[{"data":1,"prerenderedAt":941},["ShallowReactive",2],{"/blog/one-vulnerability-view":3,"navigation-en-us":173,"banner-en-us":591,"footer-en-us":599,"blog-post-authors-en-us-Alisa Ho":842,"blog-related-posts-en-us-one-vulnerability-view":856,"blog-promotions-en-us":879,"next-steps-en-us":931},{"id":4,"title":5,"authors":6,"body":8,"category":153,"date":154,"description":155,"extension":156,"externalUrl":157,"featured":158,"heroImage":159,"meta":160,"navigation":161,"path":162,"seo":163,"slug":165,"stem":166,"tags":167,"template":171,"updatedDate":157,"__hash__":172},"blogPosts/en-us/blog/one-vulnerability-view.md","One vulnerability view: From scanner coverage to AI governance",[7],"Alisa Ho",{"type":9,"value":10,"toc":145},"minimark",[11,22,27,30,39,54,63,67,71,74,88,92,94,98,101,116,119,126,130,133],[12,13,14,15,21],"p",{},"Most enterprises use a handful of different security scanners, each configured and enforced, project by project. With no single view of what scanners run where, policies drift, blind spots go undetected, and important projects could silently go unprotected. With ",[16,17,20],"a",{"href":18,"rel":19},"https://docs.gitlab.com/releases/19/gitlab-19-1-released/",[],"GitLab 19.1",", you can now integrate the security scanners you already use, giving a single view of your scanner coverage. GitLab enforces third-party scanners at scale across all of your projects, and the vulnerabilities they detect get remediated automatically. On the governance side, we're launching the beta of AI audit event streaming, so you can see whether your agents are acting safely.",[23,24,26],"h2",{"id":25},"enforce-third-party-scanners-on-every-project-at-scale","Enforce third-party scanners on every project at scale",[12,28,29],{},"For most security teams, the hardest part of application security is scanner coverage. Different scanners are set up project by project, so whether a scanner runs depends on individual teams setting it up. New projects can go unnoticed and can ship for weeks before teams realize they are not scanned. When coverage depends on tribal knowledge rather than policy, code ships unscanned, vulnerabilities ship to production, and audits expose gaps.",[12,31,32,33,38],{},"You can now enforce third-party scanners at scale across all of your GitLab projects. Any scanner that ",[16,34,37],{"href":35,"rel":36},"https://docs.gitlab.com/user/application_security/detect/sarif/",[],"outputs SARIF"," runs under your policies, and the vulnerabilities identified flow into GitLab natively. Every finding lands in one vulnerability view governed by the same rules, so coverage becomes something you can prove rather than hope for.",[12,40,41,42,47,48,53],{},"From there, third-party scanner findings run through the same GitLab Duo Agent Platform auto-remediation workflow as GitLab native scanner findings. ",[16,43,46],{"href":44,"rel":45},"https://docs.gitlab.com/user/application_security/vulnerabilities/false_positive_detection/",[],"SAST False Positive Detection"," triages findings to prioritize those with real risk, and ",[16,49,52],{"href":50,"rel":51},"https://docs.gitlab.com/user/application_security/vulnerabilities/agentic_vulnerability_resolution/",[],"Agentic SAST Vulnerability Resolution"," opens a ready-to-merge fix to automatically remediate findings before they go into production. Your team gets coverage it can prove with one governed view across every scanner, and automated remediation for third-party findings.",[55,56],"iframe",{"src":57,"frameBorder":58,"allow":59,"referrerPolicy":60,"style":61,"title":62},"https://player.vimeo.com/video/1202311140?badge=0&autopause=0&player_id=0&app_id=58479","0","autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share","strict-origin-when-cross-origin","position:absolute;top:0;left:0;width:100%;height:100%;","GitLab 19.1 Secret False Positive Detection",[64,65],"script",{"src":66},"https://player.vimeo.com/api/player.js",[23,68,70],{"id":69},"catch-secrets-earlier-and-spend-less-time-on-false-positives","Catch