[{"data":1,"prerenderedAt":819},["ShallowReactive",2],{"/en-us/blog/taming-tool-sprawl-how-to-boost-university-it-productivity":3,"navigation-en-us":35,"banner-en-us":456,"footer-en-us":466,"blog-post-authors-en-us-Elisabeth Burrows":707,"blog-related-posts-en-us-taming-tool-sprawl-how-to-boost-university-it-productivity":721,"blog-promotions-en-us":756,"next-steps-en-us":809},{"id":4,"title":5,"authorSlugs":6,"authors":8,"body":10,"category":11,"categorySlug":11,"config":12,"content":16,"date":20,"description":17,"extension":23,"externalUrl":24,"featured":13,"heroImage":19,"isFeatured":13,"meta":25,"navigation":13,"path":26,"publishedDate":20,"rawbody":27,"seo":28,"slug":15,"stem":31,"tagSlugs":32,"tags":33,"template":14,"updatedDate":24,"__hash__":34},"blogPosts/en-us/blog/taming-tool-sprawl-how-to-boost-university-it-productivity.yml","Taming tool sprawl: How to boost university IT productivity",[7],"elisabeth-burrows",[9],"Elisabeth Burrows","When Dr. James Quilty began developing engineering project management courses at Victoria University of Wellington's School of Engineering and Computer Science, he didn't find an organized system for delivering course content. Instead, he was faced with chaos.\n\nThe problem was that back in 2015 learning materials were scattered across a dozen different tools, like the Blackboard platform, customized Wiki pages, personal websites, and shared Google Docs. On top of that, students were left to choose their own tools for coursework. All of this led to a constant state of confusion. As if that weren’t enough, few of these disparate systems provided proper version history or reliable issue tracking.\n\nThis all-too-familiar lack of standardization was creating massive headaches for both lecturers and students.\n\n\"Information was fragmented across multiple files, multiple formats — sitting often on file systems, not necessarily under good version control,\" says Quilty, who is now program director for engineering at the New Zealand university.\n\nAfter consolidating on GitLab Self-Managed Ultimate in 2017, [Victoria University](https://about.gitlab.com/customers/victoria-university/) saw 483% growth in student users by 2021. They also added 35 GitLab-enabled courses and now host more than 8,000 projects. The university also deployed GitLab as a unified DevSecOps platform for academic coursework, replacing what had become a fragmented and complicated toolchain. More importantly, they've redirected faculty time from administration to actual education.\n\nThis pattern isn't unique. Across higher education, IT teams struggle with the same tool sprawl — multiple tools and incompatible systems that lead to hours lost to context switching and administering disparate and costly tools. Simplifying how teams build and deliver software is the answer to this widespread problem.\n\nThe teams making real progress are reducing complexity instead of creating it.\n\n### Facing the complexity problem\n\nHigher education IT teams are faced with managing aging infrastructure, legacy systems, and resource constraints that force difficult tradeoffs with every technology decision they have to make.\n\nDevelopment workflows exist in silos since many departments use different version control systems, CI/CD tools, and security scanners. That means teams struggle to collaborate on cross-functional projects because they're working with incompatible toolchains and a lack of shared visibility.\n\nLegacy technology compounds these problems. Many institutions run development environments that are outdated and incompatible with modern DevSecOps practices. But replacing them isn't realistic when budgets are tight and IT staff are already stretched thin.\n\nTo take on these problems, institutions need to modernize, but because of administrative processes, budget constraints, and the reality of managing critical systems, they have to do it in phases, not overnight. For instance, some workloads may move to the cloud while others remain on-premises. [A research department](https://edtechmagazine.com/higher/article/2024/09/how-approach-higher-eds-hybrid-cloud-migration), for instance, might shift large datasets off-site while central IT functions stay in-house.\n\nOrganizations need the flexibility to be able to do that, and that’s what they get with GitLab Ultimate, the enterprise-ready DevSecOps platform that delivers the same capabilities whether you deploy on GitLab.com or self-host on your own infrastructure: on-premises servers, data centers, or cloud providers, including AWS, GCP, Azure, or even multi-cloud. Self-hosted deployments include all features, including air-gapped support for sensitive environments.\n\nThis means, with [GitLab Ultimate](https://about.gitlab.com/pricing/ultimate/), institutions can modernize on their own timeline without abandoning governance requirements or forcing wholesale infrastructure changes.\n\n### Moving from manual compliance to automated enforcement\n\nIT teams also have to work with regulatory mandates and that adds another layer of complexity. Student privacy requirements, research grant stipulations, and institutional security policies all demand audit trails and governance controls. For institutions supporting U.S. Department of Defense research or contractors, [CMMC 2.0 compliance requirements](https://www.meritalk.com/articles/dod-begins-rollout-of-cmmc-on-nov-10-heres-what-you-need-to-know/) add stringent cybersecurity controls based on NIST SP 800-171. Meeting these obligations while modernizing traditionally meant manually documenting everything — a process that didn't scale easily.\n\nIn conversations with team members from educational institutions at events like EDUCAUSE we've learned it's all too common for dedicated compliance staff to spend the majority of their time gathering evidence for audits, instead of actually improving security. Not building better software. Just proving that policies were followed. This administrative burden extends to development teams, as well. According to Forrester Consulting’s study [The Total Economic Impact™ of GitLab Ultimate](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/), which was commissioned by GitLab, software development team members save 90% of the time previously spent on annual auditing and compliance efforts after adopting GitLab's end-to-end platform.\n\nGitLab saves all of that time and effort by enabling automation through [custom compliance frameworks](https://docs.gitlab.com/user/compliance/compliance_frameworks/) that map multiple, overlapping controls from different standards and regulations into a single, unified structure. They then cascade automatically from the instance level to all subgroups and projects, ensuring consistent enforcement without manual configuration.\n\n[Pipeline execution policies](https://docs.gitlab.com/user/application_security/policies/pipeline_execution_policies/) enforce compliance directly in CI/CD pipelines where development work happens. Rather than operating disparate governance, risk, and compliance tools, compliance validation occurs automatically as code moves through the pipeline. To make all of this easier, GitLab’s [Compliance Center](https://docs.gitlab.com/user/compliance/compliance_center/) provides oversight through dashboards that show where projects fail to meet framework requirements — whether due to failed security scans or other control gaps.