GitLab Environmental, Social, and Governance
GitLab Fiscal Year 2024 (FY24) ESG Report
Message From Our Chief Executive Officer
At GitLab, our mission is to enable everyone to contribute to and co-create the software that powers our world. This, together with our values, is at the core of how we manage our business, including our approach to Environmental, Social, and Governance (“ESG”).
Our all-remote team drives GitLab’s strategy and business results in more than 60 countries worldwide. In FY24, we sharpened our focus on our people by emphasizing the foundational role of high-performing teams and continuing to leverage our core value of diversity, inclusion, and belonging (DIB) to drive innovation and impact across our business. These efforts included launching new training and development programs and additional resources to encourage and enable team members to contribute and to give our people leaders more of the skills they need to manage efficient and effective teams.
Our ESG strategy also encompasses efforts to minimize our environmental impact and better understand and address the potential effects of climate change on our business. In FY24, we continued to enhance our approach to measuring and reporting our greenhouse gas emissions. We conducted GitLab’s first climate risk assessment in alignment with the Task Force on Climate-related Financial Disclosures (TCFD) and launched the first iteration of a supplier engagement program focused on improving the visibility of emissions in our supply chain.
We are committed to good corporate governance and high standards of ethics and compliance. In particular, as we continue to harness the power of AI to enhance the GitLab platform, we recognize the importance of working within a robust framework of ethical principles and protecting our customers’ and users’ data. In early fiscal year 2025, we launched the GitLab AI Transparency Center, giving customers direct access to our AI Ethics Principles for Product Development, AI Continuity Plan, and AI features documentation so that they can adopt AI with confidence.
Lastly, our strategy and mission are also bolstered by engagement with the wider GitLab community. In the last fiscal year, we continued to expand outreach and drive social impact through community programs such as GitLab for Startups, GitLab for Open Source, and GitLab for Education. We also launched GitLab for Nonprofits, which provides free GitLab licenses to registered nonprofit organizations that align with our values and ESG strategy. Our charitable efforts are further complemented by the GitLab Foundation, which supports people in growing their lifetime earnings through education, training, access to opportunities, and systems changes on a global scale.
As ever, GitLab — the platform and the company — is made stronger by the support of our stakeholders, including our team members, customers, shareholders, and the wider community. I am thankful for the contributions so far and look forward to what we can accomplish together in the years ahead.
Sincerely,
Sid Sijbrandij
GitLab Co-Founder and Chief Executive Officer
Introduction
Our Mission and Vision
GitLab’s mission is to enable everyone to contribute to and co-create the software that powers our world.
Our mission is the way we realize our purpose: to help people increase their lifetime earnings through access to opportunities and the DevSecOps platform.
Our vision captures what we want to deliver to customers in the next 10 years. Today, GitLab is the most comprehensive AI-powered DevSecOps platform. The DevSecOps Platform shift is part of a larger trend: teams of all types are realizing that breaking down silos has compounding effects on productivity and collaboration. We see it with data and operations teams creating DataOps; we see it with machine learning and ops teams creating MLOps. As more companies (and more teams within a company) rely on our platform, we are positioned to become the AllOps platform — a single application for all R&D.
Our efforts are guided by our six core values of Collaboration, Results for Customers, Efficiency, Diversity, Inclusion and Belonging, Iteration, and Transparency. Together, they spell the CREDIT we give each other by assuming good intent.
About This Report
“With GitLab’s second ESG Report, we demonstrate our values of iteration and transparency, sharing how we continue to build on our approach to addressing the issues that matter most to our stakeholders and our business. One key example is the launch of our AI Transparency Center, underscoring how we are leveraging the power of AI within a clear framework of ethics, responsibility, and accountability. As our innovation continues to break down barriers, we recognize the increasing opportunity of integrating our business and sustainability strategies to create value for our customers, our shareholders, our team members, and the broader community.” –Robin Schulman, Chief Legal Officer, Head of Corporate Affairs, and Corporate Secretary
GitLab’s Environmental, Social, and Governance (“ESG”) Report includes information on our key ESG focus areas, our programs and policies, achievements to date, metrics and targets that help define our ESG program, and our plans for the future. Data about GitLab’s financial performance is not included in this report and may be found in our financial and SEC filings.
Unless otherwise specified, the information included in this report was last updated on July 18, 2024. The content included covers Fiscal Year 2024 (“FY24”) (as of January 31, 2024) and we plan to update the report annually. Throughout the report, there may be mentions of Fiscal Year 2025 (“FY25”), which runs from February 1, 2024, through January 31, 2025. We would also like to note that GitLab maintains a public-facing handbook, pages of which are linked throughout the report. These pages are maintained separately and may reflect a different reporting period than this report.
This report has been prepared with reference to the Global Reporting Initiative (“GRI”) Standards released in October 2021 and the Sustainability Accounting Standards Board (“SASB”) Standard for Software & IT Services. We have also provided disclosures based on the framework of the Task Force on Climate-related Financial Disclosures (“TCFD”). Content indexes for these standards are available in the Appendix.
GitLab’s Nominating and Corporate Governance Committee on the Board of Directors (“Board”) has reviewed the information in this report.
For information on GitLab’s ESG Team, please visit the ESG handbook page.
