[{"data":1,"prerenderedAt":821},["ShallowReactive",2],{"/en-us/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation":3,"navigation-en-us":44,"banner-en-us":454,"footer-en-us":464,"blog-post-authors-en-us-Sandra Gittlen":702,"blog-related-posts-en-us-ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation":718,"blog-promotions-en-us":759,"next-steps-en-us":811},{"id":4,"title":5,"authorSlugs":6,"authors":8,"body":10,"category":11,"categorySlug":11,"config":12,"content":16,"date":20,"description":17,"extension":28,"externalUrl":29,"featured":14,"heroImage":19,"isFeatured":14,"meta":30,"navigation":14,"path":31,"publishedDate":20,"rawbody":32,"seo":33,"slug":13,"stem":38,"tagSlugs":39,"tags":42,"template":15,"updatedDate":29,"__hash__":43},"blogPosts/en-us/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation.yml","Ultimate guide to CI/CD: Fundamentals to advanced implementation",[7],"sandra-gittlen",[9],"Sandra Gittlen","Continuous integration/continuous delivery ([CI/CD](https://about.gitlab.com/topics/ci-cd/)) has revolutionized how software teams create value for their users. Gone are the days of manual deployments and integration headaches — modern development demands automation, reliability, and speed.\n\nAt its core, CI/CD is about creating a seamless pipeline that takes code from a developer's environment all the way to production and incorporates feedback in real time. [CI](https://about.gitlab.com/topics/ci-cd/benefits-continuous-integration/) helps teams catch issues early — before they become costly problems — by ensuring that code changes are frequently merged into a shared repository, automatically tested, and validated. [CD](https://about.gitlab.com/topics/ci-cd/#what-is-continuous-delivery-cd) extends this by automating deployments, making releases predictable and stress-free.\n\nRather than relying on manual processes and complex toolchains for software development, teams can use a robust CI/CD pipeline to build, test, and deploy software. And AI can streamline the process even further, automatically engineering CI/CD pipelines for consistent quality, compliance, and security checks.\n\nThis guide explains modern CI/CD pipelines, from basic principles to best practices to advanced strategies. You'll also discover how leading organizations use CI/CD for impactful results. What you learn in this guide will help you scale your DevSecOps environment to develop and deliver software in an [agile](https://about.gitlab.com/topics/ci-cd/continuous-integration-agile/), automated, and efficient manner.\n\nWhat you'll learn:\n- [What is continuous integration?](#what-is-continuous-integration%3F)\n- [What is continuous delivery?](#what-is-continuous-delivery%3F)\n- [How source code management relates to CI/CD](#how-source-code-management-relates-to-cicd)\n- [The benefits of CI/CD in modern software development](#the-benefits-of-cicd-in-modern-software-development)\n  - [Key differences between CI/CD and traditional development](#key-differences-between-cicd-and-traditional-development)\n- [Understanding CI/CD fundamentals](#understanding-cicd-fundamentals)\n  - [What is a CI/CD pipeline?](#what-is-a-cicd-pipeline%3F)\n- [Best practices for CI/CD implementation and management](#best-practices-for-cicd-implementation-and-management)\n  - [CI best practices](#ci-best-practices)\n  - [CD best practices](#cd-best-practices)\n- [How to get started with CI/CD](#how-to-get-started-with-cicd)\n- [Security, compliance, and CI/CD](#security-compliance%2C-and-cicd)\n- [CI/CD and the cloud](#cicd-and-the-cloud)\n- [Advanced CI/CD](#advanced-cicd)\n  - [Reuse and automation in CI/CD](#reuse-and-automation-in-cicd)\n  - [Troubleshooting pipelines with AI](#troubleshooting-pipelines-with-ai)\n- [How to migrate to GitLab CI/CD](#how-to-migrate-to-gitlab-cicd)\n- [Lessons from leading organizations](#lessons-from-leading-organizations)\n- [CI/CD tutorials](#cicd-tutorials)\n\n## What is continuous integration?\n\n[Continuous integration](https://about.gitlab.com/topics/ci-cd/benefits-continuous-integration/) (CI) is the practice of integrating all your code changes into the main branch of a shared source code repository early and often, automatically testing changes when you commit or merge them, and automatically kicking off a build. With continuous integration, teams can identify and fix errors and security issues more easily and much earlier in the development process.\n\n## What is continuous delivery?\n[Continuous delivery](https://about.gitlab.com/topics/ci-cd/#what-is-continuous-delivery-cd) (CD) – sometimes called _continuous deployment_ – enables organizations to deploy their applications automatically, allowing more time for developers to focus on monitoring deployment status and assure success. With continuous delivery, DevSecOps teams set the criteria for code releases ahead of time and when those criteria are met and validated, the code is deployed into the production environment. This allows organizations to be more nimble and get new features into the hands of users faster.\n\n## How source code management relates to CI/CD\n\nSource code management ([SCM](https://about.gitlab.com/solutions/source-code-management/)) and CI/CD form the foundation of modern software development practices. SCM systems like [Git](https://about.gitlab.com/blog/what-is-git-the-ultimate-guide-to-gits-role-and-functionality/) provide a centralized way to track changes, manage different versions of code, and facilitate collaboration among team members. When developers work on new features or bug fixes, they create branches from the main codebase, make their changes, and then [merge them through merge requests](https://docs.gitlab.com/user/project/merge_requests/). This branching strategy allows multiple developers to work simultaneously without interfering with each other's code, while maintaining a stable main branch that always contains production-ready code.\n\nCI/CD takes the code managed by SCM systems and automatically builds, tests, and validates it whenever changes are pushed. When a developer submits their code changes, the CI/CD system automatically retrieves the latest code, combines it with the existing codebase, and runs through a series of automated checks. These typically include compiling the code, running unit tests, performing static code analysis, and checking code coverage. If any of these steps fail, the team is immediately notified, allowing them to address issues before they impact other developers or make their way to production. This tight integration between source control and continuous integration creates a feedback loop that helps maintain code quality and prevents integration problems from accumulating.\n\n## The benefits of CI/CD in modern software development\n\n[CI/CD brings transformative benefits to modern software development](https://about.gitlab.com/blog/ten-reasons-why-your-business-needs-ci-cd/) by dramatically reducing the time and risk associated with delivering new features and fixes. The continuous feedback loop gives DevSecOps teams confidence their changes are automatically validated against the entire codebase. The result is higher quality software, faster delivery times, and more frequent releases that can quickly respond to user needs and market demands.\n\nPerhaps most importantly, CI/CD fosters a culture of collaboration and transparency within software development teams. When everyone can see the status of builds, tests, and deployments in real time, it becomes easier to identify and resolve bottlenecks in the delivery process. The automation provided by CI/CD also reduces the cognitive load on developers, freeing them to focus on writing code rather than managing manual deployment processes. This leads to improved developer satisfaction and productivity, while also reducing the risk traditionally associated with the entire software release process. Teams can experiment more freely knowing rapid code reviews are part of the process and they can quickly roll back changes if needed, which encourages innovation and continuous improvement.\n\n> Get started with GitLab CI/CD. [Sign up for GitLab Ultimate](https://about.gitlab.com/free-trial/devsecops/) and try the AI-powered DevSecOps platform free.\n\n### Key differences between CI/CD and traditional development\n\nCI/CD differs from traditional software development in many ways, including:\n\n**Frequent code commits**\n\nDevelopers often work independently and infrequently upload their code to a main codebase, causing merge conflicts and other time-consuming issues. With CI/CD, developers push commits throughout the day, ensuring that conflicts are caught early and the codebase remains up to date.\n\n**Reduced risk**\n\nLengthy testing cycles and extensive pre-release planning are hallmarks of traditional software development. This is done to minimize risk but often hinders the ability to find and fix problems. Risk is managed in CI/CD by applying small, incremental changes that are closely monitored and easily reverted.\n\n**Automated and continuous testing**\n\nIn traditional software development, testing is done once development is complete. However, this causes problems, including delayed delivery and costly bug fixes. CI/CD supports automated testing that occurs continuously throughout development, sparked by each code commit. Developers also receive feedback they can take fast action on.\n\n**Automated, repeatable, and frequent deployments**\n\nWith CI/CD, deployments are automated processes that reduce the typical stress and effort associated with big software rollouts. The same deployment process can be repeated across environments, which saves time and reduces errors and inconsistencies.\n\n## Understanding CI/CD fundamentals\n\nCI/CD serves as a framework for building scalable, maintainable delivery processes, so it's critical for DevSecOps teams to firmly grasp its core concepts. A solid understanding of CI/CD principles enables teams to adapt strategies and practices as technology evolves, rather than being tied to legacy approaches. Here are some of the basics.\n\n### What is a CI/CD pipeline?\n\nA [CI/CD pipeline](https://about.gitlab.com/topics/ci-cd/cicd-pipeline/) is a series of steps, such as build, test, and deploy, that automate and streamline the software delivery process. [Each stage serves as a quality gate](https://about.gitlab.com/blog/guide-to-ci-cd-pipelines/), ensuring that only validated code moves forward. Early stages typically handle basic checks like compilation and unit testing, while later stages may include integration testing, performance testing, compliance testing, and staged deployments to various environments.\n\nThe pipeline can be configured to require manual approvals at critical points, such as before deploying to production, while automating routine tasks and providing quick feedback to developers about the health of their changes. This structured approach ensures consistency, reduces human error, and provides a clear audit trail of how code changes move from development to production. Modern pipelines are often implemented as code, allowing them to be version controlled, tested, and maintained just like application code.\n\nThese are other terms associated with CI/CD that are important to know:\n- **Commit:** a code change\n- **Job:** instructions a runner has to execute\n- **Runner:** an agent or server that executes each job individually that can spin up or down as needed\n- **Stages:** a keyword that defines certain job stages, such as \"build\" and \"deploy.\" Jobs of the same stage are executed in parallel. Pipelines are configured using a version-controlled YAML file, `.gitlab-ci.yml`, at the root level of a project.\n\n![CI/CD pipeline diagram](https://res.cloudinary.com/about-gitlab-com/image/upload/v1749673928/Blog/Content%20Images/1690824533476.png)\n\n## Best practices for CI/CD implementation and management\n\nHow successful you are with CI/CD depends greatly on the [best practices](https://about.gitlab.com/blog/how-to-keep-up-with-ci-cd-best-practices/) you implement.