[{"data":1,"prerenderedAt":844},["ShallowReactive",2],{"/en-us/blog/4-ways-to-accelerate-embedded-development-with-gitlab":3,"navigation-en-us":44,"banner-en-us":465,"footer-en-us":475,"blog-post-authors-en-us-Matt DeLaney|Darwin Sanoy":716,"blog-related-posts-en-us-4-ways-to-accelerate-embedded-development-with-gitlab":746,"blog-promotions-en-us":781,"next-steps-en-us":834},{"id":4,"title":5,"authorSlugs":6,"authors":9,"body":12,"category":13,"categorySlug":13,"config":14,"content":18,"date":27,"description":19,"extension":28,"externalUrl":29,"featured":17,"heroImage":21,"isFeatured":17,"meta":30,"navigation":31,"path":32,"publishedDate":27,"rawbody":33,"seo":34,"slug":16,"stem":38,"tagSlugs":39,"tags":42,"template":15,"updatedDate":29,"__hash__":43},"blogPosts/en-us/blog/4-ways-to-accelerate-embedded-development-with-gitlab.md","4 ways to accelerate embedded development with GitLab",[7,8],"matt-delaney","darwin-sanoy",[10,11],"Matt DeLaney","Darwin Sanoy","Software in embedded systems is no longer just a part number — it's a critical differentiator. This shift has led to enormous complexity in the firmware running in our cars, airplanes, and industrial machines. The number of lines of code in the average car is expected to reach [650 million](https://www.statista.com/statistics/1370978/automotive-software-average-lines-of-codes-per-vehicle-globally/) by the end of 2025, up from 200 million just five years ago. In aerospace systems, the complexity of embedded software has nearly [doubled every four years](https://www.mckinsey.com/industries/aerospace-and-defense/our-insights/debugging-the-software-talent-gap-in-aerospace-and-defense) for the last several decades. \n\nTraditional embedded development approaches cannot effectively handle the software challenges of modern machines. This shortcoming slows engineers down, in part, by exacerbating challenges such as: \n\n* [Hardware testing bottlenecks](#challenge-1-hardware-testing-bottlenecks) \n* [Inconsistent build environments](#challenge-2-inconsistent-build-environments)\n* [Siloed development practices](#challenge-3-siloed-development-practices)\n* [Manual functional safety compliance processes](#challenge-4-manual-functional-safety-compliance-processes)\n\nEmbedded developers need a new approach to deal with the rapid increase in code. In this article, we’ll explain four ways you can use the GitLab AI-native DevSecOps platform to shorten feedback loops, work collaboratively and iteratively, and streamline compliance.\n\n## Challenge 1: Hardware testing bottlenecks\n\nUnlike enterprise software that can run on virtually any cloud server, embedded automotive software must be tested on specialized hardware that precisely matches production environments. Traditional hardware-in-the-loop (HIL) testing processes often follow this pattern:\n\n1. Developers write code for an embedded system (e.g., an electronic control unit)  \n2. They request access to limited, expensive hardware test benches (costing $500,000-$10M each)  \n3. They wait days or weeks for their scheduled access window  \n4. They manually deploy and test their code on physical hardware at their desks  \n5. They document results, pass the hardware to the next developer, and go to the back of the hardware testing queue\n\nThis process is extremely inefficient. Embedded developers may finish writing their code today and wait weeks to test it on a hardware target. By then, they've moved on to other tasks. This context switching drains productivity. Not only that, developers may wait weeks to learn they had a simple math error in their code. \n\n### Solution: Automated hardware allocation and continuous integration\n\nYou can streamline hardware testing through automation using the [GitLab On-Premises Device Cloud](https://gitlab.com/guided-explorations/embedded/ci-components/device-cloud), a CI/CD component. This lets you automate the orchestration of scarce hardware resources, turning a manual, time-intensive process into a streamlined, continuous workflow.\n\nThe On-Premises Device Cloud:\n\n1. Creates pools of shared hardware resources  \n2. Automatically — and exclusively — allocates hardware to a developer’s hardware testing pipeline tasks based on availability  \n3. Deploys and executes tests without manual intervention  \n4. Collects and reports results through integrated pipelines  \n5. Automatically deallocates hardware back into the “available” pool\n\nAfter submitting code, you’ll receive results in hours instead of days, often without ever physically touching the test hardware.\n\nWhat this video for an introduction to the GitLab On-Premises Device Cloud CI/CD Component to orchestrate the remote allocation of shared hardware for HIL:\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/ltr2CIM9Zag?si=NOij3t1YYz4zKajC\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\nYou can also adopt multi-pronged testing strategies that balance speed and quality. Bring the following embedded test patterns and environments into automated GitLab CI pipelines:\n\n* **Software-in-the-loop (SIL):** Testing on virtual hardware simulators for quicker initial feedback  \n* **Processor-in-the-loop (PIL):** Testing on representative processor hardware for faster feedback at a lower cost  \n* **Hardware-in-the-loop (HIL):** Testing on full production-equivalent hardware and test benches for late-stage verification\n\nBy automating the orchestration of these tests within CI pipelines, you’ll be able to identify issues earlier, iterate faster, and accelerate time to market.\n\n## Challenge 2: Inconsistent build environments\n\nAnother significant challenge in embedded development is build environment inconsistency. Embedded developers often manually execute builds on their local machines with varying configurations, compiler versions, and dependencies. Then they’ll paste the binaries from their local build to a shared codebase.\n\nThis approach creates several problems:\n\n* **Inconsistent outputs:** Builds for the same source code produce different results on different machines  \n* **\"Works on my machine\" syndrome:** Code that builds locally fails in shared environments  \n* **Poor traceability:** Limited audit trail of who built what and when  \n* **Knowledge silos:** Build expertise becomes concentrated in a few individuals\n\nThis approach can lead to errors, bottlenecks, and costly delays. \n\n### Solution: Standardized build automation\n\nYou can address these challenges by implementing standardized build automation within CI/CD pipelines in GitLab. This approach creates consistent, repeatable, container-based build environments that eliminate machine-specific variations. Through the use of special Embedded Gateway Runner provisioning scripts, containers can interface with hardware for flashing and port monitoring for automated testing.\n\nKey elements of this solution include:\n\n* **Lifecycle managed environments:** Define complex embedded simulation environments as code; automatically deploy environments for testing and destroy them afterward  \n* **Containerization:** Use Docker containers to ensure identical build environments  \n* **Automated dependency management:** Control and version all dependencies  \n* **Central build execution:** Run builds on shared infrastructure rather than local machines\n\n> Follow this tutorial to learn [how to automate embedded software builds within a GitLab CI pipeline](https://gitlab.com/guided-explorations/embedded/workshops/embedded-devops-workshop-refactoring-to-ci/-/blob/main/TUTORIAL2.md%20).\n\nBy standardizing and automating the build process, you can ensure that every build follows the same steps with the same dependencies, producing consistent outputs regardless of who initiated it. This not only improves quality but also democratizes the build process, enabling more team members to participate without specialized knowledge.\n\n## Challenge 3: Siloed development practices\n\nEnterprise development teams have widely adopted collaborative practices such as DevOps, underpinned by shared source code management (SCM) and continuous integration/continuous delivery (CI/CD) systems. Embedded developers, on the other hand, have historically worked alone at their desks. There are valid technical reasons for this. \n\nFor example, consider hardware virtualization, which is a key enabler of DevOps automation. The industry has been slower to virtualize the massive range of specialized processors and boards used in embedded systems. This is due in large part to the difficulties of virtualizing production real-time systems and the associated lack of economic incentives. Compare that to cloud virtualization which has been commoditized and benefited enterprise SaaS development for over a decade.