Our Approach to ESG
ESG Strategy
GitLab’s ESG strategy is driven by our values and deeply integrated into the company’s business philosophy. It reflects longstanding practices embedded in our work culture since GitLab’s inception, as well as updated policies and programs designed to meet the evolving needs and expectations of our stakeholders.
The ESG Team creates and maintains GitLab’s ESG/sustainability strategy and programs. This includes creating and managing GitLab’s ESG disclosures and public ESG reports, identifying and prioritizing key issues to advance our social and environmental goals, and creating partnerships with nonprofit organizations that support GitLab’s values and mission.
ESG Materiality Assessment
Our ESG strategy is informed by an understanding of the ESG topics that matter most to our business and our stakeholders. Completed in December 2022, our ESG materiality assessment included engagement with internal and external stakeholders and a focus on “double materiality,” exploring both topics that have the greatest impact on GitLab’s business, as well as the actual and potential impact of our activities on the environment, society, and our global communities. GitLab senior leadership — including members of the Nominating and Corporate Governance Committee of GitLab’s Board of Directors — were engaged as part of the assessment.
The materiality assessment identified the following key ESG topics:
Social
- Talent and Engagement
- Diversity, Inclusion, and Belonging (DIB)
Environment
- Climate Action and Greenhouse Gas Emissions
Governance
- Information Security and Data Privacy
- Responsible Product Development
- Business Ethics
We also include in this report other topics relevant to our business and stakeholders, including Community, Social Impact, and Corporate Governance.
United Nations Sustainable Development Goals Alignment
The United Nations Sustainable Development Goals (“UN SDGs”) provide a shared blueprint for peace and prosperity for people and the planet, now and into the future. Our ESG efforts currently align with five of the 17 UN SDGs, and we seek to drive progress on the goals within our operations. We will continue to revisit and deepen our alignment as we make progress on our ESG strategy.
Social
Talent and Engagement
(UN SDG #8 and 10)
We’re a team of helpful, passionate people who want to see each other, GitLab, and the broader GitLab community succeed. Our mission (to enable everyone to contribute to and co-create the software that powers the world) means that our team members can — and are expected to — make an impact across the company. We empower them by cultivating a high-performance and results-driven culture — one that enables people to do their best work and advance their careers while fully contributing towards advancing GitLab’s business results. We hire, promote, and recognize those team members who best live our values.
We also leverage team members’ unique skills and experiences to drive extraordinary outcomes. We believe that when team members seek feedback from a diverse group of peers and leaders, inside and outside of their group or function, they make better decisions and feel more connected. We work to make everyone feel welcome and increase the participation of underrepresented groups in our community and company.
Our entire workforce is remote, making it easier for people of diverse backgrounds and abilities to join the team. As GitLab has evolved, we have learned a great deal about what it takes to build and manage a fully remote team, which we share through our publicly available handbook.
Talent Management
Our approach to talent management is underscored by our values, particularly of transparency and diversity, inclusion, and belonging. It is also bolstered by the resources we provide to help our team members grow and succeed.
Through our website and handbook, we are transparent about available positions, benefits, job descriptions, onboarding and offboarding procedures, facilitating connections with various internal groups, and much more.
We also work to build a diverse team to drive extraordinary outcomes by expanding outreach and inclusivity initiatives to increase the number of team members and our Manager+ population who identify as part of an underrepresented group.
Our People Group is dedicated to supporting each team member through their career journey at GitLab. They enable GitLab’s strategy through a focus on attracting and retaining diverse talent, creating a high-performance culture with a focus on efficiency and quality results, driving divisional success through talent programs, and cultivating an equitable and inclusive culture. This includes developing and maintaining our talent brand, facilitating ongoing learning and development, and providing resources for team members to connect, share concerns, and seek support.
In FY24, we focused on accelerating GitLab’s 3-year strategy through re-emphasizing the foundational role of high-performing teams. At GitLab, high-performing teams:
- Act with urgency to deliver key results
- Hold individuals and teams accountable for great work
- Trust each other
- Deliver results on time
- Collaborate with open and effective communication
We educate team members about our values through trainings, videos, workshops, forums, certifications, and ambassadors, which are designed to reinforce our values as key drivers of our high-performance, results-driven culture.
Developing Our Leaders
Managers at GitLab support our mission of enabling everyone to contribute to and co-create the software that powers our world. We need to equip our people leaders with the skills to lead globally dispersed, all-remote teams to support our business growth at scale.
Elevate is GitLab’s leadership training program for Managers and Senior Managers, which prepares managers with skills they need to build high-performing teams. In FY24, we certified 73% of our eligible Managers and Senior Managers in Elevate. Although this fell short of our goal of 85%—due to business-critical initiatives, some team members had to delay certification for a year—it demonstrated positive momentum for the program and contributed to the company’s strong performance throughout the year.
During FY24, we also developed and launched additional tools to help participants deepen and continue their learning beyond initial certification. Elevate Applied is an ongoing resource that enables Managers and Senior Managers to connect with each other and practice, apply, and integrate concepts taught in Elevate in their day-to-day work at GitLab.
In addition, we developed and announced the FY25 launch of Elevate+, a six-month program designed to enable senior leaders (Directors and Senior Directors) to better understand and practice behaviors anchored in GitLab’s values and leadership competencies, develop new skills to support high-priority business needs, and help establish and strengthen cross-functional connections.
