[{"data":1,"prerenderedAt":720},["ShallowReactive",2],{"/en-us/blog/rise-of-protestware/":3,"navigation-en-us":37,"banner-en-us":466,"footer-en-us":483,"Abubakar Siddiq Ango":692,"next-steps-en-us":705},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":27,"_id":30,"_type":31,"title":32,"_source":33,"_file":34,"_stem":35,"_extension":36},"/en-us/blog/rise-of-protestware","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Protestware threats: How to protect your software supply chain","Some people protest for change by changing code others depend on throughout the software supply chain. Learn more about protestware, its impact, and how to protect against it.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749669673/Blog/Hero%20Images/engineering.png","https://about.gitlab.com/blog/rise-of-protestware","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Protestware threats: How to protect your software supply chain\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Abubakar Siddiq Ango\"}],\n        \"datePublished\": \"2023-05-09\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Abubakar Siddiq Ango","2023-05-09","In 2016, the continuous integration (CI) pipelines of millions of projects\nfailed because a developer decided to pull their projects from npm package\nregistry in [protest of a request to take down or rename one of their\npackages](https://www.theregister.com/2016/03/23/npm_left_pad_chaos/). In\nJanuary 2022, the maintainer of the widely used 'colors' and 'faker'\npackages on the npm registry modified [these\nprojects](https://blog.sonatype.com/npm-libraries-colors-and-faker-sabotaged-in-protest-by-their-maintainer-what-to-do-now?hsLang=en-us),\nadding malicious code that infinitely printed gibberish in protest of\ncorporations who use open source projects without giving back. These are two\nexamples of \"protestware,\" a term that refers to software packages or\napplications that have been intentionally modified to send a political\nmessage. The impacts may range from seeing unexpected messages in a terminal\nor logs when building an application to serious adverse impacts like data\ndeletion. \n\n\nWhile protestware remained rare for a long time, recent high-profile\nincidents have brought it back into the spotlight. Similar code injection\nvariants like\n[typosquatting](https://www.kaspersky.com/resource-center/definitions/what-is-typosquatting)\npackages (as in the case of the [colors\nnpm](https://www.mend.io/resources/blog/new-typosquating-attack-on-npm-package-colors-using-cross-language-technique-explained/)\npackage, where bad actors created compromised clones of packages with\nsimilar names) and compromised packages (as in the case of the [ctx PyPI\npackages](https://www.theregister.com/2022/05/24/pypi_ctx_package_compromised/))\nare usually perpetrated by bad actors looking to cause harm. Protestware is\nunusual in that the custodians of projects trusted by the community have\nallowed or made these changes. Regardless of whether the changes' impacts\nare harmful, such changes raise ethical concerns and can create unwanted\ndistractions. These risks also reinforce the need for open source consumers\nto adopt a [zero trust security\nmodel](/blog/why-devops-and-zero-trust-go-together/) for their\nsoftware supply chain. Trust, but verify!\n\n\nThe world is going through unprecedented movements demanding change, and\nchange seekers will find new and often disruptive ways to be heard, as we\nhave seen in the case of everything from climate activism to TikTok\nchallenges. Software supply chains are not exempt and, as we have learned\nfrom past incidents, being proactive is key to staying secure.\n\n\nHere are some steps you can take to protect your software supply chain by\nensuring your dependencies are secure.