GitLab Ultimate is ideal for organizations aiming to optimize and accelerate delivery while managing priorities, security, risk, and compliance.
Available in both SaaS and self-managed deployment options, GitLab Ultimate adds advanced security capabilities, cloud native security, compliance, portfolio management and value stream management. In addition, GitLab Ultimate allows for free guest user licenses to improve your license usage for users with minimal interaction with the system.
Please note this is not a comprehensive set of capabilities in GitLab Ultimate, visit about.gitlab.com/features for the latest. GitLab continuously adds features every month and evaluates features that can be moved to lower tiers to benefit more users.
|Increase Operational Efficiencies||Deliver Better Products Faster||Reduce Security & Compliance Risk|
|GitLab Ultimate provides a single, scalable interface for organization wide DevSecOps, reducing handoffs across tools and teams - thereby improving efficiencies.||With end to end Value Stream Management and Portfolio Management, GitLab Ultimate allow for greater visibility and transparency across projects - helping to eliminate bottlenecks and deliver products faster.||GitLab Ultimate introduces built-in security testing, compliance and preventive security for cloud native applications helping you manage security risk and achieve regulatory compliance.|
Read all case studies here
Protect the integrity of your software supply chain with built in security testing. Learn more about Advanced security testing with GitLab.
|Security Dashboards||Gain visibility into top-priority fixes by identifying and tracking trends in security risk across your entire organization.|
|Dynamic Application Security Testing||Ensure you are not exposed to web application vulnerabilities like broken authentication, cross-site scripting, or SQL injection by dynamically investigating your running test applications in CI/CD pipelines.|
|Vulnerability Management||Empower your entire team, and not just Security, to act on security findings with a unified interface for scan results from all GitLab Security scanners.|
|Container Scanning||Run a security scan to ensure the Docker images for your application do not have any known vulnerabilities in the environment where your code is shipped.|
|Dependency Scanning||Protect your application from vulnerabilities that affect dynamic dependencies by automatically detecting well-known security bugs in your included libraries.|
|Vulnerability Database||A vulnerability database that can be viewed and enhanced by anyone.|
|On-demand DAST||Identify vulnerabilities in your running application, independent of code changes or merge requests.|
|API Fuzz Testing||"Test the APIs in your apps to find vulnerabilities and bugs that traditional QA processes miss."|
|Project Dependency List||Identify components included in your project by accessing the Dependency List (also referred to as Bill of Materials or BOM) ,which is often requested by Security and Compliance teams.|
|DAST Configuration UI||Enabling DAST is now as simple as three clicks. This guided configuration experience makes it easier for non-CI experts to get started with GitLab DAST. The tool helps a user create a merge request to enable DAST scanning while leveraging best configuration practices like using the GitLab-managed
|Coverage-guided Fuzz Testing||"Find security vulnerabilities and bugs in your app that traditional QA processes miss."|
|Custom Rulesets for SAST||"GitLab SAST allows users to change the vulnerability detection defaults to tailor results to their organization's preferences. SAST custom rulesets allow you to exclude rules and modify the behavior of existing rules."|
|Configuration UI||"Enabling SAST is now as simple as two clicks. This guided configuration experience makes it easier for non-CI experts to get started with GitLab SAST. The tool helps a user create a merge request to enable SAST scanning while leveraging best configuration practices like using the GitLab-managed
|Create Jira issues from vulnerabilities||"Efficiently collaborate between teams using GitLab for security testing and Jira for agile planning. Create a Jira issue type of your choosing directly from a vulnerability record."|
|Vulnerability Reports||"Vulnerability Reports give teams an effient way to view, triage, track, and resolve vulnerabilities detected in applications, giving you full visibility into your organization’s risk. They are available for groups, projects, and the Security Center."|
Proactively monitor security threats and protect cloud-native environments. Learn more about Cloud native security with GitLab.
|Security Alert Dashboard||The security alert dashboard provides a workflow for viewing and managing container network policy security alerts.|
Ensure your code, deployments, and environments comply with changing regulations and emerging risks. Learn more about Compliance with GitLab.
|Compliance Dashboard||View an aggregated compliance status of your groups and projects, easily spot when projects are out of compliance and take informed actions to remediate any issues.|
|License Compliance||Check that licenses of your dependencies are compatible with your application, and approve or deny them. Results are then shown in the Merge Request and in the Pipeline view.|
|Compliance framework default pipelines||To ensure projects perform the steps necessary to meet regulatory requirements, create a common pipeline definition that will run for all projects that adhere to a given compliance framework.|
|Quality Management||Define and plan test cases, maintain test execution results and create a backlog of work from failed tests.|
|Requirements Management||Gather, document, refine, and track approval of business and system requirements. Define traceability between requirements and other requirements, code, or test cases.|
|Require a Jira issue before merging code||GitLab makes it easy to require that a Jira issue is linked to each merge request. This helps teams using both Jira and GitLab better collaborate and stay in sync.|
|External status checks||Contact an external API to update the status of a merge request before merging. Use this to integrate with other third-party systems and ensure the merge request has been approved before merging.|
|Credentials Management||GitLab administrators and group owners are responsible for the overall security of their instance and groups. Keep track of all the PAT and SSH credentials that can be used to access your environment. See when the credentials expire and manage rotation policies.|
Manage large scale organization wide projects. Learn more about Portfolio management with GitLab.