Talent Engagement
We strive to foster a culture of continuous growth so that GitLab remains a great place to work. A positive impact on team member experience leads to a positive impact on results for GitLab and its customers.
Our Talent Development team (commonly referred to as “Learning & Development’’) enhances team member performance, expands capabilities, and further develops skills that make GitLab team members the top talent in the industry. Our vision is to be recognized as a top organization for remote learning and development and to create a future where everyone contributes to a culture of curiosity. We accomplish this by focusing on skill-based learning, providing resources to enhance career mobility, and developing learning journeys for teams throughout the organization.
To support our aim of facilitating accessible, remote-friendly development for all, we provide asynchronous access to learning opportunities, including:
- Level Up, our learning management software, which is designed to facilitate and centralize the learning experience for GitLab team members.
- Self-paced external trainings, for accessing role-specific training courses and learning materials from industry-leading providers.
- Career Development and Mobility, providing resources and direction to help team members engage in lifelong growth to meet their unique goals.
- A Growth and Development Fund, enabling team members to access external resources to develop their skills and careers.
As a global, all-remote company with a team of diverse backgrounds, experiences, and perspectives, GitLab offers a dynamic environment and culture where everyone is encouraged to do their best work. Our talent brand empowers team members to share their thoughts on what it’s like to work here because their voices and stories make GitLab unique and successful.
“By fully embracing the values, GitLab has changed the way I work. I have become more productive and satisfied with the work I do, while also having a better work-life balance. It’s motivating to work somewhere so amazing with such great people.” – Cynthia, Strategy and Operations, Office of the CEO
Engagement Surveys
We conduct a number of engagement surveys that enable us to capture honest feedback from our team members, understand engagement levels across the organization, and respond to changing needs. By making small iterations and moving quickly, we can get the data needed to evolve engagement programs as needed and align our priorities to the areas team members care about most. Our key survey tools include the annual CultureAmp Engagement survey, Employer Award surveys, and other ad hoc measures like Organizational Health surveys.
In FY24, our Annual Engagement Survey reached 88% participation and indicated an overall engagement score of 75% favorable. This is 2% higher than our New Tech peer group, which gives us confidence in knowing we have a highly engaged team member community. Additional highlights included:
- 94% agree: “I enjoy engaging with my peers at GitLab.”
- 92% agree: “It is easy to ask other members of your team for help.”
Subsequently, our global year-end pulse survey demonstrated positive momentum with an overall engagement score of 79% favorable (+4%). In addition, 91% of participants said they’re proud to work at GitLab, while 86% rated GitLab as a great place to work.
GitLab received Great Place to Work Certification for the 4th year in a row in May 2024 with 93% of its U.S. based team members saying that they believe GitLab is a great place to work. Great Place to Work recognizes companies for their outstanding workplace culture, benefits, and performance through successful completion of a survey for US-based team members and culture brief application.
Diversity, Inclusion, and Belonging
(UN SDG #5, 8, and 10)
We are committed to a future where the Diversity, Inclusion and Belonging (“DIB”) value empowers everyone to contribute.
As a globally dispersed organization serving customers all over the world, we strive for a team that is representative of our users, an open and transparent work culture where all voices are heard and welcomed, and an environment where everyone can show up as their full selves and contribute to their best ability each day.
We believe this not only makes GitLab a great place to work but also supports innovation and promotes better decision-making, helping us continue to deliver results for customers.
Our DIB focus also extends to how we show up for people outside of GitLab, through initiatives that promote DIB in our industry and the broader community. To put it simply, we need the contributions of everyone in order to empower our team members, help our users change the world, and transform the industry.
We do this through our A.D.A.P.T. strategy:
- Action – Puts intentionality into how we attract, progress, and retain our team members, engage with our customers, and diversify the open source community.
- Do Good – By providing avenues and opportunities for GitLab and team members to meaningfully contribute to our community and society.
- Accountable – We hold ourselves accountable in the commitments we make as well as being answerable for the outcome.
- Policies – scalable processes and policies inform and govern our program development and execution.
- Transparent – Our internal efforts are shared externally. Additionally, to continue to drive progress, we’ve organized our DIB work into three pillars: empowering our people, uplifting our communities, and building inclusivity into all we do.
Empowering Our People
Growing Our Talent & Their Experience
Our team members are critical to our success. We provide pathways for them to thrive individually and as a part of the GitLab community.
-
Level Up – Our learning platform is designed to deploy learning content across GitLab internal team members.
-
Career development and mobility – We provide resources and direction to help team members engage in lifelong growth to meet their unique career goals.
-
Team Member Resource Groups (TMRGs) – TMRGs cultivate an inclusive workplace and empower our employees by fostering a supportive environment where everyone can thrive. Our TMRGs are open to all team members, not just those who specifically identify with a particular group.
-
Team Member Advocacy Groups (TMAGs) – TMAGs are groups that share common interests and work together to drive change on behalf of the community through education, action, and enablement across a specific need.
- Career Enablement
- Mental Health – Coming soon
Leadership in Action
From education to mentorship, sponsorship, and advocacy, GitLab educates its leaders, provides resources for its team members, and holds its leaders accountable so that team members feel empowered to utilize the community they are surrounded by every day.
