Gitlab

GitLab is a site and code repository management system for Git. Additional features include its own wiki and error tracking system. The software is available in the Omnibus package management system.

Performance indicators

2022: Loss of a third of capitalisation due to poor performance

GitLab's share price collapsed 38% in one day, causing the platform to lose more than a third of its value. This is due to weak financial indicators reflected in the report of March 13, 2023.

GitLab's revenue for the fiscal year, closed on January 31, 2023, reached $424.34 million. This is 68% more than the result for the previous fiscal year, when approximately $252.65 million was received. In total revenue in fiscal 2023, subscriptions and services SaaS (software as a service) accounted for $369.35 million. Another $54.99 million brought licensing.

Despite a 68% increase in revenue, Gitlab continues to make losses

At the same time, GitLab faced an increase in net losses. They amounted to $172.31 million against $155.14 million in fiscal 2022. In the future, the company is also preparing for losses, which provoked a rapid loss of capitalization.

The report notes that by the end of fiscal 2023, the number of customers with an ARR (annual regular income) of more than $5,000 reached 7002, which is 52% more on an annualized basis. The number of customers with ARR exceeding $100,000 was almost 700, showing an increase of 42% compared to the end of fiscal 2022. The number of customers with ARR over $1 million increased to 63, which is 62% more on an annualized basis. It is noted that from April 3, 2023, the cost of a subscription to GitLab Premium will rise from $19 to $29 per user per month.

The [GitLab] results were negatively affected by the macroeconomic situation, as sales cycles increased, and some of the company's customers suspended hiring and (or) were forced to reduce headcount, which provoked a drop in the profit retention ratio, said analyst Matthew Hedberg[1]

History

2024: A "hole" in the GitLab platform allows you to intercept your password. More than 10 thousand servers in Russia are under threat

NCCC in mid-January 2024 warned of a critical CVE-2023-7028 vulnerability in the joint development platforms GitLab Community Edition and Enterprise Edition versions 16.1.0 - 16.7.1. They turned out to be vulnerable to an attack on intercepting a user account. The gap has a CVSS level of 10 out of 10, since the attack is easily implemented and executed remotely.

NCCC Warning

There is a fix for the vulnerability - in the specially released versions^[2] 16.7.2, 16.6.4 and 16.5.6 of the corresponding products.

The vulnerability appeared in version 16.6.0. It did not very correctly implement the functionality of resetting the password using an additional email address. That is, an attacker just needs to add his address as a backup to reset, and then use it to "restore" the password and gain full access to the account.

Exploits began to be published on GitHub, which indicates a high likelihood of attacks using this vulnerability. True, if two-factor authentication is installed, then although it is possible to reset the password using the vulnerability, it will not work to get full access to the account.

GitLab products turned out to be quite popular in Russia: the Netlas search engine found more than 10 thousand installations at Russian addresses. This is the third place in the global distribution of products. More only in Germany (19.6 thousand installations) and the USA (10.5 thousand). In total, there are 89.1 thousand installations in the world of vulnerable platforms.

Distribution of vulnerable GitLab products worldwide (Netlas source)

This is a large enough number to expect massive exploitation of this vulnerability. Moreover, it fits very well in the trends of today - attacks on supply chains. An attacker can use the vulnerability to connect to the collaborative development platform and embed his own bookmarks and implants in the code.

Since there are fixes, it is worth installing them, although for Russian users you will have to fulfill certain requirements for checking the security of the installed code. In any case, this is what the NCCCI recommends to do:

This vulnerability is fixed by the official patch of the vendor. Due to the current situation and the imposed sanctions against the Russian Federation, we recommend installing software updates only after assessing all associated risks.

In addition, it is worth enabling two-factor authentication for all platform participants as quickly as possible. This can be done without installing a new version.

At the same time, the company has the opportunity to detect an attack on its platform, it is only important to convince developers to report all the facts of unsuccessful attempts to seize their accounts to the enterprise information security service.

2023:7% staff cut

On February 9, 2023, GitLab, the main competitor to the GitHub platform, announced a staff reduction. The number of employees will decrease by 7%, which is associated with the crisis in the IT market and global economic challenges.