\n\nMany providers are now embracing virtualization-first for the sake of speeding up embedded development. If teams fail to adopt virtual testing options, however, their silos will remain and negatively impact the business through: \n\n* **Knowledge fragmentation**: Critical insights remain scattered across individuals and teams  \n* **Redundant development**: Multiple teams solve identical problems, creating inconsistencies  \n* **Late-stage discovery during big-bang integrations**: Problems are found late in the process when multiple developers integrate their code at once, when errors are more costly to fix  \n* **Stifled innovation**: Solutions from one domain rarely influence others, hampering the development of new product ideas\n\n### Solution: Collaborative engineering through a unified platform\n\nAn important step in breaking down these silos is to standardize embedded development around GitLab’s unified DevSecOps platform. In this regard, GitLab is aligned with the shift of embedded systems toward more consolidated, shared platforms on embedded devices. GitLab enables:\n\n* **Shared visibility:** Make all code, Issues, and documentation visible across teams  \n* **Collaborative workflows:** Enable peer review and knowledge sharing through merge requests  \n* **Centralized knowledge:** Maintain a single source of truth for all development artifacts  \n* **Asynchronous collaboration:** Allow teams to work together across different locations and time zones\n\nHuman-AI agent collaboration is a fundamental ingredient to fueling the customer-facing innovations that digital natives and established embedded brands desire. GitLab enables human-AI collaboration as well. By creating transparency across the development lifecycle, GitLab changes embedded development from an isolated activity to a collaborative practice. Engineers can see each other's work in progress, learn from collective experiences, and build upon shared solutions.\n\nWatch this presentation from Embedded World Germany 2025, which explains the power of embedded developers collaborating and sharing “work in progress”. The demo portion from 24:42 to 36:51 shows how to integrate HIL into a GitLab CI pipeline and enable collaborative development.\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/F_rlOyq0hzc?si=eF4alDY6HK98uZPj\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\nPerhaps most importantly, by achieving greater collaboration through DevSecOps, teams can unlock embedded systems innovations that would otherwise remain hidden. Indeed, collaboration fuels innovation. [One study](https://www.sciencedirect.com/science/article/abs/pii/S0749597800928887), for example, found that group brainstorming, when properly structured, can lead to more innovative and creative outcomes than individuals working alone. Collaborative development is crucial in the race to develop software-defined products. \n\n## Challenge 4: Manual functional safety compliance processes\n\nEmbedded systems in the automotive and aerospace industries must comply with rigorous functional safety standards, including ISO 26262, MISRA C/C++, DO-178C, and DO-254. Traditional compliance approaches involve manual reviews, extensive documentation, and separate verification activities that occur late in the development cycle. This often creates security review bottlenecks. When specialized embedded security and code quality scanners detect vulnerabilities in a developer’s code, the scan issue gets added to a pile of other issues that haven’t been resolved. Developers can’t integrate their code, and security personnel need to wade through a backlog of code violations. This creates delays and makes compliance more difficult. \n\nSome of the challenges can best be summed up as: \n\n* **Late-stage compliance issues**: Problems discovered after development is complete  \n* **Documentation burden**: Extensive manual effort to create and maintain compliance evidence  \n* **Process bottlenecks**: Serial compliance activities that block development progress  \n* **Expertise dependence**: Reliance on limited specialists for compliance activities\n\nAs a result, teams often need to choose between velocity and compliance — a precarious trade-off in safety-critical systems.\n\n### Solution: Automated functional safety compliance workflow building blocks\n\nRather than treating security and compliance as post-development verification activities, you can codify compliance requirements and enforce them automatically through [customizable frameworks in GitLab](https://about.gitlab.com/blog/introducing-custom-compliance-frameworks-in-gitlab/). To do this for functional safety standards, in particular, you can integrate GitLab with specialized embedded tools, which provide the depth of firmware scanning required by functional safety standards. Meanwhile, GitLab provides automated compliance checks, full audit trails, and merge request gating — all features needed to support a robust continuous compliance program. \n\nThis integrated approach includes:\n\n* **Compliance-as-code:** Define compliance requirements as automated checks  \n* **Integrated specialized tools:** Connect tools like CodeSonar into the DevSecOps platform for automotive-specific compliance  \n* **Continuous compliance verification:** Verify requirements throughout development  \n* **Automated evidence collection:** Gather compliance artifacts as a by-product of development\n\nWatch this video to learn how to use Custom Compliance Frameworks in GitLab to create your own compliance policies. You can create compliance policies related to any standard (e.g., ISO 26262) and automatically enforce those policies in GitLab.\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/S-FQjzSyVJw?si=0UdtGNuugLPG0SLL\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\nBy shifting compliance left and embedding it within normal development workflows, you can maintain safety standards without sacrificing velocity. Automated checks catch issues early when they're easier and less expensive to fix, while continuous evidence collection reduces the documentation burden.\n\n## Realizing the power of embedded DevOps\n\nEmbedded development is changing fast. Teams that remain stuck in manual processes and isolated workflows will find themselves increasingly left behind, while those that embrace automated, collaborative practices will define the future of software-defined smart systems.\n\nExplore our [Embedded DevOps Workshop](https://gitlab.com/guided-explorations/embedded/workshops/embedded-devops-workshop-refactoring-to-ci) to start automating embedded development workflows with GitLab, or [watch this presentation from GitLab's Field Chief Cloud Architect](https://content.gitlab.com/viewer/0a35252831bd130f879b0725738f70ed) to learn how leading organizations are bringing hardware-in-the-loop testing into continuous integration workflows to accelerate embedded development.\n\n## Learn more\n\n- [Why GitLab Premium with Duo for embedded systems development?](https://content.gitlab.com/viewer/438451cba726dd017da7b95fd0fb1b59)\n- [Why GitLab Ultimate with Duo for embedded systems development?](https://content.gitlab.com/viewer/87f5104c26720e2c0d73a6b377522a44)\n- [More embedded development systems presentations from GitLab](https://content.gitlab.com/viewer/e59c40099d5e3c8f9307afb27c4a923f)","product",{"template":15,"slug":16,"featured":17},"BlogPost","4-ways-to-accelerate-embedded-development-with-gitlab",false,{"title":5,"description":19,"authors":20,"heroImage":21,"tags":22,"category":13,"date":27,"body":12},"Learn how automated hardware testing, standard builds, collaborative workflows, and integrated compliance eliminate bottlenecks in firmware development.",[10,11],"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659756/Blog/Hero%20Images/REFERENCE_-_display_preview_for_blog_images.png",[23,24,25,26],"DevSecOps platform","tutorial","features","embedded DevOps","2025-06-05","md",null,{},true,"/en-us/blog/4-ways-to-accelerate-embedded-development-with-gitlab","---\nseo:\n  title: 4 ways to accelerate embedded development with GitLab\n  description: >-\n    Learn how automated hardware testing, standard builds, collaborative\n    workflows, and integrated compliance eliminate bottlenecks in firmware\n    development.