GitLab Environmental, Social, and Governance

An overview of corporate sustainability at GitLab.

GitLab Fiscal Year 2023 (FY23) ESG Report

Message From Our Chief Executive Officer

Welcome to GitLab’s inaugural Environmental, Social, and Governance (ESG) report. ESG has been an integral part of GitLab’s business and culture, even before we explicitly used the term “ESG.” Our approach to ESG aligns with our Values. This can be seen in the management and oversight of our business and in the way we have managed risks and opportunities related to our team and our wider community. It is also evident in our customer-centric approach, our all remote philosophy, the development of our products, and our being an intentional force for good.

GitLab has been a remote workplace since day one. That means we work to eliminate geographical constraints by relying on our scalable employment solution when it comes to recruiting our team members. We focus on skills, experience, enthusiasm, energy, and ability to get the job done well. This has proven to be a win-win, opening doors for us at GitLab and for those who want to work with us. Building an all-remote company is just one example of how we’ve authentically incorporated ESG principles into our structure and operations. The intentional investments we’ve made in ESG have been a natural extension of how we started.

Without it being formalized, ESG was already part of our core purpose to help people increase their lifetime earnings through access to opportunities and the DevSecOps platform. That said, we are excited to invest more in this area. This report offers ESG information and data in a single location in an effort to enhance our transparency and clarity.

In 2022, we completed our first materiality assessment in which we engaged with internal and external stakeholders to understand where we should prioritize our ESG efforts. Our materiality assessment uncovered the six ESG topics we will focus on to optimize results. We have since formalized our ESG program, identified areas of opportunity, and established a strategy to address and manage the key ESG priorities. This report dives into each of those key ESG priorities and shares how we’ve taken action.

We look forward to building on our efforts to date and continuing to share progress with our stakeholders.

Thank you,

Sid Sijbrandij

GitLab Co-Founder and Chief Executive Officer

Introduction

Our Mission and Vision

It is GitLab’s mission to make it so that everyone can contribute. We make this possible by allowing anyone to create a proposal, at any time, without setup, and with confidence. This mission extends to contributions made with GitLab and contributions made to GitLab (both the application and our company). We believe that when everyone can contribute, the rate of innovation soars.

Our vision captures where we’re going over the next decade. Today, we offer a powerful DevSecOps platform. As we evolve, we’re positioned to be on the leading edge of a trend toward breaking down silos and enabling streamlined, cross-team collaboration where operationalization reigns supreme. It is our vision to become the AllOps platform—a single application for all innovation.

About This Report

“In GitLab’s inaugural ESG Report, we share our key programs, policies, and accomplishments in each of the areas we and our stakeholders consider most important. With our iteration value in mind, we are committed to driving progress across our material ESG topics to ensure we are always improving, meeting and exceeding expectations. I’m proud of how far we have come and excited for the impact GitLab will have as we continue on our ESG journey.” -Robin Schulman, GitLab Chief Legal Officer and Head of Corporate Affairs

GitLab’s (“GitLab,” “we,” “our”) Environmental, Social, and Governance (“ESG”) report details GitLab’s priorities, progress, and performance across ESG key topics. Data about financial performance is not included in this report and may be found in our financial and SEC filings.

Unless otherwise specified, the information included in this Report was last updated on July 20, 2023. The content included in this report covers Fiscal Year 2023 (“FY23”) (as of January 31, 2023). The report will be updated annually. Throughout the report, there may be mentions of Fiscal Year 2024 (“FY24”) which runs February 1, 2023 through January 31, 2024. We maintain a public facing Handbook and throughout this Report, we link to certain Handbook pages. These Handbook pages are maintained separately and may reflect a different reporting period from what is found within this Report.

This Report has been prepared with reference to the Global Reporting Initiative’s (“GRI”) standards released in October 2021. We also disclose in alignment with the Sustainability Accounting Standards Board (“SASB”) under the Software & IT Services industry.

This Report was first published on July 20, 2023.

*Key ESG topics identified during GitLab’s materiality assessment.

For questions and information on GitLab’s ESG Team, please visit the ESG handbook page.

