The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
| Stage | Software Supply Chain Security |
| Content Last Reviewed | 2025-04-01 |
| Content Last Updated | 2025-04-01 |
Pipeline Security is a group in the Software Supply Chain Security stage. There are two categories in the group and details on the direction can be viewed on the following individual category page:
| Priority | Name | DRI | Target release |
|---|---|---|---|
| 1 | Secure CI_JOB_TOKEN default behavior | @dbiryukov |
18.0 |
| 2 | Beta: GitLab native secrets manager for GitLab.com | @iamricecake |
18.1 |
| 3 | Beta: GitLab native secrets manager for Self-Managed and Dedicated | @iamricecake |
TBD |
| 4 | Launch: GitLab native secrets manager for GitLab.com | @iamricecake |
18.4 |
| 5 | Launch: GitLab native secrets manager or Self-Managed and Dedicated | @iamricecake |
TBD |
| 6 | SLSA Level 3 Phase 1: Provenance Generation | @ahuntsman |
18.0 |
| 7 | SLSA Level 3 Phase 2: In-Pipeline Data Collection | @shampton |
18.3 |
| 8 | SLSA Level 3 Phase 3: Platform Provenance Data Inclusion | @shampton |
TBD |
| 9 | SLSA Level 3 Phase 4: Out-of-Pipeline Signing | @shampton |
TBD |
| 10 | SLSA Level 3 Phase 5: Hardening of Pipeline identity | @shampton |
TBD |