\n\n\n## Implement dependency scanning\n\n\n[Dependency\nscanning](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/)\nis now an industry standard, and there is no shortage of tools or libraries\nto scan your packages, containers, or any other binary formats for\nvulnerabilities. Using GitLab CI’s\n[`rules:exists`](https://docs.gitlab.com/ee/ci/yaml/#rulesexists) rule,\nGitLab checks for the presence of certain files to determine the appropriate\nscans to check for vulnerabilities. Coupled with [Vulnerability\nReports](https://docs.gitlab.com/ee/user/application_security/vulnerability_report/),\n[Policy\nManagement](https://docs.gitlab.com/ee/user/application_security/policies/index.html#policy-management),\nand the [Security\nDashboard](https://docs.gitlab.com/ee/user/application_security/security_dashboard/index.html),\nyour security team and organization can stay ahead of vulnerabilities. To\ninclude dependency scanning in your CI pipeline, add the following lines to\nyour `.gitlab-ci.yml` file. You can explore the [Dependency Scanning CI\ntemplate](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml)\nto understand how it works. \n\n\n```\n\n\ninclude:\n\n  template: Jobs/Dependency-Scanning.gitlab-ci.yml\n\n```\n\n\nRunning the CI script against an example [Ruby on Rails\nproject](https://gitlab.com/gitlab-de/playground/ruby-rails-demo) with Ruby\n3.0.4, the [Vulnerability\nReport](https://gitlab.com/gitlab-de/playground/ruby-rails-demo/-/security/vulnerability_report/?scanner=GitLab.DEPENDENCY_SCANNING)\nshows more than 70 vulnerabilities detected for the dependencies in the\nproject’s\n[Gemfile](https://gitlab.com/gitlab-de/playground/ruby-rails-demo/-/blob/master/Gemfile).\n\n\n\n![Vulnerability Report\nImage](https://about.gitlab.com/images/blogimages/2023-04-rise-of-protestware/vulnerability-report.png\n\"Vulnerability Report Image\")\n\n\n\n## Generate provenance validations\n\n\nUsers of packages can verify they are not downloading a compromised version\nusing [artifact\nattestation](https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-attestation),\nwhich was [introduced in GitLab Runner\n15.1](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28940/).\nAttestation metadata is generated in the [in-toto\nformat](https://github.com/in-toto/attestation); it provides\n[provenance](https://slsa.dev/provenance/v0.2) attesting to how a binary was\nbuilt, and you can verify the artifacts against the provenance. This allows\nyou to achieve [Level\n2](/blog/achieve-slsa-level-2-compliance-with-gitlab/) of the\nSupply-chain Levels for Software Artifacts ([SLSA](https://slsa.dev/))\nsecurity framework. \n\n\nThe demo video below shows how to configure your CI script to generate\nartifact attestation metadata.\n\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/MlIdqrDgI8U\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n\n\n## Utilize private registries\n\n\n[Self-hosting registries](https://docs.gitlab.com/ee/user/packages/) for\npackages, container images, or your Terraform modules are a more secure way\nof ensuring secure and vetted packages are used by your team. Security and\ncompliance teams are enabled to ensure total control of the dependencies\nused in the entire organization and how they are accessed with [package\nregistry\npermissions](https://docs.gitlab.com/ee/user/packages/package_registry/index.html#package-registry-visibility-permissions).\nGitLab supports container, infrastructure, and package registries. Package\nregistries supported include Composer (PHP), Conan (C/C++), Generic, Maven\n(Java), npm (NodeJS), NuGet (Windows packaging), PyPI (Python), and RubyGems\n(Ruby).