[{"data":1,"prerenderedAt":716},["ShallowReactive",2],{"/en-us/blog/top-five-actions-owasp-2021/":3,"navigation-en-us":33,"banner-en-us":462,"footer-en-us":479,"Wayne Haber":689,"next-steps-en-us":701},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":23,"_id":26,"_type":27,"title":28,"_source":29,"_file":30,"_stem":31,"_extension":32},"/en-us/blog/top-five-actions-owasp-2021","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Five key actions to take based on OWASP Top 10 2021 updates","Learn what actions engineers should take based on the OWASP Top 10 updates for 2021","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749684879/Blog/Hero%20Images/joshua-golde-qIu77BsFdds-unsplash.jpg","https://about.gitlab.com/blog/top-five-actions-owasp-2021","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Top five actions engineers should take based on the OWASP Top 10 2021 security updates\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Wayne Haber\"}],\n        \"datePublished\": \"2021-11-15\",\n      }",{"title":17,"description":10,"authors":18,"heroImage":11,"date":20,"body":21,"category":22},"Top five actions engineers should take based on the OWASP Top 10 2021 security updates",[19],"Wayne Haber","2021-11-15","\n\u003C%= cache_bust(stylesheet_link_tag('harveyball'), cache_bust_value) %>\n\u003Cstyle>\n.slpBlog__article table > tbody > tr > td {\n  vertical-align: middle;\n}\ntd .harveyball {\n  margin: 0 auto;\n}\nli .harveyball {\n  display: inline;\n}\n\u003C/style>\n\nThe [OWASP Foundation](https://owasp.org/) recently released its long-anticipated [OWASP top 10 security vulnerability trends for 2021](https://owasp.org/Top10/).  This list provides awareness for developers and security teams on the most critical security risks to applications. This is the first update in four years.\n\nWe're proud to [sponsor the OWASP organization](https://about.gitlab.com/blog/gitlab-is-now-a-member-of-the-owasp-foundation/), which supports their mission \"to help the world improve the security of its software\" as well as support regional and global annual conferences. We were also thrilled to be able to help with the OWASP top 10 updates by compiling and providing [anonymized vulnerability data](https://about.gitlab.com/blog/gitlab-latest-security-trends/) to OWASP so they could use it with data from other sources to compile the trends.\n\n## There are many changes to the OWASP top 10\n\n\u003Ciframe src='https://flo.uri.sh/visualisation/7574790/embed' title='Interactive or visual content' class='flourish-embed-iframe' frameborder='0' scrolling='no' style='width:100%;height:600px;' sandbox='allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation'>\u003C/iframe>\u003Cdiv style='width:100%!;margin-top:4px!important;text-align:right!important;'>\u003Ca class='flourish-credit' href='https://public.flourish.studio/visualisation/7574790/?utm_source=embed&utm_campaign=visualisation/7574790' target='_top' style='text-decoration:none!important'>\u003Cimg alt='Made with Flourish' src='https://public.flourish.studio/resources/made_with_flourish.svg' style='width:105px!important;height:16px!important;border:none!important;margin:0!important;'> \u003C/a>\u003C/div>\n\nOWASP Top 10 changes from 2004 to 2021\n\nIn the top 5, broken access control has gone from #5 up to #1 on this list due to nearly 4% of applications having challenges in this area. Insecure design has been added as a new category. Cryptographic failures, injection, and security misconfiguration continue to be high on the list.\n\nIn the bottom 5, vulnerable and outdated components, identification/authentication issues, and logging/monitoring are still present. New categories are software/data integrity and Server-Side Request Forgery (SSRF).\n\nThe most significant changes between the OWASP Top 10 2017 and 2021 rankings is the position of Broken Authentication, which moved five steps down from position 2 to 7. This change indicates that this category is considered much less critical nowadays than it used to be in the past. In contrast, Broken Access Control is considered more critical in 2021 in comparison to 2017 because it moved up four steps from position 5 to 1.