GitLab the Product

1. You are here:
2. Handbook
3. Product Handbook
4. GitLab the Product

On this page

• On this page
• GitLab the Product
  • Single application
  • GitLab.com
    • GitLab.com subscription scope and tiers
  • Alpha, Beta, GA
    • Alpha
    • Closed Beta
    • Open Beta
    • Limited Availability (LA)
    • Generally Available (GA)
  • Breaking changes, deprecations, and removing features
    • Examples of breaking changes
    • Deprecating and removing features
    • Definitions
      • Deprecation
      • End of Support
      • Removal
      • Breaking change
    • Process for deprecating and removing a feature
    • Video on deprecations and removals process
    • Syntax deprecation process
  • Naming features
    • Factors in picking a name
    • Process
    • Renaming
  • Using What's New to communicate updates to users
  • Permissions in GitLab
  • Security Paradigm
  • Statistics and performance data
  • Internationalisation
  • Performance
    • Known Product Usage Behaviors
    • Product Usage Behavior Definition
    • Notes
    • Restriction of closed source JavaScript
  • Why cycle time is important
  • Plays well with others
  • Who GitLab competes with

Principles - Processes - Categorization - GitLab the Product - PM Responsibilities - Being a PM - Performance Indicators - Leadership

GitLab the Product

Single application

We believe that a single application for the DevOps lifecycle based on convention over configuration offers a superior user experience. The advantage can be quoted from the Wikipedia page for convention over configuration: "decrease the number of decisions that developers need to make, gaining simplicity, and not necessarily losing flexibility". In GitLab you only have to specify unconventional aspects of your workflow. The happy path is frictionless from planning to monitoring.

We're doubling down on our product for concurrent DevOps which brings the entire lifecycle into one application and lets everyone contribute. We are leaning into what our customers have told us they love: our single application strategy, our pace of iteration, and our deep focus on users.

Consider opportunities to take advantage of this unique attribute in early iterations. Integrating features with different parts of the application can increase the adoption of early iterations. Other advantages:

• A minimal viable feature that is well integrated can be more useful than a sophisticated feature that is not integrated.

Although not every feature needs to be integrated with other parts of the application, you should consider if there are unique or powerful benefits for integrating the feature more deeply in the second or third iteration.

GitLab.com

GitLab.com runs GitLab Enterprise Edition.

To keep our code easy to maintain and to make sure everyone reaps the benefits of all our efforts, we will not separate GitLab.com codebase from the Enterprise Edition codebase.

To avoid complexity, GitLab.com tiers and GitLab self-managed tiers are named the same.

GitLab.com subscription scope and tiers

GitLab.com subscriptions work on a namespace basis, which can mean:

• personal namespace, e.g. JaneDoe/*
• group namespace, e.g. gitlab-org/

This means that group-level features are only available on the group namespace.

Public projects get Ultimate for free. Public groups do not get Ultimate for free. Because:

• This would add significant additional complexity to the way we structure our features, licenses and groups. We don't want to discourage public groups, yet it wouldn't be fair to have a public group with only private projects and for that group to still get all the benefits of Ultimate. That would make buying a license for GitLab.com almost entirely moot.
• All value of group level features is aimed at organisations, i.e. managers and up (see our stewardship). The aim with giving all features away for free is to enable and encourage open source projects. The benefit of group-level features for open source projects is significantly diminished, therefore.
• Alternative solutions are hard to understand, and hard to maintain.

Admittedly, this is complex and can be confusing for product managers when implementing features. Ideas to simplify this are welcome (but note that making personal namespaces equal to groups is not one of them, as that introduces other issues).

For more guidance on feature tiers and pricing, visit tiering guidance for features

Alpha, Beta, GA

Occasionally we need to test large, complex features before we are confident that we'll be able to scale, support and maintain them as they are. In this case we have the option to release them as Alpha or Beta versions.

In general, we should avoid releasing Alpha or Beta versions of features. A minimal viable change should be viable and therefore should not need a pre-release. That said, if there is a situation where we have no valid alternative, the definitions of each stage is below.