secrets earlier, and spend less time on false positives",[12,72,73],{},"Secret detection runs in your pipelines to catch leaked credentials, but teams have historically struggled with two things: missed secrets and noisy findings. On a new branch, only the latest commit gets scanned, so a secret committed earlier might ship unnoticed. The findings detected come mixed with test credentials, placeholder values, and example tokens, so developers spend time clearing noise instead of addressing real exposures.",[12,75,76,81,82,87],{},[16,77,80],{"href":78,"rel":79},"https://docs.gitlab.com/user/application_security/secret_detection/pipeline/#coverage",[],"Secret detection"," now scans every commit on a new branch instead of only the latest one, and ",[16,83,86],{"href":84,"rel":85},"https://docs.gitlab.com/user/application_security/vulnerabilities/secret_false_positive_detection/",[],"Secret False Positive Detection",", now generally available, adds a confidence score and an explanation to each finding, shown in the vulnerability report. Your team catches secrets wherever they were introduced, and spends time reducing risk from real exposures rather than false positives.",[55,89],{"src":90,"frameBorder":58,"allow":59,"referrerPolicy":60,"style":61,"title":91},"https://player.vimeo.com/video/1202311152?badge=0&autopause=0&player_id=0&app_id=58479","GitLab 19.1 Integrating 3rd party Scanners via SARIF Ingestion",[64,93],{"src":66},[23,95,97],{"id":96},"decide-what-your-ai-agents-can-do-and-prove-it","Decide what your AI agents can do, and prove it",[12,99,100],{},"Companies have adopted AI agents for coding. Agents open merge requests, call tools, and commit code alongside the developers they work for. However, once an agent is approved for a project, it can write, delete, and push without anyone reviewing the action first. Your company remains accountable for changes in the codebase, regardless of whether an agent makes them or a developer. Enterprises need to determine what an agent is allowed to do before it acts, and to show exactly what it did after.",[12,102,103,104,109,110,115],{},"GitLab 19.1 closes that governance gap. With ",[16,105,108],{"href":106,"rel":107},"https://docs.gitlab.com/administration/compliance/audit_event_streaming/#ai-audit-event-streaming",[],"AI audit event streaming",", now in beta, every action an agent takes is recorded as an audit event and streamed to your audit log destinations, with the rest of your audit trail. The release also gives you control over what agents can do on your platform. ",[16,111,114],{"href":112,"rel":113},"https://docs.gitlab.com/user/duo_agent_platform/",[],"Agent tool approval guardrails",", also in beta, let an administrator set each agent tool to run on its own, pause for human approval, or stay blocked, so a sensitive action like writing a file or deleting a resource waits for a team reviewer before it runs. Every approval decision is recorded as an audit event for teams to retroactively review.",[12,117,118],{},"The result is governed autonomy. Agents can run end to end, inside the guardrails you set, and a risky action does not reach the codebase unless a person signs off on it. When an auditor or an incident responder later asks what an agent did, the answer is already in the audit trail the team runs.",[12,120,121],{},[122,123],"img",{"alt":124,"src":125,"title":124},"Audit trail of agent activity showing an alert flagged for an agent dismissing a high-severity finding without human approval","https://res.cloudinary.com/about-gitlab-com/image/upload/v1781722199/y7hx7pqbsr1opn6dqnxh.png",[23,127,129],{"id":128},"governed-autonomy-for-your-agents","Governed autonomy for your agents",[12,131,132],{},"GitLab 19.1 puts governance around the agents in your codebase, with full security scanner coverage across every project and automatic remediation of third-party scanners. You set what each agent is allowed to do before