\n  ogTitle: 4 ways to accelerate embedded development with GitLab\n  ogDescription: >-\n    Learn how automated hardware testing, standard builds, collaborative\n    workflows, and integrated compliance eliminate bottlenecks in firmware\n    development.\n  noIndex: false\n  ogImage: >-\n    https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659756/Blog/Hero%20Images/REFERENCE_-_display_preview_for_blog_images.png\n  ogUrl: >-\n    https://about.gitlab.com/blog/4-ways-to-accelerate-embedded-development-with-gitlab\n  ogSiteName: https://about.gitlab.com\n  ogType: article\n  canonicalUrls: >-\n    https://about.gitlab.com/blog/4-ways-to-accelerate-embedded-development-with-gitlab\ntitle: 4 ways to accelerate embedded development with GitLab\ndescription: Learn how automated hardware testing, standard builds, collaborative workflows, and integrated compliance eliminate bottlenecks in firmware development.\nauthors:\n  - Matt DeLaney\n  - Darwin Sanoy\nheroImage: https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659756/Blog/Hero%20Images/REFERENCE_-_display_preview_for_blog_images.png\ntags:\n  - DevSecOps platform\n  - tutorial\n  - features\n  - embedded DevOps\ncategory: product\ndate: '2025-06-05'\nslug: 4-ways-to-accelerate-embedded-development-with-gitlab\nfeatured: false\ntemplate: BlogPost\n---\n\nSoftware in embedded systems is no longer just a part number — it's a critical differentiator. This shift has led to enormous complexity in the firmware running in our cars, airplanes, and industrial machines. The number of lines of code in the average car is expected to reach [650 million](https://www.statista.com/statistics/1370978/automotive-software-average-lines-of-codes-per-vehicle-globally/) by the end of 2025, up from 200 million just five years ago. In aerospace systems, the complexity of embedded software has nearly [doubled every four years](https://www.mckinsey.com/industries/aerospace-and-defense/our-insights/debugging-the-software-talent-gap-in-aerospace-and-defense) for the last several decades. \n\nTraditional embedded development approaches cannot effectively handle the software challenges of modern machines. This shortcoming slows engineers down, in part, by exacerbating challenges such as: \n\n* [Hardware testing bottlenecks](#challenge-1-hardware-testing-bottlenecks) \n* [Inconsistent build environments](#challenge-2-inconsistent-build-environments)\n* [Siloed development practices](#challenge-3-siloed-development-practices)\n* [Manual functional safety compliance processes](#challenge-4-manual-functional-safety-compliance-processes)\n\nEmbedded developers need a new approach to deal with the rapid increase in code. In this article, we’ll explain four ways you can use the GitLab AI-native DevSecOps platform to shorten feedback loops, work collaboratively and iteratively, and streamline compliance.\n\n## Challenge 1: Hardware testing bottlenecks\n\nUnlike enterprise software that can run on virtually any cloud server, embedded automotive software must be tested on specialized hardware that precisely matches production environments. Traditional hardware-in-the-loop (HIL) testing processes often follow this pattern:\n\n1. Developers write code for an embedded system (e.g., an electronic control unit)  \n2. They request access to limited, expensive hardware test benches (costing $500,000-$10M each)  \n3. They wait days or weeks for their scheduled access window  \n4. They manually deploy and test their code on physical hardware at their desks  \n5. They document results, pass the hardware to the next developer, and go to the back of the hardware testing queue\n\nThis process is extremely inefficient. Embedded developers may finish writing their code today and wait weeks to test it on a hardware target. By then, they've moved on to other tasks. This context switching drains productivity. Not only that, developers may wait weeks to learn they had a simple math error in their code. \n\n### Solution: Automated hardware allocation and continuous integration\n\nYou can streamline hardware testing through automation using the [GitLab On-Premises Device Cloud](https://gitlab.com/guided-explorations/embedded/ci-components/device-cloud), a CI/CD component. This lets you automate the orchestration of scarce hardware resources, turning a manual, time-intensive process into a streamlined, continuous workflow.\n\nThe On-Premises Device Cloud:\n\n1. Creates pools of shared hardware resources  \n2. Automatically — and exclusively — allocates hardware to a developer’s hardware testing pipeline tasks based on availability  \n3. Deploys and executes tests without manual intervention  \n4. Collects and reports results through integrated pipelines  \n5. Automatically deallocates hardware back into the “available” pool\n\nAfter submitting code, you’ll receive results in hours instead of days, often without ever physically touching the test hardware.\n\nWhat this video for an introduction to the GitLab On-Premises Device Cloud CI/CD Component to orchestrate the remote allocation of shared hardware for HIL:\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/ltr2CIM9Zag?si=NOij3t1YYz4zKajC\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\nYou can also adopt multi-pronged testing strategies that balance speed and quality. Bring the following embedded test patterns and environments into automated GitLab CI pipelines:\n\n* **Software-in-the-loop (SIL):** Testing on virtual hardware simulators for quicker initial feedback  \n* **Processor-in-the-loop (PIL):** Testing on representative processor hardware for faster feedback at a lower cost  \n* **Hardware-in-the-loop (HIL):** Testing on full production-equivalent hardware and test benches for late-stage verification\n\nBy automating the orchestration of these tests within CI pipelines, you’ll be able to identify issues earlier, iterate faster, and accelerate time to market.\n\n## Challenge 2: Inconsistent build environments\n\nAnother significant challenge in embedded development is build environment inconsistency. Embedded developers often manually execute builds on their local machines with varying configurations, compiler versions, and dependencies. Then they’ll paste the binaries from their local build to a shared codebase.\n\nThis approach creates several problems:\n\n* **Inconsistent outputs:** Builds for the same source code produce different results on different machines  \n* **\"Works on my machine\" syndrome:** Code that builds locally fails in shared environments  \n* **Poor traceability:** Limited audit trail of who built what and when  \n* **Knowledge silos:** Build expertise becomes concentrated in a few individuals\n\nThis approach can lead to errors, bottlenecks, and costly delays. \n\n### Solution: Standardized build automation\n\nYou can address these challenges by implementing standardized build automation within CI/CD pipelines in GitLab. This approach creates consistent, repeatable, container-based build environments that eliminate machine-specific variations. Through the use of special Embedded Gateway Runner provisioning scripts, containers can interface with hardware for flashing and port monitoring for automated testing.\n\nKey elements of this solution include:\n\n* **Lifecycle managed environments:** Define complex embedded simulation environments as code; automatically deploy environments for testing and destroy them afterward  \n* **Containerization:** Use Docker containers to ensure identical build environments  \n* **Automated dependency management:** Control and version all dependencies  \n* **Central build execution:** Run builds on shared infrastructure rather than local machines\n\n> Follow this tutorial to learn [how to automate embedded software builds within a GitLab CI pipeline](https://gitlab.com/guided-explorations/embedded/workshops/embedded-devops-workshop-refactoring-to-ci/-/blob/main/TUTORIAL2.md%20).\n\nBy standardizing and automating the build process, you can ensure that every build follows the same steps with the same dependencies, producing consistent outputs regardless of who initiated it. This not only improves quality but also democratizes the build process, enabling more team members to participate without specialized knowledge.