Our Approach to ESG

ESG Strategy

ESG practices, although newly formalized in GitLab’s strategy, have been embedded in our work culture since inception. Deeply integrated into the business philosophy, GitLab’s ESG strategy is driven by our values of Collaboration, Results, Efficiency, Diversity, Inclusion and Belonging, Iteration, and Transparency (CREDIT).

GitLab’s ESG Team created and continuously maintains GitLab’s corporate sustainability strategy and programs. This includes creating and managing GitLab’s ESG disclosures and public ESG reports, identifying and prioritizing key issues to advance our social and environmental goals, and creating partnerships with nonprofit organizations that support GitLab’s values and mission.

In December 2022, we completed an ESG materiality assessment to determine which ESG topics are most important to our business and to our stakeholders. Through engagement with both internal and external stakeholders, we explored which ESG topics have the greatest impact on GitLab’s business, and where we have the potential to have the greatest impact on the environment, society, and our global communities. GitLab leadership, including the Nominating and Governance Committee of GitLab’s Board of Directors, were given the opportunity to engage in the assessment. Our materiality matrix was finalized in January 2023.

ESG Materiality Matrix

Six key topics, which drive GitLab’s ESG strategy and program development, were identified in GitLab’s materiality assessment.

Materiality_Matrix

GitLab’s current key topics are listed below:

Social

  • Talent and Engagement
  • Diversity, Inclusion, and Belonging (DIB)

Environment

  • Greenhouse Gas Emissions

Governance

  • Information Security and Data Privacy
  • Responsible Product Development
  • Business Ethics

United Nations Sustainable Development Goals Alignment

In developing our ESG strategy, we have aligned our efforts to the United Nations Sustainable Development Goals (“UN SDGs”). The UN SDGs provide a shared blueprint for peace and prosperity for people and the planet, now and into the future. To that end, our ESG efforts align with five of the seventeen UN SDGs, and we seek to drive progress on the goals within our operations. We will continue to revisit and deepen our alignment as we make progress on our ESG strategy. Throughout this report we include the relevant UN SDG number in each section.

5_SDGs

Social

Talent and Engagement*

(UN SDG #8 and 10)

We’re a team of helpful, passionate people who want to see each other, GitLab, and the broader GitLab community succeed. We care about what our team members achieve: the code shipped, the user who was made happy, and the team member who was helped.

GitLab’s mission to make it so that everyone can contribute extends to our team members who are empowered to make an impact across the company. While our mission drives GitLab, we believe that our values and work culture are what make us successful. We believe that when team members seek feedback from a diverse group of peers and leaders, inside and outside of their group or function, it leads to better decisions and a greater sense of belonging. We work to make everyone feel welcome and to increase the participation of underrepresented groups in our community and company.

Our entire workforce is remote, allowing people of all backgrounds and abilities to join the team. As GitLab has grown, we’ve learned a lot about what it takes to build and manage a fully remote team, and we share what we have learned and our practices with our Guide to All Remote. Additionally, GitLab launched TeamOps, an organizational operating model that helps teams maximize productivity, flexibility, and autonomy by managing decisions, information and tasks more efficiently.

Four pillars anchor our Team Member Relations Philosophy, and each pillar is in alignment with our values. These pillars are:

  • Collaboration
  • Diversity, Inclusion, and Belonging
  • Results
  • Transparency

Together, these pillars support GitLab’s commitment to preserving the dignity of each team member. Every team member is expected to treat each other with fairness, respect, and transparency. Direct and honest communication is strongly encouraged between all team members, regardless of title or level. We encourage mutual responsibility for constructive work relationships and communication, information sharing, problem solving and a safe, neutral process through which differences can be resolved.

“Our mission is to make it so everyone can contribute. We aim to create an environment where people feel empowered to make decisions and contribute in a safe space.” -Wendy Barnes, GitLab Chief People Officer

Talent Management

Our values-based pillars extend to our approach to talent management. Transparency is a key element to our values, culture, and talent management at GitLab, and applies to how we share open positions at GitLab, compensation calculations, benefits, clarity of job descriptions, onboarding and offboarding procedures, facilitating connections with various internal groups, and much more. Our People Group is a dedicated team that supports GitLab’s mission by bringing top talent into GitLab and supporting team members to develop and fine tune their skill sets and further their careers. We offer development opportunities through LevelUp, our learning management software, to facilitate and centralize the learning experience for GitLab team members. The People Group also offers resources for team members to connect, share concerns, and seek support—helping to create a safe, transparent working environment.