it acts, and every action lands in your audit trail.",[134,135,136],"blockquote",{},[12,137,138,139,144],{},"To see what your agents can do inside the guardrails you set, and prove what they did, ",[16,140,143],{"href":141,"rel":142},"https://about.gitlab.com/gitlab-duo-agent-platform/?utm_medium=blog&utm_source=blog&utm_campaign=eg_global_x_x_security_en_",[],"start a free trial of GitLab Duo Agent Platform today",".",{"title":146,"searchDepth":147,"depth":147,"links":148},"",2,[149,150,151,152],{"id":25,"depth":147,"text":26},{"id":69,"depth":147,"text":70},{"id":96,"depth":147,"text":97},{"id":128,"depth":147,"text":129},"security","2026-06-18","As AI writes more code, security must keep pace. GitLab is one platform for all scanner coverage, detection, and remediation, with AI governance over agents.","md",null,false,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1781621337/mtjqzed2cqtef0frmor2.png",{},true,"/en-us/blog/one-vulnerability-view",{"config":164,"title":5,"description":155},{"noIndex":158},"one-vulnerability-view","en-us/blog/one-vulnerability-view",[168,153,169,170],"AI","product","features","BlogPost","HN65EMMoKJvKD-upU7HgsOA4roIVrA3jW20NKekpl9w",{"logo":174,"freeTrial":179,"sales":184,"login":189,"items":194,"search":511,"minimal":542,"duo":561,"switchNav":570,"pricingDeployment":581},{"config":175},{"href":176,"dataGaName":177,"dataGaLocation":178},"/","gitlab logo","header",{"text":180,"config":181},"Get free trial",{"href":182,"dataGaName":183,"dataGaLocation":178},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":185,"config":186},"Request a demo",{"href":187,"dataGaName":188,"dataGaLocation":178},"/sales/?contact-topic=request-demo","sales",{"text":190,"config":191},"Sign in",{"href":192,"dataGaName":193,"dataGaLocation":178},"https://gitlab.com/users/sign_in/","sign in",[195,224,324,329,433,489],{"text":196,"config":197,"menu":199},"Platform",{"dataNavLevelOne":198},"platform",{"type":200,"columns":201},"cards",[202,208,216],{"title":196,"description":203,"link":204},"The intelligent orchestration platform for DevSecOps",{"text":205,"config":206},"Explore our Platform",{"href":207,"dataGaName":198,"dataGaLocation":178},"/platform/",{"title":209,"description":210,"link":211},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":212,"config":213},"Meet GitLab Duo",{"href":214,"dataGaName":215,"dataGaLocation":178},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":217,"description":218,"link":219},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":220,"config":221},"Learn more",{"href":222,"dataGaName":223,"dataGaLocation":178},"/why-gitlab/","why gitlab",{"text":225,"left":161,"config":226,"menu":228},"Product",{"dataNavLevelOne":227},"solutions",{"type":229,"link":230,"columns":234,"feature":303},"lists",{"text":231,"config":232},"View all Solutions",{"href":233,"dataGaName":227,"dataGaLocation":178},"/solutions/",[235,259,282],{"title":236,"description":237,"link":238,"items":243},"Automation","CI/CD and automation to accelerate deployment",{"config":239},{"icon":240,"href":241,"dataGaName":242,"dataGaLocation":178},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[244,248,251,255],{"text":245,"config":246},"CI/CD",{"href":247,"dataGaLocation":178,"dataGaName":245},"/solutions/continuous-integration/",{"text":209,"config":249},{"href":214,"dataGaLocation":178,"dataGaName":250},"gitlab duo agent platform - product menu",{"text":252,"config":253},"Source Code Management",{"href":254,"dataGaLocation":178,"dataGaName":252},"/solutions/source-code-management/",{"text":256,"config":257},"Automated Software Delivery",{"href":241,"dataGaLocation":178,"dataGaName":258},"Automated software delivery",{"title":260,"description":261,"link":262,"items":267},"Security","Deliver code faster without compromising security",{"config":263},{"href":264,"dataGaName":265,"dataGaLocation":178,"icon":266},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[268,272,277],{"text":269,"config":270},"Application