Talk of GitLab sale highlights growing importance of DevSecOps platforms

GitLab could be heading for an acquisition — and if it is, that could have consequences for the DevSecOps platform’s feature set and pricing, analysts say.

DevSecOps, the application development practice that automates the integration of security and security practices into every phase of the software development lifecycle, has become increasingly important as enterprises work to incorporate security into their DevOps processes. And DevOps platforms have been responding, adding the all-important “sec” to their products.

That, in turn, makes companies providing these tools more attractive to potential acquirers.

That’s the case for GitLab, a cloud-based platform allowing development, operations, and security teams to design, build, and manage software using a single tool. Reuters reported on Wednesday that the company is exploring a sale after hearing from potential acquirers. Reuters cited sources saying that one possible suitor is cloud monitoring firm Datadog.

That could be a good fit, according to analysts.

“DevSecOps and observability go well together,” noted Christopher Condo, principal analyst at Forrester, in an email. “Firms that are engaged in DevOps or DevSecOps should also be engaged with an observability vendor. Why? How else would you know if the software being released is having any material impact on the user base (either positive or negative)?”

By connecting these two capabilities, he said, development teams can release and monitor their applications with a single platform. “Whether that makes sense from a business perspective is a matter for those two companies to decide, but most definitely, enterprise platform teams are linking those capabilities together on their own.”

Platform compatibility

John Annand, research practice lead at Info-Tech Research Group, also thinks that, if a Datadog deal occurred, it could be a good match.

“GitLab is a very popular DevSecOps tool that lets enterprises optimize their pre-production activities rather than having to build their own CI/CD and testing pipelines from multiple vendors’ products and from scratch,” he said in an email. “Datadog’s product is all the information about how a deployed application behaves once it’s left the dev environment and is forced to deal with real-world conditions.”

Joining the two companies could also enhance GitLab’s capabilities, Annand added.

“GitLab, like everyone else, is looking to see how they can build AI services. One of the most successful use cases is AI to help coders write better code faster. If GitLab can use Datadog’s data, that would be incredibly valuable — better testing based on more accurate real-world models. Plus, Datadog’s cloud ecosystem agnosticism instantly gives GitLab deep inroads into AWS and Azure, as well as private cloud companies. I think these are two complementary products and a very interesting wedding between the pre-prod and prod worlds that I’m not sure we’ve seen before.”

How an acquisition could affect product pricing

GitLab estimates on its website that it has over 30 million registered users. But while the company based its business on providing an end-to-end set of capabilities, Forrester’s Condo said, “The reality is that most end users consume only a portion of those capabilities. For example, even though GitLab offers security tools, most users opt to use third-party tools they are more familiar with.”

Because GitLab has until recently opted to charge one price for the package rather than pricing capabilities individually, he said, it “ends up supporting a portfolio of capabilities with mixed degrees of ROI, creating costs that could be hard to maintain over the long term.“ He suggested that the injection of cash from a sale could allow GitLab to choose to restructure the product to allow more flexible purchasing options. On the other hand, he said, “No money might force them to optimize their offering for ROI.”

In Condo’s opinion, DevSecOps has been — or should have been — part of DevOps from the beginning. “However, our research shows that DevSecOps is much more than just tools; it requires teams to collectively determine that incorporating security best practices throughout their {software development lifecycle] has value and is a worthwhile endeavor. So, to that end, the DevSecOps industry is much bigger than GitLab and these scenarios for GitLab will have little impact on the DevSecOps movement.”