\n\nAnother noticeable difference when comparing OWASP Top 10 2017 and 2021 is the disappearance of the XML External Entity (XXE), Cross-Site Scripting (XSS), and Insecure Deserialization categories which have been absorbed by the Security Misconfiguration, Injection and Software and Data Integrity Failures categories in the 2021 ranking, respectively. This change freed up two additional spots in the 2021 ranking for the entirely new categories Insecure Design and SSRF. Vulnerabilities in Software Dependencies moved up three positions from position 9 in 2017 (Using Components with Known Vulnerabilities) to position 6 in 2021 (Vulnerable and Outdated Components).\n\n## What should engineering and security teams do based on the updates?\n\n1. [Broken access control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/) – [SAST](https://docs.gitlab.com/ee/user/application_security/sast/) and [DAST](https://docs.gitlab.com/ee/user/application_security/dast/) scanners can sometimes help to find some classes of these issues. Automated tools can identify that user X can access feature Y; however, they often cannot determine if that user should have that level of access. This is where designing for security from the beginning comes into play, especially for authentication and authorization. Humans cannot be replaced with automation to detect many of these issues. Focused penetration testing and bug bounty programs are key to find things that may have slipped through the cracks.\n1. [Insecure design](https://owasp.org/Top10/A04_2021-Insecure_Design/) – Similar to the top controls for broken access control, it is essential to design for security at the beginning and monitor it over time. Teach developers how their applications may be attacked through threat modeling in order to enable them to design and evaluate the system design from a security-first mindset.\n1. [Software/data integrity](https://owasp.org/Top10/pt_BR/A08_2021-Software_and_Data_Integrity_Failures/) – Educate developers on attackers doing typosquatting on common libraries and inducing developers to use their libraries that have been compromised. Confirm your libraries and other dependencies are checked for known security issues via [GitLab Dependency Scanning](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/), and/or Container Scanning and open source tools like [OWASP dependency check](https://owasp.org/www-project-dependency-check/). Also, consider tools like [package hunter](https://about.gitlab.com/blog/announcing-package-hunter/) that can help find malicious code in your dependencies.\n1. [Server-Side Request Forgery](https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/) – Sanitize untrusted input data using hardened libraries and [fuzz test](https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/) your inputs to suss out unexpected behaviors. Implement allow lists for what should be permitted rather than deny lists that can be easily thwarted by a determined attacker. [SAST](https://docs.gitlab.com/ee/user/application_security/sast/) and [DAST](https://docs.gitlab.com/ee/user/application_security/dast/) scanners can often easily identify this class of issues.\n1. Keep diligence on the other top threats on the list via the above recommendations, including confirming monitoring and pre-established escalation runbooks for security issues. [Scan your code for secrets](https://docs.gitlab.com/ee/user/application_security/secret_detection/) that can accidentally leak into repositories. Keep an eye on [vulnerability trends](https://docs.gitlab.com/ee/user/application_security/security_dashboard/) in your applications over time to make sure they are being vetted and addressed as appropriate. [Scan and monitor your containers](https://docs.gitlab.com/ee/user/application_security/container_scanning/) for security issues.\n\n## How do GitLab and other solutions measure up to these risks?\n\nNo one solution covers the entire threat in any category. A defense-in-depth strategy of employing multiple areas of validation is key to managing risk.