Successful talent management at GitLab is the direct result of the successful management of recruitment and retention of talent. In FY23, we established new and refined policies to ensure a consistent interview experience, increase representation, establish long-term partnerships, and formalize recruitment best practices. By strengthening our recruitment process, we can continue to build a strong pipeline of talent. Once at GitLab, we prioritize the development and enhancement of the skills, education, and experience of our team members.

Developing Our Leaders

To continue to meet the needs of GitLab as we scale, we focused on developing our team members in FY23. Special attention has been given to developing our managers through targeted programs like Elevate, our Leadership Development course, which enrolled its first cohort of managers in FY23. We are aiming to have 85% of our leadership community (manager level) graduate from Elevate by the end of FY24.

Talent Engagement

At GitLab, we actively promote a culture of learning and development. We strive to be recognized as a great place to work and as a leader in facilitating remote learning and development.

Our Learning and Development Team is committed to guiding team members on their career journeys, empowering individual contributors, and equipping leaders through self-service learning. The vision: a future where everyone contributes to a culture of curiosity. This is achieved through several initiatives including skill-based learning, resources designed to enhance career mobility, and the development of learning journeys for teams throughout the organization. We provide asynchronous access to learning opportunities to support our aim of facilitating accessible, remote-friendly development.

As a global, all-remote company, and a team of diverse backgrounds, experiences, and perspectives, we have a unique story to tell. Our Talent Brand helps tell this story by empowering team members to share their thoughts on ‘what it’s like to work here,’ because these are the voices and stories that make GitLab unique and successful.

To capture honest feedback from our team members, we issue a number of engagement surveys that enable us to understand engagement levels across the organization and respond to changing needs. As an organization that prefers to make small iterations and move quickly, this provides us with the data needed to evolve engagement programs as needed. Several surveys support this purpose, including an annual Culture & Engagement survey, Employer Award surveys, and other ad hoc measures like Organizational Health surveys.

Our FY23 Q2 engagement survey results

In FY23, we achieved an 82% participation rate and an overall ‘favorable’ engagement score of 81%. We scored 4% lower than we did in the FY22 Q4 Engagement Survey overall, but this year’s score is still 8% higher than our New Tech peer group, which consists of ~150 fast growing and disruptive tech companies with over 1,000 total team members each. Accordingly, GitLab remains an industry-leader from a scoring perspective.

Diversity, Inclusion, and Belonging*

(UN SDG #5, 8, and 10)

Diversity, Inclusion, and Belonging (DIB) is fundamental to the success of GitLab and as such, is one of our core values. We incorporate the value of Diversity, Inclusion, and Belonging into all that we do – it’s not just an aspect of GitLab, it is GitLab. As a global company, we strive for a team that is representative of our users. As such, we aim to create a work environment that is transparent in nature and fosters a space in which everyone is welcomed. We are firm believers in promoting a work culture in which people can be their full selves and contribute to the best of their abilities. When people bring their authentic selves and feel welcome, they embrace our values to contribute and collaborate. Authentic collaboration results in innovative solutions and enhanced efficiencies and allows us to meet the needs of our customers.

At GitLab, we believe everyone can contribute. This informs our approach to DIB. The Diversity, Inclusion and Belonging Team is building a scalable strategy based on our acronym, A.D.A.P.T. which stands for Action, Do Good, Accountable, Policies, and Transparency.

