at Financial Technnology Year
Please contact them if you have any questions.
GitLab for Technical Due Diligence from GitLab
A comprehensive DevOps platform with specialized features for technical assessment. Includes code quality metrics, development velocity analytics, security scanning, and infrastructure evaluation tools that help venture capital firms assess the technical foundation of potential investments.
Product analysis by function
Technical Due Diligence Tools for Due Diligence
Solutions for evaluating startup technology stacks, code quality, scalability, technical debt, and intellectual property assets.
More Technical Due Diligence Tools
More Due Diligence ...
Code Quality & Analysis
(11 Yes /11 Known /13 Possible features)
|
Automated Code Scans Support for automated code quality analysis, identifying technical debt, code smells, and adherence to best practices. |
GitLab provides automated code quality scans using its built-in Code Quality CI/CD template and integrates with static analysis tools. | |
|
Language Support Number of programming languages that the tool can analyze. |
No information available | |
|
Metric Coverage Variety of code quality metrics tracked (e.g., cyclomatic complexity, code duplication, test coverage). |
No information available | |
|
Custom Rule Definitions Allows creation or editing of custom code analysis rules. |
Custom rule definitions available for tools like SAST, Secret Detection, and in Code Quality CI config. | |
|
Continuous Integration Integration Ability to integrate with CI/CD pipelines to trigger scans automatically. |
Fully integrates with CI/CD pipelines for all automated code and security scans. | |
|
Issue Reporting Generates actionable issue and remediation reports. |
Actionable issue and remediation reports are generated after scans and viewable in merge requests and dashboards. | |
|
Visualization Provides visual dashboards or charts for code quality trends and hotspots. |
Visual dashboards, charts, and trend graphs are available for code, security, and velocity metrics. | |
|
Refactoring Suggestions Offers automated suggestions or guidance for code improvements. |
Code Quality widget and suggestions in MRs offer refactoring guidance, flagging smells and improvements. | |
|
Code Review Collaboration Enables team-based code review, comment, and approval workflows. |
GitLab's review and merge request process is fully collaborative, supporting team approvals and comments. | |
|
Historical Analysis Ability to analyze code quality trends over time or across codebase versions. |
GitLab displays historical scan results and trends in its dashboards for code quality and velocity. | |
|
Open Source Dependency Scanning Checks for open-source packages, their licenses, and known vulnerabilities. |
Dependency Scanning feature checks for licenses and vulnerabilities in open source dependencies. | |
|
API for Data Export Availability of API for exporting scan data/results. |
GitLab REST API enables export of scan and project analysis data. | |
|
Automated Test Coverage Analysis Measures and reports on the percentage of code covered by tests. |
Test coverage reports and badges are supported in CI/CD to measure automated test coverage. |
Scalability & Performance Assessment
(10 Yes /10 Known /13 Possible features)
|
Automated Load Testing Performs automated tests to simulate user traffic and stress on application components. |
Support for automated load testing via CI/CD runners and integrations with k6 and JMeter. | |
|
Bottleneck Detection Identifies performance bottlenecks in code or infrastructure. |
Pipeline job dashboards and integrations (such as k6, JMeter) support performance and bottleneck analysis. | |
|
Resource Utilization Metrics Monitors and reports on CPU, memory, and storage usage under various loads. |
Performance testing utilities report on resource utilization; some third-party integrations can enhance reporting. | |
|
Throughput Measurement Measures the system's throughput under test loads. |
No information available | |
|
Latency Tracking Tracks response times and latencies for various system operations. |
No information available | |
|
Scalability Simulation Simulates and models scaling scenarios (e.g. horizontal, vertical scaling). |
Can model scaling scenarios via Infrastructure-as-Code and CI/CD. GitLab supports multi-runner scaling and k8s. | |
|
Cloud Readiness Assessment Analyzes how applications and workloads can be migrated or operated in cloud environments. |
GitLab's cloud-native CI and Kubernetes integrations support cloud readiness assessment. | |
|
Automated Reporting Generates reports on scalability and performance findings. |
Automated performance, quality, and security reporting triggered after CI/CD runs. | |
|
Benchmark Comparisons Compares performance metrics against industry or historical benchmarks. |
Performance benchmarks can be compared to historical data and industry references via customizable dashboards. | |
|