\n\nMore information about how GitLab addresses these risks can be found on the [secure product metric page](/handbook/engineering/development/sec/secure/products/metrics/).\n\n| Security risk                                       | GitLab Secure & Protect | Penetration Testing | Bug Bounties | Security Training | Security-First Design | Security Monitoring & Escalation |\n|-----------------------------------------------------|-------------------------|---------------------|--------------|-------------------|-----------------------|----------------------------------|\n| A01:2021-Broken Access Control                      | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>               | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>         |  \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                 | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                           |\n| 02:2021-Cryptographic Failures                      | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>         | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>           | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                  | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                              |\n| 03:2021-Injection                                   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                  | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>          | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>             | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                  | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                          |\n| A05:2021-Security Misconfiguration                  | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>          | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>              | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                 | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                               |\n| A06:2021-Vulnerable and Outdated Components         | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                 | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                 | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>            | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>             | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                           |\n| A07:2021-Identification and Authentication Failures | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                       | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                 | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>      | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                 | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                  | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                             |\n| A08:2021-Software and Data Integrity Failures       | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>              | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>           | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>              | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                          |\n| A09:2021-Security Logging and Monitoring Failures   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                   | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>             | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>               | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                     | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                             |\n| A10:2021-Server-Side Request Forgery                | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                    | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>               | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>         | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg>                | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg>                  | \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg>                           |\n\nCoverage legend:\n\n\u003Cul>\n  \u003Cli>\n    \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-0\">\u003C/use>\u003C/svg> - 0%\n  \u003C/li>\n  \u003Cli>\n    \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-25\">\u003C/use>\u003C/svg> - 25%\n  \u003C/li>\n  \u003Cli>\n    \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-50\">\u003C/use>\u003C/svg> - 50%\n  \u003C/li>\n  \u003Cli>\n    \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-75\">\u003C/use>\u003C/svg> - 75%\n  \u003C/li>\n  \u003Cli>\n    \u003Csvg class=\"harveyball\">\u003Cuse xlink:href=\"/images/harveyball/icons.svg#harveyball-100\">\u003C/use>\u003C/svg> - 100%\n  \u003C/li>\n\u003C/ul>\n\nCover image by [Joshua Golde](https://unsplash.com/@joshgmit?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText\") on [Unsplash](https://unsplash.com/s/photos/ranking?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText)\n{: .note}\n","security",{"slug":24,"featured":6,"template":25},"top-five-actions-owasp-2021","BlogPost","content:en-us:blog:top-five-actions-owasp-2021.yml","yaml","Top Five Actions Owasp 2021","content","en-us/blog/top-five-actions-owasp-2021.yml","en-us/blog/top-five-actions-owasp-2021","yml",{"_path":34,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":36,"_id":458,"_type":27,"title":459,"_source":29,"_file":460,"_stem":461,"_extension":32},"/shared/en-us/main-navigation","en-us",{"logo":37,"freeTrial":42,"sales":47,"login":52,"items":57,"search":389,"minimal":420,"duo":439,"pricingDeployment":448},{"config":38},{"href":39,"dataGaName":40,"dataGaLocation":41},"/","gitlab logo","header",{"text":43,"config":44},"Get free trial",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":48,"config":49},"Talk to sales",{"href":50,"dataGaName":51,"dataGaLocation":41},"/sales/","sales",{"text":53,"config":54},"Sign in",{"href":55,"dataGaName":56,"dataGaLocation":41},"https://gitlab.com/users/sign_in/","sign in",[58,102,200,205,310,370],{"text":59,"config":60,"cards":62,"footer":85},"Platform",{"dataNavLevelOne":61},"platform",[63,69,77],{"title":59,"description":64,"link":65},"The most comprehensive AI-powered DevSecOps Platform",{"text":66,"config":67},"Explore our Platform",{"href":68,"dataGaName":61,"dataGaLocation":41},"/platform/",{"title":70,"description":71,"link":72},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":73,"config":74},"Meet GitLab Duo",{"href":75,"dataGaName":76,"dataGaLocation":41},"/gitlab-duo/","gitlab duo ai",{"title":78,"description":79,"link":80},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":81,"config":82},"Learn more",{"href":83,"dataGaName":84,"dataGaLocation":41},"/why-gitlab/","why gitlab",{"title":86,"items":87},"Get started with",[88,93,98],{"text":89,"config":90},"Platform Engineering",{"href":91,"dataGaName":92,"dataGaLocation":41},"/solutions/platform-engineering/","platform engineering",{"text":94,"config":95},"Developer Experience",{"href":96,"dataGaName":97,"dataGaLocation":41},"/developer-experience/","Developer experience",{"text":99,"config":100},"MLOps",{"href":101,"dataGaName":99,"dataGaLocation":41},"/topics/devops/the-role-of-ai-in-devops/",{"text":103,"left":104,"config":105,"link":107,"lists":111,"footer":182},"Product",true,{"dataNavLevelOne":106},"solutions",{"text":108,"config":109},"View all Solutions",{"href":110,"dataGaName":106,"dataGaLocation":41},"/solutions/",[112,137,161],{"title":113,"description":114,"link":115,"items":120},"Automation","CI/CD and automation to accelerate deployment",{"config":116},{"icon":117,"href":118,"dataGaName":119,"dataGaLocation":41},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[121,125,129,133],{"text":122,"config":123},"CI/CD",{"href":124,"dataGaLocation":41,"dataGaName":122},"/solutions/continuous-integration/",{"text":126,"config":127},"AI-Assisted Development",{"href":75,"dataGaLocation":41,"dataGaName":128},"AI assisted development",{"text":130,"config":131},"Source Code Management",{"href":132,"dataGaLocation":41,"dataGaName":130},"/solutions/source-code-management/",{"text":134,"config":135},"Automated Software Delivery",{"href":118,"dataGaLocation":41,"dataGaName":136},"Automated software delivery",{"title":138,"description":139,"link":140,"items":145},"Security","Deliver