SAN FRANCISCO, CALIF.—January 30, 2018 – Today GitLab, the leading integrated product for the entire DevOps lifecycle, announced it has acquired Gemnasium, a company that provides software to help developers mitigate security vulnerabilities in open source code. GitLab is acquiring both Gemnasium’s technology and its team of experts, who will come on board to implement robust security scanning functionality natively into GitLab’s CI/CD pipelines. Automating application security testing allows businesses to develop and iterate software faster without sacrificing a strong security posture.
With open source software (OSS) adoption rapidly growing, the risk for vulnerabilities is at an all-time high. The number of open source modules in use continues to increase, so the surface area for vulnerabilities to be exploited has expanded far and wide. As the dependency tree goes deeper, it can be daunting or even impossible for developers to keep track of which software they are using and what ramifications its use may have on the business.
Gemnasium has created the best-in-class solution for managing security threats related to open source dependencies. With a larger database and advanced algorithms, their solution finds more vulnerabilities with fewer false positives. This allows developers to protect their code and spot vulnerabilities in open source software before attackers can expose an organization to threats such as malware injections, Denial-of-Service (DoS) attacks and data breaches.
“As a team of engineers, we’re excited to join the GitLab team and bring the benefits of Gemnasium to the DevOps lifecycle,” said Philippe Lafoucrière, founder of Gemnasium. “Our goal has always been to help developers build the most secure software possible and joining GitLab allows us to do just that.”
GitLab has already begun adding native security functionality, such as the addition of Static Application Security Testing (SAST) in the 10.3 release, along with Dynamic Application Security Testing (DAST) and Container Scanning in the 10.4 release. With the Gemnasium team coming on board, GitLab will further accelerate its security roadmap to bring developers a native and seamless experience for rapidly deploying secure code.
“GitLab’s vision is to provide best-in-class tools for the complete DevOps lifecycle in a single application,” said Sid Sijbrandij, CEO of GitLab. “Gemnasium is the best dependency monitoring solution on the market, and we are excited to be making its team part of the GitLab experience.”
Gemnasium.com will be winding down with an expected end-of-life date of May 15. The Gemnasium team encourages users to migrate to GitLab CI/CD or explore similar services like Snyk, SourceClear, WhiteSource, and BlackDuck. For more information, visit https://gemnasium.com/blog/gemnasium-is-acquired-by-gitlab/.
About GitLab GitLab is a DevOps platform built from the ground up as a single application for all stages of the DevOps lifecycle enabling Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab provides a single data store, one user interface, and one permission model across the DevOps lifecycle. This allows teams to significantly reduce cycle time through more efficient collaboration and enhanced focus. Built on Open Source, GitLab leverages the community contributions of thousands of developers and millions of users to continuously deliver new DevOps innovations. More than 100,000 organizations from startups to global enterprises, including Ticketmaster, Jaguar Land Rover, NASDAQ, Dish Network, and Comcast trust GitLab to deliver great software faster. GitLab is the world's largest all-remote company, with more than 1,200 team members in more than 65 countries and regions.