Acquisition Process

Maintained by:

Funnel	Volume / Year
Pipeline Building
DevOps ecosystem companies	15,000+
Sourced Pipeline: generate pipeline of companies operating in a DevOps segment relevant for GitLab from three sources:	1,000
–> 1. Third-party databases	800
–> 2. Inbound (companies approach us or PMs refer us)	100
–> 3. Pro-active (Identify key areas with Product leadership)	100
Prioritized Pipeline	400
–> Review funding status, headcount and headquarters location
–> Prioritize potential softlanding deals (<$1M deal consideration) in countries without GitLab hiring restrictions
–> Prioritize by product priority
Exploratory
Reach out for intro calls	400
Intro calls with priority targets	300
Qualified Pipeline: Share relevant call summary with product management lead to confirm interest in setting up initial call between product management lead and company	100
Product and Tech Call	50
Early diligence
Early Diligence, Team Interviews, Business Case	30
Confirmatory due diligence
Signed Term Sheet / Confirmatory Due Diligence	15
Integration
Deal Signing, Closing & Integration	10

Acquisition process

The process is comprised of four key stages:

Pipeline Building
Exploratory
Early Diligence
Confirmatory Due Diligence
Integration

Pipeline Building

Sourcing: The corporate development team closely collaborates with GitLab's product leadership to identify key areas for potential M&A. We source acquisition opportunities ("Sourced Pipeline") from:
1. Ecosystem screen with the help of third party databases such as Crunchbase
2. Inbound introductions from GitLab team members and industry contacts
3. Proactive outreach to companies aligned with our vision and strategic priorities

Exploratory

We prioritize companies that fit with our product and acquisition priorities ("Prioritized Pipeline") and reach out to their leadership to set up intro calls.
Intro calls: The purpose of this 30-min call is to learn more about the potential target company and assess if further acquisition discussions make sense. The agenda for the call is:
1. Company overview including team, products, financials, and funding
2. Discuss which features could accelerate GitLab's roadmap
3. Review the GitLab acquisition process including deal terms, as appropriate (acquisitions handbook)
  - TARGET TEAM: Ahead of this call please review our roadmap and outline which of your current and future product features can be implemented into GitLab's product categories. Outline a simple integration timeline for those features, considering an MVC release on the first month after joining GitLab and monthly releases following with quick iterations.
Share call summary (Initial Acquisition Review Template, a GitLab internal document) of companies that are aligned with GitLab's acquisition strategy ("Qualified Pipeline") with relevant product lead.
- Create a new, private Slack channel (format: #acq-company_name) and add the internal GitLab document to the top. Add CProdO and the relevant product and engineering leaders to help with the initial assessment of the opportunity.
Product call: If the Dir. Product sees a potential fit and wants to proceed, set up an initial 60-minute product call to dive into the product and tech. The call must include the Dir. Product and may also include Section Leaders and specific Product Managers relevant to the call. Section Leaders and Product Managers should keep in mind the early stage of this evaluation and attempt to think expansively about how the potential acquisition could be additive to GitLab. The agenda for the call is:
1. Product demo with highlights on key functionality and technologies
2. Concise roadmap overview with a focus on near-term plans
3. GitLab roadmap fit - discuss which features could be built into GitLab and into which product stage
4. Start the discussion about what an integration into GitLab's code base will look like
Initial internal review: preliminary assessment of product and technology fit of the potential opportunity to GitLab's product roadmap as well as integration options into GitLab. If the product lead is supportive of moving forward towards developing a more in depth business case, confirm whether the proposed acquisition can be funded with planned headcount allocations. Otherwise, set up a discussion with CProdO before proceeding with further diligence.