code faster without compromising security",{"config":141},{"href":142,"dataGaName":143,"dataGaLocation":41,"icon":144},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[146,151,156],{"text":147,"config":148},"Application Security Testing",{"href":149,"dataGaName":150,"dataGaLocation":41},"/solutions/application-security-testing/","Application security testing",{"text":152,"config":153},"Software Supply Chain Security",{"href":154,"dataGaLocation":41,"dataGaName":155},"/solutions/supply-chain/","Software supply chain security",{"text":157,"config":158},"Software Compliance",{"href":159,"dataGaName":160,"dataGaLocation":41},"/solutions/software-compliance/","software compliance",{"title":162,"link":163,"items":168},"Measurement",{"config":164},{"icon":165,"href":166,"dataGaName":167,"dataGaLocation":41},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[169,173,177],{"text":170,"config":171},"Visibility & Measurement",{"href":166,"dataGaLocation":41,"dataGaName":172},"Visibility and Measurement",{"text":174,"config":175},"Value Stream Management",{"href":176,"dataGaLocation":41,"dataGaName":174},"/solutions/value-stream-management/",{"text":178,"config":179},"Analytics & Insights",{"href":180,"dataGaLocation":41,"dataGaName":181},"/solutions/analytics-and-insights/","Analytics and insights",{"title":183,"items":184},"GitLab for",[185,190,195],{"text":186,"config":187},"Enterprise",{"href":188,"dataGaLocation":41,"dataGaName":189},"/enterprise/","enterprise",{"text":191,"config":192},"Small Business",{"href":193,"dataGaLocation":41,"dataGaName":194},"/small-business/","small business",{"text":196,"config":197},"Public Sector",{"href":198,"dataGaLocation":41,"dataGaName":199},"/solutions/public-sector/","public sector",{"text":201,"config":202},"Pricing",{"href":203,"dataGaName":204,"dataGaLocation":41,"dataNavLevelOne":204},"/pricing/","pricing",{"text":206,"config":207,"link":209,"lists":213,"feature":297},"Resources",{"dataNavLevelOne":208},"resources",{"text":210,"config":211},"View all resources",{"href":212,"dataGaName":208,"dataGaLocation":41},"/resources/",[214,247,269],{"title":215,"items":216},"Getting started",[217,222,227,232,237,242],{"text":218,"config":219},"Install",{"href":220,"dataGaName":221,"dataGaLocation":41},"/install/","install",{"text":223,"config":224},"Quick start guides",{"href":225,"dataGaName":226,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":228,"config":229},"Learn",{"href":230,"dataGaLocation":41,"dataGaName":231},"https://university.gitlab.com/","learn",{"text":233,"config":234},"Product documentation",{"href":235,"dataGaName":236,"dataGaLocation":41},"https://docs.gitlab.com/","product documentation",{"text":238,"config":239},"Best practice videos",{"href":240,"dataGaName":241,"dataGaLocation":41},"/getting-started-videos/","best practice videos",{"text":243,"config":244},"Integrations",{"href":245,"dataGaName":246,"dataGaLocation":41},"/integrations/","integrations",{"title":248,"items":249},"Discover",[250,255,259,264],{"text":251,"config":252},"Customer success stories",{"href":253,"dataGaName":254,"dataGaLocation":41},"/customers/","customer success stories",{"text":256,"config":257},"Blog",{"href":258,"dataGaName":5,"dataGaLocation":41},"/blog/",{"text":260,"config":261},"Remote",{"href":262,"dataGaName":263,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":265,"config":266},"TeamOps",{"href":267,"dataGaName":268,"dataGaLocation":41},"/teamops/","teamops",{"title":270,"items":271},"Connect",[272,277,282,287,292],{"text":273,"config":274},"GitLab Services",{"href":275,"dataGaName":276,"dataGaLocation":41},"/services/","services",{"text":278,"config":279},"Community",{"href":280,"dataGaName":281,"dataGaLocation":41},"/community/","community",{"text":283,"config":284},"Forum",{"href":285,"dataGaName":286,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":288,"config":289},"Events",{"href":290,"dataGaName":291,"dataGaLocation":41},"/events/","events",{"text":293,"config":294},"Partners",{"href":295,"dataGaName":296,"dataGaLocation":41},"/partners/","partners",{"backgroundColor":298,"textColor":299,"text":300,"image":301,"link":305},"#2f2a6b","#fff","Insights