Public Sector Go To Market

Public Sector Message House

Booth Messaging / Tagline

  • Secure the Speed to Mission. Deliver more secure code faster and better.

Positioning Statement

For government agencies whose existing DevSecOps solution prevents their secure speed to mission. GitLab enables you to deliver secure software, automate the end-to-end DevSecOps experience, and empower collaboration between teams. We do this by embedding security (secure by design), automating software factory deployment, and increasing the speed of code deployment so that you can secure the speed to mission. This is underpinned by robust security scanning embedded within continuous integration (CI), automated requirements, and enterprise Agile planning where everyone can contribute.

Short Description

GitLab empowers government agencies to deliver secure software so they are successful with their digital transformation efforts to protect communities - securing the speed to mission.

Long Description

Government agencies strive to serve the public by providing optimal experiences to their communities. One way to do this is a successful digital transformation ensuring software is secure, manual processes are minimized, and there is collaboration between teams and vendors.

GitLab supports your digital transformation because it is secure by design, reduces manual processes, and empowers collaboration to provide a positive civilian experience.

GitLab, The One DevSecOps platform, is for software users in government agencies, enabling them to deliver secure software faster, automate software factory deployment, and empower collaboration to serve the public - securing the speed to mission.

Positioning Strategy

Competitive Alternatives

  • GitHub
  • Fortify
  • SonarQube

Unique Attributes

  • Complete SDLC with embedded security in one platform
  • Shift security left to automate security scanning and compliance adherence across the SDLC
  • Cloud neutral
  • Everyone can contribute at every development stage

Value

  • Allow developers to see, track and fix the vulnerabilities earlier in the software development lifecycle
  • Security guardrails to prevent vulnerable code from making it into production
  • Connects with AWS, Google Cloud, Azure, + more
  • Increase code deployment (up to 200% faster)

Who Cares A Lot

  • See target audience below

Messaging Framework

Target Audience

_User personas*

  • Application Ops - Alternative Job Titles: DevOps engineer, Lead developer, Site Reliability Engineer, AppSec Engineer
  • Program Managers - Alternative Job Titles: Compliance Program Manager, Audit Report Analyst, Audit Events Analyst
  • Contracting Officer

Buyer personas

  • DevOps Leader
  • Chief Technology Officer (CTO)
  • Chief Information Officer (CIO)
  • Chief Information Security Officer (CISO)
  • Procurement / Contracting Officer
  • Application Development Director
  • Admin / Finance Operations
  • Compliance / Legal

Unifying Message

GitLab secures your speed to mission by addressing elements to stay ahead of threat vectors, automating the end-to-end DevSecOps experience, and empowering collaboration between teams and vendors. With development, operations, security, and compliance processes embedded within a single DevSecOps platform and aligning to the Improving the Nation’s Cybersecurity Executive Order, GitLab helps you achieve a secure and successful digital transformation - without compromising your speed to mission.

Pain Point 1: How do we stay ahead of threat vectors to ensure we are securing the mission?

Solution: GitLab, secure by design, supports a proactive security strategy where vulnerabilities are discovered earlier (shift left) in the Software Delivery Lifecycle (SDLC) thus positioning you to be secure by design also. Your are empowered to design a secure SDLC because we embed security and compliance within the end-to-end DevSecOps workflow, and application vulnerabilities are continuously addressed before code ships, helping you to understand and manage risk while aligning to NIST and CISA guidance. GitLab is vendor and deployment-neutral, addressing elements to stay ahead of threat vectors; such as a zero trust framework, for securing the software supply chain, automated creation of a software bill of materials (SBOM), and Infrastructure as Code security scanning, and support for security scanning in Offline or Limited Connectivity Environments.

Value Prop Pillars:

