SAN FRANCISCO, CALIF.—January 30, 2018 – Today GitLab, the leading integrated product for the entire DevOps lifecycle, announced it has acquired Gemnasium, a company that provides software to help developers mitigate security vulnerabilities in open source code. GitLab is acquiring both Gemnasium’s technology and its team of experts, who will come on board to implement robust security scanning functionality natively into GitLab’s CI/CD pipelines. Automating application security testing allows businesses to develop and iterate software faster without sacrificing a strong security posture.
With open source software (OSS) adoption rapidly growing, the risk for vulnerabilities is at an all-time high. The number of open source modules in use continues to increase, so the surface area for vulnerabilities to be exploited has expanded far and wide. As the dependency tree goes deeper, it can be daunting or even impossible for developers to keep track of which software they are using and what ramifications its use may have on the business.
Gemnasium has created the best-in-class solution for managing security threats related to open source dependencies. With a larger database and advanced algorithms, their solution finds more vulnerabilities with fewer false positives. This allows developers to protect their code and spot vulnerabilities in open source software before attackers can expose an organization to threats such as malware injections, Denial-of-Service (DoS) attacks and data breaches.
“As a team of engineers, we’re excited to join the GitLab team and bring the benefits of Gemnasium to the DevOps lifecycle,” said Philippe Lafoucrière, founder of Gemnasium. “Our goal has always been to help developers build the most secure software possible and joining GitLab allows us to do just that.”
GitLab has already begun adding native security functionality, such as the addition of Static Application Security Testing (SAST) in the 10.3 release, along with Dynamic Application Security Testing (DAST) and Container Scanning in the 10.4 release. With the Gemnasium team coming on board, GitLab will further accelerate its security roadmap to bring developers a native and seamless experience for rapidly deploying secure code.
“GitLab’s vision is to provide best-in-class tools for the complete DevOps lifecycle in a single application,” said Sid Sijbrandij, CEO of GitLab. “Gemnasium is the best dependency monitoring solution on the market, and we are excited to be making its team part of the GitLab experience.”
Gemnasium.com will be winding down with an expected end-of-life date of May 15. The Gemnasium team encourages users to migrate to GitLab CI/CD or explore similar services like Snyk, SourceClear, WhiteSource, and BlackDuck. For more information, visit https://gemnasium.com/blog/gemnasium-is-acquired-by-gitlab/.
About GitLab GitLab is the open DevOps platform built from the ground up as a single application for all stages of the DevOps lifecycle enabling Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab provides a single data store, one user interface, and one permission model across the DevOps lifecycle. This allows teams to significantly reduce cycle times through more efficient collaboration and enhanced focus.
Built on Open Source, GitLab works alongside its growing community, which is composed of thousands of developers and millions of users, to continuously deliver new DevOps innovations. GitLab has an estimated 30 million+ users (both Paid and Free) from startups to global enterprises, including Ticketmaster, Jaguar Land Rover, NASDAQ, Dish Network, and Comcast trust GitLab to deliver great software faster. All-remote since 2014, GitLab has more than 1,300 team members in 65 countries.