\n\n#### CI best practices\n\n* Commit early, commit often.\n* Optimize pipeline stages.\n* Make builds fast and simple.\n* Use failures to improve processes.\n* Make sure the test environment mirrors production.\n\n#### CD best practices\n\n* Start where you are – you can always iterate.\n* Understand the best continuous delivery is done with minimal tools.\n* Track what’s happening so issues and merge requests don't get out of hand.\n* Streamline user acceptance testing and staging with automation.\n* Manage the release pipeline through automation.\n* Implement monitoring for visibility and efficiency.\n\n> ### Bookmark this!\n>\n>Watch our [\"Intro to CI/CD\" webinar](https://www.youtube.com/watch?v=sQ7Nw3o0izc)!\n>\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n\u003Ciframe src=\"https://www.youtube.com/embed/sQ7Nw3o0izc?si=3HpNqIClrc2ncr7Y\" title=\"Intro to CI/CD webinar\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\n## How to get started with CI/CD\n\nGetting started with CI/CD begins with identifying a simple but representative project to serve as your pilot. Choose a straightforward application with basic testing requirements, as this allows you to focus on learning the pipeline mechanics rather than dealing with complex deployment scenarios. Begin by ensuring your code is in [version control](https://about.gitlab.com/topics/version-control/) and has some [basic automated tests](https://about.gitlab.com/blog/develop-c-unit-testing-with-catch2-junit-and-gitlab-ci/) — even a few unit tests will suffice. The goal is to [create a minimal pipeline](https://about.gitlab.com/blog/how-to-learn-ci-cd-fast/) that you can gradually enhance as your understanding grows.\n\nFor GitLab specifically, the process starts with creating a `.gitlab-ci.yml` file in your project's root directory. This YAML file defines your pipeline stages (basic ones like build, test, and deploy) and jobs. A simple pipeline might look like this: The build stage compiles your code and creates artifacts, the test stage runs your unit tests, and the deploy stage pushes your application to a staging environment. GitLab will automatically detect this file and start running your pipeline whenever changes are pushed to your repository. The platform provides [built-in runners](https://docs.gitlab.com/runner/) to execute your pipeline jobs, though you can also set up your own runners for more control.\n\nAs you become comfortable with the basics, gradually add more sophisticated elements to your pipeline. This might include adding code quality checks, [security scanning](https://docs.gitlab.com/user/application_security/#security-scanning), or automated deployment to production. GitLab's DevSecOps platform includes features like [compliance management](https://about.gitlab.com/blog/meet-regulatory-standards-with-gitlab/), [deployment variables](https://about.gitlab.com/blog/demystifying-ci-cd-variables/), and manual approval gates that you can incorporate as your pipeline matures. Pay attention to pipeline execution time and look for opportunities to run jobs in parallel where possible. Remember to add proper error handling and notifications so team members are promptly alerted of any pipeline failures. Start documenting common issues and solutions as you encounter them — this will become invaluable as your team grows.\n\n> ### Want to learn more about getting started with CI/CD? Register for a [free CI/CD course on GitLab University](https://university.gitlab.com/courses/continuous-integration-and-delivery-ci-cd-with-gitlab).\n\n## Security, compliance, and CI/CD\n\nOne of the greatest advantages of CI/CD is the ability to embed security and compliance checks early and often in the software development lifecycle. In GitLab, teams can use the `.gitlab-ci.yml` configuration to automatically trigger security scans at multiple stages, from initial code commit to production deployment. The platform's container scanning, dependency scanning, and security scanning capabilities ([Dynamic Application Security Testing](https://docs.gitlab.com/user/application_security/dast/) and [Advanced SAST](https://about.gitlab.com/blog/gitlab-advanced-sast-is-now-generally-available/)) can be configured to run automatically with each code change, checking for vulnerabilities, compliance violations, and security misconfigurations. The platform's API enables integration with [external security tools](https://about.gitlab.com/blog/integrate-external-security-scanners-into-your-devsecops-workflow/), while the test coverage features ensure security tests meet required thresholds.\n\nGitLab's security test reports provide detailed information about findings, enabling quick remediation of security issues before they reach production. The Security Dashboard provides a centralized view of vulnerabilities across projects, while [security policies can be enforced](https://about.gitlab.com/blog/how-gitlab-supports-the-nsa-and-cisa-cicd-security-guidance/) through merge request approvals and pipeline gates. In addition, GitLab provides multiple layers of secrets management to protect sensitive information throughout the CI/CD process, audit logs to track access to secrets, and role-based access control (RBAC) to ensure only authorized users can view or modify sensitive configuration data.\n\nGitLab also supports software bill of materials ([SBOM](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/)) generation, providing a comprehensive inventory of all software components, dependencies, and licenses in an application and enabling teams to quickly identify and respond to vulnerabilities and comply with regulatory mandates.\n\n## CI/CD and the cloud\n\nGitLab's CI/CD platform provides robust integration with major cloud providers including [Amazon Web Services](https://about.gitlab.com/partners/technology-partners/aws/), [Google Cloud Platform](https://about.gitlab.com/blog/provision-group-runners-with-google-cloud-platform-and-gitlab-ci/), and [Microsoft Azure](https://docs.gitlab.com/install/azure/), enabling teams to automate their cloud deployments directly from their pipelines. Through GitLab's cloud integrations, teams can manage cloud resources, deploy applications, and monitor cloud services all within the GitLab interface. The platform's built-in cloud deployment templates and [Auto DevOps](https://docs.gitlab.com/topics/autodevops/) features significantly reduce the complexity of cloud deployments, allowing teams to focus on application development rather than infrastructure management. For organizations that want to automate their IT   infrastructure using GitOps, GitLab has a [Flux CD integration](https://about.gitlab.com/blog/why-did-we-choose-to-integrate-fluxcd-with-gitlab/).\n\nGitLab's cloud capabilities extend beyond basic deployment automation. The platform's [Kubernetes integration](https://about.gitlab.com/blog/kubernetes-overview-operate-cluster-data-on-the-frontend/) enables teams to manage container orchestration across multiple cloud providers, while the [cloud native GitLab installation options](https://about.gitlab.com/topics/ci-cd/cloud-native-continuous-integration/) allow the platform itself to run in cloud environments. Through GitLab's cloud-native features, teams can implement auto-scaling runners that dynamically provision cloud resources for pipeline execution, optimizing costs and performance. The platform's integration with cloud provider security services ensures that security and compliance requirements are met throughout the deployment process.\n\nFor multi-cloud environments, GitLab provides consistent workflows and tooling regardless of the underlying cloud provider. Teams can use GitLab's environment management features to handle different cloud configurations across development, staging, and production environments. The platform's [infrastructure as code](https://docs.gitlab.com/user/infrastructure/iac/) support, particularly its native integration with Terraform, enables teams to version control and automate their cloud infrastructure provisioning. GitLab's monitoring and observability features integrate with cloud provider metrics, providing comprehensive visibility into application and infrastructure health across cloud environments.\n\n## Advanced CI/CD\nCI/CD has evolved far beyond simple build and deploy pipelines. In advanced implementations, CI/CD involves sophisticated orchestration of automated testing, security scanning, infrastructure provisioning, AI, and more. Here are a few advanced CI/CD strategies that can help engineering teams scale their pipelines and troubleshoot issues even as architectural complexity grows.\n\n### Reuse and automation in CI/CD\n\nGitLab is transforming how development teams create and manage CI/CD pipelines with two major innovations: the [CI/CD Catalog](https://about.gitlab.com/blog/ci-cd-catalog-goes-ga-no-more-building-pipelines-from-scratch/) and [CI/CD steps](https://about.gitlab.com/blog/introducing-ci-cd-steps-a-programming-language-for-devsecops-automation/), a new programming language for DevSecOps automation currently in experimental phase. The CI/CD Catalog is a centralized platform where developers can discover, reuse, and contribute CI/CD components. Components function as reusable, single-purpose building blocks that simplify pipeline configuration — similar to Lego pieces for CI/CD workflows. Meanwhile, CI/CD steps support complex workflows by allowing developers to compose inputs and outputs for a CI/CD job. With the CI/CD Catalog and CI/CD steps, DevSecOps teams can easily standardize CI/CD and its components, simplifying the process of developing and maintaining CI/CD pipelines.\n\n> Learn more in our [CI/CD Catalog FAQ](https://about.gitlab.com/blog/faq-gitlab-ci-cd-catalog/) and [CI/CD steps documentation](https://docs.gitlab.com/ci/steps/).\n\n### Troubleshooting pipelines with AI\n\nWhile CI/CD pipelines can and do break, troubleshooting the issue quickly can minimize the impact. GitLab Duo Root Cause Analysis, part of a suite of AI-powered features, removes the guesswork by [determining the root cause for a failed CI/CD pipeline](https://about.gitlab.com/blog/quickly-resolve-broken-ci-cd-pipelines-with-ai/). When a pipeline fails, GitLab provides detailed job logs, error messages, and execution traces that show exactly where and why the failure occurred. Root Cause Analysis then uses AI to suggest a fix.\nWatch GitLab Duo Root Cause Analysis in action:\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n\u003Ciframe src=\"https://www.youtube.com/embed/sTpSLwX5DIs?si=J6-0Bf6PtYjrHX1K\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->\n\n## How to migrate to GitLab CI/CD\n\nMigrating to the DevSecOps platform and its built-in CI/CD involves a systematic approach of analyzing your existing pipeline configurations, dependencies, and deployment processes to map them to GitLab's equivalent features and syntax. Use these guides to help make the move.\n\n* [How to migrate from Bamboo to GitLab CI/CD](https://about.gitlab.com/blog/migrating-from-bamboo-to-gitlab-cicd/)\n* [Jenkins to GitLab: The ultimate guide to modernizing your CI/CD environment](https://about.gitlab.com/blog/jenkins-gitlab-ultimate-guide-to-modernizing-cicd-environment/)\n* [GitHub to GitLab migration the easy way](https://about.gitlab.com/blog/github-to-gitlab-migration-made-easy/)\n\n## Lessons from leading organizations\n\nThese leading organizations migrated to GitLab and are enjoying the myriad benefits of CI/CD. Read their stories.\n\n- [Lockheed Martin](https://about.gitlab.com/customers/lockheed-martin/)\n- [Indeed](https://about.gitlab.com/blog/how-indeed-transformed-its-ci-platform-with-gitlab/)\n- [CARFAX](https://about.gitlab.com/customers/carfax/)\n- [HackerOne](https://about.gitlab.com/customers/hackerone/)\n- [Betstudios](https://about.gitlab.com/blog/betstudios-cto-on-improving-ci-cd-capabilities-with-gitlab-premium/)\n- [Thales and Carrefour](https://about.gitlab.com/blog/how-carrefour-and-thales-are-evolving-their-ci-cd-platforms/)\n\n## CI/CD tutorials\n\nBecome a CI/CD expert with these easy-to-follow tutorials.