standard (also check out [NIST SP 800-63B](https://pages.nist.gov/800-63-3/sp800-63b.html)).\n  - If all users' email addresses are under a single domain (e.g., example.com), consider adding it to the Allowed domains for sign-ups. This will prevent those with email addresses associated with other domains from signing up. For more detailed information, refer to the documentation on [sign-up restrictions](https://docs.gitlab.com/ee/administration/settings/sign_up_restrictions.html).\n\n### Limit public visibility of your groups and projects{id=limit-public-visibility-of-your-groups-and-projects}\n\n**Admin > Settings > General > Visibility and access control**\n\n  - The Default project visibility and Default group visibility for any newly created project or group should be set to Private by default. Only users that are granted specific access to a project or group will be able to access these resources. This can be adjusted later if necessary or when creating a new project or group. This ensures the default mode is secure to prevent accidental disclosure of information.\n  - For more details on Visibility and access control [refer to the documentation](https://docs.gitlab.com/ee/administration/settings/visibility_and_access_controls.html).\n\n**Admin > Settings > General > Visibility and access control**\n\n### Harden your SSH settings{id=harden-your-ssh-settings}\n\nTypically, under Enabled Git access protocols it will be set to Both SSH and HTTP(S). If one of the Git protocols is not in use by your users, set it to either Only SSH or Only HTTP(S) accordingly. This will reduce the attack surface by limiting possibilities of compromise through an unused protocol. For SSH key types, the most recommended algorithms to use are, in order:\n\n  1. ED25519\n  2. RSA\n  3. ECDSA\n\nWhen configuring default types and lengths for SSH keys, keep in mind the list above.\nSpecific details on SSH settings can be found [here](https://docs.gitlab.com/ee/security/ssh_keys_restrictions.html) and [here](https://docs.gitlab.com/ee/administration/settings/visibility_and_access_controls.html#configure-enabled-git-access-protocols) for Git Access protocols.\n\n### Review the account and limit settings{id=review-the-account-and-limit-settings}\n\n**Admin > Settings > General > Account and limit settings**\n\n  - This section allows you to limit the size of attachments, pushes, exports, imports, or repositories. As the specific size (in MB) will be tailored to your needs, review these settings and set limits in line with your internal policies. Session duration for users (in minutes) and lifetime of SSH keys and all access tokens (in days) can also be configured. Ensure the durations are in accordance with your internal policies and security best practices.\n  - Review the [documentation](https://docs.gitlab.com/ee/administration/settings/account_and_limit_settings.html) and apply changes that enforce your own policies.\n\n### Secure your CI secrets{id=secure-your-ci-secrets}\n\n**Admin > Settings > CI**\n\n  - Passwords, tokens, keys, and other secrets that require any level of protection should never be stored in plaintext. Instead, some type of encrypted container technology (Secrets Manager) should be implemented, such as GCP's Secret Manager, AWS Key Management Service (KMS), or HashiCorp Vault. For self-managed and standalone instances, HashiCorp Vault is recommended, and many GitLab features can take advantage of Vault and are well described in the [documentation](https://docs.gitlab.com/search/?query=vault).\n  - For external communications, ensure any connectivity with external hosts in your CI/CD process is using encrypted channels. The use of TLS 1.2 or above is highly recommended and where possible mutual TLS will help things considerably. For details on the use of external secrets for your CI/CD pipeline, check herefor actual examples and configuration guides.