[{"data":1,"prerenderedAt":717},["ShallowReactive",2],{"/en-us/blog/how-were-using-dast2-for-easier-scan-configuration/":3,"navigation-en-us":33,"banner-en-us":462,"footer-en-us":479,"Nikhil George":689,"next-steps-en-us":702},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":23,"_id":26,"_type":27,"title":28,"_source":29,"_file":30,"_stem":31,"_extension":32},"/en-us/blog/how-were-using-dast2-for-easier-scan-configuration","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"How we’re using DAST 2 for easier scan configuration and reduced noise","Our security team upgraded to GitLab’s DAST 2. Here’s how and why we did it.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682167/Blog/Hero%20Images/pexels-chernaya-575.jpg","https://about.gitlab.com/blog/how-were-using-dast2-for-easier-scan-configuration","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"How we’re using DAST 2 for easier scan configuration and reduced noise\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Nikhil George\"}],\n        \"datePublished\": \"2021-10-27\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Nikhil George","2021-10-27","At GitLab, [dogfooding](https://handbook.gitlab.com/handbook/values/#dogfooding) is part of our core\nvalue of [results](https://handbook.gitlab.com/handbook/values/#results). Inspired by this principle,\nwe use all GitLab [security scanning tools available as part of our\nproduct](https://docs.gitlab.com/ee/user/application_security/) within our\norganization to identify security vulnerabilities early in the development\nphase. One such scanning tool is the [Dynamic Application Security Testing\n(DAST)](https://docs.gitlab.com/ee/user/application_security/dast/index.html)\nscanner, which helps identify security vulnerabilities in web application\ndeployments. The DAST scanner is a black-box testing tool that interacts\nwith a web application like a user and tests for security vulnerabilities. \n\n\nWe’ve since updated GitLab’s DAST CI job configuration to make use of the\nlatest DAST analyzer features offered in [DAST\n2](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69054). This blog\npost details how we configured DAST version 1 to work for our needs, our\nmove to DAST 2 (along with details on our configs) and the benefits we’re\nseeing so far. _Hint: Big wins in efficiency!_ \n\n\n## How we made DAST 1 work for us\n\n\nMy teammate [Dennis Appelt](/company/team/#dappelt) blogged previously about\nhow [we configured DAST\nscans](/blog/how-to-configure-dast-full-scans-for-complex-web-applications/)\nin our\n[pipeline](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/ci/dast.gitlab-ci.yml)\nto scan the GitLab web application periodically using DAST 1. As detailed in\nthat blog, running a DAST scan on a complex web application like GitLab from\nthe CI pipeline requires a bit of planning to optimize the scan time and\nprevent CI job\n[timeouts](https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run).\nWith DAST 1, our approach was to split the DAST scan into multiple, parallel\nCI jobs and exclude irrelevant scan rules to achieve optimization and\nprevent job timeouts. \n\n\nWhen configuring a parallel DAST scan, each DAST job is set to execute a\nmutually exclusive list of scan rules. These scan rules are selected such\nthat they will finish execution within the set CI job timeout.\n\n\n_note: In the GitLab DAST pipeline line, the\n[`DAST_EXCLUDE_RULES`](https://docs.gitlab.com/ee/user/application_security/dast/#enable-or-disable-rules)\nCI/CD variable was used to disable specific scan rules as\n`DAST_ONLY_INCLUDE_RULES` was not available until [DAST\nv1.53.0](https://gitlab.com/gitlab-org/security-products/dast/-/blob/main/CHANGELOG.md#v1530)._ \n\n\n### Addressing challenges with job timeouts\n\n\nUsing an exclusion list, the go-to option for disabling scan rules until\nDAST v1.53.0, works fine until there’s a new version of DAST analyzer, which\ncomes with a new scan rule. By default, DAST auto-update is turned on and\nall newly-introduced scan rules get executed in all the DAST jobs. As a\nresult, the DAST jobs could face timeout issues if the addition of a new\nscan rule increases the scan duration beyond the configured CI job timeout\nduration. In addition, the default execution of the newly-added scan rules\nin all the DAST jobs, results in duplicate scans -- a waste of CI cycles.  \n\n\n### Test, verify and check auto-update status\n\n\nTo prevent default execution of the newly-added scan rules while using a\nDAST version earlier than 1.53, enable new scan rules in a single DAST job.\nThis single DAST job should be tested to verify that it runs within the set\nCI job timeout; this is a repetitive and manual effort. A short-term\nworkaround employed by our team in this case was to disable DAST auto-update\nby pinning the DAST analyzer to a specific release version by mentioning the\nversion number in `DAST_VERSION` CI/CD variable.\n\n\n## DAST 2 improvements\n\n\nDAST 2 was released with [GitLab\n14.0](/releases/2021/06/22/gitlab-14-0-released/) in June 2021 and\nintroduced a bunch of [interesting features and config\noptions](https://gitlab.com/gitlab-org/security-products/dast/-/blob/main/CHANGELOG.md#v200)\nthat made DAST configuration and vulnerability management much easier. \n\n\nAs we had disabled DAST auto-update in the GitLab pipeline, we were missing\nout on all the new features and bug fixes that came with different minor and\nmajor version updates. You can see the [configuration changes we performed\nto upgrade the DAST pipeline from version 1.22.1 to\n2](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69054).\n\n\n### Streamlining vulnerability triage\n\n\nOne new feature of DAST 2 that we’re finding especially valuable on GitLab\nis the [aggregation of\nvulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/issues/254043).\nDuring a DAST scan of a web application, there are many vulnerabilities that\nare common to multiple web requests. For instance, the [X-Frame-Options\nHeader Not Set](https://www.zaproxy.org/docs/alerts/10020/) plugin checks if\n`X-Frame-Options` HTTP headers are present in each response and reports a\nvulnerability for every applicable request. This resulted in creation of\nmultiple, duplicate, true-positive vulnerabilities in the vulnerability\ndashboard. The new vulnerability aggregation feature groups vulnerabilities\ncreated from plugins like this into a single vulnerability, irrespective of\nthe number of times it is detected in the scan. This makes vulnerability\ntriage much faster as only one vulnerability is now reported for plugins\nlike this. \n\n\nOther benefits include:\n\n- [upgraded\nversions](https://gitlab.com/gitlab-org/security-products/dast/-/merge_requests/520)\nof a browser-based crawler;\n\n- bug fixes; and\n\n- availability of [better configuration\noption](https://gitlab.com/gitlab-org/security-products/dast/-/blob/main/CHANGELOG.md#v203)\nfor the browser-based scans.\n\n\nTake a peek at the [change\nlog](https://gitlab.com/gitlab-org/security-products/dast/-/blob/main/CHANGELOG.md)\nto see everything that’s new!\n\n\n## How we updated GitLab’s DAST CI job \n\n\nOur move to DAST version 2 and updating GitLab's DAST CI job included three\nsteps:\n\n1. Move to `DAST_ONLY_INCLUDE_RULES`.\n\n1. Update DAST analyzer to version 2 and enable auto-update.\n\n1. Remove deprecated DAST configurations.\n\n\n### Move to `DAST_ONLY_INCLUDE_RULES` \n\n\nThe introduction of the `DAST_ONLY_INCLUDE_RULES` CI/CD variable provided a\nquick way to select ZAP scan rules for execution. Instead of listing out all\nthe rules that need to be excluded from the scan using `DAST_EXCLUDE_RULES`,\nselected rules for execution could be specified as the value of\n`DAST_ONLY_INCLUDE_RULES`. This made the job configuration easier because,\nin our case, the exclusion list was long and dynamic (and kept changing from\nDAST version to version) but the include list is static and small, making\nthe manual effort involved in scanning more efficient.