Empowered development: GitLab on Google Cloud for streamlined delivery and enhanced security

In today's dynamic business environment, product, development and platform teams are under constant pressure to deliver innovative software quickly and at scale, while minimizing business risk. However, fragmented software development lifecycle (SDLC) toolchains hinder progress. Here are just a few of the challenges of modern development that organizations face:

• Disparate tools: Disconnected toolchains lead to context switching and inefficient workflows.

• Security concerns: Traditional authentication methods such as service account keys introduce risks for vulnerabilities.

• Scalability issues:  As organizations take on more and more projects, ensuring scalable self-service deployment through Continuous Integration / Continuous Delivery(CI/CD) can become a major roadblock.

The 2023 State of DevSecOps Report tells us that “improving the way you work day-to-day has a positive impact on cultural elements.” To help improve developers’ day-to-day experience, we’ve partnered with GitLab on an integrated solution that reimagines how organizations approach DevSecOps to streamline the delivery of applications from source code on GitLab to Google Cloud runtime environments. 

The capabilities provided by the Google Cloud - GitLab integration improve the practitioner experience by removing complexity from managing tools and helping developers maintain “flow.” By requiring less context switching associated with using multiple tools and different user interfaces, The Google Cloud - GitLab integration offers a comprehensive solution that simplifies development, enhances security, and empowers teams to scale effortlessly and improve software delivery.

A unified approach to DevSecOps

Imagine a world where you can seamlessly move from code creation to deployment — all within a single integrated platform. This is the reality that the Google Cloud - GitLab integration brings to life. By merging the power of GitLab's source code management, CI/CD pipelines, and collaboration tools on top of Google Cloud's robust infrastructure and services, we've created a unified environment that empowers developers and accelerates innovation. This integration has several customer benefits:

1. Less context switching.  Developers can stay in one tool — no need to move back and forth between GitLab and Google Cloud.

2. Easy delivery. We’ve reduced friction and complexity by making it simple for customers to create their pipelines in GitLab and deliver containers to Google Cloud runtime environments.

3. Scaled to meet enterprise needs. With Google Cloud's infrastructure as the backbone, the Google Cloud - GitLab integration helps ensure your DevSecOps pipelines can scale to meet the demands of your growing business.

In a nutshell, you can integrate GitLab and Google Cloud securely through Workload Identity Federation, view your containers both in the Google Artifact Registry  and GitLab Artifact Registry, and deploy to Google Cloud runtime environments with CI/CD components built for the job. Let’s take a closer look. 

Security at the forefront

Securing your software is paramount, which is why we incorporated Workload Identity Federation (WLIF) in this integration. This technology eliminates the need for static service account keys, replacing them with short-lived tokens that significantly reduce the risk of compromise. Additionally, Workload Identity Federation makes management simpler as authentication is centralized through your existing identity provider and supports mapping of identity and access management roles between GitLab and Google Cloud.

Integrated artifact management 

With this integration, you can manage your containers in Google Artifact Registry repositories and view them directly within GitLab. This gives you full traceability of your built artifacts from GitLab to Google Cloud, lets you leverage security scanning — all while staying within GitLab’s developer workflow.

Configurable pipelines

As part of this integration, we’ve also released a set of CI/CD components to make pipeline creation simple, configurable and repeatable. These Google Cloud managed components are built with deployment to Google Cloud runtime environments in mind.  There are five components available today including the ability to upload an image to Google Artifact Registry, deploy an image to Google Kubernetes Engine and manage pipeline delivery through Cloud Deploy. Our initial benchmarking shows these components to be smaller and faster to run in GitLab CI pipelines compared to running the Google CLI. Check out the component library here. 

Take the next step

Ready to optimize your DevSecOps workflow? If you don’t have GitLab, start your free trial through the GitLab Web Store or purchase through the Google Cloud Marketplace. If you already have a GitLab account, start by configuring the integration today. And if you are interested in discussing this integration with us or participating in customer experience research, please sign-up here.  

Join us for a deeper dive

We're hosting a webinar on June 17th at 9am PST to delve into the technical details and demonstrate the integration's capabilities. Register now to secure your spot.