[{"data":1,"prerenderedAt":482},["ShallowReactive",2],{"/en-us/the-source/authors/joshua-carroll":3,"footer-en-us":30,"the-source-banner-en-us":364,"the-source-navigation-en-us":370,"the-source-newsletter-en-us":393,"authors-en-us":400,"categories-en-us":439,"joshua-carroll-articles-list-en-us":440},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":19,"meta":20,"navigation":21,"path":22,"seo":23,"slug":26,"stem":27,"testContent":6,"type":28,"__hash__":29},"theSourceAuthors/en-us/the-source/authors/joshua-carroll.yml","Joshua Carroll",null,{"layout":8},"the-source",[10,17],{"type":11,"componentName":11,"componentContent":12},"TheSourceAuthorHero",{"name":5,"headshot":13,"role":16},{"altText":5,"config":14},{"src":15},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1762977591/urew8xbubllgxfi5zvce.png","Field CTO",{"type":18,"componentName":18},"TheSourceArticlesList","yml",{},true,"/en-us/the-source/authors/joshua-carroll",{"config":24,"title":5},{"noIndex":25},false,"joshua-carroll","en-us/the-source/authors/joshua-carroll","author","aOzvOOTnxN9z0d1befYPuzOYGiI3VGLqgx-mGA1puis",{"data":31},{"text":32,"source":33,"edit":39,"contribute":44,"config":49,"items":54,"minimal":353},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":34,"config":35},"View page source",{"href":36,"dataGaName":37,"dataGaLocation":38},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":40,"config":41},"Edit this page",{"href":42,"dataGaName":43,"dataGaLocation":38},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":45,"config":46},"Please contribute",{"href":47,"dataGaName":48,"dataGaLocation":38},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":50,"facebook":51,"youtube":52,"linkedin":53},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[55,112,169,228,291],{"title":56,"links":57,"subMenu":73},"Pricing",[58,63,68],{"text":59,"config":60},"View plans",{"href":61,"dataGaName":62,"dataGaLocation":38},"/pricing/","view plans",{"text":64,"config":65},"Why Premium?",{"href":66,"dataGaName":67,"dataGaLocation":38},"/pricing/premium/","why premium",{"text":69,"config":70},"Why Ultimate?",{"href":71,"dataGaName":72,"dataGaLocation":38},"/pricing/ultimate/","why ultimate",[74],{"title":75,"links":76},"Contact Us",[77,82,87,92,97,102,107],{"text":78,"config":79},"Contact sales",{"href":80,"dataGaName":81,"dataGaLocation":38},"/sales/","sales",{"text":83,"config":84},"Support portal",{"href":85,"dataGaName":86,"dataGaLocation":38},"https://support.gitlab.com","support portal",{"text":88,"config":89},"Customer portal",{"href":90,"dataGaName":91,"dataGaLocation":38},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":93,"config":94},"Status",{"href":95,"dataGaName":96,"dataGaLocation":38},"https://status.gitlab.com/","status",{"text":98,"config":99},"Terms of use",{"href":100,"dataGaName":101,"dataGaLocation":38},"/terms/","terms of use",{"text":103,"config":104},"Privacy statement",{"href":105,"dataGaName":106,"dataGaLocation":38},"/privacy/","privacy statement",{"text":108,"config":109},"Cookie preferences",{"dataGaName":110,"dataGaLocation":38,"id":111,"isOneTrustButton":21},"cookie preferences","ot-sdk-btn",{"title":113,"links":114,"subMenu":125},"Product",[115,120],{"text":116,"config":117},"DevSecOps platform",{"href":118,"dataGaName":119,"dataGaLocation":38},"/platform/","devsecops platform",{"text":121,"config":122},"AI-Assisted Development",{"href":123,"dataGaName":124,"dataGaLocation":38},"/gitlab-duo/","ai-assisted development",[126],{"title":127,"links":128},"Topics",[129,134,139,144,149,154,159,164],{"text":130,"config":131},"CICD",{"href":132,"dataGaName":133,"dataGaLocation":38},"/topics/ci-cd/","cicd",{"text":135,"config":136},"GitOps",{"href":137,"dataGaName":138,"dataGaLocation":38},"/topics/gitops/","gitops",{"text":140,"config":141},"DevOps",{"href":142,"dataGaName":143,"dataGaLocation":38},"/topics/devops/","devops",{"text":145,"config":146},"Version Control",{"href":147,"dataGaName":148,"dataGaLocation":38},"/topics/version-control/","version control",{"text":150,"config":151},"DevSecOps",{"href":152,"dataGaName":153,"dataGaLocation":38},"/topics/devsecops/","devsecops",{"text":155,"config":156},"Cloud Native",{"href":157,"dataGaName":158,"dataGaLocation":38},"/topics/cloud-native/","cloud native",{"text":160,"config":161},"AI for Coding",{"href":162,"dataGaName":163,"dataGaLocation":38},"/topics/devops/ai-for-coding/","ai