\n\n\nFor example, to run two selected scan rules, namely `10020` and `10021` in a\nDAST CI job, one would have to disable all the other rules using\n`DAST_EXCLUDE_RULES`, as illustrated below:\n\n```yaml\n\nDAST-fullscan:\n  extends:\n    - .dast_conf\n  variables:\n    DAST_USERNAME: \"user1\"\n    DAST_EXCLUDE_RULES: “10019,10037,10054….(all rules except 10020,10021)\n  script:\n     - /analyze -t $DAST_WEBSITE -d\n```\n\nHowever, using `DAST_ONLY_INCLUDE_RULES`, the long list of exclude rules\ncould be replaced by a short include list:\n\n```yaml\n\nDAST-fullscan:\n  extends:\n    - .dast_conf\n  variables:\n    DAST_USERNAME: \"user1\"\n    DAST_ONLY_INCLUDE_RULES: “10020,10021”\n  script:\n     - /analyze -t $DAST_WEBSITE -d\n```\n\nAlso, using `DAST_ONLY_INCLUDE_RULES` ensures there won’t be an unexpected\ntimeout on any DAST job due to the execution of new scan rules that come\nwith the new DAST analyzer versions. \n\n\n### Update DAST analyzer to version 2 and enable auto-update\n\n\nAs I mentioned above, the version of the DAST analyzer in\n[gitlab-org/gitlab’s](https://gitlab.com/gitlab-org/gitlab) CI/CD pipeline\nwas pinned to `1.22.1` as a workaround for preventing job timeouts. Now,\nwith the introduction of the `DAST_ONLY_INCLUDE_RULES` CI/CD variable, DAST\nauto-update could be turned on and version upgrade from 1 to 2 could be\ncarried out in the pipeline without any worry of job failures from timeout. \nBoth of these were achieved by updating the value of `DAST_VERSION` CI/CD\nvariable to `2`. You can read more about [configuring the DAST\nversion](https://docs.gitlab.com/ee/user/application_security/dast/#include-the-dast-template)\nin our docs. \n\n\n### Remove deprecated DAST configurations\n\n\nIn DAST 2.0, [multiple DAST config CI variables were\nremoved](https://gitlab.com/gitlab-org/security-products/dast/-/merge_requests/460),\nso any use of them in our pipeline also needed to be removed. One such\nvariable was `DAST_AUTH_EXCLUDE_URLS`, which was previously used to specify\nthe URLs to skip during the authenticated scan. This was replaced with\n`DAST_EXCLUDE_URLS`.\n\n\n## Dogfooding for the win\n\n\nIn addition to being able to reduce CI job complexity in GitLab’s DAST\npipeline with the upgrade to version 2, our GitLab Security team was able to\nidentify areas for improvement, including the addition of [a\nmisconfiguration detection\nfeature](https://gitlab.com/gitlab-org/gitlab/-/issues/340814) and a\n[reusable configuration section in DAST\ntemplate](https://gitlab.com/gitlab-org/gitlab/-/issues/340420), as well as\nthe identification of a [bug causing long URLs in the evidence section not\nto wrap](https://gitlab.com/gitlab-org/gitlab/-/issues/341050).\n\n\n## Our next steps for DAST\n\nOur next goal is to start dogfooding the DAST API scan and beta features\nlike [browser-based\nscans](https://docs.gitlab.com/ee/user/application_security/dast/browser_based.html)\nto identify pain points from a user perspective and remediate them. \n\n\nTo stay on top of new DAST releases and cool features that come with them,\nhead over to the [DAST release\npage](https://gitlab.com/gitlab-org/security-products/dast/-/releases).\n\n\nAlso, are you looking to try out DAST 2, but feeling baffled by the\nconfigurations mentioned here? Well, don't be! GitLab also provides quick\nand easy ways to [enable automatic DAST\nscan](https://docs.gitlab.com/ee/user/application_security/dast/#enable-automatic-dast-run)\nwith minimal manual configuration.\n\n\nWe’d love to hear your experience configuring DAST scans and feedback on\nways to improve the user experience. Drop us a comment below! \n\n\nCover image by [Ksenia Chernaya](https://www.pexels.com/@kseniachernaya) on\n[Pexels](https://www.pexels.com/photo/modern-professional-equipment-for-checking-eyesight-5752269/).