It's never acceptable to make changes that risk any damage to existing production data accessed by our users.

Alpha

• not ready for production use
• unstable and can cause performance and stability issues
• the configuration and dependencies are likely to change
• features and functions may be removed
• data loss can occur (be that through bugs or updates)

Closed Beta

Similar to Open Beta, but only available to selected users.

• not ready for production use
• unstable and can cause performance and stability issues
• configuration and dependencies unlikely to change
• features and functions unlikely to change
• data loss less likely

Open Beta

• not ready for production use
• unstable and can cause performance and stability issues
• configuration and dependencies unlikely to change
• features and functions unlikely to change
• data loss not likely
• support on a commercially-reasonable effort basis

Limited Availability (LA)

• ready for production use by a small set of customers
• can be booked by Deal Desk as part of an order
• fully documented and supported

Generally Available (GA)

Passed the Production Readiness Review for GitLab.com, which means that it is:

• ready for production use at any scale
• fully documented and supported

Breaking changes, deprecations, and removing features

A breaking change may occur when you intentionally plan to change or remove functionality. Breaking changes can sometimes result from the addition of new features. It is the responsibility of the PM and EM for a category to carefully consider the risk and impact of introducing a breaking change as they can cause severe disruption to customers.

If you are introducing a breaking change, you must notify the user community and customers through a deprecation notice in the monthly release post as soon as possible. Follow the process outlined below for deprecations and removals.

Examples of breaking changes

• API Changed
• Behavior Changed
• Default Changed

Deprecating and removing features

Deprecating and removing a feature needs to follow a specific process because it is important that we minimize disruption for our customers. As you move through the process, use the language deprecated or removed to specify the current state of the feature that is going to be or has been removed.

Note - some deprecations or removals do not result in a breaking change. So in your deprecation or removal notice, you need to be explicit about the following:

• Does the deprecation or removal result in a breaking change?
• If the deprecation or removal results in a breaking change, then what does it break?
• If the deprecation or removal results in a breaking change, what is the user's remediation?

Definitions

Deprecation

• Feature not recommended for use.
• Development restricted to Priority 1 / Severity 1 bug fixes.
• Will be removed in a future major release.
• Begins after a deprecation announcement outlining an end-of-support date.
• Ends after the end-of-support date or removal date has passed.

End of Support

• Feature usage strongly discouraged.
• No support or fixes provided.
• No longer tested internally.
• Will be removed in a future major release.
• Begins after an end-of-support date has passed.
• Ends after all relevant code has been removed.

Removal

• Feature usage impossible.
• Happens in a major release in line with our semantic versioning policy.
• Begins after removal date has passed.

Breaking change

• Change in one part of a software system that causes a disruption to a customer's workflows or tasks
• Requires action from customer to ensure continuity of function

Process for deprecating and removing a feature

As soon as possible, but no later than the third milestone preceding intended removal:

For example, if the intended removal milestone is 15.0, given the following release schedule: 14.8, 14.9, 14.10, 15.0 – 14.8 is the third milestone preceding intended removal.

1. Make sure the deprecation has an issue leveraging the deprecation issue template.
   • Leveraging this template to create a deprecation issue is required because it serves as the SSOT/communication cross-functionally and across other stable counterparts, such as TAMs and Marketing, who need awareness of upcoming removals.
2. Identify if deprecating the feature creates a breaking change. If so, you will need to wait until a XX.0 major release for removal. (Consider providing a notice as much in advance as you can - especially for features that have large impact.)
3. Review the overall workflow for announcing Deprecations and Removals here and follow guidance to announce the deprecation in GitLab Docs the release post.
4. Potentially mention it in the Kickoff Videos.
5. Engage the support team to discuss support procedures for deprecated features and update the Statement of Support as necessary
6. Label the feature accordingly in documentation and the application
7. Remove the feature from marketing pages

Milestone of Removal:

1. Announce the final removal in the Release Post
2. Engage the support team to update the Statement of Support as necessary

Important Notes

• The deprecation notice and the linked issue must have clear language describing the change and the impact to users.
• It is the responsibility of the PM and EM for a category to carefully review the language in the linked issue for clarity.
• Regardless of whether the Product Manager or Engineering Manager creates the initial deprecation epic/issue, they must @mention the following stable counterparts for their category on each deprecation epic/issue to keep them informed: Support, Customer Success, and Product Marketing.
  • To make this easy and consistent across teams, using the deprecations issue template is required.