\n\nComplete [audit trails](https://docs.gitlab.com/user/compliance/audit_events/) also capture every code change with timestamps and attribution. And [policy-as-code](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/policy-as-code/) enforces security rules that can't be bypassed. When an auditor asks who changed what code and when, you have the answer instantly — without weeks spent manually gathering evidence. Every pipeline execution automatically generates compliance documentation, enabling teams to instantly prove adherence to requirements and quickly identify any control gaps.\n\n### AI: Governance over guesswork\n\nThis visibility across the entire security posture matters now more than ever. Artificial intelligence (AI) is changing how software gets built with many teams testing AI code generation tools to enable them to move faster. But higher education institutions are uniquely positioned to lead on a critical question: How do you adopt AI responsibly?\n\n[Cornell University](https://edtechmagazine.com/higher/article/2025/10/ai-playbook-comprehensive-strategy-higher-education-perfcon) and [Cal State Fullerton](https://www.fullerton.edu/it/ai/ethical-principles-ai-framework.html) already are developing ethical frameworks for AI use, asking essential questions about transparency, explainability, and bias. The [University of California San Diego](https://edtechmagazine.com/higher/article/2025/05/effective-ai-requires-effective-data-governance) is adapting its existing data governance framework — originally built for analytics platforms — to secure its on-premises AI assistants, ensuring the same access controls and approval workflows that protect institutional data now extend to AI-driven tools. Educational institutions understand that AI adoption requires more than just enabling new tools — it requires proper oversight and protection.\n\nThe problem isn't AI itself. It's AI without guardrails integrated into development workflows. Most organizations haven't considered what secure AI development looks like — what governance is needed for AI-generated code, how to maintain visibility into what gets committed to repositories, or how to ensure the same rigor applies whether code comes from a human or AI.\n\nThis is exactly where platform-level AI integration becomes essential. [GitLab Duo Agent Platform](https://docs.gitlab.com/user/duo_agent_platform/) goes beyond fragmented AI tools and coding assistants alone to provide an orchestration layer that integrates AI across the entire software development lifecycle.\n\nAI agents handle planning, testing, security remediation, and deployment tasks, while working alongside developers rather than just generating code on command. When security scans identify vulnerabilities, for example, AI agents explain findings, assess risks, and prioritize issues to reduce noise and accelerate mean time to recovery (MTTR). This platform approach ensures AI accelerates development without compromising the security standards and governance controls institutions require.\n\nThe benefits extend beyond technical capabilities. Through GitLab's [AI Transparency Center](https://about.gitlab.com/ai-transparency-center/), institutions get clear documentation of data privacy protections, AI ethics principles, and vendor selection processes. This means schools can adopt AI tools while maintaining the governance standards they're developing institution-wide.\n\nAI will change how we build software. The question is whether institutions can do it with the same responsible approach they're bringing to AI adoption across campus.\n\n## See results in your education environment\n\nThe universities making real progress aren't adding more tools to manage complexity. They're consolidating onto platforms that prevent problems rather than just detecting them, creating visibility and automation across their development workflows.\n\nForrester's [The Total Economic Impact™ of GitLab Ultimate](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/) study found that a composite organization representative of interviewed customers reclaimed up to 305 hours per developer year through automated testing within a single interface, eliminating constant context switching between tools. New hires ramped to full productivity 75% faster — in 1.5 weeks instead of 1.5 months. Teams spend their time building rather than maintaining fragmented toolchains.\n\n**Your institution can achieve similar results.** Learn more about how GitLab Ultimate can help your institution deliver secure software faster while meeting compliance requirements. [Talk to our team](https://about.gitlab.com/sales/) about platform approaches for higher education IT.","product",{"featured":13,"template":14,"slug":15},true,"BlogPost","taming-tool-sprawl-how-to-boost-university-it-productivity",{"title":5,"description":17,"authors":18,"heroImage":19,"date":20,"body":10,"category":11,"tags":21},"Discover how a unified DevSecOps platform drives user growth, automates compliance, and ensures responsible AI adoption in higher education.",[9],"https://res.cloudinary.com/about-gitlab-com/image/upload/v1756989645/fojzxakmfdea6jfqjkrl.png","2025-12-15",[22,11],"education","yml",null,{},"/en-us/blog/taming-tool-sprawl-how-to-boost-university-it-productivity","seo:\n  config:\n    noIndex: false\n  title: 'Taming tool sprawl: How to boost university IT productivity'\n  description: Discover how a unified DevSecOps platform drives user growth,\n    automates compliance, and ensures responsible AI adoption in higher\n    education.\ncontent:\n  title: 'Taming tool sprawl: How to boost university IT productivity'\n  description: Discover how a unified DevSecOps platform drives user growth,\n    automates compliance, and ensures responsible AI adoption in higher\n    education.\n  authors:\n    - Elisabeth Burrows\n  heroImage: https://res.cloudinary.com/about-gitlab-com/image/upload/v1756989645/fojzxakmfdea6jfqjkrl.png\n  date: 2025-12-15\n  body: >-\n    When Dr. James Quilty began developing engineering project management\n    courses at Victoria University of Wellington's School of Engineering and\n    Computer Science, he didn't find an organized system for delivering course\n    content. Instead, he was faced with chaos.\n\n\n    The problem was that back in 2015 learning materials were scattered across a dozen different tools, like the Blackboard platform, customized Wiki pages, personal websites, and shared Google Docs. On top of that, students were left to choose their own tools for coursework. All of this led to a constant state of confusion. As if that weren’t enough, few of these disparate systems provided proper version history or reliable issue tracking.\n\n\n    This all-too-familiar lack of standardization was creating massive headaches for both lecturers and students.\n\n\n    \"Information was fragmented across multiple files, multiple formats — sitting often on file systems, not necessarily under good version control,\" says Quilty, who is now program director for engineering at the New Zealand university.\n\n\n    After consolidating on GitLab Self-Managed Ultimate in 2017, [Victoria University](https://about.gitlab.com/customers/victoria-university/) saw 483% growth in student users by 2021. They also added 35 GitLab-enabled courses and now host more than 8,000 projects. The university also deployed GitLab as a unified DevSecOps platform for academic coursework, replacing what had become a fragmented and complicated toolchain. More importantly, they've redirected faculty time from administration to actual education.\n\n\n    This pattern isn't unique. Across higher education, IT teams struggle with the same tool sprawl — multiple tools and incompatible systems that lead to hours lost to context switching and administering disparate and costly tools. Simplifying how teams build and deliver software is the answer to this widespread problem.\n\n\n    The teams making real progress are reducing complexity instead of creating it.\n\n\n    ### Facing the complexity problem\n\n\n    Higher education IT teams are faced with managing aging infrastructure, legacy systems, and resource constraints that force difficult tradeoffs with every technology decision they have to make.\n\n\n    Development workflows exist in silos since many departments use different version control systems, CI/CD tools, and security scanners. That means teams struggle to collaborate on cross-functional projects because they're working with incompatible toolchains and a lack of shared visibility.\n\n\n    Legacy technology compounds these problems. Many institutions run development environments that are outdated and incompatible with modern DevSecOps practices. But replacing them isn't realistic when budgets are tight and IT staff are already stretched thin.\n\n\n    To take on these problems, institutions need to modernize, but because of administrative processes, budget constraints, and the reality of managing critical systems, they have to do it in phases, not overnight. For instance, some workloads may move to the cloud while others remain on-premises. [A research department](https://edtechmagazine.com/higher/article/2024/09/how-approach-higher-eds-hybrid-cloud-migration), for instance, might shift large datasets off-site while central IT functions stay in-house.\n\n\n    Organizations need the flexibility to be able to do that, and that’s what they get with GitLab Ultimate, the enterprise-ready DevSecOps platform that delivers the same capabilities whether you deploy on GitLab.com or self-host on your own infrastructure: on-premises servers, data centers, or cloud providers, including AWS, GCP, Azure, or even multi-cloud. Self-hosted deployments include all features, including air-gapped support for sensitive environments.\n\n\n    This means, with [GitLab Ultimate](https://about.gitlab.com/pricing/ultimate/), institutions can modernize on their own timeline without abandoning governance requirements or forcing wholesale infrastructure changes.\n\n\n    ### Moving from manual compliance to automated enforcement\n\n\n    IT teams also have to work with regulatory mandates and that adds another layer of complexity. Student privacy requirements, research grant stipulations, and institutional security policies all demand audit trails and governance controls. For institutions supporting U.S. Department of Defense research or contractors, [CMMC 2.0 compliance requirements](https://www.meritalk.com/articles/dod-begins-rollout-of-cmmc-on-nov-10-heres-what-you-need-to-know/) add stringent cybersecurity controls based on NIST SP 800-171. Meeting these obligations while modernizing traditionally meant manually documenting everything — a process that didn't scale easily.\n\n\n    In conversations with team members from educational institutions at events like EDUCAUSE we've learned it's all too common for dedicated compliance staff to spend the majority of their time gathering evidence for audits, instead of actually improving security. Not building better software. Just proving that policies were followed. This administrative burden extends to development teams, as well. According to Forrester Consulting’s study [The Total Economic Impact™ of GitLab Ultimate](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/), which was commissioned by GitLab, software development team members save 90% of the time previously spent on annual auditing and compliance efforts after adopting GitLab's end-to-end platform.\n\n\n    GitLab saves all of that time and effort by enabling automation through [custom compliance frameworks](https://docs.gitlab.com/user/compliance/compliance_frameworks/) that map multiple, overlapping controls from different standards and regulations into a single, unified structure. They then cascade automatically from the instance level to all subgroups and projects, ensuring consistent enforcement without manual configuration.\n\n\n    [Pipeline execution policies](https://docs.gitlab.com/user/application_security/policies/pipeline_execution_policies/) enforce compliance directly in CI/CD pipelines where development work happens. Rather than operating disparate governance, risk, and compliance tools, compliance validation occurs automatically as code moves through the pipeline. To make all of this easier, GitLab’s [Compliance Center](https://docs.gitlab.com/user/compliance/compliance_center/) provides oversight through dashboards that show where projects fail to meet framework requirements — whether due to failed security scans or other control gaps.\n\n\n    Complete [audit trails](https://docs.gitlab.com/user/compliance/audit_events/) also capture every code change with timestamps and attribution. And [policy-as-code](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/policy-as-code/) enforces security rules that can't be bypassed. When an auditor asks who changed what code and when, you have the answer instantly — without weeks spent manually gathering evidence. Every pipeline execution automatically generates compliance documentation, enabling teams to instantly prove adherence to requirements and quickly identify any control gaps.\n\n\n    ### AI: Governance over guesswork\n\n\n    This visibility across the entire security posture matters now more than ever. Artificial intelligence (AI) is changing how software gets built with many teams testing AI code generation tools to enable them to move faster. But higher education institutions are uniquely positioned to lead on a critical question: How do you adopt AI responsibly?\n\n\n    [Cornell University](https://edtechmagazine.com/higher/article/2025/10/ai-playbook-comprehensive-strategy-higher-education-perfcon) and [Cal State Fullerton](https://www.fullerton.edu/it/ai/ethical-principles-ai-framework.html) already are developing ethical frameworks for AI use, asking essential questions about transparency, explainability, and bias. The [University of California San Diego](https://edtechmagazine.com/higher/article/2025/05/effective-ai-requires-effective-data-governance) is adapting its existing data governance framework — originally built for analytics platforms — to secure its on-premises AI assistants, ensuring the same access controls and approval workflows that protect institutional data now extend to AI-driven tools. Educational institutions understand that AI adoption requires more than just enabling new tools — it requires proper oversight and protection.\n\n\n    The problem isn't AI itself. It's AI without guardrails integrated into development workflows. Most organizations haven't considered what secure AI development looks like — what governance is needed for AI-generated code, how to maintain visibility into what gets committed to repositories, or how to ensure the same rigor applies whether code comes from a human or AI.\n\n\n    This is exactly where platform-level AI integration becomes essential. [GitLab Duo Agent Platform](https://docs.gitlab.com/user/duo_agent_platform/) goes beyond fragmented AI tools and coding assistants alone to provide an orchestration layer that integrates AI across the entire software development lifecycle.\n\n\n    AI agents handle planning, testing, security remediation, and deployment tasks, while working alongside developers rather than just generating code on command. When security scans identify vulnerabilities, for example, AI agents explain findings, assess risks, and prioritize issues to reduce noise and accelerate mean time to recovery (MTTR). This platform approach ensures AI accelerates development without compromising the security standards and governance controls institutions require.\n\n\n    The benefits extend beyond technical capabilities. Through GitLab's [AI Transparency Center](https://about.gitlab.com/ai-transparency-center/), institutions get clear documentation of data privacy protections, AI ethics principles, and vendor selection processes. This means schools can adopt AI tools while maintaining the governance standards they're developing institution-wide.\n\n\n    AI will change how we build software. The question is whether institutions can do it with the same responsible approach they're bringing to AI adoption across campus.\n\n\n    ## See results in your education environment\n\n\n    The universities making real progress aren't adding more tools to manage complexity. They're consolidating onto platforms that prevent problems rather than just detecting them, creating visibility and automation across their development workflows.\n\n\n    Forrester's [The Total Economic Impact™ of GitLab Ultimate](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/) study found that a composite organization representative of interviewed customers reclaimed up to 305 hours per developer year through automated testing within a single interface, eliminating constant context switching between tools. New hires ramped to full productivity 75% faster — in 1.5 weeks instead of 1.5 months. Teams spend their time building rather than maintaining fragmented toolchains.\n\n\n    **Your institution can achieve similar results.** Learn more about how GitLab Ultimate can help your institution deliver secure software faster while meeting compliance requirements. [Talk to our team](https://about.gitlab.com/sales/) about platform approaches for higher education IT.\n  category: product\n  tags:\n    - education\n    - product\nconfig:\n  featured: true\n  template: BlogPost\n  slug: taming-tool-sprawl-how-to-boost-university-it-productivity\n",{"config":29,"title":5,"description":17},{"noIndex":30},false,"en-us/blog/taming-tool-sprawl-how-to-boost-university-it-productivity",[22,11],[22,11],"mjazHnSITqiKC2iMHS8MZvxJlxRuX67om52uYYpBsBM",{"logo":36,"freeTrial":41,"sales":46,"login":51,"items":56,"search":376,"minimal":407,"duo":426,"switchNav":435,"pricingDeployment":446},{"config":37},{"href":38,"dataGaName":39,"dataGaLocation":40},"/","gitlab logo","header",{"text":42,"config":43},"Get free trial",{"href":44,"dataGaName":45,"dataGaLocation":40},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":47,"config":48},"Talk to sales",{"href":49,"dataGaName":50,"dataGaLocation":40},"/sales/","sales",{"text":52,"config":53},"Sign in",{"href":54,"dataGaName":55,"dataGaLocation":40},"https://gitlab.com/users/sign_in/","sign in",[57,86,186,191,295,356],{"text":58,"config":59,"menu":61},"Platform",{"dataNavLevelOne":60},"platform",{"type":62,"columns":63},"cards",[64,70,78],{"title":58,"description":65,"link":66},"The intelligent orchestration platform for DevSecOps",{"text":67,"config":68},"Explore our Platform",{"href":69,"dataGaName":60,"dataGaLocation":40},"/platform/",{"title":71,"description":72,"link":73},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":74,"config":75},"Meet GitLab Duo",{"href":76,"dataGaName":77,"dataGaLocation":40},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":79,"description":80,"link":81},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":82,"config":83},"Learn more",{"href":84,"dataGaName":85,"dataGaLocation":40},"/why-gitlab/","why gitlab",{"text":87,"left":13,"config":88,"menu":90},"Product",{"dataNavLevelOne":89},"solutions",{"type":91,"link":92,"columns":96,"feature":165},"lists",{"text":93,"config":94},"View all Solutions",{"href":95,"dataGaName":89,"dataGaLocation":40},"/solutions/",[97,121,144],{"title":98,"description":99,"link":100,"items":105},"Automation","CI/CD and automation to accelerate deployment",{"config":101},{"icon":102,"href":103,"dataGaName":104,"dataGaLocation":40},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[106,110,113,117],{"text":107,"config":108},"CI/CD",{"href":109,"dataGaLocation":40,"dataGaName":107},"/solutions/continuous-integration/",{"text":71,"config":111},{"href":76,"dataGaLocation":40,"dataGaName":112},"gitlab duo agent platform - product menu",{"text":114,"config":115},"Source Code Management",{"href":116,"dataGaLocation":40,"dataGaName":114},"/solutions/source-code-management/",{"text":118,"config":119},"Automated Software Delivery",{"href":103,"dataGaLocation":40,"dataGaName":120},"Automated software delivery",{"title":122,"description":123,"link":124,"items":129},"Security","Deliver code faster without compromising security",{"config":125},{"href":126,"dataGaName":127,"dataGaLocation":40,"icon":128},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[130,134,139],{"text":131,"config":132},"Application Security Testing",{"href":126,"dataGaName":133,"dataGaLocation":40},"Application security testing",{"text":135,"config":136},"Software Supply Chain Security",{"href":137,"dataGaLocation":40,"dataGaName":138},"/solutions/supply-chain/","Software supply chain security",{"text":140,"config":141},"Software Compliance",{"href":142,"dataGaName":143,"dataGaLocation":40},"/solutions/software-compliance/","software compliance",{"title":145,"link":146,"items":151},"Measurement",{"config":147},{"icon":148,"href":149,"dataGaName":150,"dataGaLocation":40},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[152,156,160],{"text":153,"config":154},"Visibility & Measurement",{"href":149,"dataGaLocation":40,"dataGaName":155},"Visibility and Measurement",{"text":157,"config":158},"Value Stream Management",{"href":159,"dataGaLocation":40,"dataGaName":157},"/solutions/value-stream-management/",{"text":161,"config":162},"Analytics & Insights",{"href":163,"dataGaLocation":40,"dataGaName":164},"/solutions/analytics-and-insights/","Analytics and insights",{"title":166,"type":91,"items":167},"GitLab for",[168,174,180],{"text":169,"config":170},"Enterprise",{"icon":171,"href":172,"dataGaLocation":40,"dataGaName":173},"Building","/enterprise/","enterprise",{"text":175,"config":176},"Small Business",{"icon":177,"href":178,"dataGaLocation":40,"dataGaName":179},"Work","/small-business/","small business",{"text":181,"config":182},"Public Sector",{"icon":183,"href":184,"dataGaLocation":40,"dataGaName":185},"Organization","/solutions/public-sector/","public sector",{"text":187,"config":188},"Pricing",{"href":189,"dataGaName":190,"dataGaLocation":40,"dataNavLevelOne":190},"/pricing/","pricing",{"text":192,"config":193,"menu":195},"Resources",{"dataNavLevelOne":194},"resources",{"type":91,"link":196,"columns":200,"feature":284},{"text":197,"config":198},"View all resources",{"href":199,"dataGaName":194,"dataGaLocation":40},"/resources/",[201,234,256],{"title":202,"items":203},"Getting started",[204,209,214,219,224,229],{"text":205,"config":206},"Install",{"href":207,"dataGaName":208,"dataGaLocation":40},"/install/","install",{"text":210,"config":211},"Quick start guides",{"href":212,"dataGaName":213,"dataGaLocation":40},"/get-started/","quick setup checklists",{"text":215,"config":216},"Learn",{"href":217,"dataGaLocation":40,"dataGaName":218},"https://university.gitlab.com/","learn",{"text":220,"config":221},"Product documentation",{"href":222,"dataGaName":223,"dataGaLocation":40},"https://docs.gitlab.com/","product documentation",{"text":225,"config":226},"Best practice videos",{"href":227,"dataGaName":228,"dataGaLocation":40},"/getting-started-videos/","best practice videos",{"text":230,"config":231},"Integrations",{"href":232,"dataGaName":233,"dataGaLocation":40},"/integrations/","integrations",{"title":235,"items":236},"Discover",[237,242,247,251],{"text":238,"config":239},"Customer success stories",{"href":240,"dataGaName":241,"dataGaLocation":40},"/customers/","customer success stories",{"text":243,"config":244},"Blog",{"href":245,"dataGaName":246,"dataGaLocation":40},"/blog/","blog",{"text":248,"config":249},"The Source",{"href":250,"dataGaName":246,"dataGaLocation":40},"/the-source/",{"text":252,"config":253},"Remote",{"href":254,"dataGaName":255,"dataGaLocation":40},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":257,"items":258},"Connect",[259,264,269,274,279],{"text":260,"config":261},"GitLab Services",{"href":262,"dataGaName":263,"dataGaLocation":40},"/services/","services",{"text":265,"config":266},"Community",{"href":267,"dataGaName":268,"dataGaLocation":40},"/community/","community",{"text":270,"config":271},"Forum",{"href":272,"dataGaName":273,"dataGaLocation":40},"https://forum.gitlab.com/","forum",{"text":275,"config":276},"Events",{"href":277,"dataGaName":278,"dataGaLocation":40},"/events/","events",{"text":280,"config":281},"Partners",{"href":282,"dataGaName":283,"dataGaLocation":40},"/partners/","partners",{"config":285,"title":288,"text":289,"link":290},{"background":286,"textColor":287},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":291,"config":292},"Read the latest",{"href":293,"dataGaName":294,"dataGaLocation":40},"/releases/whats-new/","whats new",{"text":296,"config":297,"menu":299},"Company",{"dataNavLevelOne":298},"company",{"type":91,"columns":300},[301],{"items":302},[303,308,314,316,321,326,331,336,341,346,351],{"text":304,"config":305},"About",{"href":306,"dataGaName":307,"dataGaLocation":40},"/company/","about",{"text":309,"config":310,"footerGa":313},"Jobs",{"href":311,"dataGaName":312,"dataGaLocation":40},"/jobs/","jobs",{"dataGaName":312},{"text":275,"config":315},{"href":277,"dataGaName":278,"dataGaLocation":40},{"text":317,"config":318},"Leadership",{"href":319,"dataGaName":320,"dataGaLocation":40},"/company/team/e-group/","leadership",{"text":322,"config":323},"Team",{"href":324,"dataGaName":325,"dataGaLocation":40},"/company/team/","team",{"text":327,"config":328},"Handbook",{"href":329,"dataGaName":330,"dataGaLocation":40},"https://handbook.gitlab.com/","handbook",{"text":332,"config":333},"Investor relations",{"href":334,"dataGaName":335,"dataGaLocation":40},"https://ir.gitlab.com/","investor relations",{"text":337,"config":338},"Trust Center",{"href":339,"dataGaName":340,"dataGaLocation":40},"/security/","trust center",{"text":342,"config":343},"AI Transparency Center",{"href":344,"dataGaName":345,"dataGaLocation":40},"/ai-transparency-center/","ai transparency center",{"text":347,"config":348},"Newsletter",{"href":349,"dataGaName":350,"dataGaLocation":40},"/company/contact/#contact-forms","newsletter",{"text":352,"config":353},"Press",{"href":354,"dataGaName":355,"dataGaLocation":40},"/press/","press",{"text":357,"config":358,"menu":359},"Contact us",{"dataNavLevelOne":298},{"type":91,"columns":360},[361],{"items":362},[363,366,371],{"text":47,"config":364},{"href":49,"dataGaName":365,"dataGaLocation":40},"talk to sales",{"text":367,"config":368},"Support portal",{"href":369,"dataGaName":370,"dataGaLocation":40},"https://support.gitlab.com","support portal",{"text":372,"config":373},"Customer portal",{"href":374,"dataGaName":375,"dataGaLocation":40},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":377,"login":378,"suggestions":385},"Close",{"text":379,"link":380},"To search repositories and projects, login to",{"text":381,"config":382},"gitlab.com",{"href":54,"dataGaName":383,"dataGaLocation":384},"search login","search",{"text":386,"default":387},"Suggestions",[388,390,394,396,400,404],{"text":71,"config":389},{"href":76,"dataGaName":71,"dataGaLocation":384},{"text":391,"config":392},"Code Suggestions (AI)",{"href":393,"dataGaName":391,"dataGaLocation":384},"/solutions/code-suggestions/",{"text":107,"config":395},{"href":109,"dataGaName":107,"dataGaLocation":384},{"text":397,"config":398},"GitLab on AWS",{"href":399,"dataGaName":397,"dataGaLocation":384},"/partners/technology-partners/aws/",{"text":401,"config":402},"GitLab on Google Cloud",{"href":403,"dataGaName":401,"dataGaLocation":384},"/partners/technology-partners/google-cloud-platform/",{"text":405,"config":406},"Why GitLab?",{"href":84,"dataGaName":405,"dataGaLocation":384},{"freeTrial":408,"mobileIcon":413,"desktopIcon":418,"secondaryButton":421},{"text":409,"config":410},"Start free trial",{"href":411,"dataGaName":45,"dataGaLocation":412},"https://gitlab.com/-/trials/new/","nav",{"altText":414,"config":415},"Gitlab Icon",{"src":416,"dataGaName":417,"dataGaLocation":412},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":414,"config":419},{"src":420,"dataGaName":417,"dataGaLocation":412},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":422,"config":423},"Get Started",{"href":424,"dataGaName":425,"dataGaLocation":412},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":427,"mobileIcon":431,"desktopIcon":433},{"text":428,"config":429},"Learn more about GitLab Duo",{"href":76,"dataGaName":430,"dataGaLocation":412},"gitlab duo",{"altText":414,"config":432},{"src":416,"dataGaName":417,"dataGaLocation":412},{"altText":414,"config":434},{"src":420,"dataGaName":417,"dataGaLocation":412},{"button":436,"mobileIcon":441,"desktopIcon":443},{"text":437,"config":438},"/switch",{"href":439,"dataGaName":440,"dataGaLocation":412},"#contact","switch",{"altText":414,"config":442},{"src":416,"dataGaName":417,"dataGaLocation":412},{"altText":414,"config":444},{"src":445,"dataGaName":417,"dataGaLocation":412},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":447,"mobileIcon":452,"desktopIcon":454},{"text":448,"config":449},"Back to pricing",{"href":189,"dataGaName":450,"dataGaLocation":412,"icon":451},"back to pricing","GoBack",{"altText":414,"config":453},{"src":416,"dataGaName":417,"dataGaLocation":412},{"altText":414,"config":455},{"src":420,"dataGaName":417,"dataGaLocation":412},{"title":457,"button":458,"config":463},"See how agentic AI transforms software delivery",{"text":459,"config":460},"Sign up for GitLab Transcend on June 10",{"href":461,"dataGaName":462,"dataGaLocation":40},"/releases/whats-new/#sign-up","transcend event",{"layout":464,"icon":465,"disabled":30},"release","AiStar",{"data":467},{"text":468,"source":469,"edit":475,"contribute":480,"config":485,"items":490,"minimal":696},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":470,"config":471},"View page source",{"href":472,"dataGaName":473,"dataGaLocation":474},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":476,"config":477},"Edit this page",{"href":478,"dataGaName":479,"dataGaLocation":474},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":481,"config":482},"Please contribute",{"href":483,"dataGaName":484,"dataGaLocation":474},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":486,"facebook":487,"youtube":488,"linkedin":489},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[491,538,592,635,662],{"title":187,"links":492,"subMenu":507},[493,497,502],{"text":494,"config":495},"View plans",{"href":189,"dataGaName":496,"dataGaLocation":474},"view plans",{"text":498,"config":499},"Why Premium?",{"href":500,"dataGaName":501,"dataGaLocation":474},"/pricing/premium/","why premium",{"text":503,"config":504},"Why Ultimate?",{"href":505,"dataGaName":506,"dataGaLocation":474},"/pricing/ultimate/","why ultimate",[508],{"title":509,"links":510},"Contact Us",[511,514,516,518,523,528,533],{"text":512,"config":513},"Contact sales",{"href":49,"dataGaName":50,"dataGaLocation":474},{"text":367,"config":515},{"href":369,"dataGaName":370,"dataGaLocation":474},{"text":372,"config":517},{"href":374,"dataGaName":375,"dataGaLocation":474},{"text":519,"config":520},"Status",{"href":521,"dataGaName":522,"dataGaLocation":474},"https://status.gitlab.com/","status",{"text":524,"config":525},"Terms of use",{"href":526,"dataGaName":527,"dataGaLocation":474},"/terms/","terms of use",{"text":529,"config":530},"Privacy statement",{"href":531,"dataGaName":532,"dataGaLocation":474},"/privacy/","privacy statement",{"text":534,"config":535},"Cookie preferences",{"dataGaName":536,"dataGaLocation":474,"id":537,"isOneTrustButton":13},"cookie preferences","ot-sdk-btn",{"title":87,"links":539,"subMenu":548},[540,544],{"text":541,"config":542},"DevSecOps platform",{"href":69,"dataGaName":543,"dataGaLocation":474},"devsecops platform",{"text":545,"config":546},"AI-Assisted Development",{"href":76,"dataGaName":547,"dataGaLocation":474},"ai-assisted development",[549],{"title":550,"links":551},"Topics",[552,557,562,567,572,577,582,587],{"text":553,"config":554},"CICD",{"href":555,"dataGaName":556,"dataGaLocation":474},"/topics/ci-cd/","cicd",{"text":558,"config":559},"GitOps",{"href":560,"dataGaName":561,"dataGaLocation":474},"/topics/gitops/","gitops",{"text":563,"config":564},"DevOps",{"href":565,"dataGaName":566,"dataGaLocation":474},"/topics/devops/","devops",{"text":568,"config":569},"Version Control",{"href":570,"dataGaName":571,"dataGaLocation":474},"/topics/version-control/","version control",{"text":573,"config":574},"DevSecOps",{"href":575,"dataGaName":576,"dataGaLocation":474},"/topics/devsecops/","devsecops",{"text":578,"config":579},"Cloud Native",{"href":580,"dataGaName":581,"dataGaLocation":474},"/topics/cloud-native/","cloud native",{"text":583,"config":584},"AI for Coding",{"href":585,"dataGaName":586,"dataGaLocation":474},"/topics/devops/ai-for-coding/","ai for coding",{"text":588,"config":589},"Agentic AI",{"href":590,"dataGaName":591,"dataGaLocation":474},"/topics/agentic-ai/","agentic ai",{"title":593,"links":594},"Solutions",[595,597,599,604,608,611,615,618,620,623,626,630],{"text":131,"config":596},{"href":126,"dataGaName":131,"dataGaLocation":474},{"text":120,"config":598},{"href":103,"dataGaName":104,"dataGaLocation":474},{"text":600,"config":601},"Agile development",{"href":602,"dataGaName":603,"dataGaLocation":474},"/solutions/agile-delivery/","agile delivery",{"text":605,"config":606},"SCM",{"href":116,"dataGaName":607,"dataGaLocation":474},"source code management",{"text":553,"config":609},{"href":109,"dataGaName":610,"dataGaLocation":474},"continuous integration & delivery",{"text":612,"config":613},"Value stream management",{"href":159,"dataGaName":614,"dataGaLocation":474},"value stream management",{"text":558,"config":616},{"href":617,"dataGaName":561,"dataGaLocation":474},"/solutions/gitops/",{"text":169,"config":619},{"href":172,"dataGaName":173,"dataGaLocation":474},{"text":621,"config":622},"Small business",{"href":178,"dataGaName":179,"dataGaLocation":474},{"text":624,"config":625},"Public sector",{"href":184,"dataGaName":185,"dataGaLocation":474},{"text":627,"config":628},"Education",{"href":629,"dataGaName":22,"dataGaLocation":474},"/solutions/education/",{"text":631,"config":632},"Financial services",{"href":633,"dataGaName":634,"dataGaLocation":474},"/solutions/finance/","financial services",{"title":192,"links":636},[637,639,641,643,646,648,650,652,654,656,658,660],{"text":205,"config":638},{"href":207,"dataGaName":208,"dataGaLocation":474},{"text":210,"config":640},{"href":212,"dataGaName":213,"dataGaLocation":474},{"text":215,"config":642},{"href":217,"dataGaName":218,"dataGaLocation":474},{"text":220,"config":644},{"href":222,"dataGaName":645,"dataGaLocation":474},"docs",{"text":243,"config":647},{"href":245,"dataGaName":246,"dataGaLocation":474},{"text":238,"config":649},{"href":240,"dataGaName":241,"dataGaLocation":474},{"text":252,"config":651},{"href":254,"dataGaName":255,"dataGaLocation":474},{"text":260,"config":653},{"href":262,"dataGaName":263,"dataGaLocation":474},{"text":265,"config":655},{"href":267,"dataGaName":268,"dataGaLocation":474},{"text":270,"config":657},{"href":272,"dataGaName":273,"dataGaLocation":474},{"text":275,"config":659},{"href":277,"dataGaName":278,"dataGaLocation":474},{"text":280,"config":661},{"href":282,"dataGaName":283,"dataGaLocation":474},{"title":296,"links":663},[664,666,668,670,672,674,676,680,685,687,689,691],{"text":304,"config":665},{"href":306,"dataGaName":298,"dataGaLocation":474},{"text":309,"config":667},{"href":311,"dataGaName":312,"dataGaLocation":474},{"text":317,"config":669},{"href":319,"dataGaName":320,"dataGaLocation":474},{"text":322,"config":671},{"href":324,"dataGaName":325,"dataGaLocation":474},{"text":327,"config":673},{"href":329,"dataGaName":330,"dataGaLocation":474},{"text":332,"config":675},{"href":334,"dataGaName":335,"dataGaLocation":474},{"text":677,"config":678},"Sustainability",{"href":679,"dataGaName":677,"dataGaLocation":474},"/sustainability/",{"text":681,"config":682},"Diversity, inclusion and belonging (DIB)",{"href":683,"dataGaName":684,"dataGaLocation":474},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":337,"config":686},{"href":339,"dataGaName":340,"dataGaLocation":474},{"text":347,"config":688},{"href":349,"dataGaName":350,"dataGaLocation":474},{"text":352,"config":690},{"href":354,"dataGaName":355,"dataGaLocation":474},{"text":692,"config":693},"Modern Slavery Transparency Statement",{"href":694,"dataGaName":695,"dataGaLocation":474},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":697},[698,701,704],{"text":699,"config":700},"Terms",{"href":526,"dataGaName":527,"dataGaLocation":474},{"text":702,"config":703},"Cookies",{"dataGaName":536,"dataGaLocation":474,"id":537,"isOneTrustButton":13},{"text":705,"config":706},"Privacy",{"href":531,"dataGaName":532,"dataGaLocation":474},[708],{"id":709,"title":9,"body":24,"config":710,"content":712,"description":24,"extension":23,"meta":716,"navigation":13,"path":717,"seo":718,"stem":719,"__hash__":720},"blogAuthors/en-us/blog/authors/elisabeth-burrows.yml",{"template":711},"BlogAuthor",{"name":9,"config":713},{"headshot":714,"ctfId":715},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659535/Blog/Author%20Headshots/liz_burrows_headshot.png","6Nj2Lio5W7HdeNYoysVgCf",{},"/en-us/blog/authors/elisabeth-burrows",{},"en-us/blog/authors/elisabeth-burrows","Aa3Md9daKifGCswl2xZz_ybV8wPpCajPpr3-IX9wRRg",[722,732,741],{"content":723,"config":730},{"title":724,"description":725,"heroImage":726,"date":727,"tags":728,"category":11},"GitLab Patch Release: 18.11.2, 18.10.5","Learn about this release for GitLab Community Edition and Enterprise Edition.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","2026-04-29",[729],"patch releases",{"featured":30,"template":14,"externalUrl":731},"https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-2-released/",{"content":733,"config":739},{"title":734,"description":735,"heroImage":726,"date":736,"category":11,"tags":737},"GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6","Discover what's in this latest patch release.","2026-04-22",[729,738],"security releases",{"featured":30,"template":14,"externalUrl":740},"https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-1-released/",{"content":742,"config":754},{"title":743,"description":744,"body":745,"category":11,"tags":746,"date":749,"authors":750,"heroImage":753},"GitLab + Amazon: Platform orchestration on a trusted AI foundation","Pair GitLab Duo Agent Platform with Amazon Bedrock for agentic software development and orchestration.","If your team runs GitLab and has a strong AWS practice, a new combination of Duo Agent Platform and Amazon Bedrock is just for you. The model is simple: GitLab acts as your orchestration layer to help accelerate your entire software lifecycle with agentic AI, and Bedrock is designed to provide a secure, compliant foundation model layer with AI inference behind the scenes.\n\nGitLab Duo Agent Platform enables you to handle planning, merge pipelines, security scanning, vulnerability remediation, and more as part of your GitLab workflows, while the GitLab AI Gateway routes model calls to Bedrock (or GitLab-managed Bedrock-backed endpoints, depending on your setup). That means you can build on the identity and access management (IAM) policies, virtual private cloud (VPC) boundaries, regional controls, and cloud spend commitments you already have in AWS.\n\nIf you already use Amazon Bedrock and want AI to help inside the work you already do in GitLab, not in yet another standalone chat tool, this is the pairing for you.\n\n\nIn this article, we look at the real problem many teams face today: AI is fragmented, data paths are fuzzy, and Bedrock investment gets underused when AI sits outside the software development lifecycle. Then we break down your deployment options for GitLab Duo Agent Platform:\n\n* Integrated with self-hosted models on Amazon Bedrock for GitLab Self-Managed deployments and self-hosted AI gateway   \n* Integrated with GitLab-operated models on Amazon Bedrock (with GitLab-owned keys) for GitLab Self-Managed deployments and GitLab-hosted AI gateway  \n* Integrated with GitLab-operated models on Amazon Bedrock (with GitLab-owned keys) for GitLab.com instances and GitLab-hosted AI gateway\n\nWe wrap with a summary on how this approach helps avoid shadow AI and point-tool sprawl without creating a parallel tech stack for AI tooling.\n\n## AI everywhere, control nowhere\n\nSomewhere in your company right now, software teams might be using an AI tool that your security team hasn't approved. Prompt data might be leaving your environment through a path no one has fully mapped. And your organization’s Amazon Bedrock investment might be underused while individual teams expense separate AI tools, pulling workloads and cloud spend away from the platforms you’ve already committed to.\n\nInstead of being a people problem, this might be an architecture problem. And it surfaces the same three constraints in nearly every enterprise:\n\n**Operational fragmentation.** Each team, or sometimes even an individual developer, picks their own development toolset, including AI tooling and model selection. That fragmentation makes end-to-end governance within the software development lifecycle nearly impossible.\n\n**Security and sovereignty.** Where does prompt and code data actually flow? Who owns the logs?\n\n**Cloud spend optimization.** Commitments to key cloud providers like AWS are diluted as workloads and AI usage drift to point tools outside of customers’ existing agreements.\n\nGitLab Duo Agent Platform and Amazon Bedrock help solve this together. The division of labor is straightforward: Duo Agent Platform owns the workflow orchestration with agentic AI for software development, Bedrock owns the inference layer and hosts approved foundational models, and your organization has full control over the data and policy boundaries you already defined in AWS. Three jobs, three owners, no fragmentation.\n\n## GitLab Duo Agent Platform: The agentic control plane\n\nGitLab Duo Agent Platform is GitLab's agentic AI layer: a framework of specialized agents and flows that operate simultaneously and in-parallel, going beyond the traditional stage-based handoffs  and helping automate work across the entire software lifecycle. Rather than a single assistant responding to prompts, Duo Agent Platform enables teams to orchestrate many AI agents asynchronously using unified data and project context, including issues, merge requests, pipelines, and security findings. Linear workflows are turned into coordinated, continuous collaboration between software teams and their AI agents, at scale.\n\nWith that control plane in place, the natural next question is which AI foundation should power these agents. For customers who run GitLab Self-Managed on AWS and need inference traffic, prompt data, and logs to also stay within their AWS environment along with their software lifecycle data, Amazon Bedrock acting as the AI inference layer is the natural fit. \n\n## Amazon Bedrock: The trusted AI foundation\n\nAmazon Bedrock is a fully managed, serverless foundation model layer that runs entirely within your AWS environment. Customer data stays in the customer's AWS account: inputs and outputs are encrypted in transit and at rest, never shared with model providers, and never used to train base models. Bedrock carries compliance certifications across GDPR, HIPAA, and FedRAMP High, covering many regulated industry requirements out of the box. Teams can also bring fine-tuned models from elsewhere via Custom Model Import and deploy them alongside native Bedrock models through the same infrastructure, without managing separate deployment pipelines. Bedrock Guardrails adds configurable safeguards across all models for content filtering, hallucination detection, and sensitive data protection.\n\nTogether, GitLab Duo Agent Platform and Bedrock consolidate DevSecOps orchestration and AI model governance, helping eliminate the fragmentation that happens when teams roll out AI tools independently.\n\n## Choosing your deployment path\n\nThe integration delivers the same core GitLab Duo Agent Platform capabilities regardless of how it is deployed. What varies is who runs GitLab, who operates the AI Gateway, and whose Bedrock account the inference runs through. The right pattern depends on where your organization already operates.\n\nAt a high level, the integration has three main components:\n\n* **GitLab Duo Agent Platform:** agentic workflows embedded across the software development lifecycle  \n* **AI Gateway (GitLab-managed or self-hosted):** the abstraction layer between Duo Agent Platform and the foundational model backend   \n* **Amazon Bedrock:** the AI model and inference substrate\n\n![Deployment of GitLab and AWS Bedrock](https://res.cloudinary.com/about-gitlab-com/image/upload/v1776362365/udmvmv2efpmwtkxgydch.png)\n\nChoosing a deployment pattern is informed by where an organization wants to place the levers of control. The patterns below are designed to meet teams where they already are, whether that's SaaS-first, self-managed for compliance, or all-in on AWS with existing Bedrock investments.\n\n| Deployment Model | GitLab.com instance with GitLab-hosted AI Gateway with GitLab-operated Bedrock models   | GitLab Self-Managed with GitLab-hosted AI Gateway with GitLab-operated Bedrock models | GitLab Self-Managed  with self-hosted AI Gateway and customer-operated Bedrock models |\n| :---- | :---- | :---- | :---- |\n| **Ideal if you:** | Are primarily on GitLab.com and don’t want to self-host AI gateway and Bedrock models  | Need GitLab Self-Managed for compliance and operational reasons but don’t want to manage AI layer | Are AWS-centric with existing Bedrock usage and strict data/control needs  |\n| **Key Benefits** | Fastest, turnkey way to get Duo Agent Platform workflows: GitLab runs GitLab.com, the AI Gateway, integrated with Bedrock AI models. | Keep GitLab deployed in your own environment while consuming Bedrock models via a GitLab-managed AI Gateway, combining deployment control with simplified AI operations. | Run GitLab and AI Gateway in your AWS account, reuse existing IAM/VPC/regions, keep logs and data in your environment, and draw Bedrock usage from your existing AWS spend commitments. |\n\n## How customers use GitLab Duo Agent Platform with Amazon Bedrock\n\nPlatform teams can use GitLab Duo Agent Platform with Amazon Bedrock to standardize which models handle code suggestions, security analysis, and pipeline remediation. This helps enforce guardrails and logging centrally rather than letting individual teams adopt separate tools independently.\n\nSecurity workflows see particular benefit. GitLab Duo Agent Platform agents can propose and validate fixes for security findings within GitLab, helping reduce the manual triage work developers would otherwise handle outside the platform.\n\nFor enterprises already committed to AWS, routing AI workloads through Bedrock from within GitLab enables you to keep developer AI usage aligned with existing cloud agreements rather than generating separate, unplanned spend.\n\n## Closing the loop\n\nThe constraints that slow enterprise AI adoption are often not technical. They are organizational: fragmented tooling, ungoverned data flows, and cloud spend that never consolidates. Those are the problems that can stall AI programs even after the pilots succeed.\n\nGitLab Duo Agent Platform and Amazon Bedrock help address each one directly. Platform teams get consistent governance, auditability, and standardized paths for AI usage across the software development lifecycle. Development teams get streamlined, agentic workflows that feel native to GitLab. And AWS-centric organizations get to extend their existing Bedrock investment rather than build parallel AI infrastructure alongside it.\n\nThe result is an AI program that scales without fragmenting. Governance and velocity on the same stack, serving the same teams, under policies the organization already owns.\n\n\n> To explore which deployment pattern is right for your organization and how to align GitLab Duo Agent Platform and Amazon Bedrock with your existing AWS strategy, [contact the GitLab sales team](https://about.gitlab.com/sales/) and we’ll help you design and implement the best architecture for your environment. You can also [visit our AWS partner page](https://about.gitlab.com/partners/technology-partners/aws/) to learn more.",[283,747,748],"AWS","AI/ML","2026-04-21",[751,752],"Joe Mann","Mark Kriaf","https://res.cloudinary.com/about-gitlab-com/image/upload/v1776362275/ozbwn9tk0dditpnfddlz.png",{"featured":13,"template":14,"slug":755},"gitlab-amazon-platform-orchestration-on-a-trusted-ai-foundation",{"promotions":757},[758,772,783,795],{"id":759,"categories":760,"header":762,"text":763,"button":764,"image":769},"ai-modernization",[761],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":765,"config":766},"Get your AI maturity score",{"href":767,"dataGaName":768,"dataGaLocation":246},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":770},{"src":771},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":773,"categories":774,"header":775,"text":763,"button":776,"image":780},"devops-modernization",[11,576],"Are you just managing tools or shipping innovation?",{"text":777,"config":778},"Get your DevOps maturity score",{"href":779,"dataGaName":768,"dataGaLocation":246},"/assessments/devops-modernization-assessment/",{"config":781},{"src":782},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":784,"categories":785,"header":787,"text":763,"button":788,"image":792},"security-modernization",[786],"security","Are you trading speed for security?",{"text":789,"config":790},"Get your security maturity score",{"href":791,"dataGaName":768,"dataGaLocation":246},"/assessments/security-modernization-assessment/",{"config":793},{"src":794},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":796,"paths":797,"header":800,"text":801,"button":802,"image":807},"github-azure-migration",[798,799],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":803,"config":804},"See how GitLab compares to GitHub",{"href":805,"dataGaName":806,"dataGaLocation":246},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":808},{"src":782},{"header":810,"blurb":811,"button":812,"secondaryButton":817},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":813,"config":814},"Get your free trial",{"href":815,"dataGaName":45,"dataGaLocation":816},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":512,"config":818},{"href":49,"dataGaName":50,"dataGaLocation":816},1777934812760]