  • Action - There is intentionality in how we hire and retain our team members, as well as in our customer and open source community engagement
  • Do Good – Provide opportunities for GitLab and team members to meaningfully contribute to our community and society
  • Accountable – There is a responsibility and accountability for our work, products and services, and actions
  • Policies - Actionable processes and policies inform and govern our program development and execution
  • Transparent - Our internal efforts are shared externally

“What I love about the culture at GitLab is our ability to evolve. We have to ensure that as we move forward and expand in different ways, we also evolve as a culture. One of the things that makes us so special is our remote culture and CREDIT values. It is the uniqueness that we bring.” -Sherida McMullan, GitLab Vice President of Diversity, Inclusion, and Belonging

To achieve our DIB mission, vision, and strategic objectives, the DIB Team has put together an extensive strategy that includes a variety of programs:

  • Our Team Member Resource Groups (TMRGs) are voluntary, team member-led groups focused on fostering diversity, inclusion, and belonging. Prior to FY23, GitLab had eight TMRGs and in FY23 we established two new TMRGs, the Caregiving TMRG and the Global Voices TMRG. The Caregiving TMRG is focused on providing a safe space for every GitLab team member to better understand the role of being a caregiver and to build a network of caregivers and their allies at GitLab. Global Voices was created to increase awareness, give a voice to GitLab’s globally diverse team, and improve the daily work life of our global team members.

  • We established a TMRG recognition bonus for our team members leading our TMRGs or DIB focused groups. This is to recognize the great work being done to support the DIB strategy, DIB Team, and further embed the DIB value at GitLab.

  • We also launched our Sponsorship Program Pilot, which partnered influential senior leaders from our sales division with Black sales team members to provide career development opportunities and senior-level visibility. This resulted in an 80% satisfaction rate from participants, measured through a post-program survey. 50% of the sponsors received additional exposure, stretch opportunities, or a promotion. Our second cohort will launch in FY24 and the program will be expanded to a larger group of underrepresented team members.

  • Our DIB Speaker Series has pioneered learning and development for DIB. We invite speakers who represent the global community to educate and inspire GitLab team members. Previous topics include Neurodiversity Inclusivity, Trans Visibility, and Black History Month.

Leadership DIB Council Launched

To support our corporate DIB strategy and to increase our reach and leadership accountability, 13 Director+ leaders representing every division across all regions, launched our Leadership DIB Council.

The Leadership DIB Council is a strategic group of senior leaders who assist the DIB Team in implementing the corporate DIB strategy and provide insights to the DIB Team on the division’s strategic initiatives. More specifically, the Leadership DIB Council is responsible for:

  • Aligning DIB initiatives with business goals
  • Providing division and/or geographic insights to the DIB Team
  • Representing DIB in the Executive Group
  • Actively advocating, challenging norms, and iterating to ensure that DIB remains top of mind at GitLab

In FY24, the Leadership DIB Council is focused on several initiatives:

  • Assist in the creation of DIB behaviors to ensure alignment across all job levels of what it means to live the DIB value at GitLab
  • Actively promote and develop key results for their departments for neurodiversity inclusion
  • Assist in operationalizing global inclusion processes and initiatives
  • Help drive the DIB strategy at division level including objectives and key results (OKRs), key performance indicators (KPIs), and strategic initiatives

As we look toward FY24, we will continue to iterate on our programs, our metrics, and ensure the DIB value empowers everyone to contribute.

GitLab Community

(UN SDG #8)

From the beginning, GitLab has been an open source project made possible by contributions from the community. Our active worldwide community has been fundamental to the transparency of GitLab helping to build trust in the product, as decisions, changes, and the overall direction of the open source project are open for everyone to see.

Contributors to GitLab, the platform and the company, make up the GitLab community and are a critical part of GitLab’s strategy and mission to make it so that everyone can contribute.

Our work with the wider community goes beyond code and can include blog posts, documentation, discussions on forums/social media, meetups, presentations, translations, collaboration on UX design, and more. The Community Relations Team works with our GitLab community to ensure that all receive support and recognition for contributing to GitLab.

We also support community programs aimed at organizations that align with our values. We strive to help these organizations grow and thrive by putting GitLab’s most powerful features in the hands of communities that may not otherwise have the means to access them. Each program is unique in its organization and execution; however, in general, community programs offer GitLab customers benefits such as:

  • Complimentary subscriptions to GitLab Ultimate
  • Direct lines of communication to GitLab team members
  • Opportunities to partner with GitLab for presentations and events

GitLab community programs

  • The GitLab for Education program’s mission is to facilitate and drive the adoption of GitLab at educational institutions around the globe and to build an engaged community of GitLab evangelists and contributors in the next generation of the workforce. As of January 2023, the GitLab for Education program has over 3 million seats of GitLab’s top-tier subscription plan at over 1,000 educational institutions in more than 65 countries.
  • The GitLab for Open Source program supports GitLab’s mission to make the world a place where anyone can contribute. We help make GitLab the best place for open source projects to grow and thrive.
  • The GitLab for Startups program launched early in 2023 and helps qualifying startups get access to our top tiers for free or at a deep discount for up to two years.