  • Security scanning: Find vulnerabilities sooner in the SDLC with static application security testing (SAST), dynamic application security testing (DAST), secret detection, and license compliance verification.
  • Automated unit testing, code quality, and fuzz testing: Automated capabilities can run on every code commit helping to prevent coding flaws.
  • Offline environments: Run security scans when not connected to the internet addressing cloud-native attack surfaces without getting in the way of rapid development and with fewer tools to manage.
  • Policy Management: Teams can create, maintain, and track every contribution to their software packages in a single repository with source code management.
  • Optimized Workflows: Verifying code commits and releases can be challenging. GitLab helps protect source code from tampering and unauthorized contributions via source code management, protected branches, commit signatures, advanced code review capabilities, and merge approvals with hardened containers.
  • Container Scanning: Vulnerabilities are automatically exposed and displayed in a merge request to helping to address them faster and more efficiently.
  • SBOM: Dependency scanning, embedded in GitLab, automatically generates an SBOM while identifying vulnerabilities in operating systems, containers, and packages. Vulnerabilities are triaged and remediated earlier in the process with solutions suggested to guide developers to a fix. Then they are automatically added to the dependency list (SBOM). This information is available for every commit rather than at the end of the software development lifecycle. Also, SBOM workflows allow users to secure the software supply chain and development environment plus easily identify software dependencies in one DevOps platform.
    • Vulnerabilities are listed to provide clarity by including dependencies.
    • Quick click issue creation drives simplified remediation workflows.
    • When presented in a merge request (MR), view and triage them before the code is committed to the mainline.
  • Safeguarding environments: Maintain a secure platform throughout the process with role-based permissions models, lightweight directory access protocol (LDAP), single sign-on (SSO), and multi-factor authentication (MFA) support. Policy management, audits, and zero trust continuously validate every interaction.
  • Continuous Software Compliance: Significantly reduce the time to achieve Authority to Operate (ATO) with continuous automation of compliance management.
  • FIPS 140-2: GitLab can be run in a FIPS-compliant manner and is FIPS 140-2 compliant.

Key Messages: Secure by design: Your SDLC is secure by design discovering vulnerabilities earlier helping you to shift left.

Pain Point 2: How do we overcome manual processes, dated policies, and aging technology…?

Pain Point 2: How do we overcome manual processes, dated policies, and aging technology to achieve automated software factory deployment?

Solution: GitLab with end-to-end DevSecOps workflows is built on a single codebase enabling software development that eliminates the digital duct tape inefficiencies so you can accelerate the delivery of critical capabilities.

A software factory that accelerates the delivery of critical capabilities with flexible, automatic business, development, operations, and security requirements and workflows in one DevSecOps platform speeding up Authority to Operate (ATO). Slow manual processes are eliminated, what once took months to produce is now developed, tested, and in a citizen’s hands in days/weeks.

GitLab is cloud-neutral—connecting with AWS, Google Cloud, Azure, and beyond—so IT leaders and developers know it will work seamlessly with other investments now and in the future further enabling the digital transformation journey.

Value Prop Pillars:

  • Automated Software Delivery: Shortened lead times from code to production reduces error frequency and severity and helps to deploy more frequently. This delivers more business value more often with less effort helping to accelerate the delivery of critical capabilities in one platform, speeding up ATO.
  • Remote Delivery, Collaborative Workflow Management, and Observability: Agile project management, distributed version control based on Git, and automated CI/CD for an easy-to-deploy and manage software factory.
  • Artifact Generation: Users can take advantage of endless automation for artifact generation that is easily collected as a central standard source for remediation.

Key Messages: Automate software factory deployment: Deploy an easy-to-manage software factory quickly to build, test, and deliver applications

Pain Point 3: How do we encourage collaboration between teams and vendors…?

Pain Point 3: How do we encourage collaboration between teams and vendors while promoting employee retention?

Solution: GitLab supports public sector missions and enables collaboration between teams and vendors with multi-system integrations. Everyone can contribute at every development stage - Plan, Create, Verify, Secure, Package, Release, Configure, Monitor, Protect, and Manage within one DevSecOps platform. The embedded security, frequent update cycle, and agile project management provide visibility within the SDLC with end-to-end traceability dramatically accelerating the speed to mission — increasing code deployment by up to 200%. GitLab also increases user adoption and employee retention enabling organizations to do more for citizens, peacekeepers, students, and the public sector workforce.

GitLab intimately understands the evolving challenges of software development for mission success and is designed to empower government employees, developers, and vendors to build remotely—or wherever they’re most efficient. GitLab is a pioneer in remote work, recognizing it as an advantage that enables progress.

Value Prop Pillars:

  • Agile project management: GitLab enables teams to apply Agile practices and principles to organize and manage their work, whatever their chosen methodology within one platform for the complete DevOps lifecycle.
  • [Visibility level(https://docs.gitlab.com/ee/development/permissions.html#general-permissions)]: Set the visibility levels from Public, Internal to Private for your groups and projects.
  • Low-to-high-side development is supported so agencies can work with the most talented developers across the country.

Key Messages: Empowering the mission: GitLab empowers collaboration between teams and vendors to come together and focus on the mission.

Competitive Differentiators: Same as Unique Attributes listed above:

  • Complete SDLC with Embedded security in one platform
  • Shift security left by automating security scanning and compliance adherence across the SDLC
  • Cloud neutral
  • Everyone can contribute at every development stage

Proof Points/Customer References: Secure by design:

  • Posted on LinkedIn by a user who was part of Department of Defense - GitLab generates an SBOM automatically when you enable the GitLab Dependency Scanning in your .gitlab-ci.yml file. It’s a one-liner to turn this on. It’s as close to an ⒺⒶⓈⓎ button as you can get these days.