for coding",{"text":165,"config":166},"Agentic AI",{"href":167,"dataGaName":168,"dataGaLocation":38},"/topics/agentic-ai/","agentic ai",{"title":170,"links":171},"Solutions",[172,176,181,186,191,195,200,203,208,213,218,223],{"text":173,"config":174},"Application Security Testing",{"href":175,"dataGaName":173,"dataGaLocation":38},"/solutions/application-security-testing/",{"text":177,"config":178},"Automated software delivery",{"href":179,"dataGaName":180,"dataGaLocation":38},"/solutions/delivery-automation/","automated software delivery",{"text":182,"config":183},"Agile development",{"href":184,"dataGaName":185,"dataGaLocation":38},"/solutions/agile-delivery/","agile delivery",{"text":187,"config":188},"SCM",{"href":189,"dataGaName":190,"dataGaLocation":38},"/solutions/source-code-management/","source code management",{"text":130,"config":192},{"href":193,"dataGaName":194,"dataGaLocation":38},"/solutions/continuous-integration/","continuous integration & delivery",{"text":196,"config":197},"Value stream management",{"href":198,"dataGaName":199,"dataGaLocation":38},"/solutions/value-stream-management/","value stream management",{"text":135,"config":201},{"href":202,"dataGaName":138,"dataGaLocation":38},"/solutions/gitops/",{"text":204,"config":205},"Enterprise",{"href":206,"dataGaName":207,"dataGaLocation":38},"/enterprise/","enterprise",{"text":209,"config":210},"Small business",{"href":211,"dataGaName":212,"dataGaLocation":38},"/small-business/","small business",{"text":214,"config":215},"Public sector",{"href":216,"dataGaName":217,"dataGaLocation":38},"/solutions/public-sector/","public sector",{"text":219,"config":220},"Education",{"href":221,"dataGaName":222,"dataGaLocation":38},"/solutions/education/","education",{"text":224,"config":225},"Financial services",{"href":226,"dataGaName":227,"dataGaLocation":38},"/solutions/finance/","financial services",{"title":229,"links":230},"Resources",[231,236,241,246,251,256,261,266,271,276,281,286],{"text":232,"config":233},"Install",{"href":234,"dataGaName":235,"dataGaLocation":38},"/install/","install",{"text":237,"config":238},"Quick start guides",{"href":239,"dataGaName":240,"dataGaLocation":38},"/get-started/","quick setup checklists",{"text":242,"config":243},"Learn",{"href":244,"dataGaName":245,"dataGaLocation":38},"https://university.gitlab.com/","learn",{"text":247,"config":248},"Product documentation",{"href":249,"dataGaName":250,"dataGaLocation":38},"https://docs.gitlab.com/","docs",{"text":252,"config":253},"Blog",{"href":254,"dataGaName":255,"dataGaLocation":38},"/blog/","blog",{"text":257,"config":258},"Customer success stories",{"href":259,"dataGaName":260,"dataGaLocation":38},"/customers/","customer success stories",{"text":262,"config":263},"Remote",{"href":264,"dataGaName":265,"dataGaLocation":38},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":267,"config":268},"GitLab Services",{"href":269,"dataGaName":270,"dataGaLocation":38},"/services/","services",{"text":272,"config":273},"Community",{"href":274,"dataGaName":275,"dataGaLocation":38},"/community/","community",{"text":277,"config":278},"Forum",{"href":279,"dataGaName":280,"dataGaLocation":38},"https://forum.gitlab.com/","forum",{"text":282,"config":283},"Events",{"href":284,"dataGaName":285,"dataGaLocation":38},"/events/","events",{"text":287,"config":288},"Partners",{"href":289,"dataGaName":290,"dataGaLocation":38},"/partners/","partners",{"title":292,"links":293},"Company",[294,299,304,309,314,319,324,328,333,338,343,348],{"text":295,"config":296},"About",{"href":297,"dataGaName":298,"dataGaLocation":38},"/company/","company",{"text":300,"config":301},"Jobs",{"href":302,"dataGaName":303,"dataGaLocation":38},"/jobs/","jobs",{"text":305,"config":306},"Leadership",{"href":307,"dataGaName":308,"dataGaLocation":38},"/company/team/e-group/","leadership",{"text":310,"config":311},"Team",{"href":312,"dataGaName":313,"dataGaLocation":38},"/company/team/","team",{"text":315,"config":316},"Handbook",{"href":317,"dataGaName":318,"dataGaLocation":38},"https://handbook.gitlab.com/","handbook",{"text":320,"config":321},"Investor relations",{"href":322,"dataGaName":323,"dataGaLocation":38},"https://ir.gitlab.com/","investor relations",{"text":325,"config":326},"Sustainability",{"href":327,"dataGaName":325,"dataGaLocation":38},"/sustainability/",{"text":329,"config":330},"Diversity, inclusion and belonging (DIB)",{"href":331,"dataGaName":332,"dataGaLocation":38},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":334,"config":335},"Trust Center",{"href":336,"dataGaName":337,"dataGaLocation":38},"/security/","trust center",{"text":339,"config":340},"Newsletter",{"href":341,"dataGaName":342,"dataGaLocation":38},"/company/contact/#contact-forms","newsletter",{"text":344,"config":345},"Press",{"href":346,"dataGaName":347,"dataGaLocation":38},"/press/","press",{"text":349,"config":350},"Modern Slavery Transparency Statement",{"href":351,"dataGaName":352,"dataGaLocation":38},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":354},[355,358,361],{"text":356,"config":357},"Terms",{"href":100,"dataGaName":101,"dataGaLocation":38},{"text":359,"config":360},"Cookies",{"dataGaName":110,"dataGaLocation":38,"id":111,"isOneTrustButton":21},{"text":362,"config":363},"Privacy",{"href":105,"dataGaName":106,"dataGaLocation":38},{"visibility":21,"title":365,"button":366},"The Intelligent Software Development Era: How AI is reshaping DevSecOps teams",{"config":367,"text":369},{"href":368},"/developer-survey/","Get the research report",{"logo":371,"subscribeLink":376,"navItems":380},{"altText":372,"config":373},"the source logo",{"src":374,"href":375},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":377,"config":378},"Subscribe",{"href":379},"#subscribe",[381,385,389],{"text":382,"config":383},"Artificial Intelligence",{"href":384},"/the-source/ai/",{"text":386,"config":387},"Security & Compliance",{"href":388},"/the-source/security/",{"text":390,"config":391},"Platform & Infrastructure",{"href":392},"/the-source/platform/",{"title":394,"description":395,"submitMessage":396,"formData":397},"The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":398},{"formId":399,"formName":342,"hideRequiredLabel":21},1077,{"amanda-rueda":401,"andre-michael-braun":402,"andrew-haschka":403,"ayoub-fandi":404,"bob-stevens":405,"brian-wald":406,"bryan-ross":407,"chandler-gibbons":408,"cherry-han":409,"dave-steer":410,"ddesanto":411,"derek-debellis":412,"emilio-salvador":413,"erika-feldman":414,"george-kichukov":415,"gitlab":416,"grant-hickman":417,"haim-snir":418,"iganbaruch":419,"jason-morgan":420,"jessie-young":421,"jlongo":422,"joel-krooswyk":423,"josh-lemos":424,"joshua-carroll":5,"julie-griffin":425,"kristina-weis":426,"lee-faus":427,"marco-caronna":428,"michelle-gill":429,"nathen-harvey":430,"ncregan":431,"rob-smith":432,"rschulman":433,"sabrina-farmer":434,"sandra-gittlen":435,"sharon-gaudin":436,"stephen-walters":437,"taylor-mccaslin":438},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Cherry Han","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Jason Morgan","Jessie Young","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Marco Caronna","Michelle Gill","Nathen Harvey","Niall Cregan","Rob Smith","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"ai":382,"platform":390,"security":386},[441],{"id":442,"title":443,"body":6,"category":444,"config":445,"content":448,"description":449,"extension":19,"meta":474,"navigation":21,"path":475,"seo":476,"slug":478,"stem":479,"type":480,"__hash__":481,"date":450,"timeToRead":451,"heroImage":452,"keyTakeaways":453,"articleBody":457,"faq":458},"theSource/en-us/the-source/platform/code-is-currency-in-the-software-defined-finance-era.yml","Code is currency in the software-defined finance era","platform",{"layout":8,"template":446,"featured":21,"author":26,"sourceCTA":447,"isHighlighted":25,"authorName":5},"TheSourceArticle","software-innovation-report-2025",{"title":443,"description":449,"date":450,"timeToRead":451,"heroImage":452,"keyTakeaways":453,"articleBody":457,"faq":458},"Speed drives success in today's code-driven economy. Here’s why financial organizations must adopt DevSecOps practices to compete. ","2025-11-13","5 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464105/b0sltyrnkzt8yzgikqgl.jpg",[454,455,456],"Finance is now software at its core — every transaction, payment, and compliance check runs on code, making technology the actual business product, not just infrastructure.","Development velocity determines competitive advantage — organizations that deploy daily and learn instantly outpace those still planning quarterly and executing monthly.","Security and compliance must be built into deployment pipelines, not added later — when policies become code, they scale with growth and accelerate rather than block progress.","Here’s what changed while everyone was debating digital transformation: money became code.