\n\n\n## Enable Dependency Proxy\n\nThe [Dependency\nProxy](https://docs.gitlab.com/ee/user/packages/dependency_proxy/index.html)\nreduces the number of requests made to upstream dependency registries by\nacting as a local proxy. This reduces the impact of changes or\nvulnerabilities in the upstream packages, as a clean version will still be\nstored in the Dependency Proxy’s cache. This offers faster build times,\nsince the cache is most likely closer to the build system that needs the\nimage, and it ensures continuity when an upstream registry is having\ndowntime or enforcing rate limits — as in the case of [Docker\nHub](https://docs.docker.com/docker-hub/download-rate-limit/), which has a\nlimit of 100 container image pulls per 6 hours per IP address container\nimage for anynomous users as of the time of writing this article.\n\n\nYou can enable Dependency Proxy in the Packages and Registries section of a\ngroup’s settings. Only an administrator can enable/disable the Dependency\nProxy for a GitLab instance. \n\n\n![Dependency Proxy setting\nimage](https://about.gitlab.com/images/blogimages/2023-04-rise-of-protestware/dependency-proxy.png\n\"Dependency Proxy Setting Image\")\n\n\n\nTo use the Dependency Proxy in your CI script, you can use the\n`CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX` predefined variable as shown below:\n\n\n```\n\n\n# .gitlab-ci.yml\n\n\nimage: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/ubuntu:latest\n\n\n```\n\n\nThe GitLab Runner automatically authenticates with the Dependency Proxy, but\nif your use case requires manual authentication, like building container\nimages, you can use other predefined CI/CD variables as detailed in the\n[documentation](https://docs.gitlab.com/ee/user/packages/dependency_proxy/index.html).\n\n\nGitLab is also working on leveraging the Dependency Proxy to give more\ncontrol to security teams with the [Dependency\nFirewall](https://about.gitlab.com/direction/package/#dependency-firewall),\nwhich will allow for control of how upstream packages are used and how they\nimpact the organization. Package validation and version management can be\nmanaged from a central location without impacting the workflow of users.\n\n\nProactively instrumenting your software development lifecycle to ensure\ncontinuous review of your application along with controls is critical to\nkeeping your software supply chain secure and preventing production problems\ndue to protestware.\n","devsecops",[23,24,25,26],"DevSecOps","zero trust","security","DevSecOps platform",{"slug":28,"featured":6,"template":29},"rise-of-protestware","BlogPost","content:en-us:blog:rise-of-protestware.yml","yaml","Rise Of Protestware","content","en-us/blog/rise-of-protestware.yml","en-us/blog/rise-of-protestware","yml",{"_path":38,"_dir":39,"_draft":6,"_partial":6,"_locale":7,"data":40,"_id":462,"_type":31,"title":463,"_source":33,"_file":464,"_stem":465,"_extension":36},"/shared/en-us/main-navigation","en-us",{"logo":41,"freeTrial":46,"sales":51,"login":56,"items":61,"search":393,"minimal":424,"duo":443,"pricingDeployment":452},{"config":42},{"href":43,"dataGaName":44,"dataGaLocation":45},"/","gitlab logo","header",{"text":47,"config":48},"Get free trial",{"href":49,"dataGaName":50,"dataGaLocation":45},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":52,"config":53},"Talk to sales",{"href":54,"dataGaName":55,"dataGaLocation":45},"/sales/","sales",{"text":57,"config":58},"Sign in",{"href":59,"dataGaName":60,"dataGaLocation":45},"https://gitlab.com/users/sign_in/","sign in",[62,106,204,209,314,374],{"text":63,"config":64,"cards":66,"footer":89},"Platform",{"dataNavLevelOne":65},"platform",[67,73,81],{"title":63,"description":68,"link":69},"The most comprehensive AI-powered DevSecOps Platform",{"text":70,"config":71},"Explore our