Concurrency Testing Tests how well the application handles concurrent operations. |
CI/CD jobs and integrations can explicitly run concurrency and stress tests. | |
|
Network Load Simulation Simulates network constraints (e.g. latency, packet loss) in testing scenarios. |
Performance testing tools can be integrated to simulate network load; job templates exist for such scenarios. | |
|
Service Degradation Identification Detects and reports at which points the system functionality degrades under load. |
JMeter/k6 CI/CD integration reports on stages where performance or services degrade. | |
|
Peak Load Estimation Estimates the maximum load the system can handle before failure. |
No information available |
Technical Debt Evaluation
(7 Yes /8 Known /11 Possible features)
|
Debt Identification Automation Automatically detects potential areas of technical debt. |
Code Quality Job detects maintainability/code debt issues automatically. | |
|
Debt Categorization Classifies debt into types (e.g. design, code, architectural). |
Code Quality tool (CI job) flags types of technical debt such as duplication, complexity, etc. | |
|
Debt Quantification Provides effort or cost estimates to address technical debt. |
Not as far as we are aware.* Effort/cost quantification is not automated in-core, but user can label and estimate via GitLab issues. | |
|
Debt Tracking Tracks technical debt items over time for trend analysis. |
Technical debt issues are tracked over time via issues and merge requests, allowing trend visualization. | |
|
Impact Analysis Analyzes and reports the impact of technical debt on future development. |
No information available | |
|
Remediation Prioritization Ranks or prioritizes technical debt based on severity and risk. |
No information available | |
|
Integration with Issue Trackers Links technical debt items to Jira, GitHub Issues, etc. |
Full integrations exist for Jira and GitHub issues tracking with cross-linking to merge requests. | |
|
Manual Annotation Allows manual input and tracking of technical debt not automatically detected. |
Manual annotation of technical debt issues or custom notes is possible via Issues/MRs. | |
|
Visualization of Debt Hotspots Visual maps highlighting parts of the codebase with high technical debt. |
Visualizations like code heatmaps and code quality dashboards highlight hotspots. | |
|
ROI Estimation Estimates potential ROI for technical debt remediation efforts. |
No information available | |
|
Change Impact Tracking Monitors how software changes affect technical debt. |
MR diffs, code analytics, and issue tracking capture change impact on code and possible debt. |
Intellectual Property (IP) Analysis
(5 Yes /7 Known /11 Possible features)
|
Code Origin Tracing Analyzes codebase to trace third-party, open-source, or internally developed code. |
Not as far as we are aware.* No automatic code origin tracing to distinguish open source/proprietary directly in GitLab core. | |
|
Open Source License Detection Detects open source usage and associated licenses. |
Dependency Scanning detects and reports licenses for all open source software used. | |
|
License Risk Assessment Identifies risky or incompatible open-source licenses in use. |
Flagging risky licenses is supported in license compliance rules. | |
|
IP Ownership Mapping Maps and documents who owns or controls the codebase or platform IP. |
Not as far as we are aware.* IP ownership documentation is not provided as an automated capability in GitLab. | |
|
Patent Discovery Searches for pertinent patents held by the company. |
No information available | |
|
Potential Infringement Detection Flags possible IP infringements. |
No information available | |
|
SBOM (Software Bill of Materials) Generation Generates comprehensive inventories of third-party and open-source components. |
Dependency Scanning creates a Software Bill of Materials for analyzed projects. | |
|
Export Control Compliance Assesses compliance with software export regulations. |
No information available | |
|
IP Portfolio Visualization Provides visual mapping of patents, copyrights, and trademarks. |
No information available | |
|
Data Export/Reporting Exports data for external legal review. |
Data export tools allow legal review, including compliance and security scan results. | |
|
License Change Notification Notifies users on detected changes in license status. |
License scanning alerts when license status changes in new code. |
Architecture Evaluation
(4 Yes /6 Known /11 Possible features)
|
Automated Architecture Diagramming Automatically generates diagrams of system/class/module dependencies. |
Not as far as we are aware.* Architecture diagramming is not natively automated in GitLab, but can be supported via third-party tools. | |
|
Modularity Assessment Evaluates modularity and separation of concerns in the architecture. |
No information available | |
|
API Surface Analysis Analyzes API surface size, versioning, and backward compatibility. |
No information available | |
|