\n\n## Challenge 3: Siloed development practices\n\nEnterprise development teams have widely adopted collaborative practices such as DevOps, underpinned by shared source code management (SCM) and continuous integration/continuous delivery (CI/CD) systems. Embedded developers, on the other hand, have historically worked alone at their desks. There are valid technical reasons for this. \n\nFor example, consider hardware virtualization, which is a key enabler of DevOps automation. The industry has been slower to virtualize the massive range of specialized processors and boards used in embedded systems. This is due in large part to the difficulties of virtualizing production real-time systems and the associated lack of economic incentives. Compare that to cloud virtualization which has been commoditized and benefited enterprise SaaS development for over a decade.\n\nMany providers are now embracing virtualization-first for the sake of speeding up embedded development. If teams fail to adopt virtual testing options, however, their silos will remain and negatively impact the business through: \n\n* **Knowledge fragmentation**: Critical insights remain scattered across individuals and teams  \n* **Redundant development**: Multiple teams solve identical problems, creating inconsistencies  \n* **Late-stage discovery during big-bang integrations**: Problems are found late in the process when multiple developers integrate their code at once, when errors are more costly to fix  \n* **Stifled innovation**: Solutions from one domain rarely influence others, hampering the development of new product ideas\n\n### Solution: Collaborative engineering through a unified platform\n\nAn important step in breaking down these silos is to standardize embedded development around GitLab’s unified DevSecOps platform. In this regard, GitLab is aligned with the shift of embedded systems toward more consolidated, shared platforms on embedded devices. GitLab enables:\n\n* **Shared visibility:** Make all code, Issues, and documentation visible across teams  \n* **Collaborative workflows:** Enable peer review and knowledge sharing through merge requests  \n* **Centralized knowledge:** Maintain a single source of truth for all development artifacts  \n* **Asynchronous collaboration:** Allow teams to work together across different locations and time zones\n\nHuman-AI agent collaboration is a fundamental ingredient to fueling the customer-facing innovations that digital natives and established embedded brands desire. GitLab enables human-AI collaboration as well. By creating transparency across the development lifecycle, GitLab changes embedded development from an isolated activity to a collaborative practice. Engineers can see each other's work in progress, learn from collective experiences, and build upon shared solutions.\n\nWatch this presentation from Embedded World Germany 2025, which explains the power of embedded developers collaborating and sharing “work in progress”. The demo portion from 24:42 to 36:51 shows how to integrate HIL into a GitLab CI pipeline and enable collaborative development.\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/F_rlOyq0hzc?si=eF4alDY6HK98uZPj\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\nPerhaps most importantly, by achieving greater collaboration through DevSecOps, teams can unlock embedded systems innovations that would otherwise remain hidden. Indeed, collaboration fuels innovation. [One study](https://www.sciencedirect.com/science/article/abs/pii/S0749597800928887), for example, found that group brainstorming, when properly structured, can lead to more innovative and creative outcomes than individuals working alone. Collaborative development is crucial in the race to develop software-defined products. \n\n## Challenge 4: Manual functional safety compliance processes\n\nEmbedded systems in the automotive and aerospace industries must comply with rigorous functional safety standards, including ISO 26262, MISRA C/C++, DO-178C, and DO-254. Traditional compliance approaches involve manual reviews, extensive documentation, and separate verification activities that occur late in the development cycle. This often creates security review bottlenecks. When specialized embedded security and code quality scanners detect vulnerabilities in a developer’s code, the scan issue gets added to a pile of other issues that haven’t been resolved. Developers can’t integrate their code, and security personnel need to wade through a backlog of code violations. This creates delays and makes compliance more difficult. \n\nSome of the challenges can best be summed up as: \n\n* **Late-stage compliance issues**: Problems discovered after development is complete  \n* **Documentation burden**: Extensive manual effort to create and maintain compliance evidence  \n* **Process bottlenecks**: Serial compliance activities that block development progress  \n* **Expertise dependence**: Reliance on limited specialists for compliance activities\n\nAs a result, teams often need to choose between velocity and compliance — a precarious trade-off in safety-critical systems.\n\n### Solution: Automated functional safety compliance workflow building blocks\n\nRather than treating security and compliance as post-development verification activities, you can codify compliance requirements and enforce them automatically through [customizable frameworks in GitLab](https://about.gitlab.com/blog/introducing-custom-compliance-frameworks-in-gitlab/). To do this for functional safety standards, in particular, you can integrate GitLab with specialized embedded tools, which provide the depth of firmware scanning required by functional safety standards. Meanwhile, GitLab provides automated compliance checks, full audit trails, and merge request gating — all features needed to support a robust continuous compliance program. \n\nThis integrated approach includes:\n\n* **Compliance-as-code:** Define compliance requirements as automated checks  \n* **Integrated specialized tools:** Connect tools like CodeSonar into the DevSecOps platform for automotive-specific compliance  \n* **Continuous compliance verification:** Verify requirements throughout development  \n* **Automated evidence collection:** Gather compliance artifacts as a by-product of development\n\nWatch this video to learn how to use Custom Compliance Frameworks in GitLab to create your own compliance policies. You can create compliance policies related to any standard (e.g., ISO 26262) and automatically enforce those policies in GitLab.\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/S-FQjzSyVJw?si=0UdtGNuugLPG0SLL\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\nBy shifting compliance left and embedding it within normal development workflows, you can maintain safety standards without sacrificing velocity. Automated checks catch issues early when they're easier and less expensive to fix, while continuous evidence collection reduces the documentation burden.\n\n## Realizing the power of embedded DevOps\n\nEmbedded development is changing fast. Teams that remain stuck in manual processes and isolated workflows will find themselves increasingly left behind, while those that embrace automated, collaborative practices will define the future of software-defined smart systems.\n\nExplore our [Embedded DevOps Workshop](https://gitlab.com/guided-explorations/embedded/workshops/embedded-devops-workshop-refactoring-to-ci) to start automating embedded development workflows with GitLab, or [watch this presentation from GitLab's Field Chief Cloud Architect](https://content.gitlab.com/viewer/0a35252831bd130f879b0725738f70ed) to learn how leading organizations are bringing hardware-in-the-loop testing into continuous integration workflows to accelerate embedded development.