Security Testing",{"href":264,"dataGaName":271,"dataGaLocation":178},"Application security testing",{"text":273,"config":274},"Software Supply Chain Security",{"href":275,"dataGaLocation":178,"dataGaName":276},"/solutions/supply-chain/","Software supply chain security",{"text":278,"config":279},"Software Compliance",{"href":280,"dataGaName":281,"dataGaLocation":178},"/solutions/software-compliance/","software compliance",{"title":283,"link":284,"items":289},"Measurement",{"config":285},{"icon":286,"href":287,"dataGaName":288,"dataGaLocation":178},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[290,294,298],{"text":291,"config":292},"Visibility & Measurement",{"href":287,"dataGaLocation":178,"dataGaName":293},"Visibility and Measurement",{"text":295,"config":296},"Value Stream Management",{"href":297,"dataGaLocation":178,"dataGaName":295},"/solutions/value-stream-management/",{"text":299,"config":300},"Analytics & Insights",{"href":301,"dataGaLocation":178,"dataGaName":302},"/solutions/analytics-and-insights/","Analytics and insights",{"title":304,"type":229,"items":305},"GitLab for",[306,312,318],{"text":307,"config":308},"Enterprise",{"icon":309,"href":310,"dataGaLocation":178,"dataGaName":311},"Building","/enterprise/","enterprise",{"text":313,"config":314},"Small Business",{"icon":315,"href":316,"dataGaLocation":178,"dataGaName":317},"Work","/small-business/","small business",{"text":319,"config":320},"Public Sector",{"icon":321,"href":322,"dataGaLocation":178,"dataGaName":323},"Organization","/solutions/public-sector/","public sector",{"text":325,"config":326},"Pricing",{"href":327,"dataGaName":328,"dataGaLocation":178,"dataNavLevelOne":328},"/pricing/","pricing",{"text":330,"config":331,"menu":333},"Resources",{"dataNavLevelOne":332},"resources",{"type":229,"link":334,"columns":338,"feature":422},{"text":335,"config":336},"View all resources",{"href":337,"dataGaName":332,"dataGaLocation":178},"/resources/",[339,372,394],{"title":340,"items":341},"Getting started",[342,347,352,357,362,367],{"text":343,"config":344},"Install",{"href":345,"dataGaName":346,"dataGaLocation":178},"/install/","install",{"text":348,"config":349},"Quick start guides",{"href":350,"dataGaName":351,"dataGaLocation":178},"/get-started/","quick setup checklists",{"text":353,"config":354},"Learn",{"href":355,"dataGaLocation":178,"dataGaName":356},"https://university.gitlab.com/","learn",{"text":358,"config":359},"Product documentation",{"href":360,"dataGaName":361,"dataGaLocation":178},"https://docs.gitlab.com/","product documentation",{"text":363,"config":364},"Best practice videos",{"href":365,"dataGaName":366,"dataGaLocation":178},"/getting-started-videos/","best practice videos",{"text":368,"config":369},"Integrations",{"href":370,"dataGaName":371,"dataGaLocation":178},"/integrations/","integrations",{"title":373,"items":374},"Discover",[375,380,385,389],{"text":376,"config":377},"Customer success stories",{"href":378,"dataGaName":379,"dataGaLocation":178},"/customers/","customer success stories",{"text":381,"config":382},"Blog",{"href":383,"dataGaName":384,"dataGaLocation":178},"/blog/","blog",{"text":386,"config":387},"The Source",{"href":388,"dataGaName":384,"dataGaLocation":178},"/the-source/",{"text":390,"config":391},"Remote",{"href":392,"dataGaName":393,"dataGaLocation":178},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":395,"items":396},"Connect",[397,402,407,412,417],{"text":398,"config":399},"GitLab Services",{"href":400,"dataGaName":401,"dataGaLocation":178},"/services/","services",{"text":403,"config":404},"Community",{"href":405,"dataGaName":406,"dataGaLocation":178},"/community/","community",{"text":408,"config":409},"Forum",{"href":410,"dataGaName":411,"dataGaLocation":178},"https://forum.gitlab.com/","forum",{"text":413,"config":414},"Events",{"href":415,"dataGaName":416,"dataGaLocation":178},"/events/","events",{"text":418,"config":419},"Partners",{"href":420,"dataGaName":421,"dataGaLocation":178},"/partners/","partners",{"config":423,"title":426,"text":427,"link":428},{"background":424,"textColor":425},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":429,"config":430},"Read