\n\n### Protect your pipelines for all branches{id=protect-your-pipelines-for-all-branches}\n\n**Admin > Settings > CI**\n\n  - Pipelines are a part of jobs that execute steps in stages to automate tasks on behalf of the users of a project. They are a central component of CI/CD. By default, only the default branch gets a protected pipeline. Configure your other branches with the same level of security by following [these simple steps](https://docs.gitlab.com/ee/user/project/repository/branches/protected.html#configure-a-protected-branch). This considerably hardens your pipelines.\n  - The security features enabled by default on protected pipelines are listed in our [documentation](https://docs.gitlab.com/ee/ci/pipelines/#pipeline-security-on-protected-branches).\n  - Once the pipeline has run, the code will be deployed in an environment. To limit interactions with that environment and to protect it from unauthorized users, you can set your key environments as protected.\n  - Prerequisites and full process are available in the [documentation](https://docs.gitlab.com/ee/ci/environments/protected_environments.html).\n",{"componentName":158,"componentContent":168},{"title":57,"config":169,"text":171},{"id":170},"gitlabcom-hardening-ultimate-tier","### Group Settings{id=group-settings}\n\n#### General Settings{id=general-settings}\n\nIn the top-level group, the following settings should be applied to provide the best security for the code within that group:\n\n##### Make the group visibility level private\nThis is likely the most important setting among general settings. By marking the group “private\", anyone who is not explicitly a member of the group will not be able to access it. Additionally, by making the top-level group private, all subgroups and projects will also be private and cannot be exposed.\n\n##### Permissions and group features{id=permissions-and-group-features}\n\nUnder permissions:\n\n  - Set “Prevent members from sending invitations to outside groups”. This will prevent accidentally adding people who should not belong to the group.\n  - Set “Prevent sharing a project with other groups”. This prevents accidental or malicious exfiltration of code by sharing or moving a project to another group outside the control of the top-level group owner.\n  - Allow project and group access token creation. Project and group access tokens are much like [personal access tokens](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with the following improvements:\n    - They are visible to and manageable by group owners and maintainers, which means they can be revoked and have expiration dates set by an administrator to limit the opportunity for abuse.\n    - They create a virtual “bot” user that does not count against your license count.\n  - Enable [delayed project deletion](/blog/delayed-deletion/). This will give you a seven-day grace period to catch and prevent accidental or malicious removal of a repo. GitLab.com, like self-managed GitLab, does not have the ability to restore an individual project without significant expense for professional services.\n  - Allowlist the Classless Inter-Domain Routing (CIDR) or supernetting from which users should be accessing the code.\n  - Restrict membership to only those email domains belonging to your organization and contractors.\n  - Restrict creation of subgroups to Owners. This will help keep the structure of the top-level group within your policies and make [SAML Group Sync](https://docs.gitlab.com/ee/user/group/saml_sso/group_sync.html) for membership easier to manage.\n  - Block forking projects outside of this group hierarchy. This will help prevent code exfiltration.\n  - Require [two-factor authentication](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html). This disables the ability to use password authentication with Git over HTTPS.\n  - Disallow adding new members to projects within this group. All members must be inherited from the group.\n\n##### Merge request approvals{id=merge-request-approvals}\n\n[Merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/) help prevent injection of malicious code into the repository by having people other than the author review them. Enable merge request approvals for all projects in your group to:\n\n  - Prevent approval by authors.