As the co-founder and CEO of GitLab, Sid Sijbrandij, said, in the current environment, corporate customers take a more conservative approach to investing in software and spend more time making decisions. The spending reallocation measures that were previously adopted at GitLab were not enough to counter the growing global economic downturn. Therefore, the company is forced to go to lay off employees.

GitLab cuts staff by 7% due to IT market crisis

I made the decision to reduce the size of our team by 7%. It was a very difficult decision and I understand it may be unexpected for some of you. We are sad to say goodbye to the talented workers who played an integral role in the development of GitLab, and I am grateful for their significant contribution. Unfortunately, we need to take further steps and bring our spending rates in line with the growth strategy, "Sijbrandiy said.

As of early 2022, GitLab had 1,630 employees. Based on this figure, approximately 114 people will lose their jobs. They will receive relying payments and severance pay equal to the basic salary for four months. In addition, the company will cover health insurance premiums for up to six months. GitLab will also provide employment support to furloughed employees at the new location: it includes consulting and resume drafting. The dismissed employees will be able to keep the equipment provided to themselves, including for the home office, subject to the security protocols of GitLab.^[3]

2022: Plan to remove free placed projects inactive during the year

On August 4, 2022, it became known that GitLab plans to amend the rules for using the service in September, according to which those projects placed on hosting the GitLab.com for free will be automatically deleted if they repositories remain inactive for 12 months. The rule changes have not yet been officially announced and are at the stage of internal planning.

The change is aimed at reducing maintenance costs hosting by freeing up resources for storage and handling abandoned projects and undeveloped forks. It is estimated that maintenance infrastructures for abandoned projects accounts for up to a quarter of all hosting costs GitLab.com and automatic cleaning of such projects will save up to a million a dollars year.

Prior to the actual deletion within a few weeks or months, the owners of applicants for the deletion of repositories will be notified with a warning about the need to confirm the relevance of the project. Only abandoned projects are planned to be deleted, the authors of which do not respond to warnings, no changes were noted in the repository during the year, fresh issue was not published and comments were not sent.

However, some community members see the proposed removal as a perverse practice, as code from inactive repositories can be used as a dependency in other projects remaining active. It is also noted that constant changes are not the goal of some authors who may well believe that the current state of their project has reached the optimal level, and the code is good enough and does not require improvement, or initially open up ready-made developments that are not planned to be developed, but which may be useful to others.

In addition, the code of inactive projects can be referenced by external resources, and deleting it will lead to the loss of a confirmed reference copy that can be referenced (unofficial copies do not guarantee no harmful activity), therefore, instead of deleting, it would probably be more optimal to put it in an archived state while maintaining the ability to access the code in read-only mode. To save disk space when storing garbage forks, you can use more effective methods of processing duplicates, for example, GitHub, to eliminate duplication data , stores together all objects from the main repository and related forks, logically dividing the ownership of commits^[4]

2021

Buying Opstrace Cloud Bug Platform Developer

In mid-December 2021, GitLab announced the purchase of Opstrace. The financial terms of the deal were not disclosed. Read more here.

Going public on Nasdaq

On October 14, 2021, Gitlab went public, listing its shares on the Nasdaq exchange under the ticker symbol GLTB.

As part of the IPO, the service for joint development of IT projects sold a total of 10.4 million securities at a price of $77 apiece, thanks to which the company was able to attract more than $800 million. Most of the shares (about 8.42 million) were placed by GitLab itself, and the remaining (1.98 million units) - an investor affiliated with the founder of the company.

According to Bloomberg, with a share price of $77 (the range was initially set at $66-69 per share), GitLab's market capitalization amounted to $11 billion.

Gitlab went public

According to the prospectus for the IPO, Gitlab intends to use the funds earned on the listing for corporate purposes and use as working capital. The main goal of the IPO was to increase the recognition of the company, as well as bring the shares to the open market.

By mid-October 2021, the number of Gitlab customers is approximately 3.6 thousand, including Goldman Sachs, UBS, Nvidia and Thomson Reuters. The company never had an office, all its employees (about 1.3 thousand people) work remotely.