the latest",{"href":431,"dataGaName":432,"dataGaLocation":178},"/whats-new/","whats new",{"text":434,"config":435,"menu":437},"Company",{"dataNavLevelOne":436},"company",{"type":229,"columns":438},[439],{"items":440},[441,446,452,454,459,464,469,474,479,484],{"text":442,"config":443},"About",{"href":444,"dataGaName":445,"dataGaLocation":178},"/company/","about",{"text":447,"config":448,"footerGa":451},"Jobs",{"href":449,"dataGaName":450,"dataGaLocation":178},"/jobs/","jobs",{"dataGaName":450},{"text":413,"config":453},{"href":415,"dataGaName":416,"dataGaLocation":178},{"text":455,"config":456},"Leadership",{"href":457,"dataGaName":458,"dataGaLocation":178},"/company/team/e-group/","leadership",{"text":460,"config":461},"Handbook",{"href":462,"dataGaName":463,"dataGaLocation":178},"https://handbook.gitlab.com/","handbook",{"text":465,"config":466},"Investor relations",{"href":467,"dataGaName":468,"dataGaLocation":178},"https://ir.gitlab.com/","investor relations",{"text":470,"config":471},"Trust Center",{"href":472,"dataGaName":473,"dataGaLocation":178},"/security/","trust center",{"text":475,"config":476},"AI Transparency Center",{"href":477,"dataGaName":478,"dataGaLocation":178},"/ai-transparency-center/","ai transparency center",{"text":480,"config":481},"Newsletter",{"href":482,"dataGaName":483,"dataGaLocation":178},"/company/contact/#contact-forms","newsletter",{"text":485,"config":486},"Press",{"href":487,"dataGaName":488,"dataGaLocation":178},"/press/","press",{"text":490,"config":491,"menu":492},"Contact us",{"dataNavLevelOne":436},{"type":229,"columns":493},[494],{"items":495},[496,501,506],{"text":497,"config":498},"Talk to sales",{"href":499,"dataGaName":500,"dataGaLocation":178},"/sales/","talk to sales",{"text":502,"config":503},"Support portal",{"href":504,"dataGaName":505,"dataGaLocation":178},"https://support.gitlab.com","support portal",{"text":507,"config":508},"Customer portal",{"href":509,"dataGaName":510,"dataGaLocation":178},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":512,"login":513,"suggestions":520},"Close",{"text":514,"link":515},"To search repositories and projects, login to",{"text":516,"config":517},"gitlab.com",{"href":192,"dataGaName":518,"dataGaLocation":519},"search login","search",{"text":521,"default":522},"Suggestions",[523,525,529,531,535,539],{"text":209,"config":524},{"href":214,"dataGaName":209,"dataGaLocation":519},{"text":526,"config":527},"Code Suggestions (AI)",{"href":528,"dataGaName":526,"dataGaLocation":519},"/solutions/code-suggestions/",{"text":245,"config":530},{"href":247,"dataGaName":245,"dataGaLocation":519},{"text":532,"config":533},"GitLab on AWS",{"href":534,"dataGaName":532,"dataGaLocation":519},"/partners/technology-partners/aws/",{"text":536,"config":537},"GitLab on Google Cloud",{"href":538,"dataGaName":536,"dataGaLocation":519},"/partners/technology-partners/google-cloud-platform/",{"text":540,"config":541},"Why GitLab?",{"href":222,"dataGaName":540,"dataGaLocation":519},{"freeTrial":543,"mobileIcon":548,"desktopIcon":553,"secondaryButton":556},{"text":544,"config":545},"Start free trial",{"href":546,"dataGaName":183,"dataGaLocation":547},"https://gitlab.com/-/trials/new/","nav",{"altText":549,"config":550},"Gitlab Icon",{"src":551,"dataGaName":552,"dataGaLocation":547},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":549,"config":554},{"src":555,"dataGaName":552,"dataGaLocation":547},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":557,"config":558},"Get Started",{"href":559,"dataGaName":560,"dataGaLocation":547},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":562,"mobileIcon":566,"desktopIcon":568},{"text":563,"config":564},"Learn more about GitLab Duo",{"href":214,"dataGaName":565,"dataGaLocation":547},"gitlab