Artificial Intelligence (AI) has firmly established itself as a pillar of digital transformation, disrupting industries, increasing efficiency, and providing unmatched access to large data sets. AI also raises profound questions regarding security governance. How do I ensure I can leverage the best of what AI has to offer while mitigating its potential security risks? As AI continues to advance, there is a growing need for strong oversight and accountability. This article delves into the complex landscape of AI security governance, exploring various frameworks, strategies, and practices that o ..read more

The CIS Benchmarks™ play a critical role in hardening software against evolving cyber threats and ensuring compliance with industry regulations. GitLab and the Center for Internet Security® (CIS®) created the just-published CIS GitLab Benchmark, which includes more than 125 recommended secure configuration guidelines for hardening GitLab installations. Establishing this benchmark in collaboration with CIS demonstrates GitLab’s commitment to fostering a culture of proactive risk management within the DevOps landscape. The benchmark provides actionable security guidelines, which are especially b ..read more

When engaging in discussions with industry professionals and stakeholders, they quickly grasp the core principles of DevSecOps, which emphasize speed, security, and quality. However, there's often a curiosity about the specific strategies required to achieve optimal speed without compromising security and quality. We created this interactive infographic to showcase GitLab's best practices for DevSecOps through a detailed visual depiction of the main steps in the development lifecycle. Walk through every step of the DevSecOps process, including creation of issues, development and pushing of cod ..read more

GitLab is dedicated to responsibly integrating artificial intelligence (AI) throughout our comprehensive DevSecOps platform. We offer GitLab Duo, a full suite of AI capabilities across the GitLab platform, so that our customers can ship better, more secure software faster. GitLab Duo follows a privacy- and transparency-first approach to help customers confidently adopt AI while keeping their valuable assets protected. Generative AI is moving so quickly and we know it presents a host of novel questions about the privacy and safety of this technology. In GitLab's 2023 State of AI in Software Dev ..read more

In 2023, we announced our plan to integrate GitLab with Google Cloud. This week, at Google Cloud Next '24, we are announcing that our first integrations from that partnership are now in public beta. These critical integrations streamline authentication, automate CI/CD, and decrease context switching across GitLab and Google Cloud, reducing the friction involved in using the two and improving the overall developer experience by helping them focus on deploying code, and not setting up infrastructure. GitLab users can learn how to set up the GitLab-Google Cloud integrations. Streamline authentica ..read more

In the world of software development, efficiency isn't just about moving fast – it's about smart navigation. As a GitLab product manager, I truly understand the value of efficiency when working within the DevSecOps platform. These are my top 10 favorite GitLab features and they might be the workflow hacks you never knew you needed. Let's dive into these hidden gems to unlock a new level of productivity and collaboration within your team. 1. Resolve comments Not just for merge requests! Resolving comments on issues can significantly reduce noise and streamline task management. It's particularly ..read more

Each day you build software there is another opportunity for security vulnerabilities to creep into production. So it is becoming more important than ever to shift security left and put security tests and the vulnerabilities they detect at the forefront of your software development lifecycle. While GitLab offers a wide range of different security scanners, our AI-powered DevSecOps platform provides full visibility into the security of your software. We seek to allow you to not only run scans, but also to view results, bake in approval processes via merge request policies, and display current v ..read more

2024 is shaping up to be the year of DevSecOps, where more organizations realize the full potential of blending development, security, and operations through the adoption of a comprehensive platform. This is when teams will move beyond using just source code management (SCM) and tap into all the AI-powered features available across the software development lifecycle (SDLC), delivering better, more secure software faster. But first organizations have to knock down the blockers that can get in the way of successful DevSecOps adoption. In talking to customers at organizations of all sizes, I've h ..read more

We recently expanded our compliance certification portfolio to include the automotive industry's TISAX and to support the issuance of the first GitLab Dedicated SOC 2 Type 2. GitLab's Security Compliance team is a proponent of dogfooding our platform, including our integrated project management and security features, so we accomplished this expansion using the GitLab DevSecOps Platform. In this blog, we'll share the details of how we successfully leveraged GitLab's native features to implement security controls, enabling us to scale our compliance efforts and deliver results faster. You'll als ..read more

Getting into a conversation with AI can be challenging. What question do you start with? How do you frame the question? How much context is needed? Will the conversation provide the best and most efficient results? In this tutorial, we explore 10 tips and best practices to integrate GitLab Duo Chat into your AI-powered DevSecOps workflows and refine your prompts for the best results. Get started: Keep GitLab Duo Chat open and in sight 10 best practices for using GitLab Duo Chat Have a conversation Refine the prompt for more efficiency Follow prompt patterns Use low-context communication Repea ..read more