Microservices Detection Detects presence and design of microservices in the stack. |
Service detection supported via Infrastructure-as-Code, Kubernetes support, and third-party integrations. | |
|
Documentation Coverage Measures the presence/quality of architecture documentation. |
No information available | |
|
Service Dependency Mapping Maps out internal and external service dependencies. |
Service dependency graphs can be visualized using configured CI jobs or third-party tools, with YAML configuration. | |
|
Redundancy & High Availability Analysis Identifies points of failure and resiliency mechanisms. |
Not as far as we are aware.* No built-in high availability architecture analysis; dependent on user configuration. | |
|
Data Flow Visualization Visualizes how data moves through the system. |
No information available | |
|
Change Impact Simulation Models potential impact of architectural changes. |
No information available | |
|
Legacy Component Identification Detects outdated or obsolete technologies in use. |
Integration and CI/CD templates exist to identify outdated packages and legacy environments. | |
|
Cloud Native Compatibility Assesses if the architecture supports cloud-native principles. |
Native Kubernetes orchestration and deployment features evaluate and enforce cloud-native compatibility. |
Security Assessment
(11 Yes /11 Known /11 Possible features)
|
Automated Vulnerability Scanning Performs security scans for known vulnerabilities in source and dependencies. |
GitLab's SAST, DAST, Dependency Scanning automate vulnerability discovery and alerting. | |
|
Penetration Testing Supports or integrates with penetration testing tools/workflows. |
Integrates/exports to popular penetration testing tools and workflows (e.g., via job templates). | |
|
Security Policy Auditing Checks for adherence to internal security policies. |
Security compliance policies can be audited and enforced; customizable CIS policies supported. | |
|
Compliance Framework Mapping Assesses compliance against standards (e.g., SOC 2, ISO 27001, GDPR). |
Compliance dashboard includes frameworks such as SOC 2, GDPR, and supports mapping checks. | |
|
Dependency Vulnerability Alerts Notifies when new vulnerabilities are discovered in dependencies. |
Dependency scanning alerts for new security vulnerabilities. | |
|
Encryption Verification Verifies use of encryption in transit and at rest. |
Pipeline security jobs verify for encryption best practices, contingent on code and config scanning. | |
|
Secrets Management Checks for secret/token exposure in code. |
Secret Detection scans catch exposed API tokens and secrets during CI/CD jobs. | |
|
Access Control Review Analyzes role-based access and permission models. |
Access control analytics evaluate roles, rights, and permission usage, integrated with IAM. | |
|
Automated Patch Recommendations Suggests or applies patches for security vulnerabilities. |
Patches and security fixes are recommended in MRs for detected vulnerabilities. | |
|
Audit Logging Analysis Validates logging of security-relevant events. |
Audit logging of all security events and findings is standard for both compliance and forensics. | |
|
Incident Response Assessment Evaluates tools and protocols for incident detection and response. |
Security incident response analytics and integrations with alerting tools are available. |
Documentation & Maintainability
(7 Yes /7 Known /10 Possible features)
|
Code Documentation Coverage Measures percentage of code adequately documented. |
No information available | |
|
Automated Documentation Generation Supports auto-generation of code or API docs. |
Auto-generation of docs with tools like GitLab Pages, mkdocs, and integrated Sphinx. | |
|
ReadMe/Onboarding Quality Qualitative review of onboarding materials and process. |
README and onboarding process is integrated with every project and repository. | |
|
Knowledge Base Integration Links to or includes wikis, FAQs, or internal documentation. |
Integration with Wikis, Pages, and external docs for knowledge base support. | |
|
Diagram Generation Creates diagrams for data flow, architecture, or infrastructure. |
Diagram support via Markdown, Mermaid integration, and third-party docs generators. | |
|
API Documentation Completeness Evaluates documentation for each public API endpoint. |
No information available | |
|
Changelog Automation Automates changelog generation between software versions. |
Changelog automation supported via Release notes, tags, and MR changelog generation. | |
|
Maintenance Guide Availability Availability of guides for system maintenance. |
Maintenance and contribution guides are common in official and template GitLab repos. | |
|
Onboarding Analytics Tracks onboarding time and pain points for new engineers. |
No information available | |
|
Documentation Search Functionality Powerful search in all available documentation. |
Search available across all documentation, code, wiki, and issues, with advanced filters. |
Integration & Interoperability