|Multi-level Epics||Plan and track strategies, initiatives, and features with multi-level epics. Organize and prioritize work across multiple children epics and their issues within the Epic Tree.|
|Issue and Epic Health Reporting||Report on and quickly respond to the health of individual issues and epics by viewing red, amber, or green health statuses on your Epic Tree.|
|Portfolio-level Roadmaps||Establish product vision and strategy, gain progress insights, organize, govern and shape the effort of multi-disciplinary teams with portfolio-level roadmaps.|
Measure and manage the business value of your DevSecOps lifecycle. Learn more about Value stream management with GitLab.
|Insights||Charts to visualize data such as triage hygiene, issues created/closed in a given period, average time for merge requests to be merged and much more.|
|DORA-4 metric - Deployment frequency||Monitor the frequency of your deployments over time, find bottlenecks, and make improvements when necessary.|
|DORA-4 metric - Lead time for changes||Lead time for changes measures the time to merge a change to production and helps you understand the efficiency of your deployments over time and find improvement areas.|
|Free guest users||Guest users don't count towards the license count.|
|Satisfy Requirements from CI/CD pipelines||This powerful feature uses the GitLab single-application model to allow testing run in the CI/CD pipelines to satisfy your requirements. This automates the cumbersome task of identifying satisfied requirements, and enables your organization to focus on delivering value.|
|Dynamic Application Security Testing support for REST API scans||GitLab Dynamic Application Security Testing supports scanning REST APIs. This allows for full DAST security coverage of an application, not just the UI. By supporting use of an OpenAPI specification as a guide for what URLs and REST endpoints need to be scanned, DAST helps secure an application's entire attack surface and provides more insight into the potential vulnerabilities of any running application.|
|Scheduling On-demand DAST scans||Set on-demand DAST scans to run on ad hoc or recurring schedules.|
|Site and Scanner profiles for On-demand DAST scans||Reuse configuration profiles quickly with on-demand DAST scans, instead of reconfiguring scans every time you need to run one. Mix different scan profiles with site profiles to quickly conduct scans that cover different areas or depths of your application and API.|
|Security Approvals||"Add an extra layer of risk protection by requiring approval from your security team. Merge requests that would introduce a new Critical, High, or Unknown severity vulnerability can only merge when all such vulnerabilities are fixed or explicit approval is given. Security approvals can also trigger on software license compliance violations."|
|Automated solutions for Dependency Scanning vulnerabilities||Download and apply a patch to fix vulnerabilities affecting your codebase.|
|Custom Rulesets for Secret Detection||"GitLab Secret Detection allows users to change the vulnerability detection defaults to tailor results to their organization's preferences. Secret Detection now supports disabling existing rules and adding new regex patterns that allow the detection of any type of custom secret."|
|Portfolio Management||Plan and track work at the project and portfolio level. Manage capacity and resources together with Portfolio Management.|
|Status Page||Deploy a static web page to communicate with stakeholders during an incident. Push updates to the Status Page directly from the incident.|
|View deployment status on the Environments page||You can view the deployment status directly from the environment page when there is an upcoming deployment. This shows the build number, author, and status icon, so you can take action immediately without needing to navigate to another location.|
|View alerts on the Environments page||Seeing triggered alerts alongside the status of your environments enable you to take immediate action to remedy the situation.|
|DevOps Adoption||DevOps Adoption shows you which teams across your organization are using GitLab Issues, Merge Requests, Approvals, Runners, Pipelines, Deploys, and Scanning, and also shows the trend of adoption over time.|
|Automated solutions for Container Scanning vulnerabilities||Download and apply a patch to fix vulnerabilities affecting your codebase.|
|Security Policies||"Security policies allow a separate security team to manage and enforce which security policies apply to a project. Currently, scan execution policies and network policies are supported."|
|Standalone Vulnerability Objects||"Track and manage detected project vulnerabilities like you would an Issue. Link directly to a specific vulnerability occurrence's page, create and link a remediation issue, and see vulnerability information persisted between security scans on the same branch."|
|Code Quality violation notices in MR diffs||Code Quality violations introduced in a merge request are annotated in the merge request diff view to detail how the code quality could decrease if merged.|
|Create test cases from within GitLab||Create and view test cases from within GitLab. This allows for seamless collaboration between contributors.|
|Import & Export Requirements||To better collaborate with external groups and organizations, requirements can be imported and exported in CSV format. This allows teams to use a single interface for development and testing against requirements.|