\n\nNot metaphorically. Literally. The payment you just received? Software executed it. The loan decision that took seconds? Algorithms, not underwriters. The compliance check that happened invisibly in the background? Code reviewing code.\n\nThe shift happened gradually, then suddenly. And most organizations are still operating like it’s 2015. They treat technology as infrastructure when, in fact, it is the product. They manage risk in quarterly reviews while threats evolve hourly. They ship updates monthly while markets move in milliseconds.\n\n## The new physics of financial services\n\nSoftware follows its own laws. It compounds. It scales non-linearly. It fails in cascades. More importantly, it evolves at the speed of deployment, not the speed of planning.\n\nWhen your business runs on software, these become business fundamentals. A deployment pipeline determines how fast you can respond to markets. A security vulnerability becomes an existential threat that compounds every hour it exists. A compliance framework either enables or blocks transactions.\n\nThe organizations thriving in this reality have absorbed one truth: in software-defined finance, your release cycle is your innovation cycle. You don’t plan quarterly and execute monthly. You ship daily and learn instantly.\n\n## When speed and safety collide\n\nHere’s the paradox that breaks most financial organizations: the faster you need to move, the more trust you must maintain. And trust in finance takes years to build but only seconds to destroy.\n\nTraditional thinking says slow down, add checkpoints, and review everything twice. But that’s industrial-age logic applied to information-age problems. You can’t inspect quality into software any more than you can inspect trust into a financial system.\n\nThe answer is to make security a property of speed itself. When every commit triggers scans, every deployment generates audit logs, and every configuration change is instantly reversible, security becomes an accelerator rather than a brake.\n\nUltimately, this is about architecture, not tools. When security policies are code, they evolve with your product. When compliance is automated, it scales with your growth. When systems assume breach and contain blast radius by design, you can move faster because you’ve reduced the cost of being wrong.\n\n## Why integration can't wait\n\nMost organizations still operate in silos because that’s how they’ve always operated. But software doesn’t respect organizational boundaries. A vulnerability in development becomes a breach in production. A compliance gap in one service can cascade across the enterprise. A single API slowdown can stall entire payment flows.\n\nThe reflexive response is to buy more tools and build more bridges between them. But that is just digitizing dysfunction. When your developers, security, ops, and compliance teams each live in different toolchains, you haven't solved the silo problem — you've automated it. Every handoff becomes an API. Every integration becomes technical debt. Every tool boundary is where context dies.\n\nThe organizations winning this game collapse these boundaries with unified workflows:\n\n* The same commit that adds a feature also updates its security profile\n* The same pipeline that deploys code also generates compliance evidence\n* The same dashboard that shows system health also shows security posture\n* The same team that owns a feature owns its reliability, security, and compliance\n\nWhen developers see the security implications of their code in real time, they write more secure code. When security policies are code that flows through the same pipeline as features, protection scales automatically. When compliance evidence generates from actual development activity rather than manual attestations, trust becomes provable.\n\nThe leaders aren't just integrating their tools better. They're rethinking the entire architecture of how software-defined financial services are built, secured, and shipped. They understand that in a world where finance runs on software, your platform architecture is your business architecture.\n\n## The great divergence\n\nIt's not the tech stack. It's not the talent. It's not even the funding.