for the future of software development",{"altText":302,"config":303},"the source promo card",{"src":304},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":306,"config":307},"Read the latest",{"href":308,"dataGaName":309,"dataGaLocation":41},"/the-source/","the source",{"text":311,"config":312,"lists":314},"Company",{"dataNavLevelOne":313},"company",[315],{"items":316},[317,322,328,330,335,340,345,350,355,360,365],{"text":318,"config":319},"About",{"href":320,"dataGaName":321,"dataGaLocation":41},"/company/","about",{"text":323,"config":324,"footerGa":327},"Jobs",{"href":325,"dataGaName":326,"dataGaLocation":41},"/jobs/","jobs",{"dataGaName":326},{"text":288,"config":329},{"href":290,"dataGaName":291,"dataGaLocation":41},{"text":331,"config":332},"Leadership",{"href":333,"dataGaName":334,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":336,"config":337},"Team",{"href":338,"dataGaName":339,"dataGaLocation":41},"/company/team/","team",{"text":341,"config":342},"Handbook",{"href":343,"dataGaName":344,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":346,"config":347},"Investor relations",{"href":348,"dataGaName":349,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":351,"config":352},"Trust Center",{"href":353,"dataGaName":354,"dataGaLocation":41},"/security/","trust center",{"text":356,"config":357},"AI Transparency Center",{"href":358,"dataGaName":359,"dataGaLocation":41},"/ai-transparency-center/","ai transparency center",{"text":361,"config":362},"Newsletter",{"href":363,"dataGaName":364,"dataGaLocation":41},"/company/contact/","newsletter",{"text":366,"config":367},"Press",{"href":368,"dataGaName":369,"dataGaLocation":41},"/press/","press",{"text":371,"config":372,"lists":373},"Contact us",{"dataNavLevelOne":313},[374],{"items":375},[376,379,384],{"text":48,"config":377},{"href":50,"dataGaName":378,"dataGaLocation":41},"talk to sales",{"text":380,"config":381},"Get help",{"href":382,"dataGaName":383,"dataGaLocation":41},"/support/","get help",{"text":385,"config":386},"Customer portal",{"href":387,"dataGaName":388,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":390,"login":391,"suggestions":398},"Close",{"text":392,"link":393},"To search repositories and projects, login to",{"text":394,"config":395},"gitlab.com",{"href":55,"dataGaName":396,"dataGaLocation":397},"search login","search",{"text":399,"default":400},"Suggestions",[401,403,407,409,413,417],{"text":70,"config":402},{"href":75,"dataGaName":70,"dataGaLocation":397},{"text":404,"config":405},"Code Suggestions (AI)",{"href":406,"dataGaName":404,"dataGaLocation":397},"/solutions/code-suggestions/",{"text":122,"config":408},{"href":124,"dataGaName":122,"dataGaLocation":397},{"text":410,"config":411},"GitLab on AWS",{"href":412,"dataGaName":410,"dataGaLocation":397},"/partners/technology-partners/aws/",{"text":414,"config":415},"GitLab on Google Cloud",{"href":416,"dataGaName":414,"dataGaLocation":397},"/partners/technology-partners/google-cloud-platform/",{"text":418,"config":419},"Why GitLab?",{"href":83,"dataGaName":418,"dataGaLocation":397},{"freeTrial":421,"mobileIcon":426,"desktopIcon":431,"secondaryButton":434},{"text":422,"config":423},"Start free trial",{"href":424,"dataGaName":46,"dataGaLocation":425},"https://gitlab.com/-/trials/new/","nav",{"altText":427,"config":428},"Gitlab Icon",{"src":429,"dataGaName":430,"dataGaLocation":425},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":427,"config":432},{"src":433,"dataGaName":430,"dataGaLocation":425},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":435,"config":436},"Get Started",{"href":437,"dataGaName":438,"dataGaLocation":425},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":440,"mobileIcon":444,"desktopIcon":446},{"text":441,"config":442},"Learn more about GitLab Duo",{"href":75,"dataGaName":443,"dataGaLocation":425},"gitlab duo",{"altText":427,"config":445},{"src":429,"dataGaName":430,"dataGaLocation":425},{"altText":427,"config":447},{"src":433,"dataGaName":430,"dataGaLocation":425},{"freeTrial":449,"mobileIcon":454,"desktopIcon":456},{"text":450,"config":451},"Back to pricing",{"href":203,"dataGaName":452,"dataGaLocation":425,"icon":453},"back