Automate software factory deployment:

Empowering the mission:

GitLab is 100% remote and helps to foster collaborative environments. It has been recognized by numerous awards, including as a Best Workplace by Inc. Magazine and a Top Small and Medium Workplace for Millennials by Fortune.

Use Cases

Secure by Design

  • Challenge: Increasing cyber-attacks and cybersecurity threats from internal and external entities
  • Solution: One DevSecOps Platform, secure by desig, enables you to secure your software supply chain staying ahead of threat vectors
  • Benefits: Remediate vulnerabilities before pushing to production with automated scanning earlier in the SDLC (shifting left), producing well-secured software

Software Factory

  • Challenge: Manual processes, dated policies, and aging technology prevent digital transformation
  • Solution: One DevSecOps Platform that automates, end-to-end DevSecOps workflows, manual, and repetitive tasks in the software delivery life cycle (SDLC)
  • Benefits: Deploy an easy-to-manage software factory improving velocity to build, test, and deliver applications

Low to High Development

  • Challenge: Collaboration is siloed with teams working in multiple isolated, classified, or air-gapped networks
  • Solution: One DevSecOps Platform with project export/import
  • Benefits: Streamlined processes and tools, seamless collaboration, control and visibility

GitOps

  • Challenge: Need to manage and automate infrastructure and application deployment, version control is not centralized, ops unable to iterate at pace of Dev
  • Solution: One DevSecOps Platform with GitOps functionality - on-prem, cloud, cloud neutral
  • Benefits: Increase agility in meeting customer demands of commercial cloud vendors capabilities (elasticity) while fostering visibility and collaboration across teams

SBOM (Software Bill of Materials)

  • Challenge: Weak software supply chain leads to security breaches and invisible security threats
  • Solution: One DevSecOps Platform with security embedded - pre-build dependency scanning for SBOM generation, vulnerability workflows, and speedy resolutions
  • Benefits: Insights into dependencies across transient structures, teams can expedite remediation activities with SBOM vulnerabilities displayed in the UI

ATO (Authority to Operate)

  • Challenge: The ATO process at the end of the SDLC adds unplanned and unscheduled work to delivery timelines
  • Solution: One DevSecOps Platform that automates compliance management to significantly reduce time to achieve ATO
  • Benefits: Accelerate the delivery of critical capabilities with flexible, automatic business, development, operations, and security workflows in one platform

SWOTT Analysis

Strengths

  • Empowers users to be collaborative which brings efficiency *Multiple functionalities align to NIST guidelines from Executive Order
  • Shift Left - vulnerabilities are discovered earlier in the SDLC with several security scanning processes - DAST, SAST, fuzz testing, secret detection, and more *Forrester recognition as a Leader for the Forrester CI Tools Wave
  • Hardened Container story/DoD software factory relationships *Low-to-high side DevOps (Cross-Domain DevOps)
  • Single application for entire DevOps lifecycle
  • Leader in CI & Cloud Native CI/Leading SCM/Optimized for k8s
  • Built-in continuous and automated security & compliance
  • Flexible hosting options/Software can be deployed anywhere
  • End-to-end insight and visibility
  • Open source
  • Enables rapid innovation
  • Provides collaborative and transparent CX

Weaknesses

  • Not FedRAMP authorized
  • Use cases where third party integration is needed to work with Kubernetes
  • More awareness is needed for the EO/NIST story
  • Lacking messaging and marketing assets for the different verticals within the Public Sector, i.e. SLED, Civilian, Intelligence, DOD

Opportunities

  • Federal government increased the 2022 budget by 11% to $10.9 billion for civilian cybersecurity actvities
  • Authorizations to grow in the sector:
    • Will be FIPS 140-2 in FY2023
    • Will be FedRAMP authorized
  • Continue to tell the story how GitLab aligns to NIST/EO - drumbeat the market
  • Built-in container registry and Kubernetes integration for easy containerization and cloud native development
  • Enablement of Digital Transformation
  • Continuing cloud modernization/Cloud Native and 100% cloud agnostic

Threats

  • Strong Microsoft environments tend to get free tools (GitHub) when they purchase the Cloud + Office
  • Strong preference is given to approved, incumbent solutions, i.e. Fortify and SonarQube
  • Microsoft/Google announced products/solution for NIST/EO
  • Lack of GitLab ability to maneuver fast enough to respond/competitors with FedRAMP authorization and EO/NIST alignmnent

Last modified October 30, 2024: Fix broken links (39532aab)