- TMRG Executive Sponsors – VP+ leaders who volunteer to support, advocate, and connect TMRG communities to our shared GitLab mission and vision and E-Group leaders.
- Leadership DIB Council – A strategic group of senior leaders who assist the DIB team in implementing and aligning the strategy to each division’s strategic imperatives.
- Sponsorship – VP+ leaders advocate and provide visibility and guidance to our team members for growth and career advancement.
Equipping Our People Leaders – Our leadership training ensures that DIB is considered and threaded throughout the team member experience.
- Elevate – Manager training
- Elevate+ – Director+ inclusive leadership training
- Elevate Applied – Continuous learning for Elevate graduates
Uplifting Our Communities
Community partnerships are a great way for GitLab to engage with the community externally, provide opportunities for career development and networking for our team members, and also add layers of DIB to key areas of our organization. Partnerships are also how we measure our inclusive practices against industry standards and can act as accountability partners in achieving success.
-
External Engagement – We sponsor and support events worldwide that promote inclusion and belonging, and create learning and growth opportunities for our team. By networking with diverse talent at these events, we infuse our team with fresh perspectives and ideas. Reflecting on a year of impactful partnerships, we are inspired to further foster spaces where technology and diverse talent converge, giving everyone a voice.
-
Do Good – Throughout the year, the DIB and ESG teams collaborate to give back to the communities we serve by offering volunteer opportunities to team members, working with TMRGs to donate funds to relevant nonprofits, and providing in-kind donations to DIB related nonprofits through the GitLab for Nonprofits program.
Building Inclusivity Into All We Do
When we think about DIB, it’s easy to see it only from a team member perspective. Our goal is to bring inclusivity into as many touch points as possible — from our open source contributors to how we engage with our customers and users.
-
DEI Project Badging Program – In FY24, GitLab partnered with the Linux Foundation through the Community Health Analytics in Open Source Software (CHAOSS) project to enable open source projects to signal their focus on building and growing diverse communities.
-
Digital Accessibility – At GitLab, we build understanding, empathy, and allyship around accessibility. We do this through various methods internally, including Inclusive Design Principles, Digital Accessibility Training, webinars, and workshops, to ensure that our Product and Engineering teams are equipped with the skills necessary to make our product more accessible.
-
Inclusive Hiring – GitLab strives to create an equitable application, interview, selection, and offer process for all candidates to ensure we’re building a diverse and inclusive workforce around the globe as the company continues to grow.
-
DIB Working Group – A strategic group of impactful team members who collaborate to drive action and results in support of DIB. This includes promoting inclusive practices in areas such as name pronunciation, pronoun education, and meeting etiquette in an all-remote workplace.
Looking Ahead
We followed through on our commitments and accomplished a lot in 2023, but we still have work to do. We are continuing to build DIB into every part of GitLab – both internally with our team members and externally with our customers, users, partners, and open source community.
We have committed to four key objectives in FY25:
-
Deliver our supplier diversity strategy – We have set an aspirational goal to double the number of suppliers categorized as diverse. To achieve this aspirational goal, we are engaging partners, strategically embedding diversity, inclusion and belonging practices into our procurement process, and evaluating our current suppliers’ practices in line with applicable anti-discrimination principles.
-
Increase representation – Extend our representation of team members from our Disabilities, Neurodivergence and LGBTQIA+ communities. We are working with several partners to help us achieve this goal including but not limited to, Unicorns in Tech, DisabilityIN, and Anita B. Org. Visit this Handbook page to learn more about how we select partners and measure success in attracting team members from these communities.
-
Emerging Talent @ GitLab – Our mission is to attract, acquire, and activate talent to unlock their potential, connecting learning agility with employment opportunities, decoupled from academic-based prerequisites. This is anchored on the belief that building a balanced workforce will enable GitLab to scale effectively and inclusively, and that building a strong foundation today will greatly impact our future growth.
-
Ensure inclusive leadership – Inclusive leadership is integrated into leadership development experiences and offered as voluntary resources to promote ongoing education and awareness. These experiences span all front-line and aspiring leaders in addition to VP and E-Group populations.
GitLab Community
(UN SDG #8)
From the beginning, GitLab has been an open source project made possible by contributions from its community. Contributors to GitLab — the platform and the company — make up the GitLab community and are fundamental to GitLab’s strategy and mission.
The Developer Relations team supports GitLab’s mission by working with our community to ensure they receive support and recognition for contributing to GitLab. This involves a multifaceted approach that includes creating educational content, organizing events and workshops, developing programs, and providing platforms for knowledge exchange and collaboration. The team focuses not only on promoting GitLab’s features and capabilities but also on actively listening to and incorporating feedback from our community to inform product development and improvements.
GitLab Community Programs
GitLab’s Community Programs aim to put GitLab’s most powerful features in the hands of communities that may not otherwise have the means to access them, helping them to grow and thrive. Members of the Community Programs team serve as liaisons, tracking the ways their respective communities prefer using GitLab and translating that knowledge into insights that help GitLab create a better product.
While each program is unique in its organization and execution, benefits may include:
- Complimentary subscriptions of GitLab Ultimate
- Direct lines of communication to GitLab team members
- Opportunities to partner with GitLab for presentations and events
Our key community programs include the following:
- Launched in FY24, GitLab for Startups helps qualifying startups streamline their development processes and improve collaboration by providing free access to GitLab Ultimate for one year, followed by deeply discounted access to any tier for a second year. Current participants include several startups focused on delivering innovative sustainability solutions, such as Breathe Battery Technologies, Verity Nature, and ClimaSens.