\n\n* [Basics of CI: How to run jobs sequentially, in parallel, or out of order](https://about.gitlab.com/blog/basics-of-gitlab-ci-updated/)\n* [How to set up your first GitLab CI/CD component](https://about.gitlab.com/blog/tutorial-how-to-set-up-your-first-gitlab-ci-cd-component/)\n* [Building a GitLab CI/CD pipeline for a monorepo the easy way](https://about.gitlab.com/blog/building-a-gitlab-ci-cd-pipeline-for-a-monorepo-the-easy-way/)\n* [Using child pipelines to continuously deploy to five environments](https://about.gitlab.com/blog/using-child-pipelines-to-continuously-deploy-to-five-environments/)\n* [CI/CD automation: Maximize 'deploy freeze' impact across GitLab groups](https://about.gitlab.com/blog/ci-cd-automation-maximize-deploy-freeze-impact-across-gitlab-groups/)\n* [Refactoring a CI/CD template to a CI/CD component](https://about.gitlab.com/blog/refactoring-a-ci-cd-template-to-a-ci-cd-component/)\n* [Annotate container images with build provenance using Cosign in GitLab CI/CD](https://about.gitlab.com/blog/annotate-container-images-with-build-provenance-using-cosign-in-gitlab-ci-cd/)\n\n> #### Get started with GitLab CI/CD. [Sign up for GitLab Ultimate](https://about.gitlab.com/free-trial/devsecops/) and try the AI-powered DevSecOps platform.","devsecops",{"slug":13,"featured":14,"template":15},"ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation",true,"BlogPost",{"title":5,"description":17,"authors":18,"heroImage":19,"date":20,"body":10,"category":11,"tags":21},"Learn how to modernize continuous integration/continuous deployment, including automating the development, delivery, and security of pipelines.",[9],"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749660151/Blog/Hero%20Images/blog-image-template-1800x945__26_.png","2025-01-06",[22,23,24,25,26,27],"CI/CD","DevSecOps","DevSecOps platform","tutorial","security","product","yml",null,{},"/en-us/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation","seo:\n  title: 'Ultimate guide to CI/CD: Fundamentals to advanced implementation'\n  description: >-\n    Learn how to modernize continuous integration/continuous deployment,\n    including automating the development, delivery, and security of pipelines.\n  ogTitle: 'Ultimate guide to CI/CD: Fundamentals to advanced implementation'\n  ogDescription: >-\n    Learn how to modernize continuous integration/continuous deployment,\n    including automating the development, delivery, and security of pipelines.\n  noIndex: false\n  ogImage: >-\n    https://res.cloudinary.com/about-gitlab-com/image/upload/v1749660151/Blog/Hero%20Images/blog-image-template-1800x945__26_.png\n  ogUrl: >-\n    https://about.gitlab.com/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation\n  ogSiteName: https://about.gitlab.com\n  ogType: article\n  canonicalUrls: >-\n    https://about.gitlab.com/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation\ncontent:\n  title: 'Ultimate guide to CI/CD: Fundamentals to advanced implementation'\n  description: >-\n    Learn how to modernize continuous integration/continuous deployment,\n    including automating the development, delivery, and security of pipelines.\n  authors:\n    - Sandra Gittlen\n  heroImage: >-\n    https://res.cloudinary.com/about-gitlab-com/image/upload/v1749660151/Blog/Hero%20Images/blog-image-template-1800x945__26_.png\n  date: '2025-01-06'\n  body: >-\n    Continuous integration/continuous delivery\n    ([CI/CD](https://about.gitlab.com/topics/ci-cd/)) has revolutionized how\n    software teams create value for their users. Gone are the days of manual\n    deployments and integration headaches — modern development demands\n    automation, reliability, and speed.\n\n\n    At its core, CI/CD is about creating a seamless pipeline that takes code\n    from a developer's environment all the way to production and incorporates\n    feedback in real time.\n    [CI](https://about.gitlab.com/topics/ci-cd/benefits-continuous-integration/)\n    helps teams catch issues early — before they become costly problems — by\n    ensuring that code changes are frequently merged into a shared repository,\n    automatically tested, and validated.\n    [CD](https://about.gitlab.com/topics/ci-cd/#what-is-continuous-delivery-cd)\n    extends this by automating deployments, making releases predictable and\n    stress-free.\n\n\n    Rather than relying on manual processes and complex toolchains for software\n    development, teams can use a robust CI/CD pipeline to build, test, and\n    deploy software. And AI can streamline the process even further,\n    automatically engineering CI/CD pipelines for consistent quality,\n    compliance, and security checks.\n\n\n    This guide explains modern CI/CD pipelines, from basic principles to best\n    practices to advanced strategies. You'll also discover how leading\n    organizations use CI/CD for impactful results. What you learn in this guide\n    will help you scale your DevSecOps environment to develop and deliver\n    software in an\n    [agile](https://about.gitlab.com/topics/ci-cd/continuous-integration-agile/),\n    automated, and efficient manner.\n\n\n    What you'll learn:\n\n    - [What is continuous integration?](#what-is-continuous-integration%3F)\n\n    - [What is continuous delivery?](#what-is-continuous-delivery%3F)\n\n    - [How source code management relates to\n    CI/CD](#how-source-code-management-relates-to-cicd)\n\n    - [The benefits of CI/CD in modern software\n    development](#the-benefits-of-cicd-in-modern-software-development)\n      - [Key differences between CI/CD and traditional development](#key-differences-between-cicd-and-traditional-development)\n    - [Understanding CI/CD fundamentals](#understanding-cicd-fundamentals)\n      - [What is a CI/CD pipeline?](#what-is-a-cicd-pipeline%3F)\n    - [Best practices for CI/CD implementation and\n    management](#best-practices-for-cicd-implementation-and-management)\n      - [CI best practices](#ci-best-practices)\n      - [CD best practices](#cd-best-practices)\n    - [How to get started with CI/CD](#how-to-get-started-with-cicd)\n\n    - [Security, compliance, and CI/CD](#security-compliance%2C-and-cicd)\n\n    - [CI/CD and the cloud](#cicd-and-the-cloud)\n\n    - [Advanced CI/CD](#advanced-cicd)\n      - [Reuse and automation in CI/CD](#reuse-and-automation-in-cicd)\n      - [Troubleshooting pipelines with AI](#troubleshooting-pipelines-with-ai)\n    - [How to migrate to GitLab CI/CD](#how-to-migrate-to-gitlab-cicd)\n\n    - [Lessons from leading organizations](#lessons-from-leading-organizations)\n\n    - [CI/CD tutorials](#cicd-tutorials)\n\n\n    ## What is continuous integration?\n\n\n    [Continuous\n    integration](https://about.gitlab.com/topics/ci-cd/benefits-continuous-integration/)\n    (CI) is the practice of integrating all your code changes into the main\n    branch of a shared source code repository early and often, automatically\n    testing changes when you commit or merge them, and automatically kicking off\n    a build. With continuous integration, teams can identify and fix errors and\n    security issues more easily and much earlier in the development process.\n\n\n    ## What is continuous delivery?\n\n    [Continuous\n    delivery](https://about.gitlab.com/topics/ci-cd/#what-is-continuous-delivery-cd)\n    (CD) – sometimes called _continuous deployment_ – enables organizations to\n    deploy their applications automatically, allowing more time for developers\n    to focus on monitoring deployment status and assure success. With continuous\n    delivery, DevSecOps teams set the criteria for code releases ahead of time\n    and when those criteria are met and validated, the code is deployed into the\n    production environment. This allows organizations to be more nimble and get\n    new features into the hands of users faster.\n\n\n    ## How source code management relates to CI/CD\n\n\n    Source code management\n    ([SCM](https://about.gitlab.com/solutions/source-code-management/)) and\n    CI/CD form the foundation of modern software development practices. SCM\n    systems like\n    [Git](https://about.gitlab.com/blog/what-is-git-the-ultimate-guide-to-gits-role-and-functionality/)\n    provide a centralized way to track changes, manage different versions of\n    code, and facilitate collaboration among team members. When developers work\n    on new features or bug fixes, they create branches from the main codebase,\n    make their changes, and then [merge them through merge\n    requests](https://docs.gitlab.com/user/project/merge_requests/). This\n    branching strategy allows multiple developers to work simultaneously without\n    interfering with each other's code, while maintaining a stable main branch\n    that always contains production-ready code.\n\n\n    CI/CD takes the code managed by SCM systems and automatically builds, tests,\n    and validates it whenever changes are pushed. When a developer submits their\n    code changes, the CI/CD system automatically retrieves the latest code,\n    combines it with the existing codebase, and runs through a series of\n    automated checks. These typically include compiling the code, running unit\n    tests, performing static code analysis, and checking code coverage. If any\n    of these steps fail, the team is immediately notified, allowing them to\n    address issues before they impact other developers or make their way to\n    production. This tight integration between source control and continuous\n    integration creates a feedback loop that helps maintain code quality and\n    prevents integration problems from accumulating.\n\n\n    ## The benefits of CI/CD in modern software development\n\n\n    [CI/CD brings transformative benefits to modern software\n    development](https://about.gitlab.com/blog/ten-reasons-why-your-business-needs-ci-cd/)\n    by dramatically reducing the time and risk associated with delivering new\n    features and fixes. The continuous feedback loop gives DevSecOps teams\n    confidence their changes are automatically validated against the entire\n    codebase. The result is higher quality software, faster delivery times, and\n    more frequent releases that can quickly respond to user needs and market\n    demands.\n\n\n    Perhaps most importantly, CI/CD fosters a culture of collaboration and\n    transparency within software development teams. When everyone can see the\n    status of builds, tests, and deployments in real time, it becomes easier to\n    identify and resolve bottlenecks in the delivery process. The automation\n    provided by CI/CD also reduces the cognitive load on developers, freeing\n    them to focus on writing code rather than managing manual deployment\n    processes. This leads to improved developer satisfaction and productivity,\n    while also reducing the risk traditionally associated with the entire\n    software release process. Teams can experiment more freely knowing rapid\n    code reviews are part of the process and they can quickly roll back changes\n    if needed, which encourages innovation and continuous improvement.\n\n\n    > Get started with GitLab CI/CD. [Sign up for GitLab\n    Ultimate](https://about.gitlab.com/free-trial/devsecops/) and try the\n    AI-powered DevSecOps platform free.\n\n\n    ### Key differences between CI/CD and traditional development\n\n\n    CI/CD differs from traditional software development in many ways, including:\n\n\n    **Frequent code commits**\n\n\n    Developers often work independently and infrequently upload their code to a\n    main codebase, causing merge conflicts and other time-consuming issues. With\n    CI/CD, developers push commits throughout the day, ensuring that conflicts\n    are caught early and the codebase remains up to date.\n\n\n    **Reduced risk**\n\n\n    Lengthy testing cycles and extensive pre-release planning are hallmarks of\n    traditional software development. This is done to minimize risk but often\n    hinders the ability to find and fix problems. Risk is managed in CI/CD by\n    applying small, incremental changes that are closely monitored and easily\n    reverted.