GitLab Advances on Secure by Design Pledge One Year On
A year after signing the Secure by Design pledge, GitLab showcases tangible progress towards building secure software development practices.
One Year of Secure by Design: GitLab’s Progress
In June 2024, GitLab proudly joined forces with fellow technology leaders to sign the Secure by Design pledge, a commitment driven by the US Cybersecurity and Infrastructure Security Agency (CISA) to embed cybersecurity into every layer of software development. One year later, GitLab reflects on the strides made to foster a secure software supply chain — benefits that are already reshaping DevSecOps for better resilience and safety.
Putting Security at the Core
Far beyond a symbolic commitment, GitLab’s pledge materialises in day-to-day operations. Security is a native part of the platform’s CI/CD pipeline, aligning development and security teams around mutual goals — promoting continuous collaboration and providing tools to detect and prevent vulnerabilities early in the software development lifecycle (SDLC). This shift transforms security from a gatekeeper to a critical enabler of innovation and velocity.
Action and Impact
Key initiatives over the past year include advancing supply chain security through SPDX and SLSA standards, improving default secure configurations, refining vulnerability management within the UI, and providing verbose signalling between warnings and errors. GitLab is also working actively on improving the Software Bill of Materials (SBOM) support and issuing alerts aligned to CVE lists, enabling better visibility and prioritisation for security teams.
Moreover, as a proud contributor to the OpenSSF, GitLab accelerates the community’s evolution towards more transparent and trusted ecosystems. Their Secure by Default approach ensures that secure configurations and policies are baked into project templates and default settings, reducing room for misconfiguration.
Future Directions in Secure Software
Looking ahead, GitLab continues to invest in capabilities that elevate security posture — from automated compliance scanning to policy-as-code and audit trails. These measures not only support best practices but also help customers meet regulatory requirements with less manual overhead.
Security isn’t a destination — it’s a principle infused throughout the lifecycle. GitLab’s Secure by Design approach underscores that foundational belief: to empower teams globally to build safer, faster, and smarter.
Your Partner in Secure Software Practices
At IDEA GitLab Solutions, we specialise in helping organisations integrate GitLab Secure by Design principles into their own software development life cycles. With deep expertise across Czech Republic, Slovakia, Croatia, Serbia, Slovenia, North Macedonia, United Kingdom, South Africa, Israel, and Paraguay, we offer comprehensive GitLab consulting services, training, and licensing. Enhance your secure DevOps journey with us today.
Visit gitlab.solutions for more information, or contact us for tailored support in your region.
Tags:GitLabSecure by Designsoftware securityDevSecOpsOpenSSFsupply chain securitySecure by Design pledgeDevOpssecurity initiatives
Other languages:ČeštinaSlovenčinaHrvatskiSrpski (Latinica)Српски (Ћирилица)