\n\n## Learn more\n\n- [Why GitLab Premium with Duo for embedded systems development?](https://content.gitlab.com/viewer/438451cba726dd017da7b95fd0fb1b59)\n- [Why GitLab Ultimate with Duo for embedded systems development?](https://content.gitlab.com/viewer/87f5104c26720e2c0d73a6b377522a44)\n- [More embedded development systems presentations from GitLab](https://content.gitlab.com/viewer/e59c40099d5e3c8f9307afb27c4a923f)\n",{"title":5,"description":19,"ogTitle":5,"ogDescription":19,"noIndex":17,"ogImage":21,"ogUrl":35,"ogSiteName":36,"ogType":37,"canonicalUrls":35},"https://about.gitlab.com/blog/4-ways-to-accelerate-embedded-development-with-gitlab","https://about.gitlab.com","article","en-us/blog/4-ways-to-accelerate-embedded-development-with-gitlab",[40,24,25,41],"devsecops-platform","embedded-devops",[23,24,25,26],"jO8nrYT5iht-ospy3RxukB8bT4HdyIxZTNGuvPAw1To",{"logo":45,"freeTrial":50,"sales":55,"login":60,"items":65,"search":385,"minimal":416,"duo":435,"switchNav":444,"pricingDeployment":455},{"config":46},{"href":47,"dataGaName":48,"dataGaLocation":49},"/","gitlab logo","header",{"text":51,"config":52},"Get free trial",{"href":53,"dataGaName":54,"dataGaLocation":49},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":56,"config":57},"Talk to sales",{"href":58,"dataGaName":59,"dataGaLocation":49},"/sales/","sales",{"text":61,"config":62},"Sign in",{"href":63,"dataGaName":64,"dataGaLocation":49},"https://gitlab.com/users/sign_in/","sign in",[66,95,195,200,304,365],{"text":67,"config":68,"menu":70},"Platform",{"dataNavLevelOne":69},"platform",{"type":71,"columns":72},"cards",[73,79,87],{"title":67,"description":74,"link":75},"The intelligent orchestration platform for DevSecOps",{"text":76,"config":77},"Explore our Platform",{"href":78,"dataGaName":69,"dataGaLocation":49},"/platform/",{"title":80,"description":81,"link":82},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":83,"config":84},"Meet GitLab Duo",{"href":85,"dataGaName":86,"dataGaLocation":49},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":88,"description":89,"link":90},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":91,"config":92},"Learn more",{"href":93,"dataGaName":94,"dataGaLocation":49},"/why-gitlab/","why gitlab",{"text":96,"left":31,"config":97,"menu":99},"Product",{"dataNavLevelOne":98},"solutions",{"type":100,"link":101,"columns":105,"feature":174},"lists",{"text":102,"config":103},"View all Solutions",{"href":104,"dataGaName":98,"dataGaLocation":49},"/solutions/",[106,130,153],{"title":107,"description":108,"link":109,"items":114},"Automation","CI/CD and automation to accelerate deployment",{"config":110},{"icon":111,"href":112,"dataGaName":113,"dataGaLocation":49},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[115,119,122,126],{"text":116,"config":117},"CI/CD",{"href":118,"dataGaLocation":49,"dataGaName":116},"/solutions/continuous-integration/",{"text":80,"config":120},{"href":85,"dataGaLocation":49,"dataGaName":121},"gitlab duo agent platform - product menu",{"text":123,"config":124},"Source Code Management",{"href":125,"dataGaLocation":49,"dataGaName":123},"/solutions/source-code-management/",{"text":127,"config":128},"Automated Software Delivery",{"href":112,"dataGaLocation":49,"dataGaName":129},"Automated software delivery",{"title":131,"description":132,"link":133,"items":138},"Security","Deliver code faster without compromising security",{"config":134},{"href":135,"dataGaName":136,"dataGaLocation":49,"icon":137},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[139,143,148],{"text":140,"config":141},"Application Security Testing",{"href":135,"dataGaName":142,"dataGaLocation":49},"Application security testing",{"text":144,"config":145},"Software Supply Chain Security",{"href":146,"dataGaLocation":49,"dataGaName":147},"/solutions/supply-chain/","Software supply chain security",{"text":149,"config":150},"Software Compliance",{"href":151,"dataGaName":152,"dataGaLocation":49},"/solutions/software-compliance/","software compliance",{"title":154,"link":155,"items":160},"Measurement",{"config":156},{"icon":157,"href":158,"dataGaName":159,"dataGaLocation":49},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[161,165,169],{"text":162,"config":163},"Visibility & Measurement",{"href":158,"dataGaLocation":49,"dataGaName":164},"Visibility and Measurement",{"text":166,"config":167},"Value Stream Management",{"href":168,"dataGaLocation":49,"dataGaName":166},"/solutions/value-stream-management/",{"text":170,"config":171},"Analytics & Insights",{"href":172,"dataGaLocation":49,"dataGaName":173},"/solutions/analytics-and-insights/","Analytics and insights",{"title":175,"type":100,"items":176},"GitLab for",[177,183,189],{"text":178,"config":179},"Enterprise",{"icon":180,"href":181,"dataGaLocation":49,"dataGaName":182},"Building","/enterprise/","enterprise",{"text":184,"config":185},"Small Business",{"icon":186,"href":187,"dataGaLocation":49,"dataGaName":188},"Work","/small-business/","small business",{"text":190,"config":191},"Public Sector",{"icon":192,"href":193,"dataGaLocation":49,"dataGaName":194},"Organization","/solutions/public-sector/","public sector",{"text":196,"config":197},"Pricing",{"href":198,"dataGaName":199,"dataGaLocation":49,"dataNavLevelOne":199},"/pricing/","pricing",{"text":201,"config":202,"menu":204},"Resources",{"dataNavLevelOne":203},"resources",{"type":100,"link":205,"columns":209,"feature":293},{"text":206,"config":207},"View all resources",{"href":208,"dataGaName":203,"dataGaLocation":49},"/resources/",[210,243,265],{"title":211,"items":212},"Getting started",[213,218,223,228,233,238],{"text":214,"config":215},"Install",{"href":216,"dataGaName":217,"dataGaLocation":49},"/install/","install",{"text":219,"config":220},"Quick start guides",{"href":221,"dataGaName":222,"dataGaLocation":49},"/get-started/","quick setup checklists",{"text":224,"config":225},"Learn",{"href":226,"dataGaLocation":49,"dataGaName":227},"https://university.gitlab.com/","learn",{"text":229,"config":230},"Product documentation",{"href":231,"dataGaName":232,"dataGaLocation":49},"https://docs.gitlab.com/","product documentation",{"text":234,"config":235},"Best practice videos",{"href":236,"dataGaName":237,"dataGaLocation":49},"/getting-started-videos/","best practice videos",{"text":239,"config":240},"Integrations",{"href":241,"dataGaName":242,"dataGaLocation":49},"/integrations/","integrations",{"title":244,"items":245},"Discover",[246,251,256,260],{"text":247,"config":248},"Customer success stories",{"href":249,"dataGaName":250,"dataGaLocation":49},"/customers/","customer success stories",{"text":252,"config":253},"Blog",{"href":254,"dataGaName":255,"dataGaLocation":49},"/blog/","blog",{"text":257,"config":258},"The Source",{"href":259,"dataGaName":255,"dataGaLocation":49},"/the-source/",{"text":261,"config":262},"Remote",{"href":263,"dataGaName":264,"dataGaLocation":49},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":266,"items":267},"Connect",[268,273,278,283,288],{"text":269,"config":270},"GitLab Services",{"href":271,"dataGaName":272,"dataGaLocation":49},"/services/","services",{"text":274,"config":275},"Community",{"href":276,"dataGaName":277,"dataGaLocation":49},"/community/","community",{"text":279,"config":280},"Forum",{"href":281,"dataGaName":282,"dataGaLocation":49},"https://forum.gitlab.com/","forum",{"text":284,"config":285},"Events",{"href":286,"dataGaName":287,"dataGaLocation":49},"/events/","events",{"text":289,"config":290},"Partners",{"href":291,"dataGaName":292,"dataGaLocation":49},"/partners/","partners",{"config":294,"title":297,"text":298,"link":299},{"background":295,"textColor":296},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":300,"config":301},"Read the latest",{"href":302,"dataGaName":303,"dataGaLocation":49},"/releases/whats-new/","whats new",{"text":305,"config":306,"menu":308},"Company",{"dataNavLevelOne":307},"company",{"type":100,"columns":309},[310],{"items":311},[312,317,323,325,330,335,340,345,350,355,360],{"text":313,"config":314},"About",{"href":315,"dataGaName":316,"dataGaLocation":49},"/company/","about",{"text":318,"config":319,"footerGa":322},"Jobs",{"href":320,"dataGaName":321,"dataGaLocation":49},"/jobs/","jobs",{"dataGaName":321},{"text":284,"config":324},{"href":286,"dataGaName":287,"dataGaLocation":49},{"text":326,"config":327},"Leadership",{"href":328,"dataGaName":329,"dataGaLocation":49},"/company/team/e-group/","leadership",{"text":331,"config":332},"Team",{"href":333,"dataGaName":334,"dataGaLocation":49},"/company/team/","team",{"text":336,"config":337},"Handbook",{"href":338,"dataGaName":339,"dataGaLocation":49},"https://handbook.gitlab.com/","handbook",{"text":341,"config":342},"Investor relations",{"href":343,"dataGaName":344,"dataGaLocation":49},"https://ir.gitlab.com/","investor relations",{"text":346,"config":347},"Trust Center",{"href":348,"dataGaName":349,"dataGaLocation":49},"/security/","trust center",{"text":351,"config":352},"AI Transparency Center",{"href":353,"dataGaName":354,"dataGaLocation":49},"/ai-transparency-center/","ai transparency