\n\n\n    **Automated and continuous testing**\n\n\n    In traditional software development, testing is done once development is\n    complete. However, this causes problems, including delayed delivery and\n    costly bug fixes. CI/CD supports automated testing that occurs continuously\n    throughout development, sparked by each code commit. Developers also receive\n    feedback they can take fast action on.\n\n\n    **Automated, repeatable, and frequent deployments**\n\n\n    With CI/CD, deployments are automated processes that reduce the typical\n    stress and effort associated with big software rollouts. The same deployment\n    process can be repeated across environments, which saves time and reduces\n    errors and inconsistencies.\n\n\n    ## Understanding CI/CD fundamentals\n\n\n    CI/CD serves as a framework for building scalable, maintainable delivery\n    processes, so it's critical for DevSecOps teams to firmly grasp its core\n    concepts. A solid understanding of CI/CD principles enables teams to adapt\n    strategies and practices as technology evolves, rather than being tied to\n    legacy approaches. Here are some of the basics.\n\n\n    ### What is a CI/CD pipeline?\n\n\n    A [CI/CD pipeline](https://about.gitlab.com/topics/ci-cd/cicd-pipeline/) is\n    a series of steps, such as build, test, and deploy, that automate and\n    streamline the software delivery process. [Each stage serves as a quality\n    gate](https://about.gitlab.com/blog/guide-to-ci-cd-pipelines/), ensuring\n    that only validated code moves forward. Early stages typically handle basic\n    checks like compilation and unit testing, while later stages may include\n    integration testing, performance testing, compliance testing, and staged\n    deployments to various environments.\n\n\n    The pipeline can be configured to require manual approvals at critical\n    points, such as before deploying to production, while automating routine\n    tasks and providing quick feedback to developers about the health of their\n    changes. This structured approach ensures consistency, reduces human error,\n    and provides a clear audit trail of how code changes move from development\n    to production. Modern pipelines are often implemented as code, allowing them\n    to be version controlled, tested, and maintained just like application code.\n\n\n    These are other terms associated with CI/CD that are important to know:\n\n    - **Commit:** a code change\n\n    - **Job:** instructions a runner has to execute\n\n    - **Runner:** an agent or server that executes each job individually that\n    can spin up or down as needed\n\n    - **Stages:** a keyword that defines certain job stages, such as \"build\" and\n    \"deploy.\" Jobs of the same stage are executed in parallel. Pipelines are\n    configured using a version-controlled YAML file, `.gitlab-ci.yml`, at the\n    root level of a project.\n\n\n    ![CI/CD pipeline\n    diagram](https://res.cloudinary.com/about-gitlab-com/image/upload/v1749673928/Blog/Content%20Images/1690824533476.png)\n\n\n    ## Best practices for CI/CD implementation and management\n\n\n    How successful you are with CI/CD depends greatly on the [best\n    practices](https://about.gitlab.com/blog/how-to-keep-up-with-ci-cd-best-practices/)\n    you implement.\n\n\n    #### CI best practices\n\n\n    * Commit early, commit often.\n\n    * Optimize pipeline stages.\n\n    * Make builds fast and simple.\n\n    * Use failures to improve processes.\n\n    * Make sure the test environment mirrors production.\n\n\n    #### CD best practices\n\n\n    * Start where you are – you can always iterate.\n\n    * Understand the best continuous delivery is done with minimal tools.\n\n    * Track what’s happening so issues and merge requests don't get out of hand.\n\n    * Streamline user acceptance testing and staging with automation.\n\n    * Manage the release pipeline through automation.\n\n    * Implement monitoring for visibility and efficiency.\n\n\n    > ### Bookmark this!\n\n    >\n\n    >Watch our [\"Intro to CI/CD\"\n    webinar](https://www.youtube.com/watch?v=sQ7Nw3o0izc)!\n\n    >\n\n    \u003C!-- blank line -->\n\n    \u003Cfigure class=\"video_container\">\n\n    \u003Ciframe src=\"https://www.youtube.com/embed/sQ7Nw3o0izc?si=3HpNqIClrc2ncr7Y\"\n    title=\"Intro to CI/CD webinar\" frameborder=\"0\" allowfullscreen=\"true\">\n    \u003C/iframe>\n\n    \u003C/figure>\n\n    \u003C!-- blank line -->\n\n\n    ## How to get started with CI/CD\n\n\n    Getting started with CI/CD begins with identifying a simple but\n    representative project to serve as your pilot. Choose a straightforward\n    application with basic testing requirements, as this allows you to focus on\n    learning the pipeline mechanics rather than dealing with complex deployment\n    scenarios. Begin by ensuring your code is in [version\n    control](https://about.gitlab.com/topics/version-control/) and has some\n    [basic automated\n    tests](https://about.gitlab.com/blog/develop-c-unit-testing-with-catch2-junit-and-gitlab-ci/)\n    — even a few unit tests will suffice. The goal is to [create a minimal\n    pipeline](https://about.gitlab.com/blog/how-to-learn-ci-cd-fast/) that you\n    can gradually enhance as your understanding grows.\n\n\n    For GitLab specifically, the process starts with creating a `.gitlab-ci.yml`\n    file in your project's root directory. This YAML file defines your pipeline\n    stages (basic ones like build, test, and deploy) and jobs. A simple pipeline\n    might look like this: The build stage compiles your code and creates\n    artifacts, the test stage runs your unit tests, and the deploy stage pushes\n    your application to a staging environment. GitLab will automatically detect\n    this file and start running your pipeline whenever changes are pushed to\n    your repository. The platform provides [built-in\n    runners](https://docs.gitlab.com/runner/) to execute your pipeline jobs,\n    though you can also set up your own runners for more control.\n\n\n    As you become comfortable with the basics, gradually add more sophisticated\n    elements to your pipeline. This might include adding code quality checks,\n    [security\n    scanning](https://docs.gitlab.com/user/application_security/#security-scanning),\n    or automated deployment to production. GitLab's DevSecOps platform includes\n    features like [compliance\n    management](https://about.gitlab.com/blog/meet-regulatory-standards-with-gitlab/),\n    [deployment\n    variables](https://about.gitlab.com/blog/demystifying-ci-cd-variables/), and\n    manual approval gates that you can incorporate as your pipeline matures. Pay\n    attention to pipeline execution time and look for opportunities to run jobs\n    in parallel where possible. Remember to add proper error handling and\n    notifications so team members are promptly alerted of any pipeline failures.\n    Start documenting common issues and solutions as you encounter them — this\n    will become invaluable as your team grows.\n\n\n    > ### Want to learn more about getting started with CI/CD? Register for a\n    [free CI/CD course on GitLab\n    University](https://university.gitlab.com/courses/continuous-integration-and-delivery-ci-cd-with-gitlab).\n\n\n    ## Security, compliance, and CI/CD\n\n\n    One of the greatest advantages of CI/CD is the ability to embed security and\n    compliance checks early and often in the software development lifecycle. In\n    GitLab, teams can use the `.gitlab-ci.yml` configuration to automatically\n    trigger security scans at multiple stages, from initial code commit to\n    production deployment. The platform's container scanning, dependency\n    scanning, and security scanning capabilities ([Dynamic Application Security\n    Testing](https://docs.gitlab.com/user/application_security/dast/) and\n    [Advanced\n    SAST](https://about.gitlab.com/blog/gitlab-advanced-sast-is-now-generally-available/))\n    can be configured to run automatically with each code change, checking for\n    vulnerabilities, compliance violations, and security misconfigurations. The\n    platform's API enables integration with [external security\n    tools](https://about.gitlab.com/blog/integrate-external-security-scanners-into-your-devsecops-workflow/),\n    while the test coverage features ensure security tests meet required\n    thresholds.\n\n\n    GitLab's security test reports provide detailed information about findings,\n    enabling quick remediation of security issues before they reach production.\n    The Security Dashboard provides a centralized view of vulnerabilities across\n    projects, while [security policies can be\n    enforced](https://about.gitlab.com/blog/how-gitlab-supports-the-nsa-and-cisa-cicd-security-guidance/)\n    through merge request approvals and pipeline gates. In addition, GitLab\n    provides multiple layers of secrets management to protect sensitive\n    information throughout the CI/CD process, audit logs to track access to\n    secrets, and role-based access control (RBAC) to ensure only authorized\n    users can view or modify sensitive configuration data.\n\n\n    GitLab also supports software bill of materials\n    ([SBOM](https://about.gitlab.com/blog/the-ultimate-guide-to-sboms/))\n    generation, providing a comprehensive inventory of all software components,\n    dependencies, and licenses in an application and enabling teams to quickly\n    identify and respond to vulnerabilities and comply with regulatory mandates.\n\n\n    ## CI/CD and the cloud\n\n\n    GitLab's CI/CD platform provides robust integration with major cloud\n    providers including [Amazon Web\n    Services](https://about.gitlab.com/partners/technology-partners/aws/),\n    [Google Cloud\n    Platform](https://about.gitlab.com/blog/provision-group-runners-with-google-cloud-platform-and-gitlab-ci/),\n    and [Microsoft Azure](https://docs.gitlab.com/install/azure/), enabling\n    teams to automate their cloud deployments directly from their pipelines.\n    Through GitLab's cloud integrations, teams can manage cloud resources,\n    deploy applications, and monitor cloud services all within the GitLab\n    interface. The platform's built-in cloud deployment templates and [Auto\n    DevOps](https://docs.gitlab.com/topics/autodevops/) features\n    significantly reduce the complexity of cloud deployments, allowing teams to\n    focus on application development rather than infrastructure management. For\n    organizations that want to automate their IT   infrastructure using GitOps,\n    GitLab has a [Flux CD\n    integration](https://about.gitlab.com/blog/why-did-we-choose-to-integrate-fluxcd-with-gitlab/).\n\n\n    GitLab's cloud capabilities extend beyond basic deployment automation. The\n    platform's [Kubernetes\n    integration](https://about.gitlab.com/blog/kubernetes-overview-operate-cluster-data-on-the-frontend/)\n    enables teams to manage container orchestration across multiple cloud\n    providers, while the [cloud native GitLab installation\n    options](https://about.gitlab.com/topics/ci-cd/cloud-native-continuous-integration/)\n    allow the platform itself to run in cloud environments. Through GitLab's\n    cloud-native features, teams can implement auto-scaling runners that\n    dynamically provision cloud resources for pipeline execution, optimizing\n    costs and performance. The platform's integration with cloud provider\n    security services ensures that security and compliance requirements are met\n    throughout the deployment process.\n\n\n    For multi-cloud environments, GitLab provides consistent workflows and\n    tooling regardless of the underlying cloud provider. Teams can use GitLab's\n    environment management features to handle different cloud configurations\n    across development, staging, and production environments. The platform's\n    [infrastructure as\n    code](https://docs.gitlab.com/user/infrastructure/iac/) support,\n    particularly its native integration with Terraform, enables teams to version\n    control and automate their cloud infrastructure provisioning. GitLab's\n    monitoring and observability features integrate with cloud provider metrics,\n    providing comprehensive visibility into application and infrastructure\n    health across cloud environments.