Video on deprecations and removals process

• Watch this video for an overview of GitLab's deprecations and removals policy and recent updates to it. It also includes an overview of the process from the Runner engineering team for managing deprecations and removals between major releases.

Syntax deprecation process

Our CI syntax keeps evolving. We cannot support all keywords indefinitely, so deprecating and removing keywords is inevitable.

GitLab does not have a versioning system for CI/CD configuration. Therefore, it is critical to over-communicate our deprecation purposes to our users and take the necessary precautions to reduce the impact on their projects. Deprecating a keyword is risky because it will break all pipelines using it, and in some cases, users are not aware of the keyword they use in their pipeline. The deprecation process described below is similar to the deprecating and removing features process, with additional steps to reduce the risks which involved with removing a CI/CD keyword.

1. Deprecation notice - Syntax removal introduces a breaking change, as outlined in our deprecation process, we must notify the community and customers, which means including a deprecation notice in the monthly release post.

2. Track keyword usage - Tracking keyword usage should begin as early as possible. It is a mandatory step that helps estimate the user impact, timing, and needed effort. The more users use the keyword, the more time it takes to remove it (It took more than four years to move from remove to deprecation for 'type' keyword).

3. In-app warning - Provide our users with an in-app notification that we plan to remove a keyword they use in their pipeline. Our customers will get a notification in each run of the pipeline that uses the deprecated keyword. The warning will be printed:

   • At run time on the pipeline page and logs.
   • In the pipeline editor, while authoring a pipeline.

   This step is optional if the keyword usage is relatively low (Recommend minimal reach of ~5% impacted users).

4. Keyword removal - The keyword will be removed from our code and schema and should happen in a major version. Once removed, using the keyword will result in a lint error.

Naming features

Naming new features or renaming existing features is notoriously hard and sensitive to many opinions.

Factors in picking a name

• It should clearly express what the feature is, in order to avoid the AWS naming situation.
• It should follow usability heuristics when in doubt.
• It should be common in the industry.
• It should not overlap with any other existing concepts in GitLab.
• It should have as few words as possible (so people won't use a shortened name).
• If you remove words from the name, it is still unique (helps to give it as few words as possible).

Process

• It's highly recommended to start discussing this as early as possible.
• Seek a broad range of opinions and consider the arguments carefully.
• The PM responsible for the area involved should make the final decision and not delay the naming.
• Naming should definitely not be a blocker for a feature being released.
• Reaching consensus is not the goal and not a requirement for establishing a name.

Renaming

The bar for renaming existing features is extremely high, especially for long-time features with a lot of usage. Some valid but not exclusive reasons are:

• New branding opportunities
• Reducing confusion as we introduce new adjacent features
• Reducing confusion as we re-factor existing features

When renaming features follow the process to rename a category starting with an MR to change the name in data/features.yml. Request review by the Product Director and Engineering Director of your Section for approval. Optionally, add a comment including your technical writer, engineering manager, and designer for transparency.

When renmaing a feature other items to consider are updates to documentation, blogs, direction pages and competitive information.

Using What's New to communicate updates to users

What's New is a feature that is part of GitLab.com and Self-managed GitLab that is used to communicate highlights from each release. After each major release, a yaml file is published that contains 3-10 highlights from the release along with links to the relevant documentation to get started using them.

A small notification dot appears above the "?" icon, and when users click on "What's new" in the menu, a drawer containing the updates slides into view.

The goal of What's New is to make it easy for users to be aware of the most important changes in GitLab so we can help them stay up-to-date on all of our changes and feature updates.