(8 Yes /8 Known /10 Possible features)
|
API Integration Support Assesses how many types of standardized APIs are supported. |
No information available | |
|
Third-Party Tool Compatibility Confirms compatibility with common development, monitoring, and management tools. |
Broad compatibility with Dev, QA, Monitoring, and Project Management tools. | |
|
Plug-in Architecture Supports extension through plug-ins or modules. |
Plugin/extension model supported via Custom CI/CD and GitLab Marketplace integrations. | |
|
Data Import/Export Tools Supports easy migration or syncing of data. |
Import/export supported for repos, CI templates, and project data. | |
|
Webhooks/Event Streaming Supports event streaming or webhook-based integrations. |
Webhooks and event subscriptions are supported for real-time external integration. | |
|
Standard Protocol Support Supports industry-standard protocols (e.g., OAuth, SAML, REST, gRPC). |
Common protocols (OAuth2, SAML, REST, gRPC via API) are supported. | |
|
SDK Availability Availability of official client SDKs for integration. |
No information available | |
|
Cross-Platform Compatibility Operates across multiple environments (e.g., Windows, Linux, macOS). |
Works across Windows, Linux, and macOS and supports containers and cloud platforms. | |
|
Native Cloud Integrations Prebuilt integrations for AWS, GCP, Azure, etc. |
AWS, Azure, GCP integration templates are provided for deployment and pipeline automation. | |
|
Authentication/SSO Integration Supports connection to SSO and IAM providers. |
SSO and IAM support via SAML, LDAP, OAuth, and SCIM. |
Reporting & Visualization
(8 Yes /8 Known /10 Possible features)
|
Custom Report Builder Allows building custom reports from assessment data. |
Custom report builder (under Analytics and Reports) allows for tailored reporting per project. | |
|
Export Formats Supported Number of export formats supported (PDF, Excel, CSV, JSON, etc). |
No information available | |
|
Interactive Dashboards Provides dynamic, filterable dashboards for different data views. |
Interactive dashboards for code, issue, velocity, and most analytics; highly filterable. | |
|
Automated Scheduling Enables scheduling regular reports delivery. |
Auto-scheduling of reports and notifications via pipeline schedules. | |
|
Custom Alerts & Notifications Configurable notifications for key events/findings. |
Configurable notifications available for pipeline events, issues, and vulnerabilities. | |
|
API Access for Reports Allows API queries to retrieve any report dataset. |
API access for all reporting and analytics datasets is available. | |
|
Visualization Types Number of built-in chart/visualization types available. |
No information available | |
|
Role-Based Views Customizes views/reports by user role (e.g., engineer, investor). |
Role-based views configurable for different team and stakeholder roles. | |
|
Shareable Report Links Generates secure, shareable links for stakeholder access. |
Secure, temporary, and expiring links supported for sharing reports. | |
|
Historical Data Comparison Supports side-by-side comparison of past and present assessment results. |
Assessment history and trend comparisons available in analytics dashboards. |
Collaboration & Workflow
(10 Yes /10 Known /10 Possible features)
|
Multi-User Access Allows multiple users to participate in analysis/review. |
Multi-user access with granular permissions for all projects. | |
|
Role-Based Permissions Supports granular roles and access rights. |
User, project, and group roles/permissions enforced throughout the platform. | |
|
Task Assignment Assigns review tasks or remediation actions to team members. |
Tasks can be assigned via issues, merge requests, and boards. | |
|
In-Tool Commenting/Annotation Enables commenting directly on findings or code. |
Commenting and annotation available in code reviews and findings. | |
|
Integration with Project Management Tools Pushes findings and tasks to external systems like Jira, Trello, Asana. |
Jira, Asana, Trello, and other project tool integrations available. | |
|
Collaboration History/Tracking Tracks changes, comments, and actions taken in collaborative reviews. |
Full change tracking and review/approval logs are built into GitLab. | |
|
User Notifications Notifies users of mentions, assignments, or status changes. |
User and assignment notifications support for issues, MRs, and reviews. | |
|
Workflow Customization Supports custom workflows tailored to specific due diligence processes. |
Custom workflow configuration and automation supported in issue boards, pipelines, and approvals. | |
|
Document/File Attachments Allows uploading and linking supporting documentation within reviews. |
All projects support attachments on issues, MRs, and comments. | |
|
Audit Trail Maintains a secure record of all changes and actions for compliance/audit purposes. |
All project and group actions are fully audited for compliance/regulations. |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.