Early Diligence

Select code name to use instead of target company name. Update Slack channel: #acq-code_name.
Sign a mutual NDA as linked on our legal handbook page.
Form the acquisition team and add entire team to the channel and documents.
Confirm internal acquisition champion - every acquisition needs a lead champion; someone who is advocating for the acquisition, helping drive the acquisition rationale, and seeing its successful integration. For most acquisitions that fit our approach, the champion will come from GitLab's Product team, at the Director level, accompanied by an engineering champion from the GitLab's Engineering team, at the Director level, respectively. For other acquisitions, champions may come from other internal functions.
Preliminary diligence - below is a list of documents to share with GitLab:
1. Financials:
  1. Balance sheet
  2. Profit and Loss sheet
  3. Cashflow statement
  4. Tax returns
2. Employees:
  1. Roster with: employee name, title, role, tenure, years of experience, location, salary, LinkedIn profile, programming languages proficiency
  2. Employee resumes
  3. Employee agreements and PIAA
3. Customer list with name, monthly revenue, contract termination date and any other fields if relevant.
4. Vendor list with monthly spend
5. Asset list:
  - Any assets that are needed for the business and will be part of the acquisition
  - Assets excluded from the acquisition
6. Technical Bill of Materials (BOM) - a complete document which lists:
  1. Repositories
  2. Issue trackers / bug management systems
  3. Additional (non-code) assets
  4. Domain names
  5. Servers
  6. Dependencies
  7. Database schemas
  8. Data
  9. Trademarks
  10. Social media accounts
7. Security Reports/Documentation
  1. External Security Reports
    - SOC 2
    - ISO 27001 Certification
    - CAIQ
    - External Penetration Testing Report
  2. Internal Security Documentation
    - Risk Management Program Documentation
    - Risk Register and status of risks
    - Results of security reviews the entity has performed over it's current vendors
Early technical diligence:
1. In case the target company has open source components, the respective Dir. Engineering (dependent on GitLab stage) will start an early code review to determine: code quality, development practices, contributions, license compliance and more. That should be turned around within 2-3 business days.
2. Hands-on product and code screen-share session (2 hours): the technical lead, as assigned by the respective Dir. Engineering, together with the respective Dir. Product will lead a screen-share session aimed at a hands-on validation of the product functionalities and an overview of the code. The objectives and agenda for the call are:
  1. Objectives:
    1. Technically validate the functionalities and competencies of the product which have been presented throughout our process thus far
    2. Conclude a high level evaluation of the complexity and quality of the solution
    3. Identify blockers, challenges for the integration
  2. Agenda:
    1. Cover a more technical demo of the product; cover further questions/areas which surfaced following the Product Call
    2. Walkthrough of the architecture and the mechanisms of the product
    3. Review the code repositories and practices
    4. Start discussing the technical aspects of a potential path for the integration
3. Founder technical interviews - founders will go through two rounds of interviews to assess technical and cultural alignment.
Resume review - Review of all employee resumes
Compensation review to identify any gaps and possible flags led by the HR Business Partner
Optional interviews for the key technical employees - to increase the success rate of the deal post-Term Sheet, we recommend conducting interviews for the key technical employees identified before signing the Term Sheet. This will greatly reduce the likelihood of personnel gaps becoming a blocker during the Confirmatory Due Diligence stage. The interviews will include a technical interview and a manager interview as detailed in the Confirmatory Due Diligence stage below.
1. The key technical employees are those identified as critical to the success of the acquisition, the proposed integration plan and the future of the team at GitLab post integration.
An Application Security Review performed by GitLab's Application Security Team
1. Identifies application vulnerabilities that need to be considered by GitLab by applying a threat modeling approach to conduct the review
Product integration strategy: the GitLab product and engineering acquisition champions will formalize the integration strategy with a focus on feature sets/functionalities:
1. What we keep as-is
2. What we reimplement in GitLab
3. What we discard/EOL
4. What is critical for user migration
5. Target product tiers in GitLab
6. Barriers for implementation
7. Deal Milestones:
  1. We aim to set 3 milestones at 2, 4 and 6 months from joining GitLab, to provide a concise set of goals which should cover the bulk of our product interest in the target company
  2. Milestones should be articulated as objectives as opposed to tasks. The structure of defining milestones should resemble that of OKRs, with each milestone having an objective and then a few key results which will are required to achieve the objetive. This will help target companies focus on driving the objectives and not be tied to, and concerned with, a specific task as changes are likely to occur once integration work starts. The milestones outline the objectives to facilitate the work required in achieving the roadmap advancement the deal was identified with delivering. Each milestone should be broken down to the keys required to complete in order to achieve success for the milestone's objective.
  3. First milestone shipped within 60 days of joining GitLab:
    1. Accounting for 3 weeks of onboarding, targets will ship the first milestone 5 weeks following the onboarding period
    2. Critical to adopting our culture and successful future integration of the target's engineering team in GitLab
    3. Allows us to show early fruits of the acquisitions soon, aligned with our value of iteration
  4. Integrated within 6 months:
    1. 6 months is an optimal timeframe which allows for incremental integration of the target's functionality, covering its entirety at best or its fundamentals at the very least, while not being overly extended. We would want to refrain from using a longer time frame as our roadmap priorities may change such that we could potentially find ourselves abandoning certain milestones, negating some or all of the rationale behind the deal.
    2. Will help establish focus on both acquired target and our product team
    3. Be able to complete payouts to the target's entity and shut it down sooner
  5. At least one milestone will focus on developing new functionality which will be based on the integration delivered in earlier milestones
To determine the deal ROI, the acquisition team will perform the analysis using the cost-revenue acquisition calculator (internal GitLab document). Make a copy of the master cost-revenue acquisition calculator file and save it in the relevant project folder in Google Drive before making changes to the file.
Presenting the business case for approvals (by order of occurrence):
1. Champions' approval: The acquisition team will review the business case together and approve the suggested deal. This includes approval of all the following:
  1. Complete executive summary (with link to term sheet draft) including budget and headcount allocation for the acquisition
  2. Complete business case (templates for both) including Deal Milestones
  3. Complete term sheet (template) draft with proposed details (asset payment, retention bonuses, Deal Milestones, closing schedule, customer termination and closing conditions) filled in.
2. Functional approvals: The corporate development acquisition lead, Dir. Product and Dir. Engineering will present the business case for acquisition to the CProdO and CTO. They will review to approve the items listed in the Champions' approval (complete: executive summary, business case, term sheet)
3. CEO, CFO and CLO approvals: The corporate development acquisition lead, Dir. Product and Dir. Engineering (deal champions) will present the business case for acquisition to the CEO, CFO and CLO. This meeting will also capture the explicit approval of the term sheet to start negotiations. 1. Approval of term sheet to start negotiations will be tracked in a term sheet approval issue. We don't include any financial and milestone information in the approval tracking issue for confidentiality reasons.
Term Sheet:
1. Once the terms to start negotiations have been approved, the corporate development acquisition lead will reach out to the target company to share the offer and term sheet.
2. Once an agreement on terms with the target has been reached, the term sheet (with any changes) will be brought forward for approval from: CLO, CFO, CEO (in that order). These approvals will be captured in the term sheet approval issue.
3. Once all approvals have been obtained, the corporate development acquisition lead will stage the term sheet for signing on HelloSign for target CEO and GitLab CEO (in that order). Add CLO, CFO, and CProdO on Cc on the agreement.
  1. Approval tracking will be tracked on the term sheet approval issue mentioned earlier. Any changes to previously-approved terms need to be reviewed and approved once more by the following: Dir. Product, Dir. Engineering, CProdO, CTO, CLO, CFO, CEO. The changes should be referenced on the term sheet approval tracking issue before seeking approvals.