\n","security",[21],{"slug":24,"featured":6,"template":25},"how-were-using-dast2-for-easier-scan-configuration","BlogPost","content:en-us:blog:how-were-using-dast2-for-easier-scan-configuration.yml","yaml","How Were Using Dast2 For Easier Scan Configuration","content","en-us/blog/how-were-using-dast2-for-easier-scan-configuration.yml","en-us/blog/how-were-using-dast2-for-easier-scan-configuration","yml",{"_path":34,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":36,"_id":458,"_type":27,"title":459,"_source":29,"_file":460,"_stem":461,"_extension":32},"/shared/en-us/main-navigation","en-us",{"logo":37,"freeTrial":42,"sales":47,"login":52,"items":57,"search":389,"minimal":420,"duo":439,"pricingDeployment":448},{"config":38},{"href":39,"dataGaName":40,"dataGaLocation":41},"/","gitlab logo","header",{"text":43,"config":44},"Get free trial",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":48,"config":49},"Talk to sales",{"href":50,"dataGaName":51,"dataGaLocation":41},"/sales/","sales",{"text":53,"config":54},"Sign in",{"href":55,"dataGaName":56,"dataGaLocation":41},"https://gitlab.com/users/sign_in/","sign in",[58,102,200,205,310,370],{"text":59,"config":60,"cards":62,"footer":85},"Platform",{"dataNavLevelOne":61},"platform",[63,69,77],{"title":59,"description":64,"link":65},"The most comprehensive AI-powered DevSecOps Platform",{"text":66,"config":67},"Explore our Platform",{"href":68,"dataGaName":61,"dataGaLocation":41},"/platform/",{"title":70,"description":71,"link":72},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":73,"config":74},"Meet GitLab Duo",{"href":75,"dataGaName":76,"dataGaLocation":41},"/gitlab-duo/","gitlab duo ai",{"title":78,"description":79,"link":80},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":81,"config":82},"Learn more",{"href":83,"dataGaName":84,"dataGaLocation":41},"/why-gitlab/","why gitlab",{"title":86,"items":87},"Get started with",[88,93,98],{"text":89,"config":90},"Platform Engineering",{"href":91,"dataGaName":92,"dataGaLocation":41},"/solutions/platform-engineering/","platform engineering",{"text":94,"config":95},"Developer Experience",{"href":96,"dataGaName":97,"dataGaLocation":41},"/developer-experience/","Developer experience",{"text":99,"config":100},"MLOps",{"href":101,"dataGaName":99,"dataGaLocation":41},"/topics/devops/the-role-of-ai-in-devops/",{"text":103,"left":104,"config":105,"link":107,"lists":111,"footer":182},"Product",true,{"dataNavLevelOne":106},"solutions",{"text":108,"config":109},"View all Solutions",{"href":110,"dataGaName":106,"dataGaLocation":41},"/solutions/",[112,137,161],{"title":113,"description":114,"link":115,"items":120},"Automation","CI/CD and automation to accelerate deployment",{"config":116},{"icon":117,"href":118,"dataGaName":119,"dataGaLocation":41},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[121,125,129,133],{"text":122,"config":123},"CI/CD",{"href":124,"dataGaLocation":41,"dataGaName":122},"/solutions/continuous-integration/",{"text":126,"config":127},"AI-Assisted Development",{"href":75,"dataGaLocation":41,"dataGaName":128},"AI assisted development",{"text":130,"config":131},"Source Code Management",{"href":132,"dataGaLocation":41,"dataGaName":130},"/solutions/source-code-management/",{"text":134,"config":135},"Automated Software Delivery",{"href":118,"dataGaLocation":41,"dataGaName":136},"Automated software delivery",{"title":138,"description":139,"link":140,"items":145},"Security","Deliver code faster without compromising security",{"config":141},{"href":142,"dataGaName":143,"dataGaLocation":41,"icon":144},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[146,151,156],{"text":147,"config":148},"Application Security Testing",{"href":149,"dataGaName":150,"dataGaLocation":41},"/solutions/application-security-testing/","Application security testing",{"text":152,"config":153},"Software Supply Chain Security",{"href":154,"dataGaLocation":41,"dataGaName":155},"/solutions/supply-chain/","Software supply chain security",{"text":157,"config":158},"Software Compliance",{"href":159,"dataGaName":160,"dataGaLocation":41},"/solutions/software-compliance/","software