duo",{"altText":549,"config":567},{"src":551,"dataGaName":552,"dataGaLocation":547},{"altText":549,"config":569},{"src":555,"dataGaName":552,"dataGaLocation":547},{"button":571,"mobileIcon":576,"desktopIcon":578},{"text":572,"config":573},"/switch",{"href":574,"dataGaName":575,"dataGaLocation":547},"#contact","switch",{"altText":549,"config":577},{"src":551,"dataGaName":552,"dataGaLocation":547},{"altText":549,"config":579},{"src":580,"dataGaName":552,"dataGaLocation":547},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":582,"mobileIcon":587,"desktopIcon":589},{"text":583,"config":584},"Back to pricing",{"href":327,"dataGaName":585,"dataGaLocation":547,"icon":586},"back to pricing","GoBack",{"altText":549,"config":588},{"src":551,"dataGaName":552,"dataGaLocation":547},{"altText":549,"config":590},{"src":555,"dataGaName":552,"dataGaLocation":547},{"title":592,"button":593,"config":597},"GitLab Orbit is here: The context layer for AI agents.",{"text":220,"config":594},{"href":595,"dataGaName":596,"dataGaLocation":178},"/gitlab-orbit/","orbit",{"layout":598,"disabled":158},"release",{"data":600},{"text":601,"source":602,"edit":608,"contribute":613,"config":618,"items":623,"minimal":831},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":603,"config":604},"View page source",{"href":605,"dataGaName":606,"dataGaLocation":607},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":609,"config":610},"Edit this page",{"href":611,"dataGaName":612,"dataGaLocation":607},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":614,"config":615},"Please contribute",{"href":616,"dataGaName":617,"dataGaLocation":607},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":619,"facebook":620,"youtube":621,"linkedin":622},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[624,671,725,769,799],{"title":325,"links":625,"subMenu":640},[626,630,635],{"text":627,"config":628},"View plans",{"href":327,"dataGaName":629,"dataGaLocation":607},"view plans",{"text":631,"config":632},"Why Premium?",{"href":633,"dataGaName":634,"dataGaLocation":607},"/pricing/premium/","why premium",{"text":636,"config":637},"Why Ultimate?",{"href":638,"dataGaName":639,"dataGaLocation":607},"/pricing/ultimate/","why ultimate",[641],{"title":642,"links":643},"Contact Us",[644,647,649,651,656,661,666],{"text":645,"config":646},"Contact sales",{"href":499,"dataGaName":188,"dataGaLocation":607},{"text":502,"config":648},{"href":504,"dataGaName":505,"dataGaLocation":607},{"text":507,"config":650},{"href":509,"dataGaName":510,"dataGaLocation":607},{"text":652,"config":653},"Status",{"href":654,"dataGaName":655,"dataGaLocation":607},"https://status.gitlab.com/","status",{"text":657,"config":658},"Terms of use",{"href":659,"dataGaName":660,"dataGaLocation":607},"/terms/","terms of use",{"text":662,"config":663},"Privacy statement",{"href":664,"dataGaName":665,"dataGaLocation":607},"/privacy/","privacy statement",{"text":667,"config":668},"Cookie preferences",{"dataGaName":669,"dataGaLocation":607,"id":670,"isOneTrustButton":161},"cookie preferences","ot-sdk-btn",{"title":225,"links":672,"subMenu":681},[673,677],{"text":674,"config":675},"DevSecOps platform",{"href":207,"dataGaName":676,"dataGaLocation":607},"devsecops platform",{"text":678,"config":679},"AI-Assisted Development",{"href":214,"dataGaName":680,"dataGaLocation":607},"ai-assisted development",[682],{"title":683,"links":684},"Topics",[685,690,695,700,705,710,715,720],{"text":686,"config":687},"CICD",{"href":688,"dataGaName":689,"dataGaLocation":607},"/topics/ci-cd/","cicd",{"text":691,"config":692},"GitOps",{"href":693,"dataGaName":694,"dataGaLocation":607},"/topics/gitops/","gitops",{"text":696,"config":697},"DevOps",{"href":698,"dataGaName":699,"dataGaLocation":607},"/topics/devops/","devops",{"text":701,"config":702},"Version Control",{"href":703,"dataGaName":704,"dataGaLocation":607},"/topics/version-control/","version control",{"text":706,"config":707},"DevSecOps",{"href":708,"dataGaName":709,"dataGaLocation":607},"/topics/devsecops/","devsecops",{"text":711,"config":712},"Cloud