Confirmatory Due Diligence

To kick-off the Due Diligence stage, the corporate development acquisition lead emails the target company CEO with the following clarifications and information requests:
1. All employees and their profiles will be reviewed by the GitLab team
2. The employees who will be invited for interviews will go through GitLab's standard interview process
3. Key employees who were interviewed during the Early Diligence stage may go through further interview rounds as determined by the GitLab team to qualify for a role at GitLab
4. All employees must identify an open vacancy at GitLab which they think best matches their professional profile. This will be shared in a spreadsheet gathered by the target's CEO.
The acquisition lead will create an engagement debrief and lessons learned document and share it with the team for on-demand capturing of insights.
Complete Technical diligence
Complete financial diligence
Legal diligence - Once both the technical and the financial diligence have been completed and signed off by the Dir. Engineering champion and Finance acquisition team member, respectively, the acquisition lead will contact legal to start the legal diligence. Legal will tag the relevant owners for each of the diligence tasks in the template diligence table(GitLab internal document) in the main acquisition doc.
The progress of the diligence will be synced on a regular stand-up call with the acquisition team
The corporate development acquisition lead and the legal lead negotiate the definitive deal documentation with the target company CEO and legal team
Final review and approval:
1. Conclusive call - Final internal review call with the acquisition team to recap the acquisition as a whole, review the acquisition agreement and present a final recommendation. This meeting will also capture the explicit approval of the acquisition agreement from the CLO, CFO and CEO. Approvals from the call as well as additional required approvals will be tracked using the definitive agreement approval issue template.
2. BoD approval:
  1. Legal will facilitate the final deal approval from GitLab's Board of Directors
  2. A board package will be shared with the BoD members before requesting their approval. It should include:
    1. Executive summary email:
      1. Will be sent to the BoD members by the CEO
      2. The Dir. Corp Dev will create a 1-2 page executive summary email message. It should include a high level coverage of the following topics:
        