compliance",{"title":162,"link":163,"items":168},"Measurement",{"config":164},{"icon":165,"href":166,"dataGaName":167,"dataGaLocation":41},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[169,173,177],{"text":170,"config":171},"Visibility & Measurement",{"href":166,"dataGaLocation":41,"dataGaName":172},"Visibility and Measurement",{"text":174,"config":175},"Value Stream Management",{"href":176,"dataGaLocation":41,"dataGaName":174},"/solutions/value-stream-management/",{"text":178,"config":179},"Analytics & Insights",{"href":180,"dataGaLocation":41,"dataGaName":181},"/solutions/analytics-and-insights/","Analytics and insights",{"title":183,"items":184},"GitLab for",[185,190,195],{"text":186,"config":187},"Enterprise",{"href":188,"dataGaLocation":41,"dataGaName":189},"/enterprise/","enterprise",{"text":191,"config":192},"Small Business",{"href":193,"dataGaLocation":41,"dataGaName":194},"/small-business/","small business",{"text":196,"config":197},"Public Sector",{"href":198,"dataGaLocation":41,"dataGaName":199},"/solutions/public-sector/","public sector",{"text":201,"config":202},"Pricing",{"href":203,"dataGaName":204,"dataGaLocation":41,"dataNavLevelOne":204},"/pricing/","pricing",{"text":206,"config":207,"link":209,"lists":213,"feature":297},"Resources",{"dataNavLevelOne":208},"resources",{"text":210,"config":211},"View all resources",{"href":212,"dataGaName":208,"dataGaLocation":41},"/resources/",[214,247,269],{"title":215,"items":216},"Getting started",[217,222,227,232,237,242],{"text":218,"config":219},"Install",{"href":220,"dataGaName":221,"dataGaLocation":41},"/install/","install",{"text":223,"config":224},"Quick start guides",{"href":225,"dataGaName":226,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":228,"config":229},"Learn",{"href":230,"dataGaLocation":41,"dataGaName":231},"https://university.gitlab.com/","learn",{"text":233,"config":234},"Product documentation",{"href":235,"dataGaName":236,"dataGaLocation":41},"https://docs.gitlab.com/","product documentation",{"text":238,"config":239},"Best practice videos",{"href":240,"dataGaName":241,"dataGaLocation":41},"/getting-started-videos/","best practice videos",{"text":243,"config":244},"Integrations",{"href":245,"dataGaName":246,"dataGaLocation":41},"/integrations/","integrations",{"title":248,"items":249},"Discover",[250,255,259,264],{"text":251,"config":252},"Customer success stories",{"href":253,"dataGaName":254,"dataGaLocation":41},"/customers/","customer success stories",{"text":256,"config":257},"Blog",{"href":258,"dataGaName":5,"dataGaLocation":41},"/blog/",{"text":260,"config":261},"Remote",{"href":262,"dataGaName":263,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":265,"config":266},"TeamOps",{"href":267,"dataGaName":268,"dataGaLocation":41},"/teamops/","teamops",{"title":270,"items":271},"Connect",[272,277,282,287,292],{"text":273,"config":274},"GitLab Services",{"href":275,"dataGaName":276,"dataGaLocation":41},"/services/","services",{"text":278,"config":279},"Community",{"href":280,"dataGaName":281,"dataGaLocation":41},"/community/","community",{"text":283,"config":284},"Forum",{"href":285,"dataGaName":286,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":288,"config":289},"Events",{"href":290,"dataGaName":291,"dataGaLocation":41},"/events/","events",{"text":293,"config":294},"Partners",{"href":295,"dataGaName":296,"dataGaLocation":41},"/partners/","partners",{"backgroundColor":298,"textColor":299,"text":300,"image":301,"link":305},"#2f2a6b","#fff","Insights for the future of software development",{"altText":302,"config":303},"the source promo card",{"src":304},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":306,"config":307},"Read the latest",{"href":308,"dataGaName":309,"dataGaLocation":41},"/the-source/","the