Gitlab was going to go public earlier, but plans were revised due to the COVID-19 coronavirus pandemic.

Co-founder of the company Dmitry Zaporozhets in 2021 took 23rd place in the ranking of the richest Ukrainians according to Ukrainian Forbes. The entrepreneur's fortune is estimated at $450 million.

According to investors, Gitlab's business looks promising, including thanks to the COVID-19 coronavirus pandemic. The rapid spread of remote work sharply updated the issue of transferring a significant part of the operations of various industries online - this allows you to hope for downloading programmers who will actively use the company's software. In a sense, digitalization was actively going on before the pandemic, but now this process is being forced by both companies and states, they say.^[5]

2020: Buying Peach Tech and Fuzzit

In mid-June 2020, GitLab announced the acquisition of technology companies Peach Tech and Fuzzit with the aim of improving DevOps tools. Both startups develop information security software during the so-called odd testing (when random data is used as input to the system when testing software). Read more here.

2019: Attempted ban on Russian and Chinese employees

On November 5, 2019, it became known that the management of the Git-service Gitlab banned the admission of residents of Russia and China to its staff.

The initiative was proposed in mid-October 2019, and it speaks of the impossibility of Russians or Chinese to hold positions in Gitlab, one way or another related to access to the data of the company's customers. For example, they will not be able to work as engineers in operations, technical support or security. As of November 5, 2019, it is under discussion and has not entered into force, but according to the ZDNet resource, Russians have already begun to receive refusals to hire Gitlab.

According to the management, customers of the service fear that the Russians and Chinese will steal this information. Representatives of the service did not disclose the names of companies worried about the presence of Russians and Chinese in the Gitlab team, but as of November 5, 2019, its corporate clients included many large corporations from various fields, including information technology and banking.

Explaining its initiative, Gitlab management refers to several unnamed corporate clients of the service. Gitlab Vice President Eric Johnson noted that these clients are concerned about the geopolitical situation in the world and the attitude towards Russia and China around the world. Eric Johnson stressed that denying employment based on their place of residence or background has become the norm in today's IT industry. Nevertheless, writes ZDNet, he did not specify which other companies use similar principles when selecting candidates for office, and how often exactly Russians and the Chinese receive refusals.

As of November 5, 2019, Gitlab proposed not to hire only those who live or are in Russia or China. The origin of the applicant for the service position was not taken into account - if a Russian or Chinese live outside their native country, their chance of getting a job remained. All of these restrictions will not affect the current employees of the service - the management of Gitlab did not report their upcoming dismissal.

In addition, Gitlab will interfere with its employees in every possible way if they want to visit China or Russia for one reason or another. If a person works in a position in which he has access to the data of customers of the service, then he will face a choice - either he will abandon the idea of ​ ​ traveling to "banned" countries, or he will have to say goodbye to the position and start looking for work.

The discussion initiated by the Gitlab leadership as of November 5, 2019 was actively ongoing, and the ban on the admission of Russians and Chinese to work in the company was not introduced. The estimated date for the termination of dialogues on this topic is November 6, 2019, and the Gitlab management has not yet set a date for the restrictions to come into force.

At the same time, the non-admission of immigrants from Russia and China to positions with access to customer information in Gitlab is already in effect, although secretly - this was confirmed by the CEO of the service Sid Sijbrandij. He also said that the company's current employees will not lose their jobs due to the global geopolitical climate. At the same time, he did not explain whether Russians and Chinese working, for example, in Gitlab technical support, will be forced to move to another position, including, possibly, to a lower-paid one.

The Gitlab initiative caused a flurry of negative marks and comments, the number of which largely outweighed the positive and neutral responses of users. Those who disagreed with Gitlab's actions did not hesitate in expressions and wondered why the initiative of the service management affected these countries, and not any others.

A number of users noted that in October and November 2019. In the United States (Gitlab's head office is located in San Francisco), there was not a single law prohibiting the hiring of people from Russia and China, and even more so allowing to prevent existing employees in their desire to visit these countries^[6]

Notes