Edited by Brian Birnbaum.
Very important: KPMG, GitLab´s auditor, has an “adverse opinion on the effectiveness of the Company’s internal control over financial reporting.” This is a major red flag, which all prospective investors should be aware of.
New! You can now listen to my write ups on Spotify, for free.
Below follows a summary of the deep dive and further down, the full deep dive
Deep Dive Summary
Section 1.0: All world-class companies have one thing in common: a very fast pace of iteration. In software, this attribute is even more important. GitLab helps its customers proliferate the pace of iteration in software development via its CI/CD platform.
GitLab is now deploying AI functionality, which promises to supercharge the performance of its offerings. The use of its platform in turn further increases the pace of iteration, which leads to a better platform, which leads to higher performing clients–and thus the cycle continues. This cycle induces, as we have seen from the best companies so often, a productivity flywheel.
GitLab is essentially Palantir (a digital twin) but for CI/CD (software development).
Section 2.0: GitLab has strong competition from Microsoft (Github) and Atlassian (Bitbucket), which have massive distribution advantages. However, GitLab´s focus and iterative capacity may pay off.
Section 3.0: Large companies seem to be flocking to GitLab, in the pursuit of the strictest security and compliance needs.As they flock to GitLab to satisfy these needs, the company is positioned to fortify its moat and increase its operating leverage via MLOps (Machine Learning Operations).
Section 4.0: GitLab is going through a financial inflection point brought about by increased efficiency. However, although their balance sheet is strong, shareholder dilution is a source of concern. To reiterate: KPMG, GitLab´s auditor, has an “adverse opinion on the effectiveness of the Company’s internal control over financial reporting”. This is a major red flag.
Enjoy!
Full Deep Dive
1.0 A Digital Twin for Code Development
At a high level, GitLab creates digital twins for code development processes, helping customers boost their productivity through found efficiencies. GitLab leverages the use of its software to supercharge development processes, leading to a better product and, ultimately, a productivity flywheel.
The key characteristic of the world´s top companies is a fast pace of iteration. Even the world’s most staid, boring companies are constantly tinkering with their process in search of incremental improvements. With the modern economy increasingly driven by or dependent on code, iteration as it pertains to software has become more important than ever. Software companies that can iterate fastest tend to win over time, taking disproportionate market share over peers that iterate marginally slower. In this light, GitLab stands as a formidable asset.
GitLab enables organizations to deliver more software and faster, increasing its customers´ pace of iteration. It enables companies to run their software development process on one platform, meaningfully increasing production speeds and minimizing errors and vulnerabilities. In effect, GitLab is basically Palantir but for CI/CD processes (continuous integration, continuous delivery of software).
For instance, Lockheed Martin has reported 80 times faster Continuous Integration (CI) pipeline builds and decreased time spent on system maintenance by 90%. GitLab also has a seemingly strong competitive position, in a rather cut-throat environment, which I will analyze in depth in Section 2.0.
GitLab enables customers to make their software more secure without sacrificing speed. This differentiated value proposition resonates across all verticals.- CEO Sid Sijbrandij, Q2 2024 ER.
Contrary to popular belief, software development involves a relatively small percentage (~25%)of time spent coding. The rest is spent on activities like planning, securing, deploying, and monitoring the software. In large organizations especially, the pace of software development can be meaningfully increased by automating the steps that you can see below in the depiction of a typical workflow.
One such activity is code reviews.
When a piece of code is developed within a competent organization, it must be reviewed by a third party before it is passed to production (and then going live). In practice, it takes a lot of time to find the right reviewer, which often slows the process. Further, when the matching success rate is low and the wrong people frequently review merge requests, the software is in aggregate faultier than otherwise which then slows down the operation even further.
GitLab wields exhaustive context for its customers´ software development operations and, over time, weaves a single representative data model–a digital twin of sorts. It knows who is working on what at all points in time and can therefore use that awareness to match merge requests with ideal code reviewers, for example. Effectively, the single data model can, over time, be leveraged to automate the solution to any problem that GitLab observes its customers solve manually and repeatedly.
Another example is testing.
Maintaining a piece of code effectively over time requires running periodic tests. Implementing these tests involves less time spent coding them and more time thinking about what logic to implement for them to be useful. GitLab’s exhaustive solution allows it to learn what tests best suit what features in the code and, naturally, has launched a feature to automate testing. This enables developers to focus on what drives value, thus speeding up the pace of iteration.
In the abstract, every GitLab customer who solves a problem also generates an entry to GitLab’s single data model. With enough iterations, GitLab eventually has enough data to train an AI on the [problem, solution] data pairs, thus automating the solution and relieving their customers of this burden with proliferating levels of effectiveness over time.