center",{"text":356,"config":357},"Newsletter",{"href":358,"dataGaName":359,"dataGaLocation":49},"/company/contact/#contact-forms","newsletter",{"text":361,"config":362},"Press",{"href":363,"dataGaName":364,"dataGaLocation":49},"/press/","press",{"text":366,"config":367,"menu":368},"Contact us",{"dataNavLevelOne":307},{"type":100,"columns":369},[370],{"items":371},[372,375,380],{"text":56,"config":373},{"href":58,"dataGaName":374,"dataGaLocation":49},"talk to sales",{"text":376,"config":377},"Support portal",{"href":378,"dataGaName":379,"dataGaLocation":49},"https://support.gitlab.com","support portal",{"text":381,"config":382},"Customer portal",{"href":383,"dataGaName":384,"dataGaLocation":49},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":386,"login":387,"suggestions":394},"Close",{"text":388,"link":389},"To search repositories and projects, login to",{"text":390,"config":391},"gitlab.com",{"href":63,"dataGaName":392,"dataGaLocation":393},"search login","search",{"text":395,"default":396},"Suggestions",[397,399,403,405,409,413],{"text":80,"config":398},{"href":85,"dataGaName":80,"dataGaLocation":393},{"text":400,"config":401},"Code Suggestions (AI)",{"href":402,"dataGaName":400,"dataGaLocation":393},"/solutions/code-suggestions/",{"text":116,"config":404},{"href":118,"dataGaName":116,"dataGaLocation":393},{"text":406,"config":407},"GitLab on AWS",{"href":408,"dataGaName":406,"dataGaLocation":393},"/partners/technology-partners/aws/",{"text":410,"config":411},"GitLab on Google Cloud",{"href":412,"dataGaName":410,"dataGaLocation":393},"/partners/technology-partners/google-cloud-platform/",{"text":414,"config":415},"Why GitLab?",{"href":93,"dataGaName":414,"dataGaLocation":393},{"freeTrial":417,"mobileIcon":422,"desktopIcon":427,"secondaryButton":430},{"text":418,"config":419},"Start free trial",{"href":420,"dataGaName":54,"dataGaLocation":421},"https://gitlab.com/-/trials/new/","nav",{"altText":423,"config":424},"Gitlab Icon",{"src":425,"dataGaName":426,"dataGaLocation":421},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":423,"config":428},{"src":429,"dataGaName":426,"dataGaLocation":421},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":431,"config":432},"Get Started",{"href":433,"dataGaName":434,"dataGaLocation":421},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":436,"mobileIcon":440,"desktopIcon":442},{"text":437,"config":438},"Learn more about GitLab Duo",{"href":85,"dataGaName":439,"dataGaLocation":421},"gitlab duo",{"altText":423,"config":441},{"src":425,"dataGaName":426,"dataGaLocation":421},{"altText":423,"config":443},{"src":429,"dataGaName":426,"dataGaLocation":421},{"button":445,"mobileIcon":450,"desktopIcon":452},{"text":446,"config":447},"/switch",{"href":448,"dataGaName":449,"dataGaLocation":421},"#contact","switch",{"altText":423,"config":451},{"src":425,"dataGaName":426,"dataGaLocation":421},{"altText":423,"config":453},{"src":454,"dataGaName":426,"dataGaLocation":421},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":456,"mobileIcon":461,"desktopIcon":463},{"text":457,"config":458},"Back to pricing",{"href":198,"dataGaName":459,"dataGaLocation":421,"icon":460},"back to pricing","GoBack",{"altText":423,"config":462},{"src":425,"dataGaName":426,"dataGaLocation":421},{"altText":423,"config":464},{"src":429,"dataGaName":426,"dataGaLocation":421},{"title":466,"button":467,"config":472},"See how agentic AI transforms software delivery",{"text":468,"config":469},"Sign up for GitLab Transcend on June 10",{"href":470,"dataGaName":471,"dataGaLocation":49},"/releases/whats-new/#sign-up","transcend event",{"layout":473,"icon":474,"disabled":17},"release","AiStar",{"data":476},{"text":477,"source":478,"edit":484,"contribute":489,"config":494,"items":499,"minimal":705},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":479,"config":480},"View page source",{"href":481,"dataGaName":482,"dataGaLocation":483},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":485,"config":486},"Edit this page",{"href":487,"dataGaName":488,"dataGaLocation":483},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":490,"config":491},"Please contribute",{"href":492,"dataGaName":493,"dataGaLocation":483},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":495,"facebook":496,"youtube":497,"linkedin":498},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[500,547,600,644,671],{"title":196,"links":501,"subMenu":516},[502,506,511],{"text":503,"config":504},"View plans",{"href":198,"dataGaName":505,"dataGaLocation":483},"view plans",{"text":507,"config":508},"Why Premium?",{"href":509,"dataGaName":510,"dataGaLocation":483},"/pricing/premium/","why premium",{"text":512,"config":513},"Why Ultimate?",{"href":514,"dataGaName":515,"dataGaLocation":483},"/pricing/ultimate/","why ultimate",[517],{"title":518,"links":519},"Contact Us",[520,523,525,527,532,537,542],{"text":521,"config":522},"Contact sales",{"href":58,"dataGaName":59,"dataGaLocation":483},{"text":376,"config":524},{"href":378,"dataGaName":379,"dataGaLocation":483},{"text":381,"config":526},{"href":383,"dataGaName":384,"dataGaLocation":483},{"text":528,"config":529},"Status",{"href":530,"dataGaName":531,"dataGaLocation":483},"https://status.gitlab.com/","status",{"text":533,"config":534},"Terms of use",{"href":535,"dataGaName":536,"dataGaLocation":483},"/terms/","terms of use",{"text":538,"config":539},"Privacy statement",{"href":540,"dataGaName":541,"dataGaLocation":483},"/privacy/","privacy statement",{"text":543,"config":544},"Cookie preferences",{"dataGaName":545,"dataGaLocation":483,"id":546,"isOneTrustButton":31},"cookie preferences","ot-sdk-btn",{"title":96,"links":548,"subMenu":556},[549,552],{"text":23,"config":550},{"href":78,"dataGaName":551,"dataGaLocation":483},"devsecops platform",{"text":553,"config":554},"AI-Assisted Development",{"href":85,"dataGaName":555,"dataGaLocation":483},"ai-assisted development",[557],{"title":558,"links":559},"Topics",[560,565,570,575,580,585,590,595],{"text":561,"config":562},"CICD",{"href":563,"dataGaName":564,"dataGaLocation":483},"/topics/ci-cd/","cicd",{"text":566,"config":567},"GitOps",{"href":568,"dataGaName":569,"dataGaLocation":483},"/topics/gitops/","gitops",{"text":571,"config":572},"DevOps",{"href":573,"dataGaName":574,"dataGaLocation":483},"/topics/devops/","devops",{"text":576,"config":577},"Version Control",{"href":578,"dataGaName":579,"dataGaLocation":483},"/topics/version-control/","version control",{"text":581,"config":582},"DevSecOps",{"href":583,"dataGaName":584,"dataGaLocation":483},"/topics/devsecops/","devsecops",{"text":586,"config":587},"Cloud Native",{"href":588,"dataGaName":589,"dataGaLocation":483},"/topics/cloud-native/","cloud native",{"text":591,"config":592},"AI for Coding",{"href":593,"dataGaName":594,"dataGaLocation":483},"/topics/devops/ai-for-coding/","ai for coding",{"text":596,"config":597},"Agentic AI",{"href":598,"dataGaName":599,"dataGaLocation":483},"/topics/agentic-ai/","agentic ai",{"title":601,"links":602},"Solutions",[603,605,607,612,616,619,623,626,628,631,634,639],{"text":140,"config":604},{"href":135,"dataGaName":140,"dataGaLocation":483},{"text":129,"config":606},{"href":112,"dataGaName":113,"dataGaLocation":483},{"text":608,"config":609},"Agile development",{"href":610,"dataGaName":611,"dataGaLocation":483},"/solutions/agile-delivery/","agile delivery",{"text":613,"config":614},"SCM",{"href":125,"dataGaName":615,"dataGaLocation":483},"source code management",{"text":561,"config":617},{"href":118,"dataGaName":618,"dataGaLocation":483},"continuous integration & delivery",{"text":620,"config":621},"Value stream management",{"href":168,"dataGaName":622,"dataGaLocation":483},"value stream management",{"text":566,"config":624},{"href":625,"dataGaName":569,"dataGaLocation":483},"/solutions/gitops/",{"text":178,"config":627},{"href":181,"dataGaName":182,"dataGaLocation":483},{"text":629,"config":630},"Small business",{"href":187,"dataGaName":188,"dataGaLocation":483},{"text":632,"config":633},"Public sector",{"href":193,"dataGaName":194,"dataGaLocation":483},{"text":635,"config":636},"Education",{"href":637,"dataGaName":638,"dataGaLocation":483},"/solutions/education/","education",{"text":640,"config":641},"Financial services",{"href":642,"dataGaName":643,"dataGaLocation":483},"/solutions/finance/","financial