Blog Company Gemnasium: Our GitLab journey
April 30, 2019
8 min read

Gemnasium: Our GitLab journey

We joined GitLab as a small startup and quickly became an integral part of the company. We want to share our success story with the startup community.


Going through acquisition is never easy, and often fails eventually. Two common scenarios can occur:
Either the two companies are of similar size, and in this “merger” configuration employees are
scared of duplicate jobs; or the buyer is slightly bigger than the seller, and there's a risk of losing
the culture and cohesion of the team. Ours was the latter: We were afraid of being absorbed and
digested completely, and eventually not working on the same subjects anymore, or not together.
I’ve spent years building a trusting relationship with my team, and I was worried about
their future in this new adventure.

This story is different. We’ve been at GitLab for over a year now, and it's all been for the best.
We still have the pleasure of working together, even though the team has doubled in size since.
I wanted to share some reflections on Gemnasium's experience of being acquired by and integrated into GitLab:

Negotiating the acquisition

We had our share of ups and downs during the development of Gemnasium. I learned to be very
cautious about my business relations. This due diligence is always a critical step, especially for
the buyer, to avoid any surprises and ensure the quality of the purchased product.
During that step, we couldn’t answer all the requests from GitLab, since sharing algorithms and
source code was putting us at risk. But we explained why and managed to provide something
close enough to fulfil the requirement. We had open and healthy discussions at that point with
GitLab, and it helped to create the trust we were looking for.

Joining GitLab

When we joined the company, I was amazed to see everyone contributing to the handbook.
Literally everyone, including PeopleOps, Sales, and Marketing. Committing changes with Git is the
DNA of the company, and really makes a difference. There’s no one left behind, struggling with
the inherent technical difficulties of contributing to a shared repository.
Then I discovered what fuels GitLab to make it so special: Slack. A lot of companies already use
Slack, often for the best. But with GitLab being an all-remote company, Slack is a main communication
channel for everyone, including with other teams. At the time, GitLab was already present in
40 countries (vs more than 50 as of today), which means a lot of time zones covered. There’s
always someone available to help and answer questions.
Even administrative problems are taken care of by the People Ops team in a few minutes. Not
days, not weeks – minutes. It allows all employees to focus on what really matters: Delivering and
making the product better. No need to follow up anymore, nothing to complain about; the burden
is just gone, and everybody moves on. When you make the life of your employees easier, they are
happier and more productive. As simple as that.

Concluding the Gemnasium story

The acquisition, like everything else at GitLab, went extremely quickly – so quickly that we didn’t have the
opportunity to bond one last time together as a team. That was a concern to me, also because
the onboarding was overwhelming. So many questions, so many processes and new concepts to
digest. Our Product Manager Fabio Busatto was really helpful and did everything he could
to get up to speed as soon as possible. It felt obvious that we would benefit from having a “retreat”
in a common place, to close the Gemnasium story, and put the new GitLab one on track. “We don’t
do that at GitLab, we’re a remote company,” was the first answer I got. I didn’t have to insist
too much to convince our CEO Sid, and I promised to keep everything cheap and neat. We already had two
team members in Quebec City, so it made sense to organize something here, to save on travel.
Everything starts with an issue” at GitLab, so I created
one to make this case.
A few days later, the idea and budget were approved without any trouble. We could spend a
whole week altogether, and it was a great experience for all of us. The feedback from the team
was very positive, and it boosted morale as well.

Becoming the Secure Team

As an official part of GitLab, the Gemnasium team became the Security Products
Team, now called the Secure Team. Our scope is much broader than just dependency scanning, and
we were expected to deploy SAST, DAST, and Container Scanning solutions. It took us less than a month
to deliver an MVC of dependency scanning, based on Gemnasium. We were already working
remotely, using GitLab, so the pipeline and other parts of the equation were familiar to us. Before the
next milestone following our arrival, Gemnasium was running on GitLab infrastructure.
Dmitriy (CTO) and Sid (CEO) were really present, taking the pulse of the team, and helping us
to remove any roadblocks. They didn’t try to force us to do this integration their way. It was really
a collaboration and every meeting began with them asking, “How can we help you?”

Transitioning from manager to individual contributor

After a few months, it became obvious that the team was performing well and heading in the right direction.
We had results, customers, and a huge roadmap ahead of us. It was time to start hiring new engineers.
Back then, I was meeting with a lot of customers, gathering feedback and ideas to help our product
manager, and helping with pre-sales. Hiring new engineers can be very time consuming, and
with our expectations for the Secure Team, that means a full-time job for a while. Instead of
forcing me to stop what I was doing and start right away with the recruiting, my manager
decided to leverage my skills. I was recently promoted to a Distinguished Engineer position,
which also means switching from the management branch to the Individual Contribution path.

This is a big shift for me and the team, but in the end, it results in more space and latitude to
work on various subjects: Developing our Security Products is much more than just a roadmap
and implementation. We need to understand the competition, discuss strategic partnerships,
identify risks and opportunities, and many other things left aside during all our regular processes.
Being my own boss for the last 10 years taught me to be efficient and put the team in the best position for success.

The bureaucracy that's often associated with large organizations
is very limited, even after growing to more than 500 people

My manager, Dalia Havens, has been nothing but supportive
in this area since the beginning, and a great servant leader.
GitLab has been successful so far because the bureaucracy that's often associated with large organizations
is very limited, even after growing to more than 500 people. As soon as a roadblock is identified,
we can discuss collaborate to fix the problem, sometimes right away.
Reducing the number of steps necessary to actually achieve or deliver something is one of the keys
to happiness for a team used to iterating daily.

I think this is the main reason for the success of this acquisition. At no time did GitLab try to put us in a box.
As soon as the results are there, we’re free to experiment, to innovate, and more importantly, to build our own future.

Experimenting and innovating

One good example of this freedom to explore is the auto-remediation feature.
In 2014, we shipped our second iteration of the Auto-Update in Gemnasium. While the
algorithm behind the update sets had been improved, we were aware that the setup was far from
simple, which was against the philosophy behind Gemnasium: In order to work, our algorithm
had to run the pipeline, maybe multiple, consecutive times (with different update sets).
This was clearly hard to achieve for our users, and for our developers (we didn’t know anything about the test suite).
Being part of GitLab would solve that issue, as we would eventually be able to pilot the pipeline
for that. Even better, we would be able to hide the runs from the users.

After a few customer meetings, it was obvious that this feature was a competitive advantage, and we decided to push
it more. The whole team was excited to contribute to what would be the first MVC, as our product
manager helped to refine the feature, gluing all the pieces together. This step was essential:
It allowed everyone to contribute and influence the roadmap. Even as the company gets bigger
every day, we still feel empowered and a part of the decision-making process.

These past 12 months have been extremely exciting and rewarding. While we’re now fully integrated
into GitLab, we still feel the fresh air of freedom we had during the Gemnasium years. Even
better, we can focus on what we love, and stop worrying about the short-term future.

If you're interested in being acquired by GitLab, we're actively looking for startups to join us.
Please visit our acquisitions handbook to find out more and to see if you
are the right fit.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert