GitLab and Google Cloud are announcing their strategic partnership, aimed toward addressing the complexities and security risks associated with multiple point solution environments. By combining GitLab’s extensive capabilities—including source code management, planning, CI/CD workflows, advanced security, and compliance—with Google Cloud’s console and Artifact Registry, this collaboration will alleviate operators and developers from the pains of self-hosted solutions, according to the companies.
Often confronted with the weighty tool and cognitive load associated with multiple point solution landscapes, GitLab and Google Cloud unite multiple tools to empower fully managed, cloud-hosted infrastructures.
Difficult to manage and maintain solutions that necessitate manual patches and upgrades, as well as their subsequent testing, no longer plague operators; instead, developers can develop and ship software faster with security from the get-go, according to the companies.
This integration emphasizes its ability to power the DevSecOps lifecycle with both scale and visibility, pairing Google’s Software Supply Chain Security with GitLab’s DevSecOps platform for system-wide governance and policy enforcement. This collaboration empowers the following functions:
- Easy access to GitLab projects via the Google Cloud Console, enabling users to plan, create issues, and define epics from within GitLab
- Simple registration and configuration of private Google Cloud-powered runners from within GitLab
- CI/CD component templates for Google Cloud resource deployment, including that of Kubernetes Engine (GKE) and Cloud Run
- Produce a single security data plane through Google’s Artifact Registry and GitLab’s pipelines and packaging
With native supply chain security components integrated from the start, users can better utilize the benefits of GitLab’s unified DevSecOps workflow, according to the companies.
Additionally, users can access a SLSA-rated provenance that surfaces insights regarding software build details, including a software bill of materials (SBOM) and vulnerability impact. Any output from GitLab can be confirmed by the user, ensuring that packages are not run on clusters if they fail to accommodate security or verification requirements.
"We are excited to expand our partnership with GitLab to provide our customers end-to-end software supply chain security that is easier and more accessible than ever before,” said Gabe Monroy, VP of developer experience at Google Cloud. “I am looking forward to more joint innovation with GitLab in the DevSecOps space with the goal of helping our customers deliver software more rapidly and with greater confidence."
To sign up for the integration waitlist, please click here.
To learn more about GitLab and Google Cloud’s collaboration, please visit https://about.gitlab.com/.