GitLab Direction

1. You are here:
2. GitLab Direction

On this page

• Vision
  • Background and history
  • DevOps stages
    • Manage
    • Plan
    • Create
    • CI/CD
      • Verify
      • Package
      • Release
    • Configure
    • Monitor
      • Application Performance Monitoring (APM)
      • Debugging and Health
    • Secure
    • Defend
  • Enablement Groups
    • Geo
    • Fulfillment
    • Ecosystem
• Concepts
  • Depth
  • Breadth
  • Personas
  • Application Types
  • Company Initiatives
  • Enterprise editions
• Maturity
• Quarterly Objectives and Key Results (OKRs)
• Your contributions
• How we plan releases
• Previous releases
• Upcoming releases
• Moonshots
• Paid tiers
  • Starter
  • Premium
  • Ultimate

Vision

Our vision is to replace disparate DevOps toolchains with a single application that is pre-configured to work by default across the entire DevOps lifecycle.

We aim to make it faster and easier for groups of contributors to deliver value to their users, and we achieve this by enabling:

• Faster cycle time, driving an improved time to innovation
• Easier workflows, driving increased collaboration and productivity

Our solution plays well with others, works for teams of any size and composition and for any kind of project, and provides ongoing actionable feedback for continuous improvement.

You can read more about the principles that guide our prioritization process in our product handbook.

Background and history

• The Product Vision Backstory
• The 2018 Product Vision
• The 2019 and Beyond Product Vision

DevOps stages

DevOps is a broad space with a lot of complexity. To manage this within GitLab, we break down the DevOps lifecycle into a few different stages, each with its own strategy page you can review. We are investing in the following manner across each stage:

• Planning spreadsheet with PM analysis of competition, Headcount with stage revenue, Headcount by category
• Product categories
• Maturity page
• Backend hiring priorities
• Rolling 4 Quarters GitLab Hiring Plan (internal only)
• Finding headcount outside of your stage

Manage

Overall visibility and insight into what's happening within GitLab

Plan

Planning capabilities to keep your team synchronized and moving in the right direction

Create

Create, view, and manage code and project data through powerful tooling

CI/CD

Verify

Keep strict quality standards for production code with automatic testing and reporting

Package

Manages the packages you build and depend on in your software delivery process

Release

Continuous delivery and orchestration of your releases to your users

Configure

Automation to configure your applications and infrastructure

Monitor

Application Performance Monitoring (APM)

Monitor system behavior to understand the impact of changes on your system

Debugging and Health

Triage, respond, resolve and prevent incidents to minimize downtime

Secure

Security capabilities, directly integrated into your development lifecycle

Defend

Defend your apps and infrastructure from security intrusions

Enablement Groups

Supporting the stages in the DevOps lifecycle, there are additional Enablement groups, again with their own direction pages:

Geo

Fulfillment

Ecosystem

Concepts

Product uses a few key concepts to talk about how we work:

• Depth
• Breadth
• Personas
• Application Types

Depth

We aim for market leadership in every category we compete in. We're already there with:

• Source Code Management
• Continuous Integration

For FY20, and we'll build best-in-class, lovable features in our four focus areas:

• Project Management
• Release Automation
• Application Security Testing
• Value Stream Management

Additionally, our FY20 goals include moving these categories to complete.

Breadth

We wouldn't be true to our ambition if we stopped with our current product categories. Across our existing DevOps stages we'll continue to rapidly expand with new categories.

For more information, check out our epics below:

Manage

• Code Analytics
• Workflow Policies

Plan

• Requirements Mangement
• Quality Management

Create

• Design Management
• Live Coding

Verify

• System Testing
• Usability Testing
• Accessibility Testing
• Compatibility Testing

Package

• Rubygem Registry
• Linux Package Registry
• Helm Chart Registry
• Dependency Proxy

Secure

• Secret Detection
• IAST
• Fuzzing

Release

• Release Governance

Configure

• PaaS
• Chaos Engineering
• Cluster Cost Optimization

Monitor

• Synthetic Monitoring
• Incident Mangement
• Status Page

Defend

• Runtime Application Self Protection
• Web Application Firewall
• Threat Detection
• Behavior Analytics
• Vulnerability Management
• Data Loss Prevention
• Container Network Security

We are additionally prioritizing getting these categories from Minimal to Viable.

Personas

GitLab enables everyone to contribute. Our platform can be used by all people contributing to digital content.

We've already built great workflows and dashboards for:

• Developers
• Project Managers

We are investing in our relatively new roles:

• Release Managers
• Security
• Operations

We plan to expand to more roles in FY2020:

• Designers
• Product Managers
• Executives

Other candidates:

• Marketing
• Legal
• QA
• Data Scientists

Application Types

Application types represent both different application types (web applications, mobile apps) and architectures (monorepos, microservices). Gitlab continues to deliver and replace the disparate DevOps toolchain for both static sites and traditional web applications. These are two examples of application types. We're actively investing in more robust support for new application types such as cloud native and mobile apps, but we aren't done there. GitLab will expand to enable collaboration on new application types. More details.

In FY20, we're targeting:

• Mobile apps (including iOS builds on MacOS shared runners on GitLab.com)
• Serverless functions
• Systems of microservices
• Monorepos of related services
• Versioned dependencies (e.g. rubygems)

Future application types:

• Data science
• ML/AI
• Security research
• Gaming (LFS / Monorepo with many binaries)

Company Initiatives

We are also tracking big initatives for the entire company or for the application at a holistic level that impact the product. These items have their own planning and goals, and typically bridge several (and in some cases even all) of the stages in the product. Some have formal working groups. There are other formal working groups that are not mentioned here as this list focuses on efforts that Product is directly involved with.

• Move to a single CE/EE Codebase
• GitLab.com costs
• Internationalization
• Elastic Search on GitLab.com
• GitLab.com using CD
• GraphQL
• Design system
• Dogfood microservices

In addition, there are broad efforts to "level up" the Product org:

• Embrace dogfooding
• Become more customer driven
• Become data-informed
• Become ROI and Revenue driven
• Shift ratio of breadth/depth more towards depth
• Improve latency without degrading bandwidth

Enterprise editions

GitLab comes in 4 editions:

• Core: This edition is aimed at solo developers or teams that do not need advanced enterprise features. It contains a complete stack with all the tools developers need to ship software.
• Starter: This edition contains features that are more relevant for organizations that have more than 100 potential users. For example:
  • features for managers (reports, management tools at the group level,…),
  • features targeted at developers that have to work in multi-disciplinary teams (merge request approvals,…),
  • integrations with external tools.
• Premium: This edition contains features that are more relevant for organizations that have more than 750 potential users. For example:
  • features for instance administrators
  • features for managers at the instance level (reporting, management tools, roles,…)
  • features to help teams that are spread around the world
  • features for people other than developers that help ship software (support, QA, legal,…)
• Ultimate: This edition contains features that are more relevant for organizations that have more than 5000 potential users. For example:
  • compliances and certifications,
  • change management.

Maturity

As we add new categories and stages to GitLab, some areas of the product will be deeper and more mature than others. We publish a list of the categories, what we think their maturity levels are, and our plans to improve on our maturity page.

Quarterly Objectives and Key Results (OKRs)

To make sure our goals are clearly defined and aligned throughout the organization, we make use of OKR's (Objective Key Results). Our quarterly Objectives and Key Results are publicly viewable.

Your contributions

GitLab's direction is determined by GitLab the company, and the code that is sent by our contributors. We continually merge code to be released in the next version. Contributing is the best way to get a feature you want included.

On our issue tracker for CE and EE, many requests are made for features and changes to GitLab. Issues with the Accepting Merge Requests label are pre-approved as something we're willing to add to GitLab. Of course, before any code is merged it still has to meet our contribution acceptance criteria.

How we plan releases

At GitLab, we strive to be ambitious, maintain a strong sense of urgency, and set aspirational targets with every release. The direction items we highlight in our kickoff are a reflection of this ambitious planning. When it comes to execution we aim for velocity over predictability. This way we optimize our planning time to focus on the top of the queue and deliver things fast. We schedule 100% of what we can accomplish based on past throughput and availability factors (vacation, contribute, etc.).

See our product handbook on how we prioritize.

Previous releases

On our releases page you can find an overview of the most important features of recent releases and links to the blog posts for each release.

Upcoming releases

GitLab releases a new version every single month on the 22nd. You can find the major planned features for upcoming releases on our upcoming releases page.

Note that we often move things around, do things that are not listed, and cancel things that are listed.

Moonshots

Moonshots are big hairy audacious goals that may take a long time to deliver.

• META: Internationalization / add translations
• Implement cross-server (federated) merge requests
• Real-time editing of issue and merge request title
• Make native applications for iOS and Android with Turbolinks
• Run tests in the cloud, pre-commit from a client
• Copy-on-write fuse filesystem
• Autocommit using auto-assigned approvers
• Suggest edits to fix common errors detected by CI
• Use machine learning to automatically classify issues/MRs
• Visual editor for .gitlab-ci.yml
• IDE / editor with a local editor via mirroring / sync
• Render like BigPipe for better perceived performance
• Real-time editing of issue and merge request description
• Machine learning to predict and offer next label to apply
• Rebuild/update all containers Premium
• Allow pushing to multiple servers
• Code to issue audit
• Clone MR
• Failure Injection Testing (FIT) or Chaos as part of operations features Premium
• See visual diff in review app
• PeopleOps tool - Talent management (recruiting in particular)

Paid tiers

Starter

Starter features are available to anyone with an Enterprise Edition subscription (Starter, Premium, Ultimate).

• Board List Capacity Line (Board List Capacity MVC) 12.2
• Automatic authorization for Visual Review Tools 12.3
• Auto-determine most efficient parallelization factor for test runs 12.3
• Code quality on master 12.4
• Add full screen annotations to Visual Review tool 12.4
• Add ability to take screenshot in Visual Review Tool 12.4
• Graph history of pipeline durations 12.7
• Visualize jobs duration given a pipeline (chart, graph) 12.7
• Constant Deployment 12.7
• Continue code quality: show result when Pipeline runs 12.7
• CI View for Code Quality 12.7
• Honor "fixup!" commits when doing rebases in Merge Requests Backlog
• Restrict group approvers to groups that have share access to the project Backlog
• Make Runner automatically upload artifacts to Object Storage Backlog
• Pipeline timing graphs Backlog
• Show fuller code quality notices inside the MR widget Backlog
• Auto Coverage Backlog
• Add an admin screen to check status of Elasticsearch indexing Backlog
• Connect to GitHub Enterprise at group level Backlog
• Pin (star) boards you care about Backlog
• Actionable analytics MVC Backlog
• Show list of code reviews on the merge request Backlog

Premium

Premium features are only available to Premium (and Ultimate) subscribers.

• Group Cycle Analytics Over Time 12.1
• Add feature flag permissions 12.1
• Add % rollout strategy to Feature Flags 12.1
• Conan C/C++ Package Manager MVC 12.1
• Specify that an MR must be merged after another MR 12.1
• Add point of interest discussions to designs 12.1
• View previous design versions 12.1
• Scoped labels restyled 12.1
• Allow users to Destroy/Hide designs 12.1
• Export designs when creating a project export 12.1
• Parallel execution strategy for Merge Trains 12.1
• Cross-project environments dashboard MVC 12.2
• Using not in issue/mr/epic list views and boards 12.2
• Add status checking behaviors to pipeline triggers 12.2
• Wait for MR approval in CI pipeline jobs 12.2
• Allow restricting group members by a domain whitelist 12.2
• Trigger pipeline when another project is rebuilt 12.2
• Add support for PAT to NPM registry 12.2
• Public pipeline page MVC 12.2
• [FE] Allow restricting group members by a domain whitelist 12.2
• Userid-based access for Feature Flags 12.2
• First class Vault integration for deploy and other secrets in CI/CD 12.3
• Automatic authorization for Visual Review Tools 12.3
• Block deploy/promote/merge if degrade performance too much 12.3
• Using or in issue/mr/epic list views and boards 12.3
• Merge coordinated merge requests with a single click 12.3
• Add authentication support for CI_JOB_TOKEN to Conan Registry 12.3
• Automated a11y scanning of Review Apps 12.4
• Implement inline code coverage remarks inside merge request changes tab file diffs 12.4
• CI View for Selenium MVC 12.4
• Integrate Artillery.io for Integrated Testing 12.4
• Group level required CI jobs (group level required include:) 12.4
• Automatically create change request ticket in ServiceNow 12.5
• Graph testing results over time MVC 12.7
• Environment-specific variables for Group-level variables 12.7
• Create an alert in Audit Events 12.7
• Automatic multi-cloud validation MVC 12.7
• Add integrated load testing to Auto DevOps 12.7
• Measure usage of Integrated Load Testing 12.7
• Add cookie-based access to Feature Flags 12.7
• Better than Atlassian Jira integration Backlog
• Add Support for Helm chart registry (Kubernetes Package manager) Backlog
• Code analytics
• Approvers based on code Git blame Backlog
• View the history of changes to an issue/mr/epic description Backlog
• Rebuild/update all containers
• Verified and reproducible builds
• Block merge request with a negative approval signal Next 7-13 releases
• Turnstile security: self learning and location dependent
• Watermarking of downloaded binaries
• Advanced compliance reporting (on access rights)
• [meta] Disaster Recovery Next 3-4 releases
• Auto-rebase when merging merge request Next 4-7 releases
• Automatic CDN configuration for Pages Backlog
• Import JIRA project issues into GitLab project issues Backlog
• Feature monitoring Backlog
• Advanced deploys (Blue/green, Canary, Traffic vectoring) Backlog
• Add "Jira integration" to multiple projects at once Backlog
• Group level integration with JIRA Backlog
• Use Case: Distributed Systems / Microservices Backlog
• More control over manual action permissions Backlog
• Controllable permissions for CI tokens Backlog
• Operator role Awaiting further demand
• Multiple Performance Dashboards Next 3-4 releases
• Automatically assign SLA time for Service Desk issues
• Automatically assign Service Desk issues to users
• Blocking issues Backlog
• Automatically Load-balance tests Backlog
• Show code quality notices on diffs/MRs Backlog
• Create GitLab branch from Jira issue dev panel Backlog
• Create GitLab merge request in JIRA issue in development panel Backlog
• View GitLab merge request approvals information in associated JIRA issue Backlog
• Service Desk Analytics Backlog
• Real-time updates in Jira dev panel Backlog
• Automatic flaky test minimization Backlog
• Scale deployments directly from the environment page Awaiting further demand
• Autoscaling apps Awaiting further demand
• Application idling / scale to zero Backlog
• Detect and report on flaky tests Backlog
• META: Code review flow which doesn't rely on manual assignment
• Multiple milestones per issue or merge request Backlog
• Control incremental rollouts in the UI Backlog
• Increase visibility of incremental rollouts in deploy boards Backlog
• Button to auto-provision required files for Maven integration Backlog
• Add Debian support to our Artifact Repository (MVC) Backlog
• Add RPM support to our Artifact Repository (MVC) Backlog
• Compliance features Backlog
• Burndown chart in issue boards Backlog
• Make timed incremental rollout move forward only Backlog
• Failure Injection Testing (FIT) or Chaos as part of operations features Backlog
• Post-deployment monitoring (continuous verification) MVC Backlog
• Dependency proxy for GitLab Maven package repositories Backlog
• Dependency proxy for GitLab NPM package repositories Backlog
• Add support for npm tags Backlog
• CI View for detailed site speed metrics Backlog
• Add link to detailed sitespeed report from Merge Request Backlog
• Update node.js template to automatically push to the NPM registry Backlog
• PyPi Artifact Repository MVC Backlog
• Add support for .HAR file to integrated load testing Backlog
• Extend metrics to allow for groups of metrics Backlog
• Allow multiple jobs to specify metrics Backlog
• Expose previous stages metrics to the current job Backlog
• Storage limits for the Dependency Proxy Backlog
• Project and Group level support for Conan Repository Backlog
• Search and discover items in the dependency proxy Backlog
• [Meta] GitLab HA improvements post GA Next 7-13 releases

Ultimate

Ultimate is for organizations that have a need to build secure, compliant software and that want to gain visibility of - and be able to influence - their entire organization from a high level. Ultimate features are only be available to Ultimate subscribers.

