Why Ultimate?

Ideal for organization-wide security, compliance, and planning

Available in both SaaS and self-managed deployment options, GitLab Ultimate adds:
  • Advanced security capabilities
  • Priority support
  • Security risk mitigation
  • Live upgrade assistance
  • Compliance
  • Portfolio management
  • Value stream management
  • Customer Success Manager for eligible customers
GitLab Ultimate also allows for free guest user licenses to improve your license usage for users with minimal interaction with the system.

Calculate the cost for your organization

GitLab offers unlimited free guest users on Ultimate plans

Premium monthly cost*

$0 Buy Premium

Ultimate monthly cost*

$0 Buy Ultimate

*All plans billed annually. The listed prices may be subject to applicable local and withholding taxes. Pricing may vary when purchased through a partner or reseller. See our Pricing Page for more details.

GitLab Ultimate helps you

Increase Operational Efficiencies

GitLab Ultimate provides a single, scalable interface for organization wide DevSecOps, reducing handoffs across tools and teams - thereby improving efficiencies.

Deliver Better Products Faster

With end to end Value Stream Management and Portfolio Management, GitLab Ultimate allow for greater visibility and transparency across projects - helping to eliminate bottlenecks and deliver products faster.

Reduce Security and Compliance Risk

GitLab Ultimate introduces built-in security testing, compliance and preventive security for cloud native applications helping you manage security risk and achieve regulatory compliance.

CARFAX improves security, cuts pipeline management and costs with GitLab
Read Case Study

ROI calculator

How much is your toolchain costing you?

  • 1
  • 2
  • 3

How many people are using and maintaining your tool chain?

Approximately, what is your spend per year (in USD) on these capabilities?

$
$
$
$
$
$
$

Your toolchain is currently costing you $97,000


GitLab Premium may be a great choice for your company to enhance team productivity and collaboration.

GitLab Premium includes:

  • Faster code reviews
  • Advanced CI/CD
  • Enterprise Agile Delivery
  • Release controls
  • Self-managed reliability
  • 10,000 compute minutes per month
  • Support
Learn more about Premium

Results are based on similar sized organizations reported savings. The results are purely an estimate and subject to change based on various factors that went into the calculation.

You could save $error annually by switching to GitLab Ultimate!

GitLab Ultimate is the best choice for your company to achieve organization wide security, compliance, and planning.

Your current spend

$97,000

Vs.

GitLab Ultimate

$119,800

GitLab Ultimate includes:
  • Advanced security testing
  • Vulnerability management
  • Compliance pipelines
  • Portfolio management
  • Value stream management
  • 50,000 compute minutes per month
  • Support
  • Free guest users

You could save $ error annually by switching to GitLab Premium!

Your current spend

$97,000

Vs.

GitLab Premium

$119,800

GitLab Premium includes:
  • Faster code reviews
  • Advanced CI/CD
  • Enterprise Agile Delivery
  • Release controls
  • Self-managed reliability
  • 10,000 compute minutes per month
  • Support
Learn more about Premium

The results are purely an estimate and subject to change based on various factors that went into the calculation.

Ultimate features

Compare all features

Advanced security testing protects the integrity of your software supply chain with built in security testing. Learn more

Configuration UI

Enabling SAST is now as simple as two clicks. This guided configuration experience makes it easier for non-CI experts to get started with GitLab SAST. The tool helps a user create a merge request to enable SAST scanning while leveraging best configuration practices like using the GitLab-managed SAST.gitlab-ci.yml template and properly overriding template settings.

Security Scanning IDE integration

Developers can see and fix security findings directly in VS Code.
After a merge request is opened for a branch, the GitLab Workflow extension for VS Code shows new security findings that weren't previously found on the default branch.

Custom Rulesets for SAST

GitLab SAST allows users to change the vulnerability detection defaults to tailor results to their organization's preferences. SAST custom rulesets allow you to exclude rules and modify the behavior of existing rules.

GitLab Advisory Database

A vulnerability database that can be viewed and enhanced by anyone.

Dependency Scanning

Protect your application from vulnerabilities that affect dynamic dependencies by automatically detecting well-known security bugs in your included libraries.

Dynamic Application Security Testing

Ensure you are not exposed to web application vulnerabilities like broken authentication, cross-site scripting, or SQL injection by dynamically investigating your running test applications in CI/CD pipelines.

Vulnerability Management

Empower your entire team, and not just Security, to act on security findings with a
unified interface for scan results from all GitLab Security scanners.