\n  - Prevent approvals by users who add commits.\n  - Prevent editing approval rules in projects and on individual merge requests.\n\n#### SAML SSO{id=saml-sso}\n\nTo more tightly control who can access your code in GitLab.com, set up SAML SSO. This will ensure that everyone who accesses it is approved by someone in authority.\n\n##### To configure SAML SSO:{id=to-configure-saml-sso}\n\n  - Enable SAML authentication for this group.\n  - Enforce SSO-only authentication for web activity for this group.\n  - Enforce SSO-only authentication for Git and Dependency Proxy activity for this group.\n  - Set the Default membership role to Minimal Access. Roles can be increased as needed in subgroups or individual projects, minimal access prevents any visibility to projects or subgroups where the user is not explicitly granted another role.\n  - Tightly control access to the Maintainer and Owner roles; every developer does not need to have a Maintainer role.\n\n### Group auditing and compliance{id=group-auditing-and-compliance}\n\nRegularly and periodically review the [compliance reports](https://docs.gitlab.com/ee/user/compliance/compliance_report/) to verify who is approving merge requests and what MRs are getting approved.\n\nSet up streaming group audit events to your corporate security information and event management (SIEM) system and monitor them for unusual activity. This needs to be repeated for each group and project in the hierarchy to get the maximum number of audit events.\n\n### Group-level push rules{id=group-level-push-rules}\n\nSetting restrictive push rules at the group level will help ensure malicious code is not injected into the repository:\n\n  - Require committers be verified.\n  - Reject unsigned commits.\n  - Ensure the commit author is a GitLab user.\n  - Prevent pushing secret files.\n  - Require commit author’s email to be from your email domain.\n\n### CI/CD{id=cicd}\n\nThe following settings can help insure the integrity of [CI/CD](/topics/ci-cd/) pipelines and reduce the opportunities for abuse and malice:\n\n  Register runners at the lowest practical level to reduce the blast radius of any malicious use.\n  Require tags to use all runners to reduce the opportunity for abuse.\n  Define CI/CD variables – especially if they contain secrets – at the lowest practical level to reduce the blast radius of any malicious use.\n  Use protected runners with protected variables and protected branches to significantly limit who can deploy into production environments or misuse cloud resources.\n  [Mask and hide](https://docs.gitlab.com/ci/variables/#hide-a-cicd-variable) sensitive CI/CD variables.\n  Access to change the .gitlab-ci.yml pipeline definition file should be tightly controlled in all repos through the CODEOWNERS file to prevent malicious use of the CI/CD system.\n\n### Project settings{project-settings}\n\nSome settings do not cascade down from the group or are not available at the group level and must be set on individual projects instead. These include some repo-specific settings.\n\n#### Repository{id=repository}\n\nSet up protected branches and protected tags to go along with the CI/CD settings defined above.\n\n#### CI/CD{id=cicd-1}\n\n##### General{id=general}\n\n  - Disable public pipelines.\n  - Use separate caches for protected branches.\n\n#### Protected environments{id=protected-environments}\n\nUse protected environments and tightly limit who can deploy and require approvals for deploying.\n\n##### Token access{id=token-access}\n\nRestrict access to this project’s CI_JOB_TOKEN to only individual projects to ensure malicious projects to not retrieve the token and use it to access the API.\n\n##### Secure files{id=secure-files}\n\nStore keystores, provisioning profiles and signing certificates in the Secure Files storage rather than the repository.\n\n### Project-level security testing and compliance{id=project-level-security-testing-and-compliance}\n\n#### Configuration{id=configuration}\n\n##### Security testing{id=security-testing}\n\n  - Enable static application security testing [SAST](https://docs.gitlab.com/ee/user/application_security/sast/) to help prevent insertion of malicious code into the application.\n  - Enable dependency scanning and regularly review the dependency list or software, or software bill of materials ([SBOM](/blog/the-ultimate-guide-to-sboms/)), generated by dependency scanning for vulnerabilities and malicious components.\n  - Enable [container scanning](https://docs.gitlab.com/ee/user/application_security/container_scanning/) and cluster image scanning.\n\n##### Policies{id=policies}\n\nAs an alternative to the security testing section above, you may choose to enable scan execution policies. Enable [test scan result policies](https://docs.gitlab.com/ee/user/application_security/policies/scan-result-policies.html) to prevent merging code with critical vulnerabilities.\n\nFollowing these best practices will help ensure that your code hosted on GitLab.com is safe from tampering and [public exposure](https://www.engadget.com/okta-stolen-source-code-205601214.html) and that your software supply chain is secure and only authorized users are accessing your software assets.\n\n### Additional Resources{id=additional-resources}\n\n  - If you want to learn more about how we do security **at GitLab**, review the [security section](https://handbook.gitlab.com/handbook/security/) of the handbook.\n  - [Group level settings documentation](https://docs.gitlab.com/ee/user/group/)\n  - [Project level settings documentation](https://docs.gitlab.com/ee/user/project/settings/)\n","yml",{},"/en-us/security/hardening",{"title":11,"description":176},"We designed this Hardening page to serve as a starting point for those interested in hardening a GitLab instance to help improve security","en-us/security/hardening","1Q3iwfFpRxROkQhAg8B4MFZLT4_eVSpA6AW5XVdlfWU",{"data":180},{"logo":181,"freeTrial":186,"sales":191,"login":196,"items":201,"search":508,"minimal":539,"duo":558,"pricingDeployment":568},{"config":182},{"href":183,"dataGaName":184,"dataGaLocation":185},"/","gitlab logo","header",{"text":187,"config":188},"Get free trial",{"href":189,"dataGaName":190,"dataGaLocation":185},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":192,"config":193},"Talk to sales",{"href":194,"dataGaName":195,"dataGaLocation":185},"/sales/","sales",{"text":197,"config":198},"Sign in",{"href":199,"dataGaName":200,"dataGaLocation":185},"https://gitlab.com/users/sign_in/","sign in",[202,229,323,328,429,489],{"text":203,"config":204,"cards":206},"Platform",{"dataNavLevelOne":205},"platform",[207,213,221],{"title":203,"description":208,"link":209},"The intelligent orchestration platform for DevSecOps",{"text":210,"config":211},"Explore our Platform",{"href":212,"dataGaName":205,"dataGaLocation":185},"/platform/",{"title":214,"description":215,"link":216},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":217,"config":218},"Meet GitLab Duo",{"href":219,"dataGaName":220,"dataGaLocation":185},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":222,"description":223,"link":224},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":225,"config":226},"Learn more",{"href":227,"dataGaName":228,"dataGaLocation":185},"/why-gitlab/","why gitlab",{"text":230,"left":18,"config":231,"link":233,"lists":237,"footer":305},"Product",{"dataNavLevelOne":232},"solutions",{"text":234,"config":235},"View all Solutions",{"href":236,"dataGaName":232,"dataGaLocation":185},"/solutions/",[238,261,284],{"title":239,"description":240,"link":241,"items":246},"Automation","CI/CD and automation to accelerate deployment",{"config":242},{"icon":243,"href":244,"dataGaName":245,"dataGaLocation":185},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[247,250,253,257],{"text":101,"config":248},{"href":249,"dataGaLocation":185,"dataGaName":101},"/solutions/continuous-integration/",{"text":214,"config":251},{"href":219,"dataGaLocation":185,"dataGaName":252},"gitlab duo agent platform - product menu",{"text":254,"config":255},"Source Code Management",{"href":256,"dataGaLocation":185,"dataGaName":254},"/solutions/source-code-management/",{"text":258,"config":259},"Automated