Native",{"href":713,"dataGaName":714,"dataGaLocation":607},"/topics/cloud-native/","cloud native",{"text":716,"config":717},"AI for Coding",{"href":718,"dataGaName":719,"dataGaLocation":607},"/topics/devops/ai-for-coding/","ai for coding",{"text":721,"config":722},"Agentic AI",{"href":723,"dataGaName":724,"dataGaLocation":607},"/topics/agentic-ai/","agentic ai",{"title":726,"links":727},"Solutions",[728,730,732,737,741,744,748,751,753,756,759,764],{"text":269,"config":729},{"href":264,"dataGaName":269,"dataGaLocation":607},{"text":258,"config":731},{"href":241,"dataGaName":242,"dataGaLocation":607},{"text":733,"config":734},"Agile development",{"href":735,"dataGaName":736,"dataGaLocation":607},"/solutions/agile-delivery/","agile delivery",{"text":738,"config":739},"SCM",{"href":254,"dataGaName":740,"dataGaLocation":607},"source code management",{"text":686,"config":742},{"href":247,"dataGaName":743,"dataGaLocation":607},"continuous integration & delivery",{"text":745,"config":746},"Value stream management",{"href":297,"dataGaName":747,"dataGaLocation":607},"value stream management",{"text":691,"config":749},{"href":750,"dataGaName":694,"dataGaLocation":607},"/solutions/gitops/",{"text":307,"config":752},{"href":310,"dataGaName":311,"dataGaLocation":607},{"text":754,"config":755},"Small business",{"href":316,"dataGaName":317,"dataGaLocation":607},{"text":757,"config":758},"Public sector",{"href":322,"dataGaName":323,"dataGaLocation":607},{"text":760,"config":761},"Education",{"href":762,"dataGaName":763,"dataGaLocation":607},"/solutions/education/","education",{"text":765,"config":766},"Financial services",{"href":767,"dataGaName":768,"dataGaLocation":607},"/solutions/finance/","financial services",{"title":330,"links":770},[771,773,775,777,780,782,785,787,789,791,793,795,797],{"text":343,"config":772},{"href":345,"dataGaName":346,"dataGaLocation":607},{"text":348,"config":774},{"href":350,"dataGaName":351,"dataGaLocation":607},{"text":353,"config":776},{"href":355,"dataGaName":356,"dataGaLocation":607},{"text":358,"config":778},{"href":360,"dataGaName":779,"dataGaLocation":607},"docs",{"text":381,"config":781},{"href":383,"dataGaName":384,"dataGaLocation":607},{"text":783,"config":784},"What's new",{"href":431,"dataGaName":432,"dataGaLocation":607},{"text":376,"config":786},{"href":378,"dataGaName":379,"dataGaLocation":607},{"text":390,"config":788},{"href":392,"dataGaName":393,"dataGaLocation":607},{"text":398,"config":790},{"href":400,"dataGaName":401,"dataGaLocation":607},{"text":403,"config":792},{"href":405,"dataGaName":406,"dataGaLocation":607},{"text":408,"config":794},{"href":410,"dataGaName":411,"dataGaLocation":607},{"text":413,"config":796},{"href":415,"dataGaName":416,"dataGaLocation":607},{"text":418,"config":798},{"href":420,"dataGaName":421,"dataGaLocation":607},{"title":434,"links":800},[801,803,805,807,809,811,815,820,822,824,826],{"text":442,"config":802},{"href":444,"dataGaName":436,"dataGaLocation":607},{"text":447,"config":804},{"href":449,"dataGaName":450,"dataGaLocation":607},{"text":455,"config":806},{"href":457,"dataGaName":458,"dataGaLocation":607},{"text":460,"config":808},{"href":462,"dataGaName":463,"dataGaLocation":607},{"text":465,"config":810},{"href":467,"dataGaName":468,"dataGaLocation":607},{"text":812,"config":813},"Sustainability",{"href":814,"dataGaName":812,"dataGaLocation":607},"/sustainability/",{"text":816,"config":817},"Diversity, inclusion and belonging (DIB)",{"href":818,"dataGaName":819,"dataGaLocation":607},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":470,"config":821},{"href":472,"dataGaName":473,"dataGaLocation":607},{"text":480,"config":823},{"href":482,"dataGaName":483,"dataGaLocation":607},{"text":485,"config":825},{"href":487,"dataGaName":488,"dataGaLocation":607},{"text":827,"config":828},"Modern Slavery Transparency