- The GitLab for Open Source program provides qualifying projects with no-cost subscriptions of GitLab Ultimate. By empowering open source projects with our most advanced features, GitLab for Open Source supports our mission and helps make GitLab the best place for open source projects to grow and thrive.
- The GitLab for Education program aims to enable educational institutions to succeed in teaching, learning, and conducting research with GitLab. We seek to build an engaged community of GitLab users around the world who actively contribute to GitLab and each other’s success and ultimately become evangelists of GitLab in the workplace and beyond. As of January 2024, the GitLab for Education program provides over 3.5 million seats of GitLab Ultimate at more than 1,800 educational institutions in more than 74 countries.
For information on GitLab for Nonprofits, see Social Impact below.
Other Community Initiatives
Finding an open source community to learn, connect, and grow with can be a challenge for many developers. To better align on best practices for building inclusive open source communities and to ensure that our DIB value is reflected in our contributor community, GitLab has partnered with the CHAOSS project to integrate GitLab with their recently released DEI Project Badging program. The DEI Project Badging program enables open source projects to:
- Clearly signal their focus on building diverse communities
- More easily highlight the work they are doing to welcome and support new members
- Add visual badges to their projects to indicate their community’s reflection on the CHAOSS DEI badging metrics
To learn more about how the program works and how GitLab and CHAOSS worked together to bring it to the wider community, see our blog post.
In FY24, our Contributor Success Team sought to enhance community relations and contribute to sustainability by allowing teams to recognize contributors by sponsoring tree planting in lieu of traditional rewards like swag. Through a partnership with Tree-Nation, we have the ability to plant trees on behalf of others, and others can also pay to plant trees in our forest. Similarly, our Marketing team offers attendees at GitLab events the opportunity to plant trees through Rewards.Earth.
Social Impact
(UN SDG #4 and 10)
Charitable Giving
Launched in 2023, GitLab’s Philanthropy Policy supports GitLab teams that want to engage in charitable giving and activities benefiting registered nonprofit organizations that align with GitLab’s mission, values, and ESG strategy. By enabling teams to contribute to causes aligned with their work, we foster connections between GitLab’s purpose and values and the opportunity to drive impact in the broader community. For example, in FY24:
- GitLab Women, our TMRG that helps women advance their skills and leadership potential, donated funds to Women Who Code, a national organization focused on empowering women to excel in technology careers.
- Participants in our sales incentive program, GitLab President’s Club, built filter kits with Water to Wine, an international nonprofit committed to building a holistic, community-based model by supporting the life and dignity of all through the power of clean water.
GitLab for Nonprofits
During FY24, we also launched our in-kind donation program, GitLab for Nonprofits, which gives free GitLab licenses to registered nonprofit organizations that align with our values and ESG strategy. Nonprofits accepted into the program are provided a free Ultimate license for one year for up to 20 seats. In the first six months of the program, we granted licenses to more than 100 qualified nonprofits.
“GitLab is our canvas for workflow across our nonprofit organization. It allows us to do everything from planning and managing the workloads for our teams all the way to the CI/CD pipelines, which automate efforts ranging from routine tasks to platform deployments in our various environments. Whether it’s documenting processes in place with issue templates or structuring organization-wide initiatives with interdependent issues, epics, and milestones, GitLab gives us the structure we need, with the flexibility to meet our unique needs." –Mike Bowie, Chief Technology Officer, Last Mile
Volunteer Initiatives
Through our GiveLab program, we encourage team members to take part in volunteer initiatives that support and ultimately uplift their local communities.
In FY24, GitLab provided virtual volunteer opportunities for team members through a partnership with SuitUp, a nonprofit that equips students for life beyond the classroom by partnering with schools/youth organizations and businesses to develop, organize, and implement engaging educational competitions in communities across the U.S. and beyond.
“We extend our heartfelt gratitude to GitLab for their invaluable partnership with SuitUp in 2023. GitLab’s commitment to youth education has not only paved a clear pathway for our students’ success, but has opened abundant opportunities for their development in STEM careers and beyond. We are deeply thankful to the GitLab team for their dedication and the transformative impact they have had on the lives and futures of our SuitUp students across the globe.” –Kelsey English Smith, SuitUp’s Interim Chief Executive Officer
GitLab Foundation
GitLab is dedicated to supporting charitable organizations with missions that align with our company’s values through the GitLab Foundation. Established in 2022, the GitLab Foundation focuses on supporting people to grow their lifetime earnings through education, training, access to opportunities, and systems change on a global scale. Its vision is a world in which one million more people can afford a better life.
The GitLab Foundation is funded by GitLab and its CEO, Sid Sijbrandij. When GitLab went public in 2021, the Board approved a 1% share donation to capitalize the GitLab Foundation. In FY24, 1,635,545 shares of Class A common stock were registered to be issued to the GitLab Foundation.
The GitLab Foundation is an independent nonprofit entity and its operations are autonomous from GitLab. To learn more, please visit the GitLab Foundation.