\n\n\n    ## Advanced CI/CD\n\n    CI/CD has evolved far beyond simple build and deploy pipelines. In advanced\n    implementations, CI/CD involves sophisticated orchestration of automated\n    testing, security scanning, infrastructure provisioning, AI, and more. Here\n    are a few advanced CI/CD strategies that can help engineering teams scale\n    their pipelines and troubleshoot issues even as architectural complexity\n    grows.\n\n\n    ### Reuse and automation in CI/CD\n\n\n    GitLab is transforming how development teams create and manage CI/CD\n    pipelines with two major innovations: the [CI/CD\n    Catalog](https://about.gitlab.com/blog/ci-cd-catalog-goes-ga-no-more-building-pipelines-from-scratch/)\n    and [CI/CD\n    steps](https://about.gitlab.com/blog/introducing-ci-cd-steps-a-programming-language-for-devsecops-automation/),\n    a new programming language for DevSecOps automation currently in\n    experimental phase. The CI/CD Catalog is a centralized platform where\n    developers can discover, reuse, and contribute CI/CD components. Components\n    function as reusable, single-purpose building blocks that simplify pipeline\n    configuration — similar to Lego pieces for CI/CD workflows. Meanwhile, CI/CD\n    steps support complex workflows by allowing developers to compose inputs and\n    outputs for a CI/CD job. With the CI/CD Catalog and CI/CD steps, DevSecOps\n    teams can easily standardize CI/CD and its components, simplifying the\n    process of developing and maintaining CI/CD pipelines.\n\n\n    > Learn more in our [CI/CD Catalog\n    FAQ](https://about.gitlab.com/blog/faq-gitlab-ci-cd-catalog/) and [CI/CD\n    steps documentation](https://docs.gitlab.com/ci/steps/).\n\n\n    ### Troubleshooting pipelines with AI\n\n\n    While CI/CD pipelines can and do break, troubleshooting the issue quickly\n    can minimize the impact. GitLab Duo Root Cause Analysis, part of a suite of\n    AI-powered features, removes the guesswork by [determining the root cause\n    for a failed CI/CD\n    pipeline](https://about.gitlab.com/blog/quickly-resolve-broken-ci-cd-pipelines-with-ai/).\n    When a pipeline fails, GitLab provides detailed job logs, error messages,\n    and execution traces that show exactly where and why the failure occurred.\n    Root Cause Analysis then uses AI to suggest a fix.\n\n    Watch GitLab Duo Root Cause Analysis in action:\n\n\n    \u003C!-- blank line -->\n\n    \u003Cfigure class=\"video_container\">\n\n    \u003Ciframe src=\"https://www.youtube.com/embed/sTpSLwX5DIs?si=J6-0Bf6PtYjrHX1K\"\n    frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\n    \u003C/figure>\n\n    \u003C!-- blank line -->\n\n\n    ## How to migrate to GitLab CI/CD\n\n\n    Migrating to the DevSecOps platform and its built-in CI/CD involves a\n    systematic approach of analyzing your existing pipeline configurations,\n    dependencies, and deployment processes to map them to GitLab's equivalent\n    features and syntax. Use these guides to help make the move.\n\n\n    * [How to migrate from Bamboo to GitLab\n    CI/CD](https://about.gitlab.com/blog/migrating-from-bamboo-to-gitlab-cicd/)\n\n    * [Jenkins to GitLab: The ultimate guide to modernizing your CI/CD\n    environment](https://about.gitlab.com/blog/jenkins-gitlab-ultimate-guide-to-modernizing-cicd-environment/)\n\n    * [GitHub to GitLab migration the easy\n    way](https://about.gitlab.com/blog/github-to-gitlab-migration-made-easy/)\n\n\n    ## Lessons from leading organizations\n\n\n    These leading organizations migrated to GitLab and are enjoying the myriad\n    benefits of CI/CD. Read their stories.\n\n\n    - [Lockheed Martin](https://about.gitlab.com/customers/lockheed-martin/)\n\n    -\n    [Indeed](https://about.gitlab.com/blog/how-indeed-transformed-its-ci-platform-with-gitlab/)\n\n    - [CARFAX](https://about.gitlab.com/customers/carfax/)\n\n    - [HackerOne](https://about.gitlab.com/customers/hackerone/)\n\n    -\n    [Betstudios](https://about.gitlab.com/blog/betstudios-cto-on-improving-ci-cd-capabilities-with-gitlab-premium/)\n\n    - [Thales and\n    Carrefour](https://about.gitlab.com/blog/how-carrefour-and-thales-are-evolving-their-ci-cd-platforms/)\n\n\n    ## CI/CD tutorials\n\n\n    Become a CI/CD expert with these easy-to-follow tutorials.\n\n\n    * [Basics of CI: How to run jobs sequentially, in parallel, or out of\n    order](https://about.gitlab.com/blog/basics-of-gitlab-ci-updated/)\n\n    * [How to set up your first GitLab CI/CD\n    component](https://about.gitlab.com/blog/tutorial-how-to-set-up-your-first-gitlab-ci-cd-component/)\n\n    * [Building a GitLab CI/CD pipeline for a monorepo the easy\n    way](https://about.gitlab.com/blog/building-a-gitlab-ci-cd-pipeline-for-a-monorepo-the-easy-way/)\n\n    * [Using child pipelines to continuously deploy to five\n    environments](https://about.gitlab.com/blog/using-child-pipelines-to-continuously-deploy-to-five-environments/)\n\n    * [CI/CD automation: Maximize 'deploy freeze' impact across GitLab\n    groups](https://about.gitlab.com/blog/ci-cd-automation-maximize-deploy-freeze-impact-across-gitlab-groups/)\n\n    * [Refactoring a CI/CD template to a CI/CD\n    component](https://about.gitlab.com/blog/refactoring-a-ci-cd-template-to-a-ci-cd-component/)\n\n    * [Annotate container images with build provenance using Cosign in GitLab\n    CI/CD](https://about.gitlab.com/blog/annotate-container-images-with-build-provenance-using-cosign-in-gitlab-ci-cd/)\n\n\n    > #### Get started with GitLab CI/CD. [Sign up for GitLab\n    Ultimate](https://about.gitlab.com/free-trial/devsecops/) and try the\n    AI-powered DevSecOps platform.\n  category: devsecops\n  tags:\n    - CI/CD\n    - DevSecOps\n    - DevSecOps platform\n    - tutorial\n    - security\n    - product\nconfig:\n  slug: ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation\n  featured: true\n  template: BlogPost\n",{"title":5,"description":17,"ogTitle":5,"ogDescription":17,"noIndex":34,"ogImage":19,"ogUrl":35,"ogSiteName":36,"ogType":37,"canonicalUrls":35},false,"https://about.gitlab.com/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation","https://about.gitlab.com","article","en-us/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation",[40,11,41,25,26,27],"cicd","devsecops-platform",[22,23,24,25,26,27],"2dncdSS7uIJo3cEDBn4VYT78dA3Qzw0LHvuzw6PDOug",{"data":45},{"logo":46,"freeTrial":51,"sales":56,"login":61,"items":66,"search":374,"minimal":405,"duo":424,"switchNav":433,"pricingDeployment":444},{"config":47},{"href":48,"dataGaName":49,"dataGaLocation":50},"/","gitlab logo","header",{"text":52,"config":53},"Get free trial",{"href":54,"dataGaName":55,"dataGaLocation":50},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":57,"config":58},"Talk to sales",{"href":59,"dataGaName":60,"dataGaLocation":50},"/sales/","sales",{"text":62,"config":63},"Sign in",{"href":64,"dataGaName":65,"dataGaLocation":50},"https://gitlab.com/users/sign_in/","sign in",[67,94,188,193,295,355],{"text":68,"config":69,"cards":71},"Platform",{"dataNavLevelOne":70},"platform",[72,78,86],{"title":68,"description":73,"link":74},"The intelligent orchestration platform for DevSecOps",{"text":75,"config":76},"Explore our Platform",{"href":77,"dataGaName":70,"dataGaLocation":50},"/platform/",{"title":79,"description":80,"link":81},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":82,"config":83},"Meet GitLab Duo",{"href":84,"dataGaName":85,"dataGaLocation":50},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":87,"description":88,"link":89},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":90,"config":91},"Learn more",{"href":92,"dataGaName":93,"dataGaLocation":50},"/why-gitlab/","why gitlab",{"text":95,"left":14,"config":96,"link":98,"lists":102,"footer":170},"Product",{"dataNavLevelOne":97},"solutions",{"text":99,"config":100},"View all Solutions",{"href":101,"dataGaName":97,"dataGaLocation":50},"/solutions/",[103,126,149],{"title":104,"description":105,"link":106,"items":111},"Automation","CI/CD and automation to accelerate deployment",{"config":107},{"icon":108,"href":109,"dataGaName":110,"dataGaLocation":50},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[112,115,118,122],{"text":22,"config":113},{"href":114,"dataGaLocation":50,"dataGaName":22},"/solutions/continuous-integration/",{"text":79,"config":116},{"href":84,"dataGaLocation":50,"dataGaName":117},"gitlab duo agent platform - product menu",{"text":119,"config":120},"Source Code Management",{"href":121,"dataGaLocation":50,"dataGaName":119},"/solutions/source-code-management/",{"text":123,"config":124},"Automated Software Delivery",{"href":109,"dataGaLocation":50,"dataGaName":125},"Automated software delivery",{"title":127,"description":128,"link":129,"items":134},"Security","Deliver code faster without compromising security",{"config":130},{"href":131,"dataGaName":132,"dataGaLocation":50,"icon":133},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[135,139,144],{"text":136,"config":137},"Application Security Testing",{"href":131,"dataGaName":138,"dataGaLocation":50},"Application security testing",{"text":140,"config":141},"Software Supply Chain Security",{"href":142,"dataGaLocation":50,"dataGaName":143},"/solutions/supply-chain/","Software supply chain security",{"text":145,"config":146},"Software Compliance",{"href":147,"dataGaName":148,"dataGaLocation":50},"/solutions/software-compliance/","software compliance",{"title":150,"link":151,"items":156},"Measurement",{"config":152},{"icon":153,"href":154,"dataGaName":155,"dataGaLocation":50},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[157,161,165],{"text":158,"config":159},"Visibility & Measurement",{"href":154,"dataGaLocation":50,"dataGaName":160},"Visibility and Measurement",{"text":162,"config":163},"Value Stream Management",{"href":164,"dataGaLocation":50,"dataGaName":162},"/solutions/value-stream-management/",{"text":166,"config":167},"Analytics & Insights",{"href":168,"dataGaLocation":50,"dataGaName":169},"/solutions/analytics-and-insights/","Analytics and insights",{"title":171,"items":172},"GitLab for",[173,178,183],{"text":174,"config":175},"Enterprise",{"href":176,"dataGaLocation":50,"dataGaName":177},"/enterprise/","enterprise",{"text":179,"config":180},"Small Business",{"href":181,"dataGaLocation":50,"dataGaName":182},"/small-business/","small business",{"text":184,"config":185},"Public Sector",{"href":186,"dataGaLocation":50,"dataGaName":187},"/solutions/public-sector/","public sector",{"text":189,"config":190},"Pricing",{"href":191,"dataGaName":192,"dataGaLocation":50,"dataNavLevelOne":192},"/pricing/","pricing",{"text":194,"config":195,"link":197,"lists":201,"feature":286},"Resources",{"dataNavLevelOne":196},"resources",{"text":198,"config":199},"View all resources",{"href":200,"dataGaName":196,"dataGaLocation":50},"/resources/",[202,235,258],{"title":203,"items":204},"Getting started",[205,210,215,220,225,230],{"text":206,"config":207},"Install",{"href":208,"dataGaName":209,"dataGaLocation":50},"/install/","install",{"text":211,"config":212},"Quick start guides",{"href":213,"dataGaName":214,"dataGaLocation":50},"/get-started/","quick setup checklists",{"text":216,"config":217},"Learn",{"href":218,"dataGaLocation":50,"dataGaName":219},"https://university.gitlab.com/","learn",{"text":221,"config":222},"Product documentation",{"href":223,"dataGaName":224,"dataGaLocation":50},"https://docs.gitlab.com/","product documentation",{"text":226,"config":227},"Best practice videos",{"href":228,"dataGaName":229,"dataGaLocation":50},"/getting-started-videos/","best practice videos",{"text":231,"config":232},"Integrations",{"href":233,"dataGaName":234,"dataGaLocation":50},"/integrations/","integrations",{"title":236,"items":237},"Discover",[238,243,248,253],{"text":239,"config":240},"Customer success stories",{"href":241,"dataGaName":242,"dataGaLocation":50},"/customers/","customer