“Community is core to who we are and what we do. Our mission is to help these communities experience GitLab’s vision of a world where everyone can contribute.” -Emilio Salvador, GitLab Vice President of Developer Relations

Social Impact

(UN SDG #4 and 10)

GitLab launched its first Philanthropy Policy in March 2023. This policy supports the launch of a formal corporate social impact program in 2023. The purpose of this program will be to support nonprofit organizations that align with the focus areas identified in our materiality assessment and to support team member efforts to get involved with community organizations.

“Giving back has been key to GitLab’s culture since our inception. We are excited to formalize our corporate social impact program commitment to ensure that we continue to use our resources for good and in alignment with our Values.” -Robin Schulman, GitLab Chief Legal Officer and Head of Corporate Affairs

GitLab Foundation

In September 2022, the GitLab Foundation (the “Foundation”) launched with a mission to improve people’s lifetime earnings through access to opportunities and a vision of a world in which one million more people can afford a better life. The Foundation was formed in part by GitLab as part of its mission to create a world in which everyone can contribute. GitLab leadership believed it was important to support organizations that could further this goal on a global scale. When GitLab went public in October 2021, it dedicated 1% of its shares to further this aim. This was influenced by the Pledge 1% movement, which encourages companies and founders desire to set aside equity for social impact.

The Foundation is funded by GitLab and its CEO, Sytse ‘Sid’ Sijbrandij. The Foundation is an independent nonprofit entity, and its operations are autonomous from GitLab.

To learn more, please visit the GitLab Foundation.

Environment

Climate Action and Greenhouse (GHG) Emissions*

(UN SDG #13)

Part of doing responsible business means minimizing our environmental footprint. In May 2023, we partnered with Watershed to complete our first greenhouse gas (“GHG”) inventory for FY23. We will use the results of the inventory to better understand our key sources of emissions, set reduction goals using FY23 as a baseline, develop a reduction plan, and educate our fully remote team on how they can understand and reduce their GHG emissions at home.

GitLab is a fully remote company without direct emissions from company owned facilities or direct energy consumption. Accordingly, our GHG inventory measures Scope 3 emissions only, specifically the emissions associated with remote work, purchased goods and services, cloud services, and business travel. Teams across GitLab including Finance, Procurement, People Analytics, Engineering, and Infrastructure, collaborated with the ESG team to collect data for the inventory.

GHG_Inventory

The results of our first GHG inventory are also available in the Performance Data Table and our third-party assurance letter is available here.

“As a fully remote company without owned and operated facilities, GitLab does not have Scope 1 or 2 emissions. That said, we know there is still an opportunity to reduce our Scope 3 footprint and educate team members about climate change and how they can choose to take action in their own lives.” -Stacy Cline, GitLab Senior Director of ESG

As part of our commitment to iteration, GitLab began purchasing accredited carbon offsets in 2020, before we conducted our first GHG inventory. The purchases support projects that avoided unplanned deforestation, improved forest management, and contributed to afforestation, reforestation, and revegetation in a variety of countries such as Peru, Colombia, and the USA. To date, we have offset 24,100 metric tons of CO2, which is the equivalent of planting 13,621 trees or taking 5,239 passenger cars off the road for an entire year.

(GitLab Impact Report, Pachama, data as of July 2023)

Governance

Corporate Governance

GitLab’s team members, senior management, and members of our Board of Directors (“Board”) play critical roles in providing strategic direction for our responsible business practices. Implicit in this philosophy is the importance of sound corporate governance. GitLab’s Board has fiduciary duties to GitLab and its shareholders. Our Board provides leadership, regular review and evaluation, and oversight—all in service of stakeholder interests. To help ensure Board members are performing their duties, the Board and its committees participate in annual assessments.

