GitLab is setting the standard for DevSecOps

Cindy Blake ·
Jun 1, 2021 · 6 min read

Debate always swirls over what term is best: DevSecOps, SecDevOps, or even to drop “sec” altogether since it should be ubiquitous. At GitLab, we have a strong point of view on this: DevSecOps places security in the middle of the DevOps effort, which is where it rightly belongs. While transparent and a natural part of the process, it should be top of mind and not buried. Security needs to be everyone’s responsibility. With automation of processes and policies, it can be much easier to arm developers and security pros alike with the information they need in order to meet this responsibility.

Our DevSecOps platform is the end-to-end secure software solution that helps you plan, create, deploy, secure, and manage your modern software and the infrastructure upon which it relies. GitLab provides the visibility and controls necessary to protect the integrity of your software factory and its deliverables.

GitLab has been a catalyst for change when it comes to the evolution of DevSecOps versus traditional application security testing. Let’s look at what this evolution entails:

Security testing

CI and security

Remediation

We are proud of our influence on this evolution and of our progress. We invite you to learn more about the capabilities and benefits of GitLab security and compliance.

GitLab has been recognized as a challenger in the 2021 Gartner Magic Quadrant for Application Security Testing for its ability to execute and completeness of vision. We believe this is a nod to the value of getting scan results into the hands of those who can do the remediation. Gartner opens their Magic Quadrant report by saying, “Modern application design and the continued adoption of DevSecOps are expanding the scope of the AST market. Security and risk management leaders can meet tighter deadlines and test more complex applications by seamlessly integrating and automating AST in the software delivery life cycle.” We agree.

GitLab is the first to provide many scan types to the developer including SAST, DAST, dependency scanning, container scanning, secrets detection, license compliance, API fuzzing, and coverage-guided fuzzing. We offer dependency lists and vulnerability management as well. We are regularly replacing many incumbent app sec vendors. We feel that Microsoft probably remains our biggest competitor thanks to their broad licensing agreements even though our security capabilities are more complete.

Last year, GitLab acquired Peach Tech and Fuzz It, each offering a different approach to fuzzing. This week, we’re proud to announce another acquisition of security capabilities, this time of Machine Learning technology. We are bringing innovation to a rather tired app sec industry by not only adding value to the development team, but by bringing new scanning methods to meet the demands of modern application architectures. You’ll hear about these and also innovative capabilities from our partners at GitLab Commit, our online user conference, in August.

Since responding to Gartner’s questionnaire (that used GitLab version 13.6), we have had 5 monthly releases with numerous security features. Some of the most significant capabilities added after our Magic Quadrant submission include:

In the last year, we have also added Professional Services capabilities for security training, migration, and advisory services.

Application security is about to get even more visibility. After the SolarWinds attack and the following gas pipeline attack, the importance of securing the software factory to deliver code safely has become top of mind for anyone dealing with the U.S. Federal Agencies. President Biden’s Executive Order on Improving the Nation’s Cybersecurity will have far-reaching consequences outside of the government and outside of the United States. GitLab is uniquely positioned to help meet these challenges. This blog on Securing your Software Supply Chain provides insight into how you can apply common controls that reach beyond simple application security scanning. In this webinar, we provide 6 steps to get you started, along with a demo of the relevant features in action.

True DevSecOps represents a new era of software security with a much broader scope than traditional App Sec. We believe GitLab has led the market toward this evolution and will continue to do so.

Attribution: Gartner Magic Quadrant for Application Security Testing, Dale Gardner, Mark Horvath, Dionisio Zumerle, 27th May, 2021.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

“GitLab has been recognized as a challenger in the 2021 Gartner Magic Quadrant for Application Security Testing” – Cindy Blake

Click to tweet

Guide to the Cloud

Harness the power of the cloud with microservices, cloud-agnostic DevOps, and workflow portability.

Learn more
Edit this page View source