success stories",{"text":244,"config":245},"Blog",{"href":246,"dataGaName":247,"dataGaLocation":50},"/blog/","blog",{"text":249,"config":250},"The Source",{"href":251,"dataGaName":252,"dataGaLocation":50},"/the-source/","the source",{"text":254,"config":255},"Remote",{"href":256,"dataGaName":257,"dataGaLocation":50},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":259,"items":260},"Connect",[261,266,271,276,281],{"text":262,"config":263},"GitLab Services",{"href":264,"dataGaName":265,"dataGaLocation":50},"/services/","services",{"text":267,"config":268},"Community",{"href":269,"dataGaName":270,"dataGaLocation":50},"/community/","community",{"text":272,"config":273},"Forum",{"href":274,"dataGaName":275,"dataGaLocation":50},"https://forum.gitlab.com/","forum",{"text":277,"config":278},"Events",{"href":279,"dataGaName":280,"dataGaLocation":50},"/events/","events",{"text":282,"config":283},"Partners",{"href":284,"dataGaName":285,"dataGaLocation":50},"/partners/","partners",{"textColor":287,"title":288,"text":289,"link":290},"#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":291,"config":292},"Read the latest",{"href":293,"dataGaName":294,"dataGaLocation":50},"/releases/whats-new/","whats new",{"text":296,"config":297,"lists":299},"Company",{"dataNavLevelOne":298},"company",[300],{"items":301},[302,307,313,315,320,325,330,335,340,345,350],{"text":303,"config":304},"About",{"href":305,"dataGaName":306,"dataGaLocation":50},"/company/","about",{"text":308,"config":309,"footerGa":312},"Jobs",{"href":310,"dataGaName":311,"dataGaLocation":50},"/jobs/","jobs",{"dataGaName":311},{"text":277,"config":314},{"href":279,"dataGaName":280,"dataGaLocation":50},{"text":316,"config":317},"Leadership",{"href":318,"dataGaName":319,"dataGaLocation":50},"/company/team/e-group/","leadership",{"text":321,"config":322},"Team",{"href":323,"dataGaName":324,"dataGaLocation":50},"/company/team/","team",{"text":326,"config":327},"Handbook",{"href":328,"dataGaName":329,"dataGaLocation":50},"https://handbook.gitlab.com/","handbook",{"text":331,"config":332},"Investor relations",{"href":333,"dataGaName":334,"dataGaLocation":50},"https://ir.gitlab.com/","investor relations",{"text":336,"config":337},"Trust Center",{"href":338,"dataGaName":339,"dataGaLocation":50},"/security/","trust center",{"text":341,"config":342},"AI Transparency Center",{"href":343,"dataGaName":344,"dataGaLocation":50},"/ai-transparency-center/","ai transparency center",{"text":346,"config":347},"Newsletter",{"href":348,"dataGaName":349,"dataGaLocation":50},"/company/contact/#contact-forms","newsletter",{"text":351,"config":352},"Press",{"href":353,"dataGaName":354,"dataGaLocation":50},"/press/","press",{"text":356,"config":357,"lists":358},"Contact us",{"dataNavLevelOne":298},[359],{"items":360},[361,364,369],{"text":57,"config":362},{"href":59,"dataGaName":363,"dataGaLocation":50},"talk to sales",{"text":365,"config":366},"Support portal",{"href":367,"dataGaName":368,"dataGaLocation":50},"https://support.gitlab.com","support portal",{"text":370,"config":371},"Customer portal",{"href":372,"dataGaName":373,"dataGaLocation":50},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":375,"login":376,"suggestions":383},"Close",{"text":377,"link":378},"To search repositories and projects, login to",{"text":379,"config":380},"gitlab.com",{"href":64,"dataGaName":381,"dataGaLocation":382},"search login","search",{"text":384,"default":385},"Suggestions",[386,388,392,394,398,402],{"text":79,"config":387},{"href":84,"dataGaName":79,"dataGaLocation":382},{"text":389,"config":390},"Code Suggestions (AI)",{"href":391,"dataGaName":389,"dataGaLocation":382},"/solutions/code-suggestions/",{"text":22,"config":393},{"href":114,"dataGaName":22,"dataGaLocation":382},{"text":395,"config":396},"GitLab on AWS",{"href":397,"dataGaName":395,"dataGaLocation":382},"/partners/technology-partners/aws/",{"text":399,"config":400},"GitLab on Google Cloud",{"href":401,"dataGaName":399,"dataGaLocation":382},"/partners/technology-partners/google-cloud-platform/",{"text":403,"config":404},"Why GitLab?",{"href":92,"dataGaName":403,"dataGaLocation":382},{"freeTrial":406,"mobileIcon":411,"desktopIcon":416,"secondaryButton":419},{"text":407,"config":408},"Start free trial",{"href":409,"dataGaName":55,"dataGaLocation":410},"https://gitlab.com/-/trials/new/","nav",{"altText":412,"config":413},"Gitlab Icon",{"src":414,"dataGaName":415,"dataGaLocation":410},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":412,"config":417},{"src":418,"dataGaName":415,"dataGaLocation":410},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":420,"config":421},"Get Started",{"href":422,"dataGaName":423,"dataGaLocation":410},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":425,"mobileIcon":429,"desktopIcon":431},{"text":426,"config":427},"Learn more about GitLab Duo",{"href":84,"dataGaName":428,"dataGaLocation":410},"gitlab duo",{"altText":412,"config":430},{"src":414,"dataGaName":415,"dataGaLocation":410},{"altText":412,"config":432},{"src":418,"dataGaName":415,"dataGaLocation":410},{"button":434,"mobileIcon":439,"desktopIcon":441},{"text":435,"config":436},"/switch",{"href":437,"dataGaName":438,"dataGaLocation":410},"#contact","switch",{"altText":412,"config":440},{"src":414,"dataGaName":415,"dataGaLocation":410},{"altText":412,"config":442},{"src":443,"dataGaName":415,"dataGaLocation":410},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":445,"mobileIcon":450,"desktopIcon":452},{"text":446,"config":447},"Back to pricing",{"href":191,"dataGaName":448,"dataGaLocation":410,"icon":449},"back to pricing","GoBack",{"altText":412,"config":451},{"src":414,"dataGaName":415,"dataGaLocation":410},{"altText":412,"config":453},{"src":418,"dataGaName":415,"dataGaLocation":410},{"title":455,"button":456,"config":461},"See how agentic AI transforms software delivery",{"text":457,"config":458},"Watch GitLab Transcend now",{"href":459,"dataGaName":460,"dataGaLocation":50},"/events/transcend/virtual/","transcend event",{"layout":462,"icon":463,"disabled":14},"release","AiStar",{"data":465},{"text":466,"source":467,"edit":473,"contribute":478,"config":483,"items":488,"minimal":691},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":468,"config":469},"View page source",{"href":470,"dataGaName":471,"dataGaLocation":472},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":474,"config":475},"Edit this page",{"href":476,"dataGaName":477,"dataGaLocation":472},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":479,"config":480},"Please contribute",{"href":481,"dataGaName":482,"dataGaLocation":472},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":484,"facebook":485,"youtube":486,"linkedin":487},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[489,536,586,630,657],{"title":189,"links":490,"subMenu":505},[491,495,500],{"text":492,"config":493},"View plans",{"href":191,"dataGaName":494,"dataGaLocation":472},"view plans",{"text":496,"config":497},"Why Premium?",{"href":498,"dataGaName":499,"dataGaLocation":472},"/pricing/premium/","why premium",{"text":501,"config":502},"Why Ultimate?",{"href":503,"dataGaName":504,"dataGaLocation":472},"/pricing/ultimate/","why ultimate",[506],{"title":507,"links":508},"Contact Us",[509,512,514,516,521,526,531],{"text":510,"config":511},"Contact sales",{"href":59,"dataGaName":60,"dataGaLocation":472},{"text":365,"config":513},{"href":367,"dataGaName":368,"dataGaLocation":472},{"text":370,"config":515},{"href":372,"dataGaName":373,"dataGaLocation":472},{"text":517,"config":518},"Status",{"href":519,"dataGaName":520,"dataGaLocation":472},"https://status.gitlab.com/","status",{"text":522,"config":523},"Terms of use",{"href":524,"dataGaName":525,"dataGaLocation":472},"/terms/","terms of use",{"text":527,"config":528},"Privacy statement",{"href":529,"dataGaName":530,"dataGaLocation":472},"/privacy/","privacy statement",{"text":532,"config":533},"Cookie preferences",{"dataGaName":534,"dataGaLocation":472,"id":535,"isOneTrustButton":14},"cookie preferences","ot-sdk-btn",{"title":95,"links":537,"subMenu":545},[538,541],{"text":24,"config":539},{"href":77,"dataGaName":540,"dataGaLocation":472},"devsecops platform",{"text":542,"config":543},"AI-Assisted Development",{"href":84,"dataGaName":544,"dataGaLocation":472},"ai-assisted development",[546],{"title":547,"links":548},"Topics",[549,553,558,563,568,571,576,581],{"text":550,"config":551},"CICD",{"href":552,"dataGaName":40,"dataGaLocation":472},"/topics/ci-cd/",{"text":554,"config":555},"GitOps",{"href":556,"dataGaName":557,"dataGaLocation":472},"/topics/gitops/","gitops",{"text":559,"config":560},"DevOps",{"href":561,"dataGaName":562,"dataGaLocation":472},"/topics/devops/","devops",{"text":564,"config":565},"Version Control",{"href":566,"dataGaName":567,"dataGaLocation":472},"/topics/version-control/","version control",{"text":23,"config":569},{"href":570,"dataGaName":11,"dataGaLocation":472},"/topics/devsecops/",{"text":572,"config":573},"Cloud Native",{"href":574,"dataGaName":575,"dataGaLocation":472},"/topics/cloud-native/","cloud native",{"text":577,"config":578},"AI for Coding",{"href":579,"dataGaName":580,"dataGaLocation":472},"/topics/devops/ai-for-coding/","ai for coding",{"text":582,"config":583},"Agentic AI",{"href":584,"dataGaName":585,"dataGaLocation":472},"/topics/agentic-ai/","agentic ai",{"title":587,"links":588},"Solutions",[589,591,593,598,602,605,609,612,614,617,620,625],{"text":136,"config":590},{"href":131,"dataGaName":136,"dataGaLocation":472},{"text":125,"config":592},{"href":109,"dataGaName":110,"dataGaLocation":472},{"text":594,"config":595},"Agile development",{"href":596,"dataGaName":597,"dataGaLocation":472},"/solutions/agile-delivery/","agile delivery",{"text":599,"config":600},"SCM",{"href":121,"dataGaName":601,"dataGaLocation":472},"source code management",{"text":550,"config":603},{"href":114,"dataGaName":604,"dataGaLocation":472},"continuous integration & delivery",{"text":606,"config":607},"Value stream management",{"href":164,"dataGaName":608,"dataGaLocation":472},"value stream management",{"text":554,"config":610},{"href":611,"dataGaName":557,"dataGaLocation":472},"/solutions/gitops/",{"text":174,"config":613},{"href":176,"dataGaName":177,"dataGaLocation":472},{"text":615,"config":616},"Small business",{"href":181,"dataGaName":182,"dataGaLocation":472},{"text":618,"config":619},"Public sector",{"href":186,"dataGaName":187,"dataGaLocation":472},{"text":621,"config":622},"Education",{"href":623,"dataGaName":624,"dataGaLocation":472},"/solutions/education/","education",{"text":626,"config":627},"Financial services",{"href":628,"dataGaName":629,"dataGaLocation":472},"/solutions/finance/","financial services",{"title":194,"links":631},[632,634,636,638,641,643,645,647,649,651,653,655],{"text":206,"config":633},{"href":208,"dataGaName":209,"dataGaLocation":472},{"text":211,"config":635},{"href":213,"dataGaName":214,"dataGaLocation":472},{"text":216,"config":637},{"href":218,"dataGaName":219,"dataGaLocation":472},{"text":221,"config":639},{"href":223,"dataGaName":640,"dataGaLocation":472},"docs",{"text":244,"config":642},{"href":246,"dataGaName":247,"dataGaLocation":472},{"text":239,"config":644},{"href":241,"dataGaName":242,"dataGaLocation":472},{"text":254,"config":646},{"href":256,"dataGaName":257,"dataGaLocation":472},{"text":262,"config":648},{"href":264,"dataGaName":265,"dataGaLocation":472},{"text":267,"config":650},{"href":269,"dataGaName":270,"dataGaLocation":472},{"text":272,"config":652},{"href":274,"dataGaName":275,"dataGaLocation":472},{"text":277,"config":654},{"href":279,"dataGaName":280,"dataGaLocation":472},{"text":282,"config":656},{"href":284,"dataGaName":285,"dataGaLocation":472},{"title":296,"links":658},[659,661,663,665,667,669,671,675,680,682,684,686],{"text":303,"config":660},{"href":305,"dataGaName":298,"dataGaLocation":472},{"text":308,"config":662},{"href":310,"dataGaName":311,"dataGaLocation":472},{"text":316,"config":664},{"href":318,"dataGaName":319,"dataGaLocation":472},{"text":321,"config":666},{"href":323,"dataGaName":324,"dataGaLocation":472},{"text":326,"config":668},{"href":328,"dataGaName":329,"dataGaLocation":472},{"text":331,"config":670},{"href":333,"dataGaName":334,"dataGaLocation":472},{"text":672,"config":673},"Sustainability",{"href":674,"dataGaName":672,"dataGaLocation":472},"/sustainability/",{"text":676,"config":677},"Diversity, inclusion