Software Delivery",{"href":244,"dataGaLocation":185,"dataGaName":260},"Automated software delivery",{"title":262,"description":263,"link":264,"items":269},"Security","Deliver code faster without compromising security",{"config":265},{"href":266,"dataGaName":267,"dataGaLocation":185,"icon":268},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[270,274,279],{"text":271,"config":272},"Application Security Testing",{"href":266,"dataGaName":273,"dataGaLocation":185},"Application security testing",{"text":275,"config":276},"Software Supply Chain Security",{"href":277,"dataGaLocation":185,"dataGaName":278},"/solutions/supply-chain/","Software supply chain security",{"text":280,"config":281},"Software Compliance",{"href":282,"dataGaName":283,"dataGaLocation":185},"/solutions/software-compliance/","software compliance",{"title":285,"link":286,"items":291},"Measurement",{"config":287},{"icon":288,"href":289,"dataGaName":290,"dataGaLocation":185},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[292,296,300],{"text":293,"config":294},"Visibility & Measurement",{"href":289,"dataGaLocation":185,"dataGaName":295},"Visibility and Measurement",{"text":297,"config":298},"Value Stream Management",{"href":299,"dataGaLocation":185,"dataGaName":297},"/solutions/value-stream-management/",{"text":301,"config":302},"Analytics & Insights",{"href":303,"dataGaLocation":185,"dataGaName":304},"/solutions/analytics-and-insights/","Analytics and insights",{"title":306,"items":307},"GitLab for",[308,313,318],{"text":309,"config":310},"Enterprise",{"href":311,"dataGaLocation":185,"dataGaName":312},"/enterprise/","enterprise",{"text":314,"config":315},"Small Business",{"href":316,"dataGaLocation":185,"dataGaName":317},"/small-business/","small business",{"text":319,"config":320},"Public Sector",{"href":321,"dataGaLocation":185,"dataGaName":322},"/solutions/public-sector/","public sector",{"text":324,"config":325},"Pricing",{"href":326,"dataGaName":327,"dataGaLocation":185,"dataNavLevelOne":327},"/pricing/","pricing",{"text":329,"config":330,"link":332,"lists":336,"feature":416},"Resources",{"dataNavLevelOne":331},"resources",{"text":333,"config":334},"View all resources",{"href":335,"dataGaName":331,"dataGaLocation":185},"/resources/",[337,370,388],{"title":338,"items":339},"Getting started",[340,345,350,355,360,365],{"text":341,"config":342},"Install",{"href":343,"dataGaName":344,"dataGaLocation":185},"/install/","install",{"text":346,"config":347},"Quick start guides",{"href":348,"dataGaName":349,"dataGaLocation":185},"/get-started/","quick setup checklists",{"text":351,"config":352},"Learn",{"href":353,"dataGaLocation":185,"dataGaName":354},"https://university.gitlab.com/","learn",{"text":356,"config":357},"Product documentation",{"href":358,"dataGaName":359,"dataGaLocation":185},"https://docs.gitlab.com/","product documentation",{"text":361,"config":362},"Best practice videos",{"href":363,"dataGaName":364,"dataGaLocation":185},"/getting-started-videos/","best practice videos",{"text":366,"config":367},"Integrations",{"href":368,"dataGaName":369,"dataGaLocation":185},"/integrations/","integrations",{"title":371,"items":372},"Discover",[373,378,383],{"text":374,"config":375},"Customer success stories",{"href":376,"dataGaName":377,"dataGaLocation":185},"/customers/","customer success stories",{"text":379,"config":380},"Blog",{"href":381,"dataGaName":382,"dataGaLocation":185},"/blog/","blog",{"text":384,"config":385},"Remote",{"href":386,"dataGaName":387,"dataGaLocation":185},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":389,"items":390},"Connect",[391,396,401,406,411],{"text":392,"config":393},"GitLab Services",{"href":394,"dataGaName":395,"dataGaLocation":185},"/services/","services",{"text":397,"config":398},"Community",{"href":399,"dataGaName":400,"dataGaLocation":185},"/community/","community",{"text":402,"config":403},"Forum",{"href":404,"dataGaName":405,"dataGaLocation":185},"https://forum.gitlab.com/","forum",{"text":407,"config":408},"Events",{"href":409,"dataGaName":410,"dataGaLocation":185},"/events/","events",{"text":412,"config":413},"Partners",{"href":414,"dataGaName":415,"dataGaLocation":185},"/partners/","partners",{"backgroundColor":417,"textColor":418,"text":419,"image":420,"link":424},"#2f2a6b","#fff","Insights