Permissions in GitLab

Use this section as guidance for using existing features and developing new ones.

1. Guests are not active contributors in private projects. They can only see, and leave comments and issues.
2. Reporters are read-only contributors: they can't write to the repository, but can on issues.
3. Developers are direct contributors, and have access to everything to go from idea to production, unless something has been explicitly restricted (e.g. through branch protection).
4. Maintainers are super-developers: they are able to push to master, deploy to production. This role is often held by maintainers and engineering managers.
5. Admin-only features can only be found in /admin. Outside of that, admins are the same as the highest possible permission (owner).
6. Owners are essentially group-admins. They can give access to groups and have destructive capabilities.
7. Auditor cannot access /admin, group settings, and project settings. Auditor has read-only access to all other areas.

To keep the permissions system clear and consistent we should improve our roles to match common flows instead of introducing more and more permission configurations on each resource, if at all possible.

For big instances with many users, having one role for creating projects, doing code review and managing teams may be insufficient. So, in the long term, we want our permission system to explicitly cover the next roles:

1. An owner. A role with destructive and workflow enforcing permissions.
2. A manager. A role to keep a project running, add new team members etc.
3. A higher development role to do code review, approve contributions, and other development related tasks.

All the above can be achieved by iteratively improving existing roles.

Documentation on permissions

Security Paradigm

You can now find our security paradigm on the Secure Strategy page.

Also see our Secure Team engineering handbook.

Statistics and performance data

Traditionally, applications only reveal valuable information about usage and performance to administrators. However, most GitLab instances only have a handful of admins and they might not sign in very often. This means interesting data is rarely seen, even though it can help to motivate teams to learn from other teams, identify issues or simply make people in the organisation aware of adoption.

To this end, performance data and usage statistics should be available to all users by default. It's equally important that this can be optionally restricted to admins-only, as laws in some countries require this, such as Germany.

Internationalisation

GitLab is developed in English, but supports the contribution of other languages.

GitLab will always default to English. We will not infer the language / location / nationality of the user and change the language based on that. You can't safely infer user preferences from their system settings either. Technical users are used to this, usually writing software in English, even though their language in the office is different.

Performance

Fast applications are better applications. Everything from the core user experience, to building integrations and using the API is better if every query is quick, and every page loads fast. When you're building new features, performance has to be top of mind.

We must strive to make every single page fast. That means it's not acceptable for new pages to add to performance debt. When they ship, they should be fast.

You must account for all cases, from someone with a single object, to thousands of objects.

Read the handbook page relating to performance of GitLab.com, and note the Speed Index target shown there (read it thoroughly if you need a detailed overview of performance). Then:

• Make sure that new pages and interactions meet the Speed Index target.
• Existing pages should never be significantly slowed down by the introduction of new features or changes.
• Pages that load very slowly (even if only under certain conditions) should be sped up by prioritizing work on their performance, or changes that would lead to improved page load speeds (such as pagination, showing less data, etc).
• Any page that takes more than 4 seconds to load (speed index) should be considered too slow.
• Use the availability & performance priority labels to communicate and prioritize issues relating to performance.

You must prioritize improvements according to their impact (per the availability & performance priority labels). Pages that are visited often should be prioritized over pages that rarely have any visitors. However, if page load time approaches 4 seconds or more, they are considered no longer usable and should be fixed at the earliest opportunity.

Known Product Usage Behaviors

In this section we document for the benefit of our community our known current product usage behaviors. This helps us ensure that we are aware of not just averages of usage but also upper bounds. When building new capabilities we will ensure that we accommodate behavior within the range and keep observed upper-bounds in mind when building for scale.