source",{"text":311,"config":312,"lists":314},"Company",{"dataNavLevelOne":313},"company",[315],{"items":316},[317,322,328,330,335,340,345,350,355,360,365],{"text":318,"config":319},"About",{"href":320,"dataGaName":321,"dataGaLocation":41},"/company/","about",{"text":323,"config":324,"footerGa":327},"Jobs",{"href":325,"dataGaName":326,"dataGaLocation":41},"/jobs/","jobs",{"dataGaName":326},{"text":288,"config":329},{"href":290,"dataGaName":291,"dataGaLocation":41},{"text":331,"config":332},"Leadership",{"href":333,"dataGaName":334,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":336,"config":337},"Team",{"href":338,"dataGaName":339,"dataGaLocation":41},"/company/team/","team",{"text":341,"config":342},"Handbook",{"href":343,"dataGaName":344,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":346,"config":347},"Investor relations",{"href":348,"dataGaName":349,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":351,"config":352},"Trust Center",{"href":353,"dataGaName":354,"dataGaLocation":41},"/security/","trust center",{"text":356,"config":357},"AI Transparency Center",{"href":358,"dataGaName":359,"dataGaLocation":41},"/ai-transparency-center/","ai transparency center",{"text":361,"config":362},"Newsletter",{"href":363,"dataGaName":364,"dataGaLocation":41},"/company/contact/","newsletter",{"text":366,"config":367},"Press",{"href":368,"dataGaName":369,"dataGaLocation":41},"/press/","press",{"text":371,"config":372,"lists":373},"Contact us",{"dataNavLevelOne":313},[374],{"items":375},[376,379,384],{"text":48,"config":377},{"href":50,"dataGaName":378,"dataGaLocation":41},"talk to sales",{"text":380,"config":381},"Get help",{"href":382,"dataGaName":383,"dataGaLocation":41},"/support/","get help",{"text":385,"config":386},"Customer portal",{"href":387,"dataGaName":388,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":390,"login":391,"suggestions":398},"Close",{"text":392,"link":393},"To search repositories and projects, login to",{"text":394,"config":395},"gitlab.com",{"href":55,"dataGaName":396,"dataGaLocation":397},"search login","search",{"text":399,"default":400},"Suggestions",[401,403,407,409,413,417],{"text":70,"config":402},{"href":75,"dataGaName":70,"dataGaLocation":397},{"text":404,"config":405},"Code Suggestions (AI)",{"href":406,"dataGaName":404,"dataGaLocation":397},"/solutions/code-suggestions/",{"text":122,"config":408},{"href":124,"dataGaName":122,"dataGaLocation":397},{"text":410,"config":411},"GitLab on AWS",{"href":412,"dataGaName":410,"dataGaLocation":397},"/partners/technology-partners/aws/",{"text":414,"config":415},"GitLab on Google Cloud",{"href":416,"dataGaName":414,"dataGaLocation":397},"/partners/technology-partners/google-cloud-platform/",{"text":418,"config":419},"Why GitLab?",{"href":83,"dataGaName":418,"dataGaLocation":397},{"freeTrial":421,"mobileIcon":426,"desktopIcon":431,"secondaryButton":434},{"text":422,"config":423},"Start free trial",{"href":424,"dataGaName":46,"dataGaLocation":425},"https://gitlab.com/-/trials/new/","nav",{"altText":427,"config":428},"Gitlab Icon",{"src":429,"dataGaName":430,"dataGaLocation":425},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":427,"config":432},{"src":433,"dataGaName":430,"dataGaLocation":425},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":435,"config":436},"Get Started",{"href":437,"dataGaName":438,"dataGaLocation":425},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":440,"mobileIcon":444,"desktopIcon":446},{"text":441,"config":442},"Learn more about GitLab Duo",{"href":75,"dataGaName":443,"dataGaLocation":425},"gitlab duo",{"altText":427,"config":445},{"src":429,"dataGaName":430,"dataGaLocation":425},{"altText":427,"config":447},{"src":433,"dataGaName":430,"dataGaLocation":425},{"freeTrial":449,"mobileIcon":454,"desktopIcon":456},{"text":450,"config":451},"Back to pricing",{"href":203,"dataGaName":452,"dataGaLocation":425,"icon":453},"back to pricing","GoBack",{"altText":427,"config":455},{"src":429,"dataGaName":430,"dataGaLocation":425},{"altText":427,"config":457},{"src":433,"dataGaName":430,"dataGaLocation":425},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":463,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"title":464,"button":465,"image":470,"config":474,"_id":476,"_type":27,"_source":29,"_file":477,"_stem":478,"_extension":32},"/shared/en-us/banner","is