Statement",{"href":829,"dataGaName":830,"dataGaLocation":607},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":832},[833,836,839],{"text":834,"config":835},"Terms",{"href":659,"dataGaName":660,"dataGaLocation":607},{"text":837,"config":838},"Cookies",{"dataGaName":669,"dataGaLocation":607,"id":670,"isOneTrustButton":161},{"text":840,"config":841},"Privacy",{"href":664,"dataGaName":665,"dataGaLocation":607},[843],{"id":844,"title":7,"body":157,"config":845,"content":847,"description":157,"extension":850,"meta":851,"navigation":161,"path":852,"seo":853,"stem":854,"__hash__":855},"blogAuthors/en-us/blog/authors/alisa-ho.yml",{"template":846},"BlogAuthor",{"name":7,"config":848},{"headshot":849},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1771440109/xcnydlisb91u4qiwdyw2.jpg","yml",{},"/en-us/blog/authors/alisa-ho",{},"en-us/blog/authors/alisa-ho","WU4QiU5Np9PQ8aLtvZXnH41_rF4JeUvaD9lOvDqkzYw",[857,865,872],{"title":858,"description":859,"heroImage":860,"category":153,"date":861,"authors":862,"slug":864,"externalUrl":157},"Full security scanner coverage of your codebase in minutes","Security configuration profiles lead to faster scanner rollouts. Learn how this new capability in GitLab 19.0 covers thousands of projects in minutes, no gaps.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1779189265/iqzyhhiwagxzwywvjzow.png","2026-05-26",[863],"Michael Omokoh","security-configuration-profiles",{"title":866,"description":867,"heroImage":860,"category":153,"date":861,"authors":868,"slug":871,"externalUrl":157},"Reduce supply chain risk with SBOM-based dependency scanning","Detect transitive dependencies, trace how they entered your project, and prioritize them by real-world exposure.",[869,870],"Mark Settle","Joel Patterson","sbom-based-dependency-scanning",{"title":873,"description":874,"heroImage":860,"category":153,"date":875,"authors":876,"slug":878,"externalUrl":157},"Manage CI/CD credentials with GitLab Secrets Manager","Each secret is scoped to its environment or branch and governed by the same controls you use for code. Join the public beta in GitLab 19.0.","2026-05-21",[877,869],"Joe Randazzo","secrets-manager-in-public-beta",{"promotions":880},[881,895,906,917],{"id":882,"categories":883,"header":885,"text":886,"button":887,"image":892},"ai-modernization",[884],"ai","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":888,"config":889},"Get your AI maturity score",{"href":890,"dataGaName":891,"dataGaLocation":384},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":893},{"src":894},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":896,"categories":897,"header":898,"text":886,"button":899,"image":903},"devops-modernization",[169,709],"Are you just managing tools or shipping innovation?",{"text":900,"config":901},"Get your DevOps maturity score",{"href":902,"dataGaName":891,"dataGaLocation":384},"/assessments/devops-modernization-assessment/",{"config":904},{"src":905},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":907,"categories":908,"header":909,"text":886,"button":910,"image":914},"security-modernization",[153],"Are you trading speed for security?",{"text":911,"config":912},"Get your security maturity score",{"href":913,"dataGaName":891,"dataGaLocation":384},"/assessments/security-modernization-assessment/",{"config":915},{"src":916},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":918,"paths":919,"header":922,"text":923,"button":924,"image":929},"github-azure-migration",[920,921],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":925,"config":926},"See how GitLab compares to GitHub",{"href":927,"dataGaName":928,"dataGaLocation":384},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":930},{"src":905},{"header":932,"blurb":933,"button":934,"secondaryButton":939},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":935,"config":936},"Get your free trial",{"href":937,"dataGaName":183,"dataGaLocation":938},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":645,"config":940},{"href":499,"dataGaName":188,"dataGaLocation":938},1781863743667]