services",{"title":201,"links":645},[646,648,650,652,655,657,659,661,663,665,667,669],{"text":214,"config":647},{"href":216,"dataGaName":217,"dataGaLocation":483},{"text":219,"config":649},{"href":221,"dataGaName":222,"dataGaLocation":483},{"text":224,"config":651},{"href":226,"dataGaName":227,"dataGaLocation":483},{"text":229,"config":653},{"href":231,"dataGaName":654,"dataGaLocation":483},"docs",{"text":252,"config":656},{"href":254,"dataGaName":255,"dataGaLocation":483},{"text":247,"config":658},{"href":249,"dataGaName":250,"dataGaLocation":483},{"text":261,"config":660},{"href":263,"dataGaName":264,"dataGaLocation":483},{"text":269,"config":662},{"href":271,"dataGaName":272,"dataGaLocation":483},{"text":274,"config":664},{"href":276,"dataGaName":277,"dataGaLocation":483},{"text":279,"config":666},{"href":281,"dataGaName":282,"dataGaLocation":483},{"text":284,"config":668},{"href":286,"dataGaName":287,"dataGaLocation":483},{"text":289,"config":670},{"href":291,"dataGaName":292,"dataGaLocation":483},{"title":305,"links":672},[673,675,677,679,681,683,685,689,694,696,698,700],{"text":313,"config":674},{"href":315,"dataGaName":307,"dataGaLocation":483},{"text":318,"config":676},{"href":320,"dataGaName":321,"dataGaLocation":483},{"text":326,"config":678},{"href":328,"dataGaName":329,"dataGaLocation":483},{"text":331,"config":680},{"href":333,"dataGaName":334,"dataGaLocation":483},{"text":336,"config":682},{"href":338,"dataGaName":339,"dataGaLocation":483},{"text":341,"config":684},{"href":343,"dataGaName":344,"dataGaLocation":483},{"text":686,"config":687},"Sustainability",{"href":688,"dataGaName":686,"dataGaLocation":483},"/sustainability/",{"text":690,"config":691},"Diversity, inclusion and belonging (DIB)",{"href":692,"dataGaName":693,"dataGaLocation":483},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":346,"config":695},{"href":348,"dataGaName":349,"dataGaLocation":483},{"text":356,"config":697},{"href":358,"dataGaName":359,"dataGaLocation":483},{"text":361,"config":699},{"href":363,"dataGaName":364,"dataGaLocation":483},{"text":701,"config":702},"Modern Slavery Transparency Statement",{"href":703,"dataGaName":704,"dataGaLocation":483},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":706},[707,710,713],{"text":708,"config":709},"Terms",{"href":535,"dataGaName":536,"dataGaLocation":483},{"text":711,"config":712},"Cookies",{"dataGaName":545,"dataGaLocation":483,"id":546,"isOneTrustButton":31},{"text":714,"config":715},"Privacy",{"href":540,"dataGaName":541,"dataGaLocation":483},[717,732],{"id":718,"title":719,"body":29,"config":720,"content":722,"description":29,"extension":726,"meta":727,"navigation":31,"path":728,"seo":729,"stem":730,"__hash__":731},"blogAuthors/en-us/blog/authors/matt-delaney.yml","Matt Delaney",{"template":721},"BlogAuthor",{"name":10,"config":723},{"headshot":724,"ctfId":725},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659749/Blog/Author%20Headshots/matt_delaney_headshot.png","6apeWdrqrZlMIdaxzV5NvZ","yml",{},"/en-us/blog/authors/matt-delaney",{},"en-us/blog/authors/matt-delaney","b9xB1BL3BNCvt-L4rxruJhCY6gCxTN4uuajDY6T9djU",{"id":733,"title":11,"body":29,"config":734,"content":735,"description":29,"extension":726,"meta":741,"navigation":31,"path":742,"seo":743,"stem":744,"__hash__":745},"blogAuthors/en-us/blog/authors/darwin-sanoy.yml",{"template":721},{"role":736,"name":11,"config":737},"Field Chief Cloud Architect",{"headshot":738,"linkedin":739,"ctfId":740},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659751/Blog/Author%20Headshots/Darwin-Sanoy-headshot-395-square-gitlab-teampage-avatar.png","https://linkedin.com/in/darwinsanoy","DarwinJS",{},"/en-us/blog/authors/darwin-sanoy",{},"en-us/blog/authors/darwin-sanoy","UkMMwmU5o2e6Y-wBltA9E_z96LvHuB-bG6VW9DsLzIY",[747,757,766],{"content":748,"config":755},{"title":749,"description":750,"heroImage":751,"date":752,"tags":753,"category":13},"GitLab Patch Release: 18.11.2, 18.10.5","Learn about this release for GitLab Community Edition and Enterprise Edition.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","2026-04-29",[754],"patch releases",{"featured":17,"template":15,"externalUrl":756},"https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-2-released/",{"content":758,"config":764},{"title":759,"description":760,"heroImage":751,"date":761,"category":13,"tags":762},"GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6","Discover what's in this latest patch release.","2026-04-22",[754,763],"security releases",{"featured":17,"template":15,"externalUrl":765},"https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-1-released/",{"content":767,"config":779},{"title":768,"description":769,"body":770,"category":13,"tags":771,"date":774,"authors":775,"heroImage":778},"GitLab + Amazon: Platform orchestration on a trusted AI foundation","Pair GitLab Duo Agent Platform with Amazon Bedrock for agentic software development and orchestration.","If your team runs GitLab and has a strong AWS practice, a new combination of Duo Agent Platform and Amazon Bedrock is just for you. The model is simple: GitLab acts as your orchestration layer to help accelerate your entire software lifecycle with agentic AI, and Bedrock is designed to provide a secure, compliant foundation model layer with AI inference behind the scenes.\n\nGitLab Duo Agent Platform enables you to handle planning, merge pipelines, security scanning, vulnerability remediation, and more as part of your GitLab workflows, while the GitLab AI Gateway routes model calls to Bedrock (or GitLab-managed Bedrock-backed endpoints, depending on your setup). That means you can build on the identity and access management (IAM) policies, virtual private cloud (VPC) boundaries, regional controls, and cloud spend commitments you already have in AWS.\n\nIf you already use Amazon Bedrock and want AI to help inside the work you already do in GitLab, not in yet another standalone chat tool, this is the pairing for you.\n\n\nIn this article, we look at the real problem many teams face today: AI is fragmented, data paths are fuzzy, and Bedrock investment gets underused when AI sits outside the software development lifecycle. Then we break down your deployment options for GitLab Duo Agent Platform:\n\n* Integrated with self-hosted models on Amazon Bedrock for GitLab Self-Managed deployments and self-hosted AI gateway   \n* Integrated with GitLab-operated models on Amazon Bedrock (with GitLab-owned keys) for GitLab Self-Managed deployments and GitLab-hosted AI gateway  \n* Integrated with GitLab-operated models on Amazon Bedrock (with GitLab-owned keys) for GitLab.com instances and GitLab-hosted AI gateway\n\nWe wrap with a summary on how this approach helps avoid shadow AI and point-tool sprawl without creating a parallel tech stack for AI tooling.\n\n## AI everywhere, control nowhere\n\nSomewhere in your company right now, software teams might be using an AI tool that your security team hasn't approved. Prompt data might be leaving your environment through a path no one has fully mapped. And your organization’s Amazon Bedrock investment might be underused while individual teams expense separate AI tools, pulling workloads and cloud spend away from the platforms you’ve already committed to.\n\nInstead of being a people problem, this might be an architecture problem. And it surfaces the same three constraints in nearly every enterprise:\n\n**Operational fragmentation.** Each team, or sometimes even an individual developer, picks their own development toolset, including AI tooling and model selection. That fragmentation makes end-to-end governance within the software development lifecycle nearly impossible.\n\n**Security and sovereignty.** Where does prompt and code data actually flow? Who owns the logs?\n\n**Cloud spend optimization.** Commitments to key cloud providers like AWS are diluted as workloads and AI usage drift to point tools outside of customers’ existing agreements.\n\nGitLab Duo Agent Platform and Amazon Bedrock help solve this together. The division of labor is straightforward: Duo Agent Platform owns the workflow orchestration with agentic AI for software development, Bedrock owns the inference layer and hosts approved foundational models, and your organization has full control over the data and policy boundaries you already defined in AWS. Three jobs, three owners, no fragmentation.