to pricing","GoBack",{"altText":427,"config":455},{"src":429,"dataGaName":430,"dataGaLocation":425},{"altText":427,"config":457},{"src":433,"dataGaName":430,"dataGaLocation":425},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":463,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"title":464,"button":465,"image":470,"config":474,"_id":476,"_type":27,"_source":29,"_file":477,"_stem":478,"_extension":32},"/shared/en-us/banner","is now in public beta!",{"text":466,"config":467},"Try the Beta",{"href":468,"dataGaName":469,"dataGaLocation":41},"/gitlab-duo/agent-platform/","duo banner",{"altText":471,"config":472},"GitLab Duo Agent Platform",{"src":473},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":475},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":480,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":481,"_id":685,"_type":27,"title":686,"_source":29,"_file":687,"_stem":688,"_extension":32},"/shared/en-us/main-footer",{"text":482,"source":483,"edit":489,"contribute":494,"config":499,"items":504,"minimal":677},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":484,"config":485},"View page source",{"href":486,"dataGaName":487,"dataGaLocation":488},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":490,"config":491},"Edit this page",{"href":492,"dataGaName":493,"dataGaLocation":488},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":495,"config":496},"Please contribute",{"href":497,"dataGaName":498,"dataGaLocation":488},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":500,"facebook":501,"youtube":502,"linkedin":503},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[505,528,584,613,647],{"title":59,"links":506,"subMenu":511},[507],{"text":508,"config":509},"DevSecOps platform",{"href":68,"dataGaName":510,"dataGaLocation":488},"devsecops platform",[512],{"title":201,"links":513},[514,518,523],{"text":515,"config":516},"View plans",{"href":203,"dataGaName":517,"dataGaLocation":488},"view plans",{"text":519,"config":520},"Why Premium?",{"href":521,"dataGaName":522,"dataGaLocation":488},"/pricing/premium/","why premium",{"text":524,"config":525},"Why Ultimate?",{"href":526,"dataGaName":527,"dataGaLocation":488},"/pricing/ultimate/","why ultimate",{"title":529,"links":530},"Solutions",[531,536,538,540,545,550,554,557,561,566,568,571,574,579],{"text":532,"config":533},"Digital transformation",{"href":534,"dataGaName":535,"dataGaLocation":488},"/topics/digital-transformation/","digital transformation",{"text":147,"config":537},{"href":149,"dataGaName":147,"dataGaLocation":488},{"text":136,"config":539},{"href":118,"dataGaName":119,"dataGaLocation":488},{"text":541,"config":542},"Agile development",{"href":543,"dataGaName":544,"dataGaLocation":488},"/solutions/agile-delivery/","agile delivery",{"text":546,"config":547},"Cloud transformation",{"href":548,"dataGaName":549,"dataGaLocation":488},"/topics/cloud-native/","cloud transformation",{"text":551,"config":552},"SCM",{"href":132,"dataGaName":553,"dataGaLocation":488},"source code management",{"text":122,"config":555},{"href":124,"dataGaName":556,"dataGaLocation":488},"continuous integration & delivery",{"text":558,"config":559},"Value stream management",{"href":176,"dataGaName":560,"dataGaLocation":488},"value stream management",{"text":562,"config":563},"GitOps",{"href":564,"dataGaName":565,"dataGaLocation":488},"/solutions/gitops/","gitops",{"text":186,"config":567},{"href":188,"dataGaName":189,"dataGaLocation":488},{"text":569,"config":570},"Small business",{"href":193,"dataGaName":194,"dataGaLocation":488},{"text":572,"config":573},"Public sector",{"href":198,"dataGaName":199,"dataGaLocation":488},{"text":575,"config":576},"Education",{"href":577,"dataGaName":578,"dataGaLocation":488},"/solutions/education/","education",{"text":580,"config":581},"Financial services",{"href":582,"dataGaName":583,"dataGaLocation":488},"/solutions/finance/","financial