and belonging (DIB)",{"href":678,"dataGaName":679,"dataGaLocation":472},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":336,"config":681},{"href":338,"dataGaName":339,"dataGaLocation":472},{"text":346,"config":683},{"href":348,"dataGaName":349,"dataGaLocation":472},{"text":351,"config":685},{"href":353,"dataGaName":354,"dataGaLocation":472},{"text":687,"config":688},"Modern Slavery Transparency Statement",{"href":689,"dataGaName":690,"dataGaLocation":472},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":692},[693,696,699],{"text":694,"config":695},"Terms",{"href":524,"dataGaName":525,"dataGaLocation":472},{"text":697,"config":698},"Cookies",{"dataGaName":534,"dataGaLocation":472,"id":535,"isOneTrustButton":14},{"text":700,"config":701},"Privacy",{"href":529,"dataGaName":530,"dataGaLocation":472},[703],{"id":704,"title":9,"body":29,"config":705,"content":707,"description":29,"extension":28,"meta":713,"navigation":14,"path":714,"seo":715,"stem":716,"__hash__":717},"blogAuthors/en-us/blog/authors/sandra-gittlen.yml",{"template":706},"BlogAuthor",{"role":708,"name":9,"config":709},"Managing Editor, GitLab Blog",{"headshot":710,"linkedin":711,"ctfId":712},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659648/Blog/Author%20Headshots/Sgittlen-headshot.jpg","https://www.linkedin.com/in/sandra-gittlen-48557a294/","sgittlen",{},"/en-us/blog/authors/sandra-gittlen",{},"en-us/blog/authors/sandra-gittlen","Y1hpWIa-4iLRjGVQU7Rsuo7D3zGggeSoWHEaLRZQ104",[719,732,746],{"content":720,"config":730},{"title":721,"description":722,"authors":723,"heroImage":725,"date":726,"body":727,"category":11,"tags":728},"Teaching software development the easy way using GitLab","Learn how University of Washington lecturer Stephen G. Dame uses GitLab for Education to manage student assignments, distribute course materials, and provide inline code feedback at scale.\n",[724],"Rod Burns","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659537/Blog/Hero%20Images/display-article-image-0679-1800x945-fy26.png","2026-04-29","For instructors teaching software development, one of the biggest logistical challenges is assignment distribution and feedback at scale. How do you give large groups of students access to course materials, keep solution code private, and still deliver meaningful, contextual feedback without lots of administrative overhead?\n\nThe **[GitLab for Education program](https://about.gitlab.com/solutions/education/)** provides qualifying institutions with free access to **GitLab Ultimate**, enabling instructors to build professional-grade workflows that mirror real-world software development environments. In this article, you'll learn how Stephen G. Dame, a lecturer in the Computing and Software Systems department at the University of Washington, Bothell, uses simple workflows in GitLab to manage everything from course materials to student feedback across multiple classes.\n\n## From aerospace to academia: Bringing GitLab to the classroom\n\nDame came to academia with years of experience as a chief software engineer at Boeing Commercial Airplanes, where GitLab was used for aerospace projects. As an adjunct professor, he became an early advocate for GitLab within the university, joining the GitLab for Education program to access the full feature set needed to run structured, scalable course workflows.\n\n> **\"GitLab provides the greatest way to organize multiple classes, student assignments, lectures, and code samples through the use of Groups and Subgroups, which I found to be unique to GitLab compared to other repository platforms.\"**\n>\n> - Stephen G. Dame, University of Washington, Bothell\n\n## Set up groups: Build the right structure before writing a line of code\n\nThe foundation of an effective GitLab-based course is a well-planned group hierarchy. GitLab's **[Groups and Subgroups](https://docs.gitlab.com/tutorials/manage_user/#create-the-organization-parent-group-and-subgroups)** allow instructors to model the natural structure of a university department institution, course, and role with precise, inheritable permissions at every level.\n\nDame's structure places the university at the root (`UWTeaching`), with each course occupying its own subgroup (e.g. `css430`). Within each course sit repositories for `lecture-materials` and `code`, alongside dedicated Subgroups for `students` and `graders`. Instructor materials remain private, while student and grader subgroups are configured with controlled permissions so that assignment briefs and solutions are visible only to the right people.\n\n![Screenshot of GitLab group hierarchy — institution, course subgroup, and per-student subgroups](https://res.cloudinary.com/about-gitlab-com/image/upload/v1777463673/dpxfnitv76pdmvcqtgag.png)\n\nPermissions cascade downward through the hierarchy via **Manage > Members**, allowing Dame to add students to a course's `students` subgroup with `Reporter` access and an expiration date tied to the end of the academic quarter. Students can clone and pull from assignment repositories but cannot push — keeping solution code firmly under instructor control.\n\nStudents are guided to set up SSH keys across all their working environments (local machines, cloud shells, virtual machines) so they can clone repositories and receive weekly updates via `git pull`. They copy relevant code into their own private repositories to manage their own version history.\n\n**Tip for large classes:** For larger cohorts, adding students by hand is impractical. GitLab's REST API lets you automate subgroup creation and membership from a list of usernames. Below is a sample Python script that handles this:\n\n```python\n    import gitlab\n    from datetime import datetime\n\n    # Connect to your GitLab instance\n    gl = gitlab.Gitlab('https://gitlab.com', private_token='YOUR_PRIVATE_TOKEN')\n\n    # Target parent group ID (e.g., the ID for \"css430 > students\")\n    parent_group_id = 12345678\n\n    # Set expiration: typically the beginning of the next month after quarter end\n    expiry_date = '2025-01-01'\n\n    # List of collected student usernames\n    student_list = ['alice_css430', 'bob_css430', 'carol_css430', 'dave_css430', 'eve_css430']\n\n    for username in student_list:\n        try:\n            # 1. Create a personal subgroup for the student\n            subgroup = gl.groups.create({\n                'name': username,\n                'path': username,\n                'parent_id': parent_group_id,\n                'visibility': 'private'\n            })\n\n            # 2. Add student to the new subgroup with Expiration\n            user = gl.users.list(username=username)[0]\n            subgroup.members.create({\n                'user_id': user.id,\n                'access_level': gitlab.const.REPORTER_ACCESS,\n                'expires_at': expiry_date\n            })\n            print(f\"Success: Subgroup created and student added for {username}\")\n        except Exception as e:\n            print(f\"Error processing {username}: {e}\")\n```\nThere is also an [open source project that automates class management](https://gitlab.com/edu-docs/class-management-automation) published by GitLab that provides additional tooling for this workflow.\n## Give feedback where the work actually lives\n\nOnce the structure is in place, the feedback workflow is where GitLab's value becomes most apparent to students. Dame asks students to submit assignments by opening a **[merge request](https://docs.gitlab.com/user/project/merge_requests/)** in their repository. This gives instructors an immediate, clean diff of everything the student has written.\n![A GitLab merge request showing inline code comment function for an instructor](https://res.cloudinary.com/about-gitlab-com/image/upload/v1777467468/icclzyglbkwlvfysggbi.png)\nInstructors can click any line of code and leave an **inline comment** — not just flagging what is wrong, but explaining why, and pointing to what to look at next. Students receive this feedback in direct context with their code, which is far more actionable than a comment at the bottom of a submitted document.\n\n## Join GitLab for Education\n\nSetting up your first GitLab assignment takes some initial effort, but once the structure is in place it largely runs itself. The real payoff goes beyond organization: Students graduate having worked daily in an environment that mirrors professional software development, building habits around [version control](https://about.gitlab.com/topics/version-control/) and [code review](https://docs.gitlab.com/development/code_review/) rather than learning them as abstract concepts.\n\nIf you are just getting started, keep it simple. Begin with a single course group, one assignment template, and a basic pipeline. The structure will grow naturally alongside your confidence with the platform.\n\nMake sure to **[sign up for GitLab for Education](https://about.gitlab.com/solutions/education/join/)** so that you and your students can access all top-tier features, including unlimited reviewers on merge requests, additional compute minutes, and expanded storage.\n\n> [Apply to the GitLab for Education program today](https://about.gitlab.com/solutions/education/join/).",[624,729],"open source",{"featured":34,"template":15,"slug":731},"teaching-software-development-the-easy-way-using-gitlab",{"content":733,"config":744},{"description":734,"authors":735,"heroImage":737,"date":738,"title":739,"body":740,"category":11,"tags":741},"AI-generated code is 34% of development work. Discover how to balance productivity gains with quality, reliability, and security.",[736],"Manav Khurana","https://res.cloudinary.com/about-gitlab-com/image/upload/v1767982271/e9ogyosmuummq7j65zqg.png","2026-01-08","AI is reshaping DevSecOps: Attend GitLab Transcend to see what’s next","AI promises a step change in innovation velocity, but most software teams are hitting a wall. According to our latest [Global DevSecOps Report](https://about.gitlab.com/developer-survey/), AI-generated code now accounts for 34% of all development work. Yet 70% of DevSecOps professionals report that AI is making compliance management more difficult, and 76% say agentic AI will create unprecedented security challenges.\n\nThis is the AI paradox: AI accelerates coding, but software delivery slows down as teams struggle to test, secure, and deploy all that code.\n\n## Productivity gains meet workflow bottlenecks\nThe problem isn't AI itself. It's how software gets built today. The traditional DevSecOps lifecycle contains hundreds of small tasks that developers must navigate manually: updating tickets, running tests, requesting reviews, waiting for approvals, fixing merge conflicts, addressing security findings. These tasks drain an average of seven hours per week from every team member, according to our research.\n\nDevelopment teams are producing code faster than ever, but that code still crawls through fragmented toolchains, manual handoffs, and disconnected processes. In fact, 60% of DevSecOps teams use more than five tools for software development overall, and 49% use more than five AI tools. This fragmentation creates collaboration barriers, with 94% of DevSecOps professionals experiencing factors that limit collaboration in the software development lifecycle.\n\nThe answer isn't more tools. It's intelligent orchestration that brings software teams and their AI agents together across projects and release cycles, with enterprise-grade security, governance, and compliance built in.\n\n## Seeking deeper human-AI partnerships\nDevSecOps professionals don't want AI to take over — they want reliable partnerships. The vast majority (82%) say using agentic AI would increase their job satisfaction, and 43% envision an ideal future with a 50/50 split between human and AI contributions. They're ready to trust AI with 37% of their daily tasks without human review, particularly for documentation, test writing, and code reviews.