Blog Company Gemnasium: Our GitLab journey
Published on April 30, 2019
8 min read

Gemnasium: Our GitLab journey

We joined GitLab as a small startup and quickly became an integral part of the company. We want to share our success story with the startup community.


Going through acquisition is never easy, and often fails eventually. Two common scenarios can occur: Either the two companies are of similar size, and in this “merger” configuration employees are scared of duplicate jobs; or the buyer is slightly bigger than the seller, and there's a risk of losing the culture and cohesion of the team. Ours was the latter: We were afraid of being absorbed and digested completely, and eventually not working on the same subjects anymore, or not together. I’ve spent years building a trusting relationship with my team, and I was worried about their future in this new adventure.

This story is different. We’ve been at GitLab for over a year now, and it's all been for the best. We still have the pleasure of working together, even though the team has doubled in size since. I wanted to share some reflections on Gemnasium's experience of being acquired by and integrated into GitLab:

Negotiating the acquisition

We had our share of ups and downs during the development of Gemnasium. I learned to be very cautious about my business relations. This due diligence is always a critical step, especially for the buyer, to avoid any surprises and ensure the quality of the purchased product. During that step, we couldn’t answer all the requests from GitLab, since sharing algorithms and source code was putting us at risk. But we explained why and managed to provide something close enough to fulfil the requirement. We had open and healthy discussions at that point with GitLab, and it helped to create the trust we were looking for.

Joining GitLab

When we joined the company, I was amazed to see everyone contributing to the handbook. Literally everyone, including PeopleOps, Sales, and Marketing. Committing changes with Git is the DNA of the company, and really makes a difference. There’s no one left behind, struggling with the inherent technical difficulties of contributing to a shared repository. Then I discovered what fuels GitLab to make it so special: Slack. A lot of companies already use Slack, often for the best. But with GitLab being an all-remote company, Slack is a main communication channel for everyone, including with other teams. At the time, GitLab was already present in 40 countries (vs more than 50 as of today), which means a lot of time zones covered. There’s always someone available to help and answer questions. Even administrative problems are taken care of by the People Ops team in a few minutes. Not days, not weeks – minutes. It allows all employees to focus on what really matters: Delivering and making the product better. No need to follow up anymore, nothing to complain about; the burden is just gone, and everybody moves on. When you make the life of your employees easier, they are happier and more productive. As simple as that.

Concluding the Gemnasium story

The acquisition, like everything else at GitLab, went extremely quickly – so quickly that we didn’t have the opportunity to bond one last time together as a team. That was a concern to me, also because the onboarding was overwhelming. So many questions, so many processes and new concepts to digest. Our Product Manager Fabio Busatto was really helpful and did everything he could to get up to speed as soon as possible. It felt obvious that we would benefit from having a “retreat” in a common place, to close the Gemnasium story, and put the new GitLab one on track. “We don’t do that at GitLab, we’re a remote company,” was the first answer I got. I didn’t have to insist too much to convince our CEO Sid, and I promised to keep everything cheap and neat. We already had two team members in Quebec City, so it made sense to organize something here, to save on travel. “Everything starts with an issue” at GitLab, so I created one to make this case. A few days later, the idea and budget were approved without any trouble. We could spend a whole week altogether, and it was a great experience for all of us. The feedback from the team was very positive, and it boosted morale as well.

Becoming the Secure Team

As an official part of GitLab, the Gemnasium team became the Security Products Team, now called the Secure Team. Our scope is much broader than just dependency scanning, and we were expected to deploy SAST, DAST, and Container Scanning solutions. It took us less than a month to deliver an MVC of dependency scanning, based on Gemnasium. We were already working remotely, using GitLab, so the pipeline and other parts of the equation were familiar to us. Before the next milestone following our arrival, Gemnasium was running on GitLab infrastructure. Dmitriy (CTO) and Sid (CEO) were really present, taking the pulse of the team, and helping us to remove any roadblocks. They didn’t try to force us to do this integration their way. It was really a collaboration and every meeting began with them asking, “How can we help you?”

Transitioning from manager to individual contributor

After a few months, it became obvious that the team was performing well and heading in the right direction. We had results, customers, and a huge roadmap ahead of us. It was time to start hiring new engineers. Back then, I was meeting with a lot of customers, gathering feedback and ideas to help our product manager, and helping with pre-sales. Hiring new engineers can be very time consuming, and with our expectations for the Secure Team, that means a full-time job for a while. Instead of forcing me to stop what I was doing and start right away with the recruiting, my manager decided to leverage my skills. I was recently promoted to a Distinguished Engineer position, which also means switching from the management branch to the Individual Contribution path.

This is a big shift for me and the team, but in the end, it results in more space and latitude to work on various subjects: Developing our Security Products is much more than just a roadmap and implementation. We need to understand the competition, discuss strategic partnerships, identify risks and opportunities, and many other things left aside during all our regular processes. Being my own boss for the last 10 years taught me to be efficient and put the team in the best position for success.

The bureaucracy that's often associated with large organizations is very limited, even after growing to more than 500 people

My manager, Dalia Havens, has been nothing but supportive in this area since the beginning, and a great servant leader. GitLab has been successful so far because the bureaucracy that's often associated with large organizations is very limited, even after growing to more than 500 people. As soon as a roadblock is identified, we can discuss collaborate to fix the problem, sometimes right away. Reducing the number of steps necessary to actually achieve or deliver something is one of the keys to happiness for a team used to iterating daily.

I think this is the main reason for the success of this acquisition. At no time did GitLab try to put us in a box. As soon as the results are there, we’re free to experiment, to innovate, and more importantly, to build our own future.

Experimenting and innovating

One good example of this freedom to explore is the auto-remediation feature. In 2014, we shipped our second iteration of the Auto-Update in Gemnasium. While the algorithm behind the update sets had been improved, we were aware that the setup was far from simple, which was against the philosophy behind Gemnasium: In order to work, our algorithm had to run the pipeline, maybe multiple, consecutive times (with different update sets). This was clearly hard to achieve for our users, and for our developers (we didn’t know anything about the test suite). Being part of GitLab would solve that issue, as we would eventually be able to pilot the pipeline for that. Even better, we would be able to hide the runs from the users.

After a few customer meetings, it was obvious that this feature was a competitive advantage, and we decided to push it more. The whole team was excited to contribute to what would be the first MVC, as our product manager helped to refine the feature, gluing all the pieces together. This step was essential: It allowed everyone to contribute and influence the roadmap. Even as the company gets bigger every day, we still feel empowered and a part of the decision-making process.

These past 12 months have been extremely exciting and rewarding. While we’re now fully integrated into GitLab, we still feel the fresh air of freedom we had during the Gemnasium years. Even better, we can focus on what we love, and stop worrying about the short-term future.

If you're interested in being acquired by GitLab, we're actively looking for startups to join us. Please visit our acquisitions handbook to find out more and to see if you are the right fit.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert