The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
| Stage | Software Supply Chain Security |
| Content Last Reviewed | 2025-05-16 |
| Content Last Updated | 2025-05-16 |
Pipeline Security is a group in the Software Supply Chain Security stage. There are two categories in the group and details on the direction can be viewed on the following individual category page:
| Priority | Name | DRI | Target release |
|---|---|---|---|
| 1 | CI job token migration tool clean up | @dbiryukov |
18.3 |
| 2 | Beta: GitLab native secrets manager for GitLab.com | @iamricecake |
TBD |
| 3 | Beta: GitLab native secrets manager for Self-Managed and Dedicated | @iamricecake |
TBD |
| 4 | Launch: GitLab native secrets manager for GitLab.com | @iamricecake |
TBD |
| 5 | Launch: GitLab native secrets manager or Self-Managed and Dedicated | @iamricecake |
TBD |
| 6 | SLSA Level 3 Phase 1: Provenance Generation and Verification | @ahuntsman |
18.0 |
| 7 | SLSA Level 3 Phase 2: In-Pipeline Data Collection | @shampton |
18.3 |
| 8 | SLSA Level 3 Phase 3: Signing Out of Build Environment Using OIDC and Sigstore | @shampton |
TBD |
| 9 | SLSA Level 3 Phase 4: KMS Integration for Out-of-Pipeline Signing | @shampton |
TBD |
| 10 | SLSA Level 3 Phase 5: Hardening of Pipeline identity | @shampton |
TBD |