for the future of software development",{"altText":421,"config":422},"the source promo card",{"src":423},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":425,"config":426},"Read the latest",{"href":427,"dataGaName":428,"dataGaLocation":185},"/the-source/","the source",{"text":430,"config":431,"lists":433},"Company",{"dataNavLevelOne":432},"company",[434],{"items":435},[436,441,447,449,454,459,464,469,474,479,484],{"text":437,"config":438},"About",{"href":439,"dataGaName":440,"dataGaLocation":185},"/company/","about",{"text":442,"config":443,"footerGa":446},"Jobs",{"href":444,"dataGaName":445,"dataGaLocation":185},"/jobs/","jobs",{"dataGaName":445},{"text":407,"config":448},{"href":409,"dataGaName":410,"dataGaLocation":185},{"text":450,"config":451},"Leadership",{"href":452,"dataGaName":453,"dataGaLocation":185},"/company/team/e-group/","leadership",{"text":455,"config":456},"Team",{"href":457,"dataGaName":458,"dataGaLocation":185},"/company/team/","team",{"text":460,"config":461},"Handbook",{"href":462,"dataGaName":463,"dataGaLocation":185},"https://handbook.gitlab.com/","handbook",{"text":465,"config":466},"Investor relations",{"href":467,"dataGaName":468,"dataGaLocation":185},"https://ir.gitlab.com/","investor relations",{"text":470,"config":471},"Trust Center",{"href":472,"dataGaName":473,"dataGaLocation":185},"/security/","trust center",{"text":475,"config":476},"AI Transparency Center",{"href":477,"dataGaName":478,"dataGaLocation":185},"/ai-transparency-center/","ai transparency center",{"text":480,"config":481},"Newsletter",{"href":482,"dataGaName":483,"dataGaLocation":185},"/company/contact/#contact-forms","newsletter",{"text":485,"config":486},"Press",{"href":487,"dataGaName":488,"dataGaLocation":185},"/press/","press",{"text":490,"config":491,"lists":492},"Contact us",{"dataNavLevelOne":432},[493],{"items":494},[495,498,503],{"text":192,"config":496},{"href":194,"dataGaName":497,"dataGaLocation":185},"talk to sales",{"text":499,"config":500},"Support portal",{"href":501,"dataGaName":502,"dataGaLocation":185},"https://support.gitlab.com","support portal",{"text":504,"config":505},"Customer portal",{"href":506,"dataGaName":507,"dataGaLocation":185},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":509,"login":510,"suggestions":517},"Close",{"text":511,"link":512},"To search repositories and projects, login to",{"text":513,"config":514},"gitlab.com",{"href":199,"dataGaName":515,"dataGaLocation":516},"search login","search",{"text":518,"default":519},"Suggestions",[520,522,526,528,532,536],{"text":214,"config":521},{"href":219,"dataGaName":214,"dataGaLocation":516},{"text":523,"config":524},"Code Suggestions (AI)",{"href":525,"dataGaName":523,"dataGaLocation":516},"/solutions/code-suggestions/",{"text":101,"config":527},{"href":249,"dataGaName":101,"dataGaLocation":516},{"text":529,"config":530},"GitLab on AWS",{"href":531,"dataGaName":529,"dataGaLocation":516},"/partners/technology-partners/aws/",{"text":533,"config":534},"GitLab on Google Cloud",{"href":535,"dataGaName":533,"dataGaLocation":516},"/partners/technology-partners/google-cloud-platform/",{"text":537,"config":538},"Why GitLab?",{"href":227,"dataGaName":537,"dataGaLocation":516},{"freeTrial":540,"mobileIcon":545,"desktopIcon":550,"secondaryButton":553},{"text":541,"config":542},"Start free trial",{"href":543,"dataGaName":190,"dataGaLocation":544},"https://gitlab.com/-/trials/new/","nav",{"altText":546,"config":547},"Gitlab Icon",{"src":548,"dataGaName":549,"dataGaLocation":544},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":546,"config":551},{"src":552,"dataGaName":549,"dataGaLocation":544},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":554,"config":555},"Get Started",{"href":556,"dataGaName":557,"dataGaLocation":544},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":559,"mobileIcon":564,"desktopIcon":566},{"text":560,"config":561},"Learn