Security Interlock
What We Do
The Security Division’s dogfooding of GitLab security features isn’t just a company practice; it’s a strategic imperative. When we use our own security products internally, we identify usability challenges before our customers encounter them, and we deliver a more compelling go-to-market narrative that inspires trust and confidence in our solutions. Our firsthand experience informs product roadmaps and prioritization decisions, bridging the gap between theoretic functionality and practical implementation. GitLab’s Security Division is a canary for enterprise security team needs. If we can’t use our own security features effectively, our customers likely can’t either.
Beyond simply testing existing features, Security, Engineering, and Product actively partner to co-create security capabilities directly within the GitLab platform. This co-creation approach ensures that real-world security functionality and risk mitigation controls — developed by security practitioners for security practitioners — become core elements of the product. By directly integrating our security expertise and requirements into GitLab, we deliver practical solutions that address enterprise security challenges.
While GitLab has always emphasized dogfooding and cross-functional collaboration, we’re increasing our focus and formalizing these efforts in FY26.
Security Interlock Workstreams
In FY26, we are executing on our Security Interlock vision by launching three distinct, parallel workstreams.
| Workstream Name | Workstream Description |
|---|---|
| Customer Zero | Security’s collaboration throughout the development and launch of new features, including requirements delivery, validation of intended functionality and mockups, and alpha/beta testing |
| Dogfooding Existing Features | Ensuring Security’s ability to reliably use and derive value from existing features |
| Security Product Co-Creation, also known internally as Project Recursion | Direct contributions of security features, paved paths, and guardrails to the GitLab platform from the Security Division using the Co-Create Process |
We’re actively formalizing these workstreams now. We are intentionally starting small with 1-2 target features for each to refine our collaborative interfaces before scaling our efforts.
Key Drivers
The Security Interlock Initiative will have 3 designated leaders:
- The Security Platforms & Architecture team will represent on behalf of the Security Division.
- A Product DRI from the Sec Section.
- An Engineering DRI from the Sec Section.
While all Security Teams will continue to pilot applicable features and provide feedback, this leadership structure will create clear channels for communication and accountability. The goal is to streamline our collaborative efforts, ensure that consolidated, actionable feedback reaches product teams efficiently, and facilitating coordinated development of security features that address real-world needs. By centralizing these interactions, we can better validate requirements, dogfood existing functionality, and contribute security capabilities through a cohesive, cross-functional partnership.
072784e4)