services",{"title":206,"links":585},[586,588,590,592,595,597,599,601,603,605,607,609,611],{"text":218,"config":587},{"href":220,"dataGaName":221,"dataGaLocation":488},{"text":223,"config":589},{"href":225,"dataGaName":226,"dataGaLocation":488},{"text":228,"config":591},{"href":230,"dataGaName":231,"dataGaLocation":488},{"text":233,"config":593},{"href":235,"dataGaName":594,"dataGaLocation":488},"docs",{"text":256,"config":596},{"href":258,"dataGaName":5,"dataGaLocation":488},{"text":251,"config":598},{"href":253,"dataGaName":254,"dataGaLocation":488},{"text":260,"config":600},{"href":262,"dataGaName":263,"dataGaLocation":488},{"text":273,"config":602},{"href":275,"dataGaName":276,"dataGaLocation":488},{"text":265,"config":604},{"href":267,"dataGaName":268,"dataGaLocation":488},{"text":278,"config":606},{"href":280,"dataGaName":281,"dataGaLocation":488},{"text":283,"config":608},{"href":285,"dataGaName":286,"dataGaLocation":488},{"text":288,"config":610},{"href":290,"dataGaName":291,"dataGaLocation":488},{"text":293,"config":612},{"href":295,"dataGaName":296,"dataGaLocation":488},{"title":311,"links":614},[615,617,619,621,623,625,627,631,636,638,640,642],{"text":318,"config":616},{"href":320,"dataGaName":313,"dataGaLocation":488},{"text":323,"config":618},{"href":325,"dataGaName":326,"dataGaLocation":488},{"text":331,"config":620},{"href":333,"dataGaName":334,"dataGaLocation":488},{"text":336,"config":622},{"href":338,"dataGaName":339,"dataGaLocation":488},{"text":341,"config":624},{"href":343,"dataGaName":344,"dataGaLocation":488},{"text":346,"config":626},{"href":348,"dataGaName":349,"dataGaLocation":488},{"text":628,"config":629},"Sustainability",{"href":630,"dataGaName":628,"dataGaLocation":488},"/sustainability/",{"text":632,"config":633},"Diversity, inclusion and belonging (DIB)",{"href":634,"dataGaName":635,"dataGaLocation":488},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":351,"config":637},{"href":353,"dataGaName":354,"dataGaLocation":488},{"text":361,"config":639},{"href":363,"dataGaName":364,"dataGaLocation":488},{"text":366,"config":641},{"href":368,"dataGaName":369,"dataGaLocation":488},{"text":643,"config":644},"Modern Slavery Transparency Statement",{"href":645,"dataGaName":646,"dataGaLocation":488},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":648,"links":649},"Contact Us",[650,653,655,657,662,667,672],{"text":651,"config":652},"Contact an expert",{"href":50,"dataGaName":51,"dataGaLocation":488},{"text":380,"config":654},{"href":382,"dataGaName":383,"dataGaLocation":488},{"text":385,"config":656},{"href":387,"dataGaName":388,"dataGaLocation":488},{"text":658,"config":659},"Status",{"href":660,"dataGaName":661,"dataGaLocation":488},"https://status.gitlab.com/","status",{"text":663,"config":664},"Terms of use",{"href":665,"dataGaName":666,"dataGaLocation":488},"/terms/","terms of use",{"text":668,"config":669},"Privacy statement",{"href":670,"dataGaName":671,"dataGaLocation":488},"/privacy/","privacy statement",{"text":673,"config":674},"Cookie preferences",{"dataGaName":675,"dataGaLocation":488,"id":676,"isOneTrustButton":104},"cookie preferences","ot-sdk-btn",{"items":678},[679,681,683],{"text":663,"config":680},{"href":665,"dataGaName":666,"dataGaLocation":488},{"text":668,"config":682},{"href":670,"dataGaName":671,"dataGaLocation":488},{"text":673,"config":684},{"dataGaName":675,"dataGaLocation":488,"id":676,"isOneTrustButton":104},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[690],{"_path":691,"_dir":692,"_draft":6,"_partial":6,"_locale":7,"content":693,"config":696,"_id":698,"_type":27,"title":19,"_source":29,"_file":699,"_stem":700,"_extension":32},"/en-us/blog/authors/wayne-haber","authors",{"name":19,"config":694},{"headshot":7,"ctfId":695},"whaber",{"template":697},"BlogAuthor","content:en-us:blog:authors:wayne-haber.yml","en-us/blog/authors/wayne-haber.yml","en-us/blog/authors/wayne-haber",{"_path":702,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"header":703,"eyebrow":704,"blurb":705,"button":706,"secondaryButton":710,"_id":712,"_type":27,"title":713,"_source":29,"_file":714,"_stem":715,"_extension":32},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":43,"config":707},{"href":708,"dataGaName":46,"dataGaLocation":709},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":48,"config":711},{"href":50,"dataGaName":51,"dataGaLocation":709},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1758326246487]