more about GitLab Duo",{"href":562,"dataGaName":563,"dataGaLocation":544},"/gitlab-duo/","gitlab duo",{"altText":546,"config":565},{"src":548,"dataGaName":549,"dataGaLocation":544},{"altText":546,"config":567},{"src":552,"dataGaName":549,"dataGaLocation":544},{"freeTrial":569,"mobileIcon":574,"desktopIcon":576},{"text":570,"config":571},"Back to pricing",{"href":326,"dataGaName":572,"dataGaLocation":544,"icon":573},"back to pricing","GoBack",{"altText":546,"config":575},{"src":548,"dataGaName":549,"dataGaLocation":544},{"altText":546,"config":577},{"src":552,"dataGaName":549,"dataGaLocation":544},{"title":579,"button":580,"config":585},"See how agentic AI transforms software delivery",{"text":581,"config":582},"Watch GitLab Transcend now",{"href":583,"dataGaName":584,"dataGaLocation":185},"/events/transcend/virtual/","transcend event",{"layout":586,"icon":587},"release","AiStar",{"data":589},{"text":590,"source":591,"edit":597,"contribute":602,"config":607,"items":612,"minimal":819},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":592,"config":593},"View page source",{"href":594,"dataGaName":595,"dataGaLocation":596},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":598,"config":599},"Edit this page",{"href":600,"dataGaName":601,"dataGaLocation":596},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":603,"config":604},"Please contribute",{"href":605,"dataGaName":606,"dataGaLocation":596},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":608,"facebook":609,"youtube":610,"linkedin":611},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[613,660,714,758,785],{"title":324,"links":614,"subMenu":629},[615,619,624],{"text":616,"config":617},"View plans",{"href":326,"dataGaName":618,"dataGaLocation":596},"view plans",{"text":620,"config":621},"Why Premium?",{"href":622,"dataGaName":623,"dataGaLocation":596},"/pricing/premium/","why premium",{"text":625,"config":626},"Why Ultimate?",{"href":627,"dataGaName":628,"dataGaLocation":596},"/pricing/ultimate/","why ultimate",[630],{"title":631,"links":632},"Contact Us",[633,636,638,640,645,650,655],{"text":634,"config":635},"Contact sales",{"href":194,"dataGaName":195,"dataGaLocation":596},{"text":499,"config":637},{"href":501,"dataGaName":502,"dataGaLocation":596},{"text":504,"config":639},{"href":506,"dataGaName":507,"dataGaLocation":596},{"text":641,"config":642},"Status",{"href":643,"dataGaName":644,"dataGaLocation":596},"https://status.gitlab.com/","status",{"text":646,"config":647},"Terms of use",{"href":648,"dataGaName":649,"dataGaLocation":596},"/terms/","terms of use",{"text":651,"config":652},"Privacy statement",{"href":653,"dataGaName":654,"dataGaLocation":596},"/privacy/","privacy statement",{"text":656,"config":657},"Cookie preferences",{"dataGaName":658,"dataGaLocation":596,"id":659,"isOneTrustButton":18},"cookie preferences","ot-sdk-btn",{"title":230,"links":661,"subMenu":670},[662,666],{"text":663,"config":664},"DevSecOps platform",{"href":212,"dataGaName":665,"dataGaLocation":596},"devsecops platform",{"text":667,"config":668},"AI-Assisted Development",{"href":562,"dataGaName":669,"dataGaLocation":596},"ai-assisted development",[671],{"title":672,"links":673},"Topics",[674,679,684,689,694,699,704,709],{"text":675,"config":676},"CICD",{"href":677,"dataGaName":678,"dataGaLocation":596},"/topics/ci-cd/","cicd",{"text":680,"config":681},"GitOps",{"href":682,"dataGaName":683,"dataGaLocation":596},"/topics/gitops/","gitops",{"text":685,"config":686},"DevOps",{"href":687,"dataGaName":688,"dataGaLocation":596},"/topics/devops/","devops",{"text":690,"config":691},"Version Control",{"href":692,"dataGaName":693,"dataGaLocation":596},"/topics/version-control/","version control",{"text":695,"config":696},"DevSecOps",{"href":697,"dataGaName":698,"dataGaLocation":596},"/topics/devsecops/","devsecops",{"text":700,"config":701},"Cloud Native",{"href":702,"dataGaName":703,"dataGaLocation":596},"/topics/cloud-native/","cloud native",{"text":705,"config":706},"AI for