About GitLab
GitLab is the most comprehensive AI-powered DevSecOps platform for software innovation. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 30 million registered users and more than 50% of the Fortune 100 trust GitLab to ship better, more secure software faster.
Executive summary
GitLab’s incident response team needed help scaling operations and improving efficiency and sought a platform that could help them build a mature automation program. Tines helped them tick all of these boxes and more.
Two and a half years later, the platform is such an essential part of their day-to-day operations that completing the Tines certification is included in the onboarding process for all new team members in incident response.
“We want everybody on our team to be Tines certified,” says Valentine Mairet, Security Manager, Security Operations (EMEA).
As soon as we have to perform the same task more than once, we think, ‘Maybe we should use Tines to automate this.’
Valentine Mairet, Security Manager, Security Operations (EMEA)
The challenge
Before Tines, the incident response team at GitLab had a small number of automated workflows that were created using manual scripts, which were time-consuming to write and maintain. And their small team didn’t have much capacity to work on them.
They sought a platform that could help them tap into the potential of security automation and orchestration to optimize resources, scale efficiently and reduce risk.
Why Tines?
The team at GitLab was initially impressed by the accessibility and flexibility of Tines and could see its potential to power their automation program. When Valentine was hired as Senior Security Engineer on the Security Incident Response Team, one of her first tasks was to build new workflows and get folks across the team building in Tines. “It was like, ‘OK, we’re a super new team, what do we want to do?’” she says.
The Impact
Let's look at the value Tines has delivered for teams at GitLab.
Time savings and efficiency
Valentine tells us that Tines workflows have helped her team reclaim 1,000+ hours per year. We’ll dive into more detail on this in the Top Workflows section below.
The biggest impact has been the efficiency of operations. Tines has really made our lives easier and reduced the likelihood of burnout.
Valentine Mairet, Security Manager, Security Operations (EMEA)
Time freed up for other work
Those extra 1,000+ hours are being used to implement more impactful initiatives to improve the organization’s security posture.
In terms of hours, we're saving a ton of time, and that time can be allotted to tasks that are crucial for the business.
Valentine Mairet, Security Manager, Security Operations (EMEA)
Faster build time
Before Tines, Valentine’s team could only automate using time-consuming manual scripts.
“Tines makes it so much faster to produce the workflow,” she explains.
Increased value from existing tools
Valentine describes Tines as “a nice complement” to her team’s other tools, including their own platform, GitLab.
“Tines is the glue that connects a bunch of different platforms.”
Valentine Mairet, Security Manager, Security Operations (EMEA)
Increased accuracy and reduced risk
As the security team at GitLab scaled, Tines allowed them to enhance the reliability and accuracy of their processes, thereby reducing risk.
The robot is going to do the same thing every time, so we don't have to rely on human biases. That's why, for us, it's essential to automate. For example, with incident triage, we’re standardizing it by automating it.
Valentine Mairet, Security Manager, Security Operations (EMEA)
Increased collaboration
Tines has also helped GitLab increase collaboration across its security team. “One of the things I really like about Tines is that everybody has access to the workflows,” Valentine says. “If something breaks, we don't want a single point of failure. We want everybody to be able to understand the error and fix it.”
Because GitLab is an all-remote company, with team members in the US, Mexico, Ireland, Germany, and beyond, they rely on asynchronous communication and collaboration to get the job done.
“We’re working on an internal SME program to have subject matter experts in different fields, and with Tines, we want to have at least one per region, so there’s continuity if something unexpected happens.”
Improved job satisfaction and work-life balance
With Tines, Valentine’s team focuses on automating the boring and repetitive tasks, the work that’s proven in research to frustrate security practitioners the most.
Tines workflows have also been instrumental in reducing alert fatigue across the team.
“We're an incident response (IR) team. It’s common knowledge that IR teams are always on the verge of burnout,” Valentine says. “That's typical IR stuff, so redundant and boring tasks, as well as annoying tasks, really contribute to alert fatigue and just fatigue in general. Automating it away is a way for us to improve our work-life balance.”
Top workflows
Incident reporting and triage
This incident reporting and triage workflow has been a game-changer for GitLab’s IR team, saving the team 240+ hours per year.
“Before Tines, we used to get paged for everything,” Valentine explains. “Whenever somebody reported an incident, we were getting paged. And back in the day, we had 24/7 on-call, so you could get paged in the middle of the night.”