GitLab’s Corporate Governance Guidelines, Codes, Policies, and other governance documents guide our Board in fulfilling its responsibilities. Board committees oversee and review areas of risk that are particularly relevant to them based on the committee of which a particular Board member sits. GitLab’s management regularly provides reports to support the Board’s oversight obligations. This reporting cadence provides visibility and information regarding the identification, assessment, and management of critical risks and the company’s s risk mitigation strategies.

The Board’s responsibilities include:

  • Risk oversight
  • Monitoring the performance of the Chief Executive Officer (CEO) and other Executive leaders
  • Giving feedback on the mission, values, and strategy
  • Evaluating if adequate resources are available to achieve our goals and that those resources are used effectively
  • Advocating for GitLab externally
  • Participating in Board meetings
  • Participating on Board committees
  • Participate in the process for certain executive hires

Our Board has an Audit Committee, a Compensation and Leadership Development Committee, and a Nominating and Corporate Governance Committee. The composition and responsibilities of each committee are described in our proxy and in our Board section of the Investor Relations page.

GitLab’s Nominating and Corporate Governance Committee charter tasks the committee with overseeing any programs relating to corporate responsibility and sustainability, including environmental, social, and corporate governance matters. GitLab’s Senior Director, ESG reports to the Chief Legal Officer & Head of Corporate Affairs weekly and GitLab’s executive leadership as needed. The Nominating and Corporate Governance Committee meets at least twice a year and ESG topics are discussed with this committee as well as with the full Board as needed.

Information Security and Data Privacy*

At GitLab, we know how much security and privacy matter to our customers and stakeholders. GitLab maintains a formal Security Assurance department responsible for monitoring and reporting on GitLab’s compliance with various security frameworks and standards. For the most up-to-date list of current security frameworks, certifications, and instructions on obtaining assurance documentation, please reference GitLab’s Trust Center.

GitLab takes the security of our user’s data seriously. We employ administrative, technical, and physical security controls when appropriate, to protect user information. For more information on our security practices, please see Technical and Organizational Security Measures for GitLab.com.

GitLab acknowledges the importance of our privacy obligations and the requirements and rights of our customers and users. We provide detailed information to everyone on the personal data we collect to operate our business. For more information on the personal data we collect, please see our Privacy Statement. GitLab makes the necessary documentation available to our customers to enable compliance with privacy regulations. Users also have the right to access, correct, restrict, or delete personal data, and to port personal data to another company. While these rights may vary by jurisdiction, GitLab provides users with the same rights and choices, no matter where they live. For more information on our privacy practices, see our Privacy Statement.

The Privacy Team, which is part of the Legal and Corporate Affairs Team, provides support and guidance to uphold consistent business processes around the protection of personal data as it relates to GitLab customers, users, team members, and other natural persons. The team serves as advocates to ensure that the data privacy practices of GitLab meet the needs of cross-functional partners and are continually balanced with an ever-changing global data privacy and protection landscape.

GitLab maintains a Data Classification Standard using a color system to denote data classification levels: green, yellow, orange, and red. All customer-generated private data is classified as the most sensitive data in the environment and is automatically labeled as red, demonstrating GitLab’s commitment to data security on behalf of our customers. This classification standard extends to customer application programming interfaces (“APIs”), code, private user profiles, and confidential repos/epics/issues. Red data classification is reserved exclusively for customer-generated data.

ISO 27017:2015 & ISO 27018:2019 – A Certification in Our Cloud Security and Privacy Standards

Over the last few years, GitLab has continued to hold the ISO/IEC 27001:2013 certification that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (“ISMS”). More recently GitLab received the expansion of its ISO 27001 certification to include ISO 27017:2015 cloud security standard, and ISO 27018:2019 privacy standard.

Responsible Product Development*

GitLab’s product mission is to consistently create products and experiences that users love and value. Responsible product development is integral to this mission.

We are committed to secure and ethical operations as an organization and, beyond that, strive to set an example by empowering our wider GitLab community to build and work with the highest levels of security through our DevSecOps platform.

Artificial Intelligence (AI) marks a big industry shift that will make it easier to develop, secure and operate software. GitLab infuses AI throughout the software development lifecycle by incorporating it into our comprehensive enterprise DevSecOps platform. We lead with a customer-centric approach focused on privacy first, helping customers secure their intellectual property.