now in public beta!",{"text":466,"config":467},"Try the Beta",{"href":468,"dataGaName":469,"dataGaLocation":41},"/gitlab-duo/agent-platform/","duo banner",{"altText":471,"config":472},"GitLab Duo Agent Platform",{"src":473},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":475},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":480,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":481,"_id":685,"_type":27,"title":686,"_source":29,"_file":687,"_stem":688,"_extension":32},"/shared/en-us/main-footer",{"text":482,"source":483,"edit":489,"contribute":494,"config":499,"items":504,"minimal":677},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":484,"config":485},"View page source",{"href":486,"dataGaName":487,"dataGaLocation":488},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":490,"config":491},"Edit this page",{"href":492,"dataGaName":493,"dataGaLocation":488},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":495,"config":496},"Please contribute",{"href":497,"dataGaName":498,"dataGaLocation":488},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":500,"facebook":501,"youtube":502,"linkedin":503},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[505,528,584,613,647],{"title":59,"links":506,"subMenu":511},[507],{"text":508,"config":509},"DevSecOps platform",{"href":68,"dataGaName":510,"dataGaLocation":488},"devsecops platform",[512],{"title":201,"links":513},[514,518,523],{"text":515,"config":516},"View plans",{"href":203,"dataGaName":517,"dataGaLocation":488},"view plans",{"text":519,"config":520},"Why Premium?",{"href":521,"dataGaName":522,"dataGaLocation":488},"/pricing/premium/","why premium",{"text":524,"config":525},"Why Ultimate?",{"href":526,"dataGaName":527,"dataGaLocation":488},"/pricing/ultimate/","why ultimate",{"title":529,"links":530},"Solutions",[531,536,538,540,545,550,554,557,561,566,568,571,574,579],{"text":532,"config":533},"Digital transformation",{"href":534,"dataGaName":535,"dataGaLocation":488},"/topics/digital-transformation/","digital transformation",{"text":147,"config":537},{"href":149,"dataGaName":147,"dataGaLocation":488},{"text":136,"config":539},{"href":118,"dataGaName":119,"dataGaLocation":488},{"text":541,"config":542},"Agile development",{"href":543,"dataGaName":544,"dataGaLocation":488},"/solutions/agile-delivery/","agile delivery",{"text":546,"config":547},"Cloud transformation",{"href":548,"dataGaName":549,"dataGaLocation":488},"/topics/cloud-native/","cloud transformation",{"text":551,"config":552},"SCM",{"href":132,"dataGaName":553,"dataGaLocation":488},"source code management",{"text":122,"config":555},{"href":124,"dataGaName":556,"dataGaLocation":488},"continuous integration & delivery",{"text":558,"config":559},"Value stream management",{"href":176,"dataGaName":560,"dataGaLocation":488},"value stream management",{"text":562,"config":563},"GitOps",{"href":564,"dataGaName":565,"dataGaLocation":488},"/solutions/gitops/","gitops",{"text":186,"config":567},{"href":188,"dataGaName":189,"dataGaLocation":488},{"text":569,"config":570},"Small business",{"href":193,"dataGaName":194,"dataGaLocation":488},{"text":572,"config":573},"Public sector",{"href":198,"dataGaName":199,"dataGaLocation":488},{"text":575,"config":576},"Education",{"href":577,"dataGaName":578,"dataGaLocation":488},"/solutions/education/","education",{"text":580,"config":581},"Financial services",{"href":582,"dataGaName":583,"dataGaLocation":488},"/solutions/finance/","financial