Platform",{"href":72,"dataGaName":65,"dataGaLocation":45},"/platform/",{"title":74,"description":75,"link":76},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":77,"config":78},"Meet GitLab Duo",{"href":79,"dataGaName":80,"dataGaLocation":45},"/gitlab-duo/","gitlab duo ai",{"title":82,"description":83,"link":84},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":85,"config":86},"Learn more",{"href":87,"dataGaName":88,"dataGaLocation":45},"/why-gitlab/","why gitlab",{"title":90,"items":91},"Get started with",[92,97,102],{"text":93,"config":94},"Platform Engineering",{"href":95,"dataGaName":96,"dataGaLocation":45},"/solutions/platform-engineering/","platform engineering",{"text":98,"config":99},"Developer Experience",{"href":100,"dataGaName":101,"dataGaLocation":45},"/developer-experience/","Developer experience",{"text":103,"config":104},"MLOps",{"href":105,"dataGaName":103,"dataGaLocation":45},"/topics/devops/the-role-of-ai-in-devops/",{"text":107,"left":108,"config":109,"link":111,"lists":115,"footer":186},"Product",true,{"dataNavLevelOne":110},"solutions",{"text":112,"config":113},"View all Solutions",{"href":114,"dataGaName":110,"dataGaLocation":45},"/solutions/",[116,141,165],{"title":117,"description":118,"link":119,"items":124},"Automation","CI/CD and automation to accelerate deployment",{"config":120},{"icon":121,"href":122,"dataGaName":123,"dataGaLocation":45},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[125,129,133,137],{"text":126,"config":127},"CI/CD",{"href":128,"dataGaLocation":45,"dataGaName":126},"/solutions/continuous-integration/",{"text":130,"config":131},"AI-Assisted Development",{"href":79,"dataGaLocation":45,"dataGaName":132},"AI assisted development",{"text":134,"config":135},"Source Code Management",{"href":136,"dataGaLocation":45,"dataGaName":134},"/solutions/source-code-management/",{"text":138,"config":139},"Automated Software Delivery",{"href":122,"dataGaLocation":45,"dataGaName":140},"Automated software delivery",{"title":142,"description":143,"link":144,"items":149},"Security","Deliver code faster without compromising security",{"config":145},{"href":146,"dataGaName":147,"dataGaLocation":45,"icon":148},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[150,155,160],{"text":151,"config":152},"Application Security Testing",{"href":153,"dataGaName":154,"dataGaLocation":45},"/solutions/application-security-testing/","Application security testing",{"text":156,"config":157},"Software Supply Chain Security",{"href":158,"dataGaLocation":45,"dataGaName":159},"/solutions/supply-chain/","Software supply chain security",{"text":161,"config":162},"Software Compliance",{"href":163,"dataGaName":164,"dataGaLocation":45},"/solutions/software-compliance/","software compliance",{"title":166,"link":167,"items":172},"Measurement",{"config":168},{"icon":169,"href":170,"dataGaName":171,"dataGaLocation":45},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[173,177,181],{"text":174,"config":175},"Visibility & Measurement",{"href":170,"dataGaLocation":45,"dataGaName":176},"Visibility and Measurement",{"text":178,"config":179},"Value Stream Management",{"href":180,"dataGaLocation":45,"dataGaName":178},"/solutions/value-stream-management/",{"text":182,"config":183},"Analytics & Insights",{"href":184,"dataGaLocation":45,"dataGaName":185},"/solutions/analytics-and-insights/","Analytics and insights",{"title":187,"items":188},"GitLab for",[189,194,199],{"text":190,"config":191},"Enterprise",{"href":192,"dataGaLocation":45,"dataGaName":193},"/enterprise/","enterprise",{"text":195,"config":196},"Small Business",{"href":197,"dataGaLocation":45,"dataGaName":198},"/small-business/","small business",{"text":200,"config":201},"Public Sector",{"href":202,"dataGaLocation":45,"dataGaName":203},"/solutions/public-sector/","public