        Deal details and rationale (including roadmap acceleration, projected revenue gain)
        
        Expertise of team joining
        
        Key terms for the APA and any additional costs
        
        Diligence conducted: legal, tax, financial, technical, people
        
        Known risks, indemnification conditions as well as representations and warranties
    2. Link to final version of APA
The corporate development acquisition lead will coordinate the signing and closing of the deal

Integration

The Corporate Development team is responsible for overseeing and facilitating the integration of the acquisition post-closing, working closely with Legal, Product, Engineering, and Finance.

The integration process is outlined in our acquisition integration page.

Acquisition Team

An acquisition team will consist of the following GitLab functional team members:

Dir. Corporate Development - acquisition lead
Dir. Product Management
Product Manager
Dir. Engineering
Engineering team member
Finance team member
Director of Tax
Principal Accounting Officer
Legal team member
HR Business Partner
People Ops Business Partner
Recruiting manager
VP of Security

To assign the product manager, after the product call or as soon as it's clear which product category the features will be implemented into, contact the category product director for the assignment.

To assign the engineering team member, contact the engineering manager of the relevant category for assignment.

Acquisition Team Responsibilities

Function	Role	Deliverables
Corporate Development	1. Main POC for acquired team 2. Identify potential areas for integration 1. Create case for acquisition and customer transition story 3. Integration	1. Business case with deal structure
Product	1. Outline current product features to be implemented into GitLab 2. Outline potential future functionalities to be built into GitLab after the integration period	1. Integration strategy
Engineering	1. Technical diligence	1. Code quality review 1. Integration strategy validation - feasibility and timeline
Finance	1. Lead financial diligence 2. Validate business case and deal structure
Legal	1. Review entity, assets and existing agreements 2. Evaluate sunset and customer transition path	1. Term Sheet 1. Acquisition agreement
People Ops Business Partner	1. Lead the compensation review 2. Lead the interview process during the early and due diligence stages to completion
Security	1. Identify and summarize Security Risk Posture as part of Early Diligence 2. Perform Application Security review	1. Security Risk summary detailing the security risk impacts to GitLab

Acquisitions Are Confidential

At GitLab, we treat all acquisition discussions as confidential and share any information internally on a need-to-know basis.

To ensure confidentiality during the acquisition process, we assign code names to each potential transaction once we enter the Early Diligence stage.

To maintain confidentiality, we follow the following guidelines:

When creating a new acquisition slack channel:
1. Set the channel topic to: "This channel is confidential. Please confirm with acquisition lead name here before inviting people to the channel or related docs."
2. Set the channel description to: "Please review our acquisition handbook and process to familiarize yourself with our approach to acquisitions. Please review the confidentiality section of the process and our guidelines".
We strive to keep the number of people involved in an acquisition as small as possible to reduce legal exposure and maintain a low potential risk.
If you're part of an acquisition Slack channel, Google Doc, or other internal GitLab discussion and would like to invite another GitLab team member to one of those, please confirm with the acquisition lead before doing so.
We collect all notes on an acquisition in the main acquisition doc shared on the topic of the acquisition's slack channel. If you must create a new document, make sure it is set to invite-only and add the relevant people manually. That document needs to be kept inside the acquisition G-Drive folder on the Corporate Development Shared Drive.
Everyone involved in the project should use the code name in place of the actual company name in all communication about the deal until it is publicly announced.