“With Tines, we triage these incidents based on severity and priority. So when someone reports an incident, they fill out a form with some information, we parse that in Tines, calculate a potential severity and priority, and based on that, activate PagerDuty or not.”
We used to get paged for 100% of alerts; now that’s down to around 20%. That was really good for the team in terms of morale and just operational happiness. This is definitely a life-changing workflow.
Valentine Mairet, Security Manager, Security Operations (EMEA)
Alert handling
GitLab’s IR team also built an effective alert handling tool using Tines.
“Alerts come in, and the workflow provides that context - Have I seen this before? What do I know about this alert? It’s all automated in Tines.” Valentine explains, “Having the entire alert handling workflow streamlined was very beneficial for our team in terms of efficiency.”
Manage shift turnover with Handogotchi
Keep your team Handogotchi happy and healthy by remembering to submit shift handover notes. Don't forget or else Handogotchi will become agitated. Our YDWWT Winter Wonderland winner.
Created by
Valentine Mairet
Documentation management
This workflow is special to Valentine, as it earned her a prize in the You Did What with Tines? competition.
She used this workflow to gamify the process of team handovers by creating an adorable character called Handogotchi, who prompts the team to submit shift handover notes and holds them accountable when they don’t. It’s a fun workflow that has a real impact on efficiency and incident readiness, highlighting the importance of good documentation and ensuring that this critical part of the job gets done.
“The Handogotchi provides an overview of everything that happened in the day, so for handovers, it's really efficient,” Valentine says. “It tells you, ‘This is what happened today, this is where activity was detected. And this is how everything changed.’”
We're a follow-the-sun team, so handovers are really crucial for us. So this is another useful operational tool for us.
Valentine Mairet, Security Manager, Security Operations (EMEA)
Spam analysis
This workflow connects tools like VirusTotal with GitLab to streamline phishing email analysis.
Valentine tells us, “When you report a phishing email, it goes through various resources like VirusTotal and URL analysis and creates a GitLab issue with all the information it fetched. It also has a rating to tell you whether it’s likely to be malicious. And then the engineers look at the results and make their own decisions based on that information.”
Customer support
Valentine shares that her team really values their calls with their dedicated Tines customer success engineer.
“He’s really contributed to the efficiency of building things. Sometimes we run into issues, and the Tines team is always ready to help out - we get responses almost instantly.”
Favorite features
Workflow visualization
When asked about her favorite thing about Tines, Valentine mentioned the ability to visualize your workflow run in real time.
You see the workflow run, you see where it breaks, you see where it succeeds. That visibility into your workflow lifecycle is really great.
Valentine Mairet, Security Manager, Security Operations (EMEA)
“As a result, debugging in Tines is quite easy to do," she adds. "You see exactly where the thing breaks, and that really helps in the development process.”
Change control
Valentine’s team extensively uses the platform’s change control capabilities, and their feedback has even influenced how change control has evolved in the platform.
“It was a compliance requirement to ensure the integrity of our workflows,” she says. “But we do want to perform quality reviews of our workflows. Our team is great, but sometimes, especially under pressure, they can publish workflows too quickly, and it's good to have a second pair of eyes on them.”
What’s next
Incident response team
Valentine’s team is currently working on several new and exciting workflows. “We’re going to use Tines to create an AI bot,” she says. “I'm planning on building something that will ingest all our documentation and use it to answer questions via Slack.”
They’re also planning to build a workflow for risk-based alerting and refactor some of their long-established workflows to ensure they’re as efficient as possible.
Expansion into IT and other teams
After showcasing Tines workflows at an internal show-and-tell, GitLab’s incident response team started fielding questions from other teams on the platform.
“Everybody was like, ‘What is this? We want it!’” Valentine says. “People were like, ‘Oh, it's like a game - I want to play!’ When other teams see what we can do with Tines, it definitely sparks their interest.”
She believes Tines has the potential to deliver huge time savings for GitLab’s IT team.
“We’re a cloud-native company. We use a variety of different SaaS solutions for our operations, and Tines is really good at connecting everything. For IT, for example, if somebody loses a laptop, and you have to cut access, that's so easily automated with Tines.”
My favorite thing about Tines is how easy and user-friendly it is. For me, it feels like a game. Whenever I build in Tines, I feel like I'm solving a fun puzzle.
Valentine Mairet, Security Manager, Security Operations (EMEA)