sector",{"text":205,"config":206},"Pricing",{"href":207,"dataGaName":208,"dataGaLocation":45,"dataNavLevelOne":208},"/pricing/","pricing",{"text":210,"config":211,"link":213,"lists":217,"feature":301},"Resources",{"dataNavLevelOne":212},"resources",{"text":214,"config":215},"View all resources",{"href":216,"dataGaName":212,"dataGaLocation":45},"/resources/",[218,251,273],{"title":219,"items":220},"Getting started",[221,226,231,236,241,246],{"text":222,"config":223},"Install",{"href":224,"dataGaName":225,"dataGaLocation":45},"/install/","install",{"text":227,"config":228},"Quick start guides",{"href":229,"dataGaName":230,"dataGaLocation":45},"/get-started/","quick setup checklists",{"text":232,"config":233},"Learn",{"href":234,"dataGaLocation":45,"dataGaName":235},"https://university.gitlab.com/","learn",{"text":237,"config":238},"Product documentation",{"href":239,"dataGaName":240,"dataGaLocation":45},"https://docs.gitlab.com/","product documentation",{"text":242,"config":243},"Best practice videos",{"href":244,"dataGaName":245,"dataGaLocation":45},"/getting-started-videos/","best practice videos",{"text":247,"config":248},"Integrations",{"href":249,"dataGaName":250,"dataGaLocation":45},"/integrations/","integrations",{"title":252,"items":253},"Discover",[254,259,263,268],{"text":255,"config":256},"Customer success stories",{"href":257,"dataGaName":258,"dataGaLocation":45},"/customers/","customer success stories",{"text":260,"config":261},"Blog",{"href":262,"dataGaName":5,"dataGaLocation":45},"/blog/",{"text":264,"config":265},"Remote",{"href":266,"dataGaName":267,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":269,"config":270},"TeamOps",{"href":271,"dataGaName":272,"dataGaLocation":45},"/teamops/","teamops",{"title":274,"items":275},"Connect",[276,281,286,291,296],{"text":277,"config":278},"GitLab Services",{"href":279,"dataGaName":280,"dataGaLocation":45},"/services/","services",{"text":282,"config":283},"Community",{"href":284,"dataGaName":285,"dataGaLocation":45},"/community/","community",{"text":287,"config":288},"Forum",{"href":289,"dataGaName":290,"dataGaLocation":45},"https://forum.gitlab.com/","forum",{"text":292,"config":293},"Events",{"href":294,"dataGaName":295,"dataGaLocation":45},"/events/","events",{"text":297,"config":298},"Partners",{"href":299,"dataGaName":300,"dataGaLocation":45},"/partners/","partners",{"backgroundColor":302,"textColor":303,"text":304,"image":305,"link":309},"#2f2a6b","#fff","Insights for the future of software development",{"altText":306,"config":307},"the source promo card",{"src":308},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":310,"config":311},"Read the latest",{"href":312,"dataGaName":313,"dataGaLocation":45},"/the-source/","the source",{"text":315,"config":316,"lists":318},"Company",{"dataNavLevelOne":317},"company",[319],{"items":320},[321,326,332,334,339,344,349,354,359,364,369],{"text":322,"config":323},"About",{"href":324,"dataGaName":325,"dataGaLocation":45},"/company/","about",{"text":327,"config":328,"footerGa":331},"Jobs",{"href":329,"dataGaName":330,"dataGaLocation":45},"/jobs/","jobs",{"dataGaName":330},{"text":292,"config":333},{"href":294,"dataGaName":295,"dataGaLocation":45},{"text":335,"config":336},"Leadership",{"href":337,"dataGaName":338,"dataGaLocation":45},"/company/team/e-group/","leadership",{"text":340,"config":341},"Team",{"href":342,"dataGaName":343,"dataGaLocation":45},"/company/team/","team",{"text":345,"config":346},"Handbook",{"href":347,"dataGaName":348,"dataGaLocation":45},"https://handbook.gitlab.com/","handbook",{"text":350,"config":351},"Investor relations",{"href":352,"dataGaName":353,"dataGaLocation":45},"https://ir.gitlab.com/","investor relations",{"text":355,"config":356},"Trust Center",{"href":357,"dataGaName":358,"dataGaLocation":45},"/security/","trust