Coding",{"href":707,"dataGaName":708,"dataGaLocation":596},"/topics/devops/ai-for-coding/","ai for coding",{"text":710,"config":711},"Agentic AI",{"href":712,"dataGaName":713,"dataGaLocation":596},"/topics/agentic-ai/","agentic ai",{"title":715,"links":716},"Solutions",[717,719,721,726,730,733,737,740,742,745,748,753],{"text":271,"config":718},{"href":266,"dataGaName":271,"dataGaLocation":596},{"text":260,"config":720},{"href":244,"dataGaName":245,"dataGaLocation":596},{"text":722,"config":723},"Agile development",{"href":724,"dataGaName":725,"dataGaLocation":596},"/solutions/agile-delivery/","agile delivery",{"text":727,"config":728},"SCM",{"href":256,"dataGaName":729,"dataGaLocation":596},"source code management",{"text":675,"config":731},{"href":249,"dataGaName":732,"dataGaLocation":596},"continuous integration & delivery",{"text":734,"config":735},"Value stream management",{"href":299,"dataGaName":736,"dataGaLocation":596},"value stream management",{"text":680,"config":738},{"href":739,"dataGaName":683,"dataGaLocation":596},"/solutions/gitops/",{"text":309,"config":741},{"href":311,"dataGaName":312,"dataGaLocation":596},{"text":743,"config":744},"Small business",{"href":316,"dataGaName":317,"dataGaLocation":596},{"text":746,"config":747},"Public sector",{"href":321,"dataGaName":322,"dataGaLocation":596},{"text":749,"config":750},"Education",{"href":751,"dataGaName":752,"dataGaLocation":596},"/solutions/education/","education",{"text":754,"config":755},"Financial services",{"href":756,"dataGaName":757,"dataGaLocation":596},"/solutions/finance/","financial services",{"title":329,"links":759},[760,762,764,766,769,771,773,775,777,779,781,783],{"text":341,"config":761},{"href":343,"dataGaName":344,"dataGaLocation":596},{"text":346,"config":763},{"href":348,"dataGaName":349,"dataGaLocation":596},{"text":351,"config":765},{"href":353,"dataGaName":354,"dataGaLocation":596},{"text":356,"config":767},{"href":358,"dataGaName":768,"dataGaLocation":596},"docs",{"text":379,"config":770},{"href":381,"dataGaName":382,"dataGaLocation":596},{"text":374,"config":772},{"href":376,"dataGaName":377,"dataGaLocation":596},{"text":384,"config":774},{"href":386,"dataGaName":387,"dataGaLocation":596},{"text":392,"config":776},{"href":394,"dataGaName":395,"dataGaLocation":596},{"text":397,"config":778},{"href":399,"dataGaName":400,"dataGaLocation":596},{"text":402,"config":780},{"href":404,"dataGaName":405,"dataGaLocation":596},{"text":407,"config":782},{"href":409,"dataGaName":410,"dataGaLocation":596},{"text":412,"config":784},{"href":414,"dataGaName":415,"dataGaLocation":596},{"title":430,"links":786},[787,789,791,793,795,797,799,803,808,810,812,814],{"text":437,"config":788},{"href":439,"dataGaName":432,"dataGaLocation":596},{"text":442,"config":790},{"href":444,"dataGaName":445,"dataGaLocation":596},{"text":450,"config":792},{"href":452,"dataGaName":453,"dataGaLocation":596},{"text":455,"config":794},{"href":457,"dataGaName":458,"dataGaLocation":596},{"text":460,"config":796},{"href":462,"dataGaName":463,"dataGaLocation":596},{"text":465,"config":798},{"href":467,"dataGaName":468,"dataGaLocation":596},{"text":800,"config":801},"Sustainability",{"href":802,"dataGaName":800,"dataGaLocation":596},"/sustainability/",{"text":804,"config":805},"Diversity, inclusion and belonging (DIB)",{"href":806,"dataGaName":807,"dataGaLocation":596},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":470,"config":809},{"href":472,"dataGaName":473,"dataGaLocation":596},{"text":480,"config":811},{"href":482,"dataGaName":483,"dataGaLocation":596},{"text":485,"config":813},{"href":487,"dataGaName":488,"dataGaLocation":596},{"text":815,"config":816},"Modern Slavery Transparency Statement",{"href":817,"dataGaName":818,"dataGaLocation":596},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":820},[821,824,827],{"text":822,"config":823},"Terms",{"href":648,"dataGaName":649,"dataGaLocation":596},{"text":825,"config":826},"Cookies",{"dataGaName":658,"dataGaLocation":596,"id":659,"isOneTrustButton":18},{"text":828,"config":829},"Privacy",{"href":653,"dataGaName":654,"dataGaLocation":596},1772652089438]