“With AI revolutionizing how companies develop, secure, and operate software, we believe GitLab is positioned as the leading AI-powered DevSecOps platform. Today, we deliver more AI-powered capabilities to customers than any other DevSecOps platform. Our vision builds on that foundation to encompass the full software development lifecycle - from planning and development to security, deployment, and maintenance. With GitLab, customers accelerate the time to value their digital transformation efforts.” -Sid Sijbrandij, GitLab Co-Founder and Chief Executive Officer

Product Feature Enhancements in FY23

We believe we are best in class and the leading example in information security, innovation, and transparency. To that end, we devoted significant effort in FY23 to enhance the capabilities across our entire platform and further elevate our standards across the product development lifecycle.

Our FY23 priorities in this area included:

  • Improving the developer experience with AI, by investing in AI through the UnReview acquisition, and by launching Suggested Reviewers, and AI Assisted Code Suggestions, which is GitLab’s first AI powered features which help improve developer productivity and efficiency all within a single application

  • Extending our lead in GitLab continuous integration (CI), enabling testing, building, and publishing of software with no third-party application or integration needed

  • Investing in an anti-abuse stage aimed at protecting GitLab infrastructure and, by extension, our customers’ sensitive source code from abuse and malicious behavior

  • Enhancing platform security, including improvements in many industry certifications.

  • Investing heavily in our federal offering, including Federal Information Processing Standard (FIPs) compliance

  • Launched GitLab Dedicated

    GitLab Dedicated, launched in beta in the spring 2022, removes the overhead of platform management to increase operational efficiency, reduce risk, and enhance the speed and agility of an organization. GitLab teams fully manage the maintenance and operations of each isolated instance so that customers can access our latest product improvements while meeting the most complex compliance standards.

    In addition to GitLab Dedicated, we released several new security features in FY23. Releases included:

  • Integrated security training feature (Ultimate tier only)

    GitLab already provides a comprehensive set of security scanning tools. This past year, we launched a new integrated security training functionality for our SaaS and Self-Managed Ultimate tier community members and customers to help developers learn how to address vulnerabilities. Developers can now view training from selected educational providers, relevant to the detected vulnerability.

  • Supply Chain Levels for Software Artifacts (“SLSA”) security framework feature (all tiers)

    SLSA is a security framework that helps security and integrity of software supply chains. By default, GitLab Runner is now capable of generating and producing SLSA-L1 compliant attestation metadata for building artifacts.

  • Group and subgroup-level scan result capabilities for security policies (Ultimate tier only)

    GitLab now supports the management of scan result policies at both the group and subgroup levels. These policies automatically flow down and apply to all projects in the group. This makes it easier to enforce policies uniformly for large organizations that have significant numbers of projects.

Business Ethics*

GitLab is committed to the highest standards of legal and ethical business conduct. It has long operated its business consistent with written operating principles and policies that reinforce this commitment. GitLab complies with all laws and governmental regulations that are applicable to its activities, and expects all team members to adhere to our ethical standards, and legal and regulatory obligations. We require each team member to read and become familiar with the ethical standards described in GitLab’s policies. A team member who violates the law and/or our corporate policies may face disciplinary action, up to and including dismissal.

Compliance with GitLab’s policies, and local and federal rules and laws is the individual responsibility of each team member. Team members are required to deal honestly, ethically, and fairly with customers, partners, suppliers, competitors, and other third parties. For example, we:

  • Prohibit bribes, kickbacks, or any other form of improper payment (and payment acceptance), direct or indirect, to (by) any representative of a government, labor union, customer, or supplier to obtain a contract, some other commercial benefit or government action; and
  • Protect, in accordance with applicable agreements and law, all proprietary data our customers, partners, or suppliers provided to us; and prohibit our representatives from otherwise taking unfair advantage of our customers, partners, or suppliers, or other third parties, through manipulation, concealment, abuse of privileged information, or any other unfair-dealing practice.

GitLab strives to foster a work environment in which ethical issues and concerns may be raised and discussed with supervisors or with others without fear of retribution. If a team member is aware of a suspected or actual policy violation by others, they have a responsibility to report it in accordance with the procedures outlined below and in our Code of Business Conduct and Ethics.