\n\nThe best fintechs don't have better developers. They've figured out the secret everyone's missing: in software-defined finance, your process and tools determine how fast you can move.\n\nFragment your workflow across fifteen platforms? You'll move like fifteen companies trying to coordinate. Unify everything into one flow? You'll move like software actually moves: continuously, securely, inevitably forward.\n\nThe leaders of these organizations aren't trying harder. They're playing a different game entirely. New regulation? That's tomorrow's update. Security patch? That ships with the next feature. Compliance audit? Here's the dashboard.\n\nWhen friction disappears, everything accelerates. When everything accelerates, you stop competing on the old metrics. You're not winning the game anymore — you're playing a different one.\n\n## What actually matters\n\nDigital transformation and disruption are yesterday’s conversations.\n\nToday’s question is simpler: How fast can you ship secure, compliant, trusted code?\n\nThe finance industry has become inseparable from technology, which is essentially technology that facilitates the movement of money. Your advantage isn’t your charter, your partnerships, or your marketing. It’s your ability to turn ideas into running code before markets shift. It’s your deployment frequency, your security automation, your compliance as code.\n\nThe infrastructure exists. The patterns are proven. The only question is whether you’ll adapt to the new physics of finance, or insist on the old rules while the world accelerates past you.",[459,462,465,468,471],{"header":460,"content":461},"How has finance become software-defined and why does this matter?","Finance has become software at its core where every transaction, payment, and compliance check runs on code rather than manual processes. Money became code literally, not metaphorically - software executes payments, algorithms make loan decisions in seconds, and code reviews code for compliance. This makes technology the actual business product, not just supporting infrastructure.",{"header":463,"content":464},"Why do organizations that deploy daily have competitive advantages over those deploying monthly?","In software-defined finance, release cycles determine innovation cycles. Organizations shipping daily and learning instantly can respond to markets in real-time, while those planning quarterly and executing monthly operate at industrial-age speeds in information-age markets. Deployment pipelines determine how fast organizations can respond to market changes.",{"header":466,"content":467},"How should financial organizations approach security in fast-moving development environments?","Security must become a property of speed itself rather than a brake on velocity. When every commit triggers scans, every deployment generates audit logs, and every configuration change is instantly reversible, security becomes an accelerator. When security policies are code evolving with products and compliance is automated scaling with growth, organizations can move faster.",{"header":469,"content":470},"What is the cost of fragmented toolchains in software-defined finance?","Fragmenting workflows across fifteen platforms makes organizations move like fifteen companies trying to coordinate. Every handoff becomes an API, every integration becomes technical debt, and every tool boundary is where context dies. This digitizes dysfunction rather than solving silo problems, as developers, security, ops, and compliance teams in different toolchains automate isolation.",{"header":472,"content":473},"What defines successful organizations in software-defined finance?","Successful organizations unify workflows where the same commit updates security profiles, the same pipeline deploys code and generates compliance evidence, and the same dashboard shows system health and security posture. Leaders turn ideas into running code before markets shift through deployment frequency, security automation, and compliance as code rather than competing on traditional metrics.",{},"/en-us/the-source/platform/code-is-currency-in-the-software-defined-finance-era",{"config":477,"title":443,"description":449},{"noIndex":25},"code-is-currency-in-the-software-defined-finance-era","en-us/the-source/platform/code-is-currency-in-the-software-defined-finance-era","article","05MIgcy8ddI6nmfpUcym5HWEtMUnaB1rvRIopwRyDN4",1772652113859]