center",{"text":360,"config":361},"AI Transparency Center",{"href":362,"dataGaName":363,"dataGaLocation":45},"/ai-transparency-center/","ai transparency center",{"text":365,"config":366},"Newsletter",{"href":367,"dataGaName":368,"dataGaLocation":45},"/company/contact/","newsletter",{"text":370,"config":371},"Press",{"href":372,"dataGaName":373,"dataGaLocation":45},"/press/","press",{"text":375,"config":376,"lists":377},"Contact us",{"dataNavLevelOne":317},[378],{"items":379},[380,383,388],{"text":52,"config":381},{"href":54,"dataGaName":382,"dataGaLocation":45},"talk to sales",{"text":384,"config":385},"Get help",{"href":386,"dataGaName":387,"dataGaLocation":45},"/support/","get help",{"text":389,"config":390},"Customer portal",{"href":391,"dataGaName":392,"dataGaLocation":45},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":394,"login":395,"suggestions":402},"Close",{"text":396,"link":397},"To search repositories and projects, login to",{"text":398,"config":399},"gitlab.com",{"href":59,"dataGaName":400,"dataGaLocation":401},"search login","search",{"text":403,"default":404},"Suggestions",[405,407,411,413,417,421],{"text":74,"config":406},{"href":79,"dataGaName":74,"dataGaLocation":401},{"text":408,"config":409},"Code Suggestions (AI)",{"href":410,"dataGaName":408,"dataGaLocation":401},"/solutions/code-suggestions/",{"text":126,"config":412},{"href":128,"dataGaName":126,"dataGaLocation":401},{"text":414,"config":415},"GitLab on AWS",{"href":416,"dataGaName":414,"dataGaLocation":401},"/partners/technology-partners/aws/",{"text":418,"config":419},"GitLab on Google Cloud",{"href":420,"dataGaName":418,"dataGaLocation":401},"/partners/technology-partners/google-cloud-platform/",{"text":422,"config":423},"Why GitLab?",{"href":87,"dataGaName":422,"dataGaLocation":401},{"freeTrial":425,"mobileIcon":430,"desktopIcon":435,"secondaryButton":438},{"text":426,"config":427},"Start free trial",{"href":428,"dataGaName":50,"dataGaLocation":429},"https://gitlab.com/-/trials/new/","nav",{"altText":431,"config":432},"Gitlab Icon",{"src":433,"dataGaName":434,"dataGaLocation":429},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":431,"config":436},{"src":437,"dataGaName":434,"dataGaLocation":429},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":439,"config":440},"Get Started",{"href":441,"dataGaName":442,"dataGaLocation":429},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":444,"mobileIcon":448,"desktopIcon":450},{"text":445,"config":446},"Learn more about GitLab Duo",{"href":79,"dataGaName":447,"dataGaLocation":429},"gitlab duo",{"altText":431,"config":449},{"src":433,"dataGaName":434,"dataGaLocation":429},{"altText":431,"config":451},{"src":437,"dataGaName":434,"dataGaLocation":429},{"freeTrial":453,"mobileIcon":458,"desktopIcon":460},{"text":454,"config":455},"Back to pricing",{"href":207,"dataGaName":456,"dataGaLocation":429,"icon":457},"back to pricing","GoBack",{"altText":431,"config":459},{"src":433,"dataGaName":434,"dataGaLocation":429},{"altText":431,"config":461},{"src":437,"dataGaName":434,"dataGaLocation":429},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":467,"_dir":39,"_draft":6,"_partial":6,"_locale":7,"title":468,"button":469,"image":474,"config":478,"_id":480,"_type":31,"_source":33,"_file":481,"_stem":482,"_extension":36},"/shared/en-us/banner","is now in public beta!",{"text":470,"config":471},"Try the Beta",{"href":472,"dataGaName":473,"dataGaLocation":45},"/gitlab-duo/agent-platform/","duo banner",{"altText":475,"config":476},"GitLab Duo Agent Platform",{"src":477},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":479},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":484,"_dir":39,"_draft":6,"_partial":6,"_locale":7,"data":485,"_id":688,"_type":31,"title":689,"_source":33,"_file":690,"_stem":691,"_extension":36},"/shared/en-us/main-footer",{"text":486,"source":487,"edit":493,"contribute":498,"config":503,"items":508,"minimal":680},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":488,"config":489},"View