\n\n## GitLab Duo Agent Platform: The agentic control plane\n\nGitLab Duo Agent Platform is GitLab's agentic AI layer: a framework of specialized agents and flows that operate simultaneously and in-parallel, going beyond the traditional stage-based handoffs  and helping automate work across the entire software lifecycle. Rather than a single assistant responding to prompts, Duo Agent Platform enables teams to orchestrate many AI agents asynchronously using unified data and project context, including issues, merge requests, pipelines, and security findings. Linear workflows are turned into coordinated, continuous collaboration between software teams and their AI agents, at scale.\n\nWith that control plane in place, the natural next question is which AI foundation should power these agents. For customers who run GitLab Self-Managed on AWS and need inference traffic, prompt data, and logs to also stay within their AWS environment along with their software lifecycle data, Amazon Bedrock acting as the AI inference layer is the natural fit. \n\n## Amazon Bedrock: The trusted AI foundation\n\nAmazon Bedrock is a fully managed, serverless foundation model layer that runs entirely within your AWS environment. Customer data stays in the customer's AWS account: inputs and outputs are encrypted in transit and at rest, never shared with model providers, and never used to train base models. Bedrock carries compliance certifications across GDPR, HIPAA, and FedRAMP High, covering many regulated industry requirements out of the box. Teams can also bring fine-tuned models from elsewhere via Custom Model Import and deploy them alongside native Bedrock models through the same infrastructure, without managing separate deployment pipelines. Bedrock Guardrails adds configurable safeguards across all models for content filtering, hallucination detection, and sensitive data protection.\n\nTogether, GitLab Duo Agent Platform and Bedrock consolidate DevSecOps orchestration and AI model governance, helping eliminate the fragmentation that happens when teams roll out AI tools independently.\n\n## Choosing your deployment path\n\nThe integration delivers the same core GitLab Duo Agent Platform capabilities regardless of how it is deployed. What varies is who runs GitLab, who operates the AI Gateway, and whose Bedrock account the inference runs through. The right pattern depends on where your organization already operates.\n\nAt a high level, the integration has three main components:\n\n* **GitLab Duo Agent Platform:** agentic workflows embedded across the software development lifecycle  \n* **AI Gateway (GitLab-managed or self-hosted):** the abstraction layer between Duo Agent Platform and the foundational model backend   \n* **Amazon Bedrock:** the AI model and inference substrate\n\n![Deployment of GitLab and AWS Bedrock](https://res.cloudinary.com/about-gitlab-com/image/upload/v1776362365/udmvmv2efpmwtkxgydch.png)\n\nChoosing a deployment pattern is informed by where an organization wants to place the levers of control. The patterns below are designed to meet teams where they already are, whether that's SaaS-first, self-managed for compliance, or all-in on AWS with existing Bedrock investments.\n\n| Deployment Model | GitLab.com instance with GitLab-hosted AI Gateway with GitLab-operated Bedrock models   | GitLab Self-Managed with GitLab-hosted AI Gateway with GitLab-operated Bedrock models | GitLab Self-Managed  with self-hosted AI Gateway and customer-operated Bedrock models |\n| :---- | :---- | :---- | :---- |\n| **Ideal if you:** | Are primarily on GitLab.com and don’t want to self-host AI gateway and Bedrock models  | Need GitLab Self-Managed for compliance and operational reasons but don’t want to manage AI layer | Are AWS-centric with existing Bedrock usage and strict data/control needs  |\n| **Key Benefits** | Fastest, turnkey way to get Duo Agent Platform workflows: GitLab runs GitLab.com, the AI Gateway, integrated with Bedrock AI models. | Keep GitLab deployed in your own environment while consuming Bedrock models via a GitLab-managed AI Gateway, combining deployment control with simplified AI operations. | Run GitLab and AI Gateway in your AWS account, reuse existing IAM/VPC/regions, keep logs and data in your environment, and draw Bedrock usage from your existing AWS spend commitments. |\n\n## How customers use GitLab Duo Agent Platform with Amazon Bedrock\n\nPlatform teams can use GitLab Duo Agent Platform with Amazon Bedrock to standardize which models handle code suggestions, security analysis, and pipeline remediation. This helps enforce guardrails and logging centrally rather than letting individual teams adopt separate tools independently.\n\nSecurity workflows see particular benefit. GitLab Duo Agent Platform agents can propose and validate fixes for security findings within GitLab, helping reduce the manual triage work developers would otherwise handle outside the platform.\n\nFor enterprises already committed to AWS, routing AI workloads through Bedrock from within GitLab enables you to keep developer AI usage aligned with existing cloud agreements rather than generating separate, unplanned spend.\n\n## Closing the loop\n\nThe constraints that slow enterprise AI adoption are often not technical. They are organizational: fragmented tooling, ungoverned data flows, and cloud spend that never consolidates. Those are the problems that can stall AI programs even after the pilots succeed.\n\nGitLab Duo Agent Platform and Amazon Bedrock help address each one directly. Platform teams get consistent governance, auditability, and standardized paths for AI usage across the software development lifecycle. Development teams get streamlined, agentic workflows that feel native to GitLab. And AWS-centric organizations get to extend their existing Bedrock investment rather than build parallel AI infrastructure alongside it.\n\nThe result is an AI program that scales without fragmenting. Governance and velocity on the same stack, serving the same teams, under policies the organization already owns.\n\n\n> To explore which deployment pattern is right for your organization and how to align GitLab Duo Agent Platform and Amazon Bedrock with your existing AWS strategy, [contact the GitLab sales team](https://about.gitlab.com/sales/) and we’ll help you design and implement the best architecture for your environment. You can also [visit our AWS partner page](https://about.gitlab.com/partners/technology-partners/aws/) to learn more.",[292,772,773],"AWS","AI/ML","2026-04-21",[776,777],"Joe Mann","Mark Kriaf","https://res.cloudinary.com/about-gitlab-com/image/upload/v1776362275/ozbwn9tk0dditpnfddlz.png",{"featured":31,"template":15,"slug":780},"gitlab-amazon-platform-orchestration-on-a-trusted-ai-foundation",{"promotions":782},[783,797,808,820],{"id":784,"categories":785,"header":787,"text":788,"button":789,"image":794},"ai-modernization",[786],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":790,"config":791},"Get your AI maturity score",{"href":792,"dataGaName":793,"dataGaLocation":255},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":795},{"src":796},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":798,"categories":799,"header":800,"text":788,"button":801,"image":805},"devops-modernization",[13,584],"Are you just managing tools or shipping innovation?",{"text":802,"config":803},"Get your DevOps maturity score",{"href":804,"dataGaName":793,"dataGaLocation":255},"/assessments/devops-modernization-assessment/",{"config":806},{"src":807},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":809,"categories":810,"header":812,"text":788,"button":813,"image":817},"security-modernization",[811],"security","Are you trading speed for security?",{"text":814,"config":815},"Get your security maturity score",{"href":816,"dataGaName":793,"dataGaLocation":255},"/assessments/security-modernization-assessment/",{"config":818},{"src":819},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":821,"paths":822,"header":825,"text":826,"button":827,"image":832},"github-azure-migration",[823,824],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":828,"config":829},"See how GitLab compares to GitHub",{"href":830,"dataGaName":831,"dataGaLocation":255},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":833},{"src":807},{"header":835,"blurb":836,"button":837,"secondaryButton":842},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":838,"config":839},"Get your free trial",{"href":840,"dataGaName":54,"dataGaLocation":841},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":521,"config":843},{"href":58,"dataGaName":59,"dataGaLocation":841},1777934786119]