Environment
Climate Action and Greenhouse (GHG) Emissions
(UN SDG #13)
Around the world, many communities are already experiencing climate impacts such as warmer temperatures, more frequent severe weather events, and changes in water availability and other vital ecosystem services. With this in mind, GitLab is committed to doing our part to minimize our environmental footprint, including working to reduce GHG emissions associated with our operations.
As a fully remote company, GitLab has no Scope 1 (direct) emissions or Scope 2 emissions from purchased electricity for company-owned facilities, meaning that 100% of our footprint comes from Scope 3 emissions. Our FY24 GHG inventory measures emissions associated with purchased goods and services (which includes cloud services), capital goods, employee commuting (which includes remote work), business travel, and investments (as defined under Category 15 of the GHG Protocol).
Our emissions increased in FY24 partially due to improvements in our methodology. For FY24, we estimated emissions using the Comprehensive Environmental Data Archive (CEDA), a multi-regional economic and environmental database, as it better reflects the global nature of supply chains, helping capture differences in emissions profiles that vary significantly from one country to another. We also expanded our measurement to include emissions from investments (as defined under Category 15 of the GHG Protocol).
More detailed results of our inventory are available in the Performance Data Table. Our third-party assurance letter of our FY24 GHG inventory is available here.
In FY24, we took steps to further understand our climate impacts and advance the development of a formal emissions reduction strategy. This included initiating GitLab’s first climate risk assessment, to help us better understand climate-related risks and opportunities for our business. For more information on our climate risk assessment and scenario analysis, please see our TCFD Index.
In FY24, we also launched a supplier engagement program with a focus on climate. As an initial step, we engaged our top 20 suppliers by spend who are not currently disclosing emissions data, asking them to start measuring their emissions and sharing the data publicly. We will be expanding the scope of the engagement to include more suppliers in FY25. In FY25, we will continue working to establish GHG emissions reduction targets. We have also launched the first iteration of a team member sustainability guide with the goal of educating GitLab team members on how to be more sustainable.
In January 2024, GitLab purchased and retired carbon removal credits worth 8,580 tonnes of CO2e. The purchase funds a reforestation program called Trees for Global Benefits, a long-running cooperative carbon offsetting program that combines community-led activities to increase carbon sequestration, encourage sustainable land-use practices, and provide farmers with performance-based payments. We also retired additional credits worth 877 tonnes of CO2e that were purchased in FY23.
Governance
Corporate Governance
GitLab is strongly committed to good corporate governance practices, which provide an important framework within which our Board and executive leadership can pursue our strategic objectives for the benefit of our shareholders.
The Board’s duty is to serve as a prudent fiduciary for shareholders and to oversee the management of the company’s business. To fulfill its responsibilities and discharge its duty, the Board follows the procedures and standards set forth by GitLab’s Corporate Governance Guidelines and other governance documents.
Board members’ responsibilities include:
- Risk oversight
- Monitoring the performance of the Chief Executive Officer (CEO) and other Executive leaders
- Giving feedback on the mission, values, and strategy
- Evaluating if adequate resources are available to achieve our goals and that those resources are used effectively
- Advocating for GitLab externally
- Participating in Board meetings
- Participating on Board committees
The Board has an Audit Committee, a Compensation and Leadership Development Committee, and a Nominating and Corporate Governance Committee. The composition and responsibilities of each committee are described in our Proxy Statement and in the Investor Relations section of our website.
Board committees oversee and review areas of risk that are particularly relevant to them based on their responsibilities and charters. GitLab’s management regularly provides reports to support the Board’s oversight obligations. This reporting cadence provides visibility and information regarding the identification, assessment, and management of critical risks and the company’s risk mitigation strategies.
The charter of the Nominating and Corporate Governance Committee tasks the committee with assisting the Board in overseeing company programs relating to corporate responsibility and sustainability, including ESG matters. GitLab’s Senior Director, ESG, reports to the Chief Legal Officer (who is also the Head of Corporate Affairs and Corporate Secretary) weekly and to GitLab’s executive leadership as needed. The Nominating and Corporate Governance Committee meets at least twice per year and ESG topics are discussed with this committee as well as with the full Board as needed.
Information Security and Data Privacy
At GitLab, we recognize that to maintain trust and deliver the world’s leading DevSecOps platform, security and privacy must remain our top priorities. Our information security and privacy practices reflect our dedication to safeguarding customer data and building security into the core of our product and our company.
Security Assurance
The GitLab Security Division’s mission is to enable everyone to innovate and succeed on a safe, secure, and trusted DevSecOps platform. As part of this mission, the Security Assurance Department is responsible for monitoring and reporting on GitLab’s compliance with various security frameworks and standards and for providing GitLab customers with a high level of assurance around the security of GitLab Cloud Services, which is comprised of GitLab.com and GitLab Dedicated.
To help ensure that user information is protected, we employ a range of administrative, technical, and physical security controls. For more information on our security practices, please see our Technical and Organizational Security Measures for GitLab Cloud Services.
We maintain various security certifications covering GitLab Cloud Services, including ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019. In FY24, we expanded our compliance portfolio to include a SOC 2, Type II report for GitLab Dedicated and added TISAX AL-2 certification for GitLab Cloud Services.