services",{"title":206,"links":585},[586,588,590,592,595,597,599,601,603,605,607,609,611],{"text":218,"config":587},{"href":220,"dataGaName":221,"dataGaLocation":488},{"text":223,"config":589},{"href":225,"dataGaName":226,"dataGaLocation":488},{"text":228,"config":591},{"href":230,"dataGaName":231,"dataGaLocation":488},{"text":233,"config":593},{"href":235,"dataGaName":594,"dataGaLocation":488},"docs",{"text":256,"config":596},{"href":258,"dataGaName":5,"dataGaLocation":488},{"text":251,"config":598},{"href":253,"dataGaName":254,"dataGaLocation":488},{"text":260,"config":600},{"href":262,"dataGaName":263,"dataGaLocation":488},{"text":273,"config":602},{"href":275,"dataGaName":276,"dataGaLocation":488},{"text":265,"config":604},{"href":267,"dataGaName":268,"dataGaLocation":488},{"text":278,"config":606},{"href":280,"dataGaName":281,"dataGaLocation":488},{"text":283,"config":608},{"href":285,"dataGaName":286,"dataGaLocation":488},{"text":288,"config":610},{"href":290,"dataGaName":291,"dataGaLocation":488},{"text":293,"config":612},{"href":295,"dataGaName":296,"dataGaLocation":488},{"title":311,"links":614},[615,617,619,621,623,625,627,631,636,638,640,642],{"text":318,"config":616},{"href":320,"dataGaName":313,"dataGaLocation":488},{"text":323,"config":618},{"href":325,"dataGaName":326,"dataGaLocation":488},{"text":331,"config":620},{"href":333,"dataGaName":334,"dataGaLocation":488},{"text":336,"config":622},{"href":338,"dataGaName":339,"dataGaLocation":488},{"text":341,"config":624},{"href":343,"dataGaName":344,"dataGaLocation":488},{"text":346,"config":626},{"href":348,"dataGaName":349,"dataGaLocation":488},{"text":628,"config":629},"Sustainability",{"href":630,"dataGaName":628,"dataGaLocation":488},"/sustainability/",{"text":632,"config":633},"Diversity, inclusion and belonging (DIB)",{"href":634,"dataGaName":635,"dataGaLocation":488},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":351,"config":637},{"href":353,"dataGaName":354,"dataGaLocation":488},{"text":361,"config":639},{"href":363,"dataGaName":364,"dataGaLocation":488},{"text":366,"config":641},{"href":368,"dataGaName":369,"dataGaLocation":488},{"text":643,"config":644},"Modern Slavery Transparency Statement",{"href":645,"dataGaName":646,"dataGaLocation":488},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":648,"links":649},"Contact Us",[650,653,655,657,662,667,672],{"text":651,"config":652},"Contact an expert",{"href":50,"dataGaName":51,"dataGaLocation":488},{"text":380,"config":654},{"href":382,"dataGaName":383,"dataGaLocation":488},{"text":385,"config":656},{"href":387,"dataGaName":388,"dataGaLocation":488},{"text":658,"config":659},"Status",{"href":660,"dataGaName":661,"dataGaLocation":488},"https://status.gitlab.com/","status",{"text":663,"config":664},"Terms of use",{"href":665,"dataGaName":666,"dataGaLocation":488},"/terms/","terms of use",{"text":668,"config":669},"Privacy statement",{"href":670,"dataGaName":671,"dataGaLocation":488},"/privacy/","privacy statement",{"text":673,"config":674},"Cookie preferences",{"dataGaName":675,"dataGaLocation":488,"id":676,"isOneTrustButton":104},"cookie preferences","ot-sdk-btn",{"items":678},[679,681,683],{"text":663,"config":680},{"href":665,"dataGaName":666,"dataGaLocation":488},{"text":668,"config":682},{"href":670,"dataGaName":671,"dataGaLocation":488},{"text":673,"config":684},{"dataGaName":675,"dataGaLocation":488,"id":676,"isOneTrustButton":104},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[690],{"_path":691,"_dir":692,"_draft":6,"_partial":6,"_locale":7,"content":693,"config":697,"_id":699,"_type":27,"title":18,"_source":29,"_file":700,"_stem":701,"_extension":32},"/en-us/blog/authors/nikhil-george","authors",{"name":18,"config":694},{"headshot":695,"ctfId":696},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749666175/Blog/Author%20Headshots/ngeorge1-headshot.jpg","ngeorge1",{"template":698},"BlogAuthor","content:en-us:blog:authors:nikhil-george.yml","en-us/blog/authors/nikhil-george.yml","en-us/blog/authors/nikhil-george",{"_path":703,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"header":704,"eyebrow":705,"blurb":706,"button":707,"secondaryButton":711,"_id":713,"_type":27,"title":714,"_source":29,"_file":715,"_stem":716,"_extension":32},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":43,"config":708},{"href":709,"dataGaName":46,"dataGaLocation":710},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":48,"config":712},{"href":50,"dataGaName":51,"dataGaLocation":710},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1758326239314]