• Mirror changes from Web IDE to CI runner 12.0
• Live preview (server side evaluation) application in Web IDE 12.1
• Create issue from epic 12.1
• Option to set Security Dashboard as default view for groups 12.1
• Add Severity level to Gemnasium vulnerabilities 12.1
• Dragging and dropping issues and epics in the epic tree 12.1
• Security approval in merge requests MVC 12.1
• Add, view and edit optional reason when dismissing vulnerabilities 12.1
• SAST for APEX 12.1
• Disallow merge if a blacklisted license is found 12.2
• Bar chart for VSM workflow analytics 12.2
• Enable ModSecurity Web Application Firewall on cluster ingress controller 12.2
• Collect ModSecurity information and show them to users 12.2
• Executable Runbooks for Releases MVC 12.2
• Import HackerOne reports into GitLab 12.2
• Support computed metric alerts 12.2
• Release Orchestration Dashboard MVC 12.3
• Internal Ops Dashboard 12.3
• Production scripted testing 12.4
• Add Pod Logs to Operations tab 12.4
• Security Dashboard as an option for default dashboard 12.4
• Instance level Security Dashboard MVC 12.4
• Group License Management 12.4
• Show the detailed status of security testing in the merge request 12.4
• Binary Authorization MVC 12.7
• Calendar showing issues on issue due dates Backlog
• Access issue custom fields from project level Backlog
• Auto Remediate dependency security vulnerabilities Next 7-13 releases
• Ops view of monitoring and deploy board Backlog
• Custom workflows - Group configuration Backlog
• Web Terminal with persistent disk Next 7-13 releases
• Defect management
• Pipeline analyses to find transient failure Backlog
• Show current status of pods in deploy board Backlog
• Disable deleting issues and merge requests instance wide Backlog
• Lock issue title and description forever Backlog
• Change control
• Custom fields with required validation Backlog
• Configure group-level issue custom field Backlog
• Configure project-level issue custom field with enumerated (dropdown) field type Backlog
• Application logging (aggregated) Next 7-13 releases
• GitLab Tracing Next 7-13 releases
• Anomaly alerts Next 4-7 releases
• Application Log Alerts Next 4-7 releases
• Risk management Next 7-13 releases
• What-if scenario planning
• Show Security Testing results on the environments page Next 4-7 releases
• Add epics to global search Backlog
• Detect & Alert on manual changes to Kubernetes configuration Backlog
• Email notification for security reports Next 4-7 releases
• Logging
• Execute linter in Web IDE runner and render linter output in the Web IDE Next 4-7 releases
• Monitor device-plugin resources in Kubernetes Awaiting further demand
• Pod View Backlog
• Node View Backlog
• Node and Pod summary views Backlog
• Burndown chart with stacked lines in boards Backlog
• Value stream analytics in board
• Show Security Dashboard as the default project overview content Next 4-7 releases
• Time analytics line chart Backlog
• Burndown chart in issue boards Backlog
• Scroll vertically in roadmap view Backlog
• Dependency Scanning for Go Next 4-7 releases
• Security Control Panel for security testing Backlog
• Epic swimlanes in board Backlog
• Use both fixed and inherited dates in epics to track delays Backlog
• Add mean remediation time in the Security Dashboard Next 4-7 releases
• Cumulative flow diagram in board Backlog
• Discussion thread in board Backlog
• Test run object (or issue verification object generally) Backlog
• Benefit-weight ratio (WSJF in SAFe) visualization Backlog
• Option to enable Binary Authorization in new GKE clusters Backlog
• Epic cost, benefit, ROI fields Backlog
• Planning epics with WSJF in SAFe (benefit-weight ratio) Backlog
• Include fuzzy testing in DAST Next 4-7 releases
• Group Security Dashboard API Next 4-7 releases
• Custom rules for Web Application Firewall Backlog
• Site-specific configuration for Web Application Firewall Backlog
• Allow blocking mode for Web Application Firewall Backlog
• Blocking epics
• Filter issue list by epic Backlog
• Inline vulnerability management for the Group Security Dashboard Backlog
• Update HackerOne reports based on remediation flow in GitLab Backlog
• Value stream analytics - Two label events for cycle time