Vulnerability Reports

Vulnerability Reports give teams an efficient way to view, triage, track, and resolve vulnerabilities
detected in applications, giving you full visibility into your organization’s risk. They are available for
groups, projects, and the Security Center.

Security Dashboards

Gain visibility into top-priority fixes by identifying and tracking trends in security risk across your entire organization.

Create Jira issues from vulnerabilities

Efficiently collaborate between teams using GitLab for security testing and Jira for
agile planning. Create a Jira issue type of your choosing directly from a vulnerability
record.

Project Dependency List

Identify components included in your project by accessing the Dependency List
(also referred to as Bill of Materials or BOM)
,which is often requested by Security and Compliance teams.

Coverage-guided Fuzz Testing

Find security vulnerabilities and bugs in your app that traditional
QA processes miss.

API Fuzz Testing

Test the APIs in your apps to find vulnerabilities and bugs that traditional QA processes miss.

On-demand DAST

Identify vulnerabilities in your running application, independent of code changes
or merge requests.

DAST Configuration UI

Enabling DAST is now as simple as three clicks. This guided configuration experience makes it easier for non-CI experts to get started with GitLab DAST. The tool helps a user create a merge request to enable DAST scanning while leveraging best configuration practices like using the GitLab-managed DAST.gitlab-ci.yml template.

Security risk mitigation helps you manage your organization's security policies, alerts, and approval rules. Learn more

Integrated security training

Enable security training from our content partners to see lessons embedded
in the vulnerability management experience. Links to training are dynamically provided
in merge request security scan results, the pipeline security tab, and vulnerability details pages.
We use the type of security issue and project language to provide the best available
match for the most relevant, targeted learning experience.

Auto-resolve vulnerabilities when not found in subsequent scans

Configure a Security Policy to automatically resolve vulnerabilities that are no longer detected
in subsequent scans.

Security Policies

Allow security teams to manage and enforce security policies for GitLab projects and for Kubernetes clusters.

Security Approvals

Require approval from your security team before allowing developers to merge in code that introduces new vulnerabilities.

Compliance ensures your code, deployments, and environments comply with changing regulations and emerging risks. Learn more

Requirements Management

Gather, document, refine, and track approval of business and system requirements.
Define traceability between requirements and other requirements, code, or
test cases.

Quality Management

Define and plan test cases, maintain test execution results and create a backlog of work from failed tests.

Compliance pipeline configuration

Ensure projects perform the steps necessary to meet regulatory requirements with a common pipeline definition that will run for all projects which adhere to a given compliance framework.

Chain of custody report

Create a .csv report of all merge commits within the group.

Credentials inventory

Keep track of all the personal access tokens, SSH keys, and GPG keys that can be used for access and verification. See when they expire and manage rotation policies.

Violations report

View an aggregated list of merge requests for all projects in a group. Easily identify and act on merge requests that are out of compliance or generate and export a chain of custody report for the group's projects.

Streaming Audit Events

Send audit events as they occur to a destination of your choosing. Use this to drive custom automation, create backups, or integrate with other data streams. Configure this with the API or GitLab UI.

License Approvals

Require approval from your legal and compliance team before allowing developers to merge in code when the licenses that are used are out of compliance with organizational policy

Merge Request Approval Policies

Enforce multiple approvals from designated roles before allowing developers to merge in code. Additional merge request and repository settings can be overridden in projects to ensure compliance.

External status checks

Send merge request data to third-party systems for validation before merging.

Security Policy Scopes

Scope each of your policies to projects using a project list or compliance framework labels

Pipeline Execution Policies

Enforce custom CI configuration across all of your projects, including GitLab analyzers, compliance reports, and custom scripts

License Compliance

Check that licenses of your dependencies are compatible with your application, and approve or deny them. Results are then shown in the Merge Request and in the Pipeline view.

Portfolio management allows you to manage large scale organization wide projects. Learn more

Multi-level Epics

Plan and track strategies, initiatives, and features with multi-level epics. Organize and prioritize work across multiple children epics and their issues within the Epic Tree.

Issue and Epic Health Reporting

Report on and quickly respond to the health of individual issues and epics by viewing red, amber, or green health statuses on your Epic Tree.

Linked Epics

Mark epics as linked to one another.

Runner Fleet Dashboard Admin View (Beta)

The Runner Fleet Dashboard - Admin View provides instance runner fleet metrics, including runner fleet health, most actively used runners, and the queue time for runners to measure performance of CI/CD jobs.

Runner fleet dashboard for groups (Beta)

The runner fleet dashboard for groups provides runner fleet metrics for runners associated with a group and its subgroups. These metrics include runner fleet health, most actively used runners, runner usage breakdown, and the queue time for runners to measure the performance of CI/CD jobs.

Value stream management measures and manages the business value of your DevSecOps lifecycle. Learn more

DORA Metrics dashboard in Value Stream Dashboard

DORA metrics are available in GitLab Value Streams Dashboard

DORA Metrics - Value Stream Dashboard DevOps performance panel with DORA scores industry benchmarks

DORA panel bar chart with breakdown of your project's DORA scores, categorized as High, Medium, or Low.

DORA - Lead time for changes

Lead time for changes measures the time to merge a change to production and
helps you understand the efficiency of your deployments over time and find improvement areas.

DORA - Deployment frequency

Monitor the frequency of your deployments over time, find bottlenecks, and make improvements when necessary.

DORA - Time To restore Service

Monitor the time to restore service over time, improve your uptime, and reduce service impairments on your environments.

DORA - Change Failure Rate

Monitor the change failure rate, improve your uptime, and reduce service impairments on your environments.

Insights: Custom DORA reporting

Custom charts to visualize DORA data with Insights YAML-based reports

DORA Trends Over Time Charts

Visibility into Value Stream work with DORA metrics

Value Streams Dashboard with Life cycle, DORA, merge request, and vulnerability metrics

Organizations can use the Value Streams Dashboard to track and compare these metrics over a period of time, identify downward trends early, understand security exposure, and drill down into individual projects or metrics to take actions for improvements. This comprehensive view built as a single application with a unified data store allows all stakeholders, from executives to individual contributors, to have visibility into the software development life cycle, without needing to buy or maintain a third-party tool.

AI Impact Analytics with GitLab Duo metrics

Measures the ROI of AI.

Insights

Charts to visualize data such as triage hygiene, issues created/closed in a given period,
average time for merge requests to be merged and much more.

ClickHouse-based Contribution Analytics

Contribution Analytics on GitLab.com will run using the advanced capabilities of ClickHouse DB.

Free guest users

Free guest users

Guest users don't count towards the license count.

Ultimate features unrelated to a theme

Limit access token lifetime

Administrators can set a limit for access tokens that is less than the maximum of 365 days for compliance purposes

Satisfy Requirements from CI/CD pipelines

This powerful feature uses the GitLab single-application model to allow testing run in the CI/CD pipelines to satisfy your requirements. This automates the cumbersome task of identifying satisfied requirements, and enables your organization to focus on delivering value.

Import & Export Requirements

To better collaborate with external groups and organizations, requirements can be imported and exported in CSV format. This allows teams to use a single interface for development and testing against requirements.

Create test cases from within GitLab

Create and view test cases from within GitLab. This allows for seamless collaboration between contributors.

Portfolio Management

Plan and track work at the project and portfolio level. Manage capacity and resources together with Portfolio Management.

Require a Jira issue before merging code

Help teams using both Jira and GitLab better collaborate and stay in sync by requiring that a Jira issue to be linked to each merge request.

Custom Roles

Custom roles allow group members who are assigned the Owner role to create roles specific to the needs of their organization.

Code Quality violation notices in MR diffs

Code Quality violations introduced in a merge request are annotated in the merge request diff view to detail how the code quality could decrease if merged.

Integrations allowlist

Instance administrators can control which integrations can be enabled.

Custom Rulesets for Secret Detection

GitLab Secret Detection allows users to change the vulnerability detection defaults to tailor results to their organization's preferences. Secret Detection now supports disabling existing rules and adding new regex patterns that allow the detection of any type of custom secret.

Automatic Response to Leaked Secrets

Automatic responses for Secret Detection help you mitigate the impact of leaked credentials. GitLab automatically revokes leaked Personal Access Tokens (PATs). On GitLab.com, Secret Detection also notifies a select set of partners when credentials they've issued are leaked. Partners choose which type of action they take to protect their services and customers in response to these alerts.

Secret Push Protection

Block secrets such as keys and API tokens from being pushed to your GitLab instance. Secret Push Protection is triggered when commits are pushed to any repository. If any secrets are detected, the push is blocked.

Ready to get started?

See what your team can do with the most comprehensive
AI-powered DevSecOps platform.