In January 2024, we enhanced customer access to assurance resources with the launch of the updated GitLab Trust Center. The Trust Center provides a single, unified location for communicating our compliance and assurance credentials, hosting our security and privacy documentation for customer consumption, sharing important notices, and hosting our internal knowledge base where customers can readily access the same answers we provide in questionnaire responses. This self-service approach not only provides customers with increased visibility of critical information but also enables them to accomplish security and risk reviews quickly and efficiently.
Cybersecurity
GitLab’s cybersecurity program was designed in alignment with industry standards and recognized best practices to identify, assess, and manage material risks from cybersecurity threats. Identified risks are assessed for criticality, prioritized for remediation, and reported by GitLab’s security teams to various levels of our management. Our global incident response team iteratively evaluates security events for impact, using both qualitative and quantitative factors. Security incidents that are assessed as potentially material are escalated to designated members of our senior management and Board, as applicable.
Our security program also accounts for potential cybersecurity risks associated with third parties with whom we do business. These risks are continually assessed throughout the vendor lifecycle, from onboarding to offboarding. We also engage in continuous monitoring of our cybersecurity risks and perform security assurance activities via independent, external third parties such as consultants, auditors, and assessors during our robust security certification audits, penetration tests, and bug bounty programs.
The Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. Management is responsible for and regularly discusses identifying, assessing, and managing material cybersecurity risks on an ongoing basis through programs led by the Chief Information Security Officer, the Chief Legal Officer, and the Chief Financial Officer.
For more information, see our FY24 Form 10-K and our GitLab Trust Center.
Data Privacy
GitLab is fully committed to protecting the personal data of its customers, team members, suppliers, and other stakeholders in accordance with global comprehensive data privacy laws. We take the privacy of personal data very seriously and have initiated a variety of methods and controls so that we know what data we collect and hold and that it is protected appropriately.
Our Privacy Statement provides details on how we collect, share, use, and protect personal information and on the choices that customers and users have regarding their personal data. Users also have the right to access, correct, restrict, or delete personal data and to port personal data to another company. Although legal and regulatory requirements related to data privacy may vary by jurisdiction, GitLab provides users with the same rights and choices no matter where they live. For more information on our privacy practices, see our Privacy Statement.
The Privacy Team (part of GitLab’s Legal and Corporate Affairs Team) provides support and guidance to uphold consistent business processes around the protection of personal data. Privacy Team members collaborate cross-functionally and serve as advocates to ensure that the data privacy practices of GitLab meet the needs of our cross-functional partners and are continually balanced with an ever-changing global data privacy and protection landscape.
The GitLab Data Classification Standard defines data categories and provides a matrix of security and privacy controls for the purposes of determining the level of protection to be applied to GitLab data throughout its lifecycle.
As part of our commitment to privacy, GitLab ensures that, where appropriate, projects and personal data processing activities are subject to Privacy Reviews and a Data Protection Impact Assessment (DPIA) as key components of a ‘Privacy by Design’ approach.
Responsible Product Development
GitLab’s product mission is to consistently create products and experiences that users love and value. We believe this includes our responsibility to design inclusive products that aim to provide access to content and functionality that enables consumption and contribution from everyone. Our product principles guide us in developing products consistent with the approach of other world-class product organizations.
We strive to set an example by empowering our wider GitLab community to build and work with the highest levels of security through our DevSecOps platform. This extends to how we are incorporating artificial intelligence (AI) and continuously evolving the platform to enable secure, responsible development.
Responsible AI
GitLab is dedicated to responsibly building artificial intelligence (AI) into and throughout our comprehensive DevSecOps platform. We offer GitLab Duo, a full suite of AI capabilities across the GitLab platform so that our customers can ship better, more secure software faster. GitLab Duo follows a privacy- and transparency-first approach to help customers confidently adopt AI while keeping their valuable assets protected.
As we work to integrate new AI-powered features into the platform, we do not simply adopt the latest advancements for their own sake. Instead, we take a strategic, intentional approach, ensuring that the features we add have a clear purpose, appropriate controls, and safeguards to protect users’ data. This includes a policy not to use customers’ or users’ AI inputs to train any language models without their instruction or prior consent.
In early 2024, we launched the GitLab AI Transparency Center to enable our customers to confidently unlock the enormous potential of AI and emphasize our customer-centric approach to responsible AI development and deployment. The AI Transparency Center currently includes GitLab’s AI Ethics Principles for Product Development, AI Continuity Plan, and AI features documentation. The principles and policies in our AI Transparency Center govern how we responsibly select AI models to use based on an extensive model evaluation process. The launch of the center was a cross-functional effort led by the Legal and Corporate Affairs (LACA) team in partnership with the Product, Security, and Marketing teams.
Security and Governance
Our commitment to responsible product development also encompasses how we support customers in ensuring security and responsibility throughout the software development lifecycle. GitLab’s security and governance capabilities include a wide range of controls, such as automatic scanning of project dependencies for security vulnerabilities, license compliance, and other risks; vulnerability management and security scanning; security and compliance policies; and comprehensive anti-abuse tools. In FY24, we introduced several enhancements, including support for custom roles, expanded security policies, improved security scanner accuracy, and support for group-level dependency lists for centralized dependency management.
Continuous Integration and Delivery
The incorporation of end-to-end continuous integration and delivery (CI/CD) features in GitLab supports the default integration of best practices, empowering users to focus on developing code with speed, security, and quality in mind. This includes automated code testing capabilities that make software development easier, faster, and less risky for developers.