page source",{"href":490,"dataGaName":491,"dataGaLocation":492},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":494,"config":495},"Edit this page",{"href":496,"dataGaName":497,"dataGaLocation":492},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":499,"config":500},"Please contribute",{"href":501,"dataGaName":502,"dataGaLocation":492},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":504,"facebook":505,"youtube":506,"linkedin":507},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[509,531,587,616,650],{"title":63,"links":510,"subMenu":514},[511],{"text":26,"config":512},{"href":72,"dataGaName":513,"dataGaLocation":492},"devsecops platform",[515],{"title":205,"links":516},[517,521,526],{"text":518,"config":519},"View plans",{"href":207,"dataGaName":520,"dataGaLocation":492},"view plans",{"text":522,"config":523},"Why Premium?",{"href":524,"dataGaName":525,"dataGaLocation":492},"/pricing/premium/","why premium",{"text":527,"config":528},"Why Ultimate?",{"href":529,"dataGaName":530,"dataGaLocation":492},"/pricing/ultimate/","why ultimate",{"title":532,"links":533},"Solutions",[534,539,541,543,548,553,557,560,564,569,571,574,577,582],{"text":535,"config":536},"Digital transformation",{"href":537,"dataGaName":538,"dataGaLocation":492},"/topics/digital-transformation/","digital transformation",{"text":151,"config":540},{"href":153,"dataGaName":151,"dataGaLocation":492},{"text":140,"config":542},{"href":122,"dataGaName":123,"dataGaLocation":492},{"text":544,"config":545},"Agile development",{"href":546,"dataGaName":547,"dataGaLocation":492},"/solutions/agile-delivery/","agile delivery",{"text":549,"config":550},"Cloud transformation",{"href":551,"dataGaName":552,"dataGaLocation":492},"/topics/cloud-native/","cloud transformation",{"text":554,"config":555},"SCM",{"href":136,"dataGaName":556,"dataGaLocation":492},"source code management",{"text":126,"config":558},{"href":128,"dataGaName":559,"dataGaLocation":492},"continuous integration & delivery",{"text":561,"config":562},"Value stream management",{"href":180,"dataGaName":563,"dataGaLocation":492},"value stream management",{"text":565,"config":566},"GitOps",{"href":567,"dataGaName":568,"dataGaLocation":492},"/solutions/gitops/","gitops",{"text":190,"config":570},{"href":192,"dataGaName":193,"dataGaLocation":492},{"text":572,"config":573},"Small business",{"href":197,"dataGaName":198,"dataGaLocation":492},{"text":575,"config":576},"Public sector",{"href":202,"dataGaName":203,"dataGaLocation":492},{"text":578,"config":579},"Education",{"href":580,"dataGaName":581,"dataGaLocation":492},"/solutions/education/","education",{"text":583,"config":584},"Financial services",{"href":585,"dataGaName":586,"dataGaLocation":492},"/solutions/finance/","financial services",{"title":210,"links":588},[589,591,593,595,598,600,602,604,606,608,610,612,614],{"text":222,"config":590},{"href":224,"dataGaName":225,"dataGaLocation":492},{"text":227,"config":592},{"href":229,"dataGaName":230,"dataGaLocation":492},{"text":232,"config":594},{"href":234,"dataGaName":235,"dataGaLocation":492},{"text":237,"config":596},{"href":239,"dataGaName":597,"dataGaLocation":492},"docs",{"text":260,"config":599},{"href":262,"dataGaName":5,"dataGaLocation":492},{"text":255,"config":601},{"href":257,"dataGaName":258,"dataGaLocation":492},{"text":264,"config":603},{"href":266,"dataGaName":267,"dataGaLocation":492},{"text":277,"config":605},{"href":279,"dataGaName":280,"dataGaLocation":492},{"text":269,"config":607},{"href":271,"dataGaName":272,"dataGaLocation":492},{"text":282