Reporting of Concerns and Violations

GitLab offers team members a variety of ways to get answers to their questions about ethical issues and to raise any concerns about a possible violation of the Code of Business Conduct and Ethics. Generally, each team member’s direct supervisor or manager (or another supervisor or manager) will be in the best position to resolve the issue quickly. If, after raising an ethics or conduct concern, the issue is not resolved, it should be raised with GitLab’s People Group or Chief Legal Officer. Team members can raise their concerns orally or in writing and may do so anonymously.

At any time, team members may contact EthicsPoint, GitLab’s comprehensive and confidential 24-hour hotline provided by Navex Global. The purpose of EthicsPoint is to ensure that any team member wishing to submit a report anonymously about conduct addressed in the Code of Business Conduct and Ethics can do so without fear of retribution. EthicsPoint toll-free numbers and other reporting methods are available 24 hours a day, 7 days a week for use by team members. In addition to EthicsPoint, GitLab has engaged Lighthouse Services to provide an anonymous reporting hotline for GitLab team members to submit reports regarding team member relations.

Partner Ethics

Business ethics go beyond our immediate team members. GitLab will only do business with suppliers, contractors, resellers, agents, and consultants (collectively referenced as “Partners”) who comply with applicable and controlling laws, rules, and regulations and at a minimum, with standards of business conduct consistent with those set forth in GitLab’s Partner Code of Ethics.

As with our own team members, GitLab holds the highest expectations for our Partners regarding ethical issues including human rights, health and safety, corruption, the working environment and more. GitLab expects that Partners, as well as their employees, sub-suppliers, and any other parties involved with the execution of GitLab work, similarly comply with the applicable laws and the standards set forth in the Partner Code of Ethics.

Anti-Fraud Policy

GitLab is continually iterating to enhance policies that help guide team members in conducting business in a lawful and ethical manner. Most recently, GitLab formalized an Anti-Fraud Policy in FY23. The policy builds on existing requirements set forth in other policies. The primary objectives of the policy are to prevent fraud, help maintain GitLab’s culture of compliance and integrity in GitLab’s business dealings, establish procedures and protections that allow team members to act on suspected fraud or corruption with potentially adverse ramifications, and achieve GitLab’s legitimate business objectives.

Team members are expected to immediately report suspected, observed, or otherwise known fraudulent activity to their direct supervisor (who shall notify GitLab’s Chief Legal Officer and Head of Corporate Affairs, Chair of the Audit Committee, or outside counsel, as appropriate). If the team member has reason to believe that their direct supervisor may be involved in fraudulent activity, the team member is obligated to report the activity to the Chief Legal Officer and Head of Corporate Affairs. The reporting team member shall refrain from discussing the matter with any team member unless directed to do so by the Chief Legal Officer and Head of Corporate Affairs.

As with other ethical concerns, team members may confidentially and anonymously report suspected or observed violations of the anti-fraud policy via EthicsPoint.

Appendix

Measuring Results

Disclosing our progress through data aligns with our transparency and results values. We have a section in our Handbook devoted to key performance indicators (KPIs) where we update our progress regularly. Every part of GitLab has KPIs linked to the company objectives and key results (OKRs). As we build our ESG strategy, we will continue to add and update relevant ESG KPIs to the Handbook.

Contact

For questions regarding GitLab’s ESG report and data, please contact ESG@GitLab.com

Forward looking statement

This report contains forward-looking statements within the meaning of the federal securities laws. These statements involve assumptions and are subject to known and unknown risks and uncertainties that could cause actual results to differ materially from those discussed or anticipated. For a complete discussion of risk associated with these forward-looking statements in our business, please refer to our SEC filings, including our most recent quarterly report on Form 10-Q and our most recent annual report on Form 10-K.

Our forward-looking statements are based upon information currently available to us. We caution you to not place undue reliance on forward-looking statements, and we undertake no duty or obligation to update or revise any forward-looking statement, or to report any future events, or circumstances or to reflect the occurrence of unanticipated events.

Additionally, this presentation contains information related to upcoming features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned during the presentation are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab.

Last modified March 26, 2024: Update level of SLSA (c609aeb1)