In FY24, we continued to enhance GitLab’s CI/CD offering with new features such as components, preconfigured CI/CD files that automate the process of building, testing, and deploying software applications, and expanded runner machine types to enable faster CI/CD pipelines. We also improved key GitLab features such as variables and secrets, helping users make more informed decisions about their data and application security while also supporting the best practices in design and secure workflows.
Business Ethics
GitLab is committed to the highest standards of legal and ethical business conduct. It has long operated its business consistent with operating principles and policies that reinforce this commitment. GitLab complies with all laws and regulations that are applicable to its activities and expects all team members to adhere to our ethical standards and legal and regulatory obligations. These expectations are reflected and reinforced by our Code of Business Conduct and Ethics (“Code of Conduct”) and various supporting policies, procedures, and other resources (collectively, “Compliance Standards”).
In FY24, we centralized our compliance efforts. The Ethics and Compliance Program, is designed to help GitLab team members maintain its culture of compliance and to promote ethical decision-making by:
- Ensuring that Compliance Standards are current, easy to find, and widely available to team members;
- Monitoring the regulatory landscape for developments and updating our policies, as necessary, to maintain compliance with applicable laws and regulations;
- Educating our team members on our policies and reporting avenues through training, awareness initiatives, and other outreach efforts;
- Providing guidance and resolving related inquiries involving, for example, conflicts of interests and gifts and entertainment; and,
- Encouraging and facilitating appropriate risk assessment, due diligence, and remediation to deter, detect, and address unlawful, unethical, and discriminatory conduct.
Board Oversight
The Board, through its Audit Committee, is responsible for administering the Code of Conduct, and for addressing material issues and risks concerning Compliance Standards and applicable laws and regulations. The Audit Committee has delegated day-to-day responsibility for administering and interpreting the Code of Conduct to GitLab’s Chief Legal Officer.
Team Member Responsibilities
Each team member is responsible for reading, understanding, and ultimately complying with GitLab’s Compliance Standards. Team members are expected to deal honestly, ethically, and fairly with customers, partners, suppliers, competitors, and other third parties. GitLab expressly prohibits team members from violating applicable laws and regulations, and any team member who does so may face disciplinary action, up to and including dismissal (subject to local law). To memorialize and reinforce GitLab’s expectations, we require each team member to review and acknowledge our Code of Conduct on an annual basis.
Team members are educated on GitLab’s policies and procedures and related laws and regulations through continuous training, both at onboarding and throughout the year, and awareness campaigns. Team members are encouraged to ask questions about our policies and seek guidance when necessary through various avenues, including a Slack channel dedicated to ethics and compliance.
Reporting of Concerns and Violations
GitLab strives to foster a work environment in which ethical issues and concerns may be raised and discussed with supervisors or others without fear of retribution. If a team member becomes aware of a suspected or actual violation of law, regulation, or GitLab Compliance Standards, they have a responsibility to promptly report their concern in accordance with GitLab’s Whistleblower Policy and Code of Conduct.
GitLab offers team members a variety of ways to report suspected or actual violations. Team members may raise their concerns orally or in writing to their direct supervisor or manager, to GitLab’s Chief Legal Officer, or to the Audit Committee.
At any time, team members may also submit reports using EthicsPoint, a GitLab-provided tool that is available 24 hours a day and allows for anonymous reporting about conduct addressed in the Code of Business Conduct and Ethics. Reports to EthicsPoint can be submitted using a toll-free hotline or through the EthicsPoint website. In addition to EthicsPoint, GitLab has engaged Lighthouse Services to provide an anonymous hotline for team members to submit reports involving team member relations.
GitLab treats all reports seriously. Notification of reports submitted via EthicsPoint is automatically provided to the Chief Legal Officer and Chairperson of the Audit Committee and those reports are promptly and thoroughly investigated by qualified personnel at the direction of the Chief Legal Officer, as appropriate. Reports involving team member relations are reported to the People Group team.
Partner Ethics
GitLab’s commitment to legal and ethical conduct extends to its suppliers, contractors, resellers, agents, and consultants (collectively, “Partners”). GitLab expects all Partners, their employees, sub-suppliers, and any other party involved in the execution of GitLab work to comply with all applicable laws, regulations, and the standards set forth in GitLab’s Partner Code of Ethics, which includes standards relating to ethical conduct, including human rights and labor, health and safety, bribery and corruption, environmental impacts, and more.
Appendix
Contact
For questions regarding GitLab’s ESG report and data, please contact ESG@GitLab.com.
Forward-Looking Statements
This report contains forward-looking statements within the meaning of the federal securities laws. These statements involve assumptions and are subject to known and unknown risks and uncertainties that could cause actual results to differ materially from those discussed or anticipated. For a complete discussion of risk associated with these forward-looking statements in our business, please refer to our SEC filings, including our most recent quarterly report on Form 10-Q and our most recent annual report on Form 10-K.
Our forward-looking statements are based upon information currently available to us. We caution you to not place undue reliance on forward-looking statements, and we undertake no duty or obligation to update or revise any forward-looking statement, or to report any future events, or circumstances or to reflect the occurrence of unanticipated events.
Additionally, this presentation contains information related to upcoming features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned during the presentation are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab.
Previous ESG Reports
d9ba808e
)