,"config":609},{"href":284,"dataGaName":285,"dataGaLocation":492},{"text":287,"config":611},{"href":289,"dataGaName":290,"dataGaLocation":492},{"text":292,"config":613},{"href":294,"dataGaName":295,"dataGaLocation":492},{"text":297,"config":615},{"href":299,"dataGaName":300,"dataGaLocation":492},{"title":315,"links":617},[618,620,622,624,626,628,630,634,639,641,643,645],{"text":322,"config":619},{"href":324,"dataGaName":317,"dataGaLocation":492},{"text":327,"config":621},{"href":329,"dataGaName":330,"dataGaLocation":492},{"text":335,"config":623},{"href":337,"dataGaName":338,"dataGaLocation":492},{"text":340,"config":625},{"href":342,"dataGaName":343,"dataGaLocation":492},{"text":345,"config":627},{"href":347,"dataGaName":348,"dataGaLocation":492},{"text":350,"config":629},{"href":352,"dataGaName":353,"dataGaLocation":492},{"text":631,"config":632},"Sustainability",{"href":633,"dataGaName":631,"dataGaLocation":492},"/sustainability/",{"text":635,"config":636},"Diversity, inclusion and belonging (DIB)",{"href":637,"dataGaName":638,"dataGaLocation":492},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":355,"config":640},{"href":357,"dataGaName":358,"dataGaLocation":492},{"text":365,"config":642},{"href":367,"dataGaName":368,"dataGaLocation":492},{"text":370,"config":644},{"href":372,"dataGaName":373,"dataGaLocation":492},{"text":646,"config":647},"Modern Slavery Transparency Statement",{"href":648,"dataGaName":649,"dataGaLocation":492},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":651,"links":652},"Contact Us",[653,656,658,660,665,670,675],{"text":654,"config":655},"Contact an expert",{"href":54,"dataGaName":55,"dataGaLocation":492},{"text":384,"config":657},{"href":386,"dataGaName":387,"dataGaLocation":492},{"text":389,"config":659},{"href":391,"dataGaName":392,"dataGaLocation":492},{"text":661,"config":662},"Status",{"href":663,"dataGaName":664,"dataGaLocation":492},"https://status.gitlab.com/","status",{"text":666,"config":667},"Terms of use",{"href":668,"dataGaName":669,"dataGaLocation":492},"/terms/","terms of use",{"text":671,"config":672},"Privacy statement",{"href":673,"dataGaName":674,"dataGaLocation":492},"/privacy/","privacy statement",{"text":676,"config":677},"Cookie preferences",{"dataGaName":678,"dataGaLocation":492,"id":679,"isOneTrustButton":108},"cookie preferences","ot-sdk-btn",{"items":681},[682,684,686],{"text":666,"config":683},{"href":668,"dataGaName":669,"dataGaLocation":492},{"text":671,"config":685},{"href":673,"dataGaName":674,"dataGaLocation":492},{"text":676,"config":687},{"dataGaName":678,"dataGaLocation":492,"id":679,"isOneTrustButton":108},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[693],{"_path":694,"_dir":695,"_draft":6,"_partial":6,"_locale":7,"content":696,"config":700,"_id":702,"_type":31,"title":18,"_source":33,"_file":703,"_stem":704,"_extension":36},"/en-us/blog/authors/abubakar-siddiq-ango","authors",{"name":18,"config":697},{"headshot":698,"ctfId":699},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749660104/Blog/Author%20Headshots/abuango-headshot.jpg","abuango",{"template":701},"BlogAuthor","content:en-us:blog:authors:abubakar-siddiq-ango.yml","en-us/blog/authors/abubakar-siddiq-ango.yml","en-us/blog/authors/abubakar-siddiq-ango",{"_path":706,"_dir":39,"_draft":6,"_partial":6,"_locale":7,"header":707,"eyebrow":708,"blurb":709,"button":710,"secondaryButton":714,"_id":716,"_type":31,"title":717,"_source":33,"_file":718,"_stem":719,"_extension":36},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":47,"config":711},{"href":712,"dataGaName":50,"dataGaLocation":713},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":52,"config":715},{"href":54,"dataGaName":55,"dataGaLocation":713},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1758326264493]