Metric	Average	Lower Range	Upper Range	Observed Min	Observed Max
Lines of Code Changed / MR1	137	6	1375	0	14280733
Files changed / MR1	6	1	28	0	5984
Commits / MR1	3	1	16	1	8802
Diff Size / MR1	238	18	1718	0	110732
Pipelines / Project2	103	1	5430	1	3021708
Projects / Top Level Namespace (TBD)
Subgroups / Top Level Namespace (TBD)
Issues / Top Level Namespace (TBD)
Epics / Top Level Namespace (TBD)
Environments / Project	1	0	2.5	0	231
Jobs / Pipeline (TBD)
Size (GB) / Repository (TBD)
Size (Lines of Code) / Repository (TBD)
Image tags / Container Registry (REF)	20	2	47	1	206,011
Packages / Registry (REF)	44	1	1762	0	177,144
Kubernetes clusters / environment (TBD)
Variables / Project
Variables / Namespace
Parent child pipeline / project
Multi project pipeline / Project
TBA

Product Usage Behavior Definition

• Average - The average value across all data
• Lower Range - Two standard deviations below the average
• Upper Range - Two standard deviations above the average
• Observed Min - The minimum value observed
• Observed Max - The maximum value observed
• Time Frame - TBD. We want to iterate on this view to represent data from the last 12 month for active projects to better represent current usage behaviors.

Notes

1. Merge request diffs follow collection limits in application
2. Within this metric distribution of projects is not "normal" so two standard deviations below the mean is reported as a negative.

Restriction of closed source JavaScript

In addition, to meet the ethical criteria of GNU, all our JavaScript code on GitLab.com has to be free as in freedom. Read more about this on GNU's website.

Why cycle time is important

The ability to monitor, visualize and improve upon cycle time (or: time to value) is fundamental to GitLab's product. A shorter cycle time will allow you to:

• respond to changing needs faster (i.e. skate to where the puck is going to be)
• ship smaller changes
• manage regressions, rollbacks, bugs better, because you're shipping smaller changes
• make more accurate predictions
• focus on improving customer experience, because you're able to respond to their needs faster

When we're adding new capabilities to GitLab, we tend to focus on things that will reduce the cycle time for our customers. This is why we choose convention over configuration and why we focus on automating the entire software development lifecycle.

All friction of setting up a new project and building the pipeline of tools you need to ship any kind of software should disappear when using GitLab.

Plays well with others

We understand that not everyone will use GitLab for everything all the time, especially when first adopting GitLab. We want you to use more of GitLab because you love that part of GitLab. GitLab plays well with others, even when you use only one part of GitLab it should be a great experience.

GitLab ships with built-in integrations to many popular applications. We aspire to have the world's best integrations for Slack, JIRA, and Jenkins.

Many other applications integrate with GitLab, and we are open to adding new integrations to our technology partners page. New integrations with GitLab can vary in richness and complexity; from a simple webhook, and all the way to a Project Service.

GitLab welcomes and supports new integrations to be created to extend collaborations with other products. GitLab plays well with others by providing APIs for nearly anything you can do within GitLab. GitLab can be a provider of authentication for external applications.

There is some natural tension between GitLab being a single-application for the entire DevOps lifecycle, and our support for better user experience via integration with existing DevOps tools. We'll prioritize first our efforts to improve the single-application experience, second to enable a rich ecosystem of partners, and third to improve integration with the broader ecosystem to other tools. GitLab is open-source so this should not prohibit contributors adding integrations for anything that they are missing - as long as it fits with GitLab product vision.

If you don't have time to contribute and are a customer we'll gladly work with you to design the API addition or integration you need.

Who GitLab competes with

In pursuit of our product vision of becoming a complete platform for the entire DevOps lifecycle, delivered as a single application, GitLab will inevitably compete for user and business with other DevOps tools technologies and vendors. For clarity, GitLab publicly competes with other vendors only in categories where our product is lovable (in our maturity model). We may at times name these competitors publicly.

For all other categories, GitLab will highlight examples of tools that have functionally similar features to the features GitLab is developing, but we will not name them as explicit competitors. This does not mean that we will not be trying to acquire users or business based on those categories, but it does mean that we will not refer to those other vendors as 'competitors', as our goal is to pursue our product vision (not to specifically win against other tools or vendors where we are not yet lovable).