GitLab

GitLab's philosophy emphasizes "security built in, not bolted on", integrating automated scans directly into pipelines. Their Application Security Engineers collaborate closely with development teams and product managers to ensure product security.

Evidence from GitLab-authored pages shows explicit expectations that Application/Product Security teams must "identify, prioritize, and communicate vulnerability patterns" and that they are responsible for "building and maintaining automations" to help AppSec operate at scale — language consistent with triage and remediation workload and efforts to automate remediation. GitLab-authored AI/DevSecOps content describes AI-generated vulnerability summaries and suggested mitigations, indicating adoption/expansion of AI-driven developer workflows (GitLab Duo) intended to accelerate remediation but also implying increased velocity and a larger surface for security intervention. Taken together, the public material supports: (a) triage & prioritization responsibilities placed on AppSec staff, (b) active investment in automation and AI to reduce remediation friction, and (c) explicit promotion of AI-assisted workflows that increase developer velocity (which can raise security workload if not accompanied by commensurate automation/triage improvements). Company-authored pages (handbook and GitLab editorial on AI) provide public, verifiable evidence that GitLab places triage and remediation responsibilities on AppSec/product-security roles and is expanding AI-assisted developer workflows (GitLab Duo) that accelerate remediation and developer velocity — signals that align with triage pain, remediation effort, and AI-driven velocity risk. Confidence is High for explicit triage/AI-adoption language; Medium-High for direct statements that remediation backlog exists (GitLab emphasizes automation and AI to reduce friction, implying remediation burden but not explicitly stating "backlog").

Information not publicly available in the provided research summary.

GitLab operates as the "world's largest all-remote company" with team members in over 65 countries, functioning as a complete DevOps platform delivered as a single application. The company has approximately 3,283 employees. Application Security Engineers are integrated to work closely with development teams and product managers.