\n\nWhat we heard resoundingly from DevSecOps professionals is that AI won't replace them; rather, it will fundamentally reshape their roles. 83% of DevSecOps professionals believe AI will significantly change their work within five years, and notably, 76% think this will create more engineering jobs, not fewer. As coding becomes easier with AI, engineers who can architect systems, ensure quality, and apply business context will be in high demand.\n\nCritically, 88% agree there are essential human qualities that AI will never fully replace, including creativity, innovation, collaboration, and strategic vision.\n\nSo how can organizations bridge the gap between AI’s promise and the reality of fragmented workflows?\n\n## Join us at GitLab Transcend: Explore how to drive real value with agentic AI\nOn February 10, 2026, GitLab will be hosting Transcend, where we'll reveal how intelligent orchestration transforms AI-powered software development. You'll get a first look at GitLab's upcoming product roadmap and learn how teams are solving real-world challenges by modernizing development workflows with AI.\n\nOrganizations winning in this new era balance AI adoption with security, compliance, and platform consolidation. AI offers genuine productivity gains when implemented thoughtfully — not by replacing human developers, but by freeing DevSecOps professionals to focus on strategic thinking and creative innovation.\n\n[Register for Transcend today](https://about.gitlab.com/events/transcend/virtual/) to secure your spot and discover how intelligent orchestration can help your software teams stay in flow.",[742,743,26],"AI/ML","DevOps platform",{"featured":14,"template":15,"slug":745},"ai-is-reshaping-devsecops-attend-gitlab-transcend-to-see-whats-next",{"content":747,"config":757},{"title":748,"description":749,"authors":750,"heroImage":752,"date":753,"body":754,"category":11,"tags":755},"Atlassian ending Data Center as GitLab maintains deployment choice","As Atlassian transitions Data Center customers to cloud-only, GitLab presents a menu of deployment choices that map to business needs.",[751],"Emilio Salvador","https://res.cloudinary.com/about-gitlab-com/image/upload/v1750098354/Blog/Hero%20Images/Blog/Hero%20Images/blog-image-template-1800x945%20%281%29_5XrohmuWBNuqL89BxVUzWm_1750098354056.png","2025-10-07","Change is never easy, especially when it's not your choice. Atlassian's announcement that [all Data Center products will reach end-of-life by March 28, 2029](https://www.atlassian.com/blog/announcements/atlassian-ascend), means thousands of organizations must now reconsider their DevSecOps deployment and infrastructure. But you don't have to settle for deployment options that don't fit your needs. GitLab maintains your freedom to choose — whether you need self-managed for compliance, cloud for convenience, or hybrid for flexibility — all within a single AI-powered DevSecOps platform that respects your requirements.\n\nWhile other vendors force migrations to cloud-only architectures, GitLab remains committed to supporting the deployment choices that match your business needs. Whether you're managing sensitive government data, operating in air-gapped environments, or simply prefer the control of self-managed deployments, we understand that one size doesn't fit all.\n\n## The cloud isn't the answer for everyone\n\nFor the many companies that invested millions of dollars in Data Center deployments, including those that migrated to Data Center [after its Server products were discontinued](https://about.gitlab.com/blog/atlassian-server-ending-move-to-a-single-devsecops-platform/), this announcement represents more than a product sunset. It signals a fundamental shift away from customer-centric architecture choices, forcing enterprises into difficult positions: accept a deployment model that doesn't fit their needs, or find a vendor that respects their requirements.\n\nMany of the organizations requiring self-managed deployments represent some of the world's most important organizations: healthcare systems protecting patient data, financial institutions managing trillions in assets, government agencies safeguarding national security, and defense contractors operating in air-gapped environments.\n\nThese organizations don't choose self-managed deployments for convenience; they choose them for compliance, security, and sovereignty requirements that cloud-only architectures simply cannot meet. Organizations operating in closed environments with restricted or no internet access aren't exceptions — they represent a significant portion of enterprise customers across various industries.\n\n![GitLab vs. Atlassian comparison table](https://res.cloudinary.com/about-gitlab-com/image/upload/v1759928476/ynl7wwmkh5xyqhszv46m.jpg)\n\n## The real cost of forced cloud migration goes beyond dollars\n\nWhile cloud-only vendors frame mandatory migrations as \"upgrades,\" organizations face substantial challenges beyond simple financial costs:\n\n* **Lost integration capabilities:** Years of custom integrations with legacy systems, carefully crafted workflows, and enterprise-specific automations become obsolete. Organizations with deep integrations to legacy systems often find cloud migration technically infeasible.\n\n* **Regulatory constraints:** For organizations in regulated industries, cloud migration isn't just complex — it's often not permitted. Data residency requirements, air-gapped environments, and strict regulatory frameworks don't bend to vendor preferences. The absence of single-tenant solutions in many cloud-only approaches creates insurmountable compliance barriers.\n\n* **Productivity impacts:** Cloud-only architectures often require juggling multiple products: separate tools for planning, code management, CI/CD, and documentation. Each tool means another context switch, another integration to maintain, another potential point of failure. GitLab research shows [30% of developers spend at least 50% of their job maintaining and/or integrating their DevSecOps toolchain](https://about.gitlab.com/developer-survey/). Fragmented architectures exacerbate this challenge rather than solving it.\n\n## GitLab offers choice, commitment, and consolidation\n\nEnterprise customers deserve a trustworthy technology partner. That's why we've committed to supporting a range of deployment options — whether you need on-premises for compliance, hybrid for flexibility, or cloud for convenience, the choice remains yours. That commitment continues with [GitLab Duo](https://about.gitlab.com/gitlab-duo-agent-platform/), our AI solution that supports developers at every stage of their workflow.\n\nBut we offer more than just deployment flexibility. While other vendors might force you to cobble together their products into a fragmented toolchain, GitLab provides everything in a **comprehensive AI-native DevSecOps platform**. Source code management, CI/CD, security scanning, Agile planning, and documentation are all managed within a single application and a single vendor relationship.\n\nThis isn't theoretical. When Airbus and [Iron Mountain](https://about.gitlab.com/customers/iron-mountain/) evaluated their existing fragmented toolchains, they consistently identified challenges: poor user experience, missing functionalities like built-in security scanning and review apps, and management complexity from plugin troubleshooting. **These aren't minor challenges; they're major blockers for modern software delivery.**\n\n## Your migration path: Simpler than you think\n\nWe've helped thousands of organizations migrate from other vendors, and we've built the tools and expertise to make your transition smooth:\n\n* **Automated migration tools:** Our [Bitbucket Server importer](https://docs.gitlab.com/user/import/bitbucket_server/) brings over repositories, pull requests, comments, and even Large File Storage (LFS) objects. For Jira, our [built-in importer](https://docs.gitlab.com/user/project/import/jira/) handles issues, descriptions, and labels, with professional services available for complex migrations.\n\n* **Proven at scale:** A 500 GiB repository with 13,000 pull requests, 10,000 branches, and 7,000 tags is likely to [take just 8 hours to migrate](https://docs.gitlab.com/user/import/bitbucket_server/) from Bitbucket to GitLab using parallel processing.\n\n* **Immediate ROI:** A [Forrester Consulting Total Economic Impact™ study commissioned by GitLab](https://about.gitlab.com/resources/study-forrester-tei-gitlab-ultimate/) found that investing in GitLab Ultimate confirms these benefits translate to real bottom-line impact, with a three-year 483% ROI, 5x time saved in security related activities, and 25% savings in software toolchain costs.\n\n## Start your journey to a unified DevSecOps platform\n\nForward-thinking organizations aren't waiting for vendor-mandated deadlines. They're evaluating alternatives now, while they have time to migrate thoughtfully to platforms that protect their investments and deliver on promises.\n\nOrganizations invest in self-managed deployments because they need control, compliance, and customization. When vendors deprecate these capabilities, they remove not just features but the fundamental ability to choose environments matching business requirements.\n\nModern DevSecOps platforms should offer complete functionality that respects deployment needs, consolidates toolchains, and accelerates software delivery, without forcing compromises on security or data sovereignty.\n\n[Talk to our sales team](https://about.gitlab.com/sales/) today about your migration options, or explore our [comprehensive migration resources](https://about.gitlab.com/move-to-gitlab-from-atlassian/) to see how thousands of organizations have already made the switch.\n\nYou also can [try GitLab Ultimate with GitLab Duo Enterprise](https://about.gitlab.com/free-trial/devsecops/) for free for 30 days to see what a unified DevSecOps platform can do for your organization.",[575,23,27,756],"features",{"featured":14,"template":15,"slug":758},"atlassian-ending-data-center-as-gitlab-maintains-deployment-choice",{"promotions":760},[761,775,786,797],{"id":762,"categories":763,"header":765,"text":766,"button":767,"image":772},"ai-modernization",[764],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":768,"config":769},"Get your AI maturity score",{"href":770,"dataGaName":771,"dataGaLocation":247},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":773},{"src":774},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":776,"categories":777,"header":778,"text":766,"button":779,"image":783},"devops-modernization",[27,11],"Are you just managing tools or shipping innovation?",{"text":780,"config":781},"Get your DevOps maturity score",{"href":782,"dataGaName":771,"dataGaLocation":247},"/assessments/devops-modernization-assessment/",{"config":784},{"src":785},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":787,"categories":788,"header":789,"text":766,"button":790,"image":794},"security-modernization",[26],"Are you trading speed for security?",{"text":791,"config":792},"Get your security maturity score",{"href":793,"dataGaName":771,"dataGaLocation":247},"/assessments/security-modernization-assessment/",{"config":795},{"src":796},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":798,"paths":799,"header":802,"text":803,"button":804,"image":809},"github-azure-migration",[800,801],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":805,"config":806},"See how GitLab compares to GitHub",{"href":807,"dataGaName":808,"dataGaLocation":247},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":810},{"src":785},{"header":812,"blurb":813,"button":814,"secondaryButton":819},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":815,"config":816},"Get your free trial",{"href":817,"dataGaName":55,"dataGaLocation":818},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":510,"config":820},{"href":59,"dataGaName":60,"dataGaLocation":818},1777493610450]