GitLab has packaged these AI-driven offerings with its GitLab Duo suite, but to be able to deploy this package in the first place, GitLab has had to build out an entire infrastructure for the last decade. GitLab is a DevOps platform that provides a wide range of tools and features for software development and delivery. It is based on the Git version control system, and it includes features such as code review, issue tracking, project management, and continuous integration and delivery (CI/CD).
To date, GitLab has deployed ten live AI features, which is allegedly “three times more than the competition.”
GitLab holds intelligence critical to speeding up the software development process. The more GitLab learns about its customers’ software development habits, the more indispensable it becomes. As time goes by, the idea of hitting the off switch resembles the idea of switching the lights off. Similarly, switching to another provider increases costs as increased data models become more densely populated. At higher levels of intelligence, the rate of learning accelerates and so does the value of each unit of time–and vice versa.
Customers want to develop better, faster, and more secure software, and we want to do more with less. - CEO Sid Sijbrandij, Q2 2024 ER.
Much like UIPath, GitLab leverages its product to increase its pace of iteration. The topic inexorably occupies an important section of the company´s public filings because the CEO, Sid Sijbrandij, understands–as we covered earlier–that speed of iteration is integral. As GitLab iterates faster, its software improves, its customers iterate faster, and switching costs skyrocket, thus sustaining the flywheel. With each cycle, productivity rises exponentially.
GitLab’s track record regarding iteration is characteristic of the tech world’s greatest trailblazers. GitLab also exhibits the tendency to share economies of scale and delay profits. In April of 2023, it raised the price of its premium SKU for the first time in five years, and over that period the company added a total of 400 new features.
As of Q4 of the last fiscal year (FY2023 for GitLab), the company had released a new version of its software for 136 months in a row–every 22nd day of each month. Unfortunately, however, GitLab has not updated this metric in Q1 and Q2 FY2024, and during these two respective conference calls, the CEO instead made great emphasis on what brings customers towards GitLab: security and compliance. This brings onto the next section, in which I will analyze GitLab´s competitive position in depth.
2.0 GitLab versus Microsoft and Atlassian
Yet another potential Innovation Stack, GitLab competes with two large companies that have notable distribution advantages. But GitLab’s exclusive focus may pay off. On top of its focus, the single data model architecture may prove to be a meaningful structural advantage.
Until I discovered GitLab a few weeks ago I ignorantly thought that Github (Microsoft-owned) was the only player in the “space,” and by space I mean the realm of code repositories. I ignored that, along with that of public repositories, the corporate world runs largely on private repositories, along with continuous integration, continuous deployment (CI/CD) suites such as GitLab, since they offer the level of control that large companies require to satisfy their compliance and security needs.
Very generally speaking, Github excels in public repositories and Gitlab excels in private. The former has 100M+ developers and the latter has 30M+. Until 2019, the two platforms served fairly distinct functions, with the DevSecOps category pioneered by GitLab being somewhat disregarded. In 2019, however, Github launched Github Actions, which enables GitHub users to automate workflows via a marketplace. In this marketplace, third party developers sell automation features that users can pick and choose from.
In doing so, Github has attempted to move into GitLab´s territory and, anecdotally, it seems to be doing some damage. My general impression however is that GitLab remains a closed environment, which ultimately yields higher levels of (perceived, at least) security and compliance. Most notably, GitLab´s FY2023 10-K includes the following remarks about its distribution strategy:
We have a multi-faceted land-and-expand bottom up and top down sales strategy. Our customer journey can begin with developers and then expand to more teams and up to senior executive buyers. Equally so, the customer journey can start with executive level buying decision makers looking for a solution to their business and technology challenges, such as developer productivity, efficiency, security and compliance, and cloud migration.
With around 60 million more developers than GitLab, Github’s bottom up sales approach has a meaningful distribution advantage that’s compounded by the parent company´s top down advantage.
My longtime readers will have already realized that I encounter these scenarios in my deep dives quite often: i.e. a small company with exclusive focus on a specific task and high iterative capacity versus a larger company (or companies) with attention split over a broad number of tasks, reasonable iterative capacity, and vast resources.
As Spotify versus Apple and Block versus Amazon have taught us, sometimes if the smaller company’s focus is powerful enough, the big one will fail. In the case of Spotify, for example, dedicating itself to one task (pleasing listeners) has over time amounted to a moat that’s hard to identify. Yet it keeps both Amazon and Apple largely at bay.
GitLab also faces competition from Atlassian, which owns Jira, an issue and project management tool for teams used by 65,000+ organizations worldwide. This in turn can be integrated quite easily with Atlassian´s source-code management solution, Bitbucket. Also, as of the end of June 2023, Atlassian had 260,000 customers across virtually every industry sector–approximately 200 countries.
Meanwhile, at the end of the last quarter GitLab was serving only 7,800 customers with an ARR (annual recurring revenue) of more than $5,000.
So while indeed GitLab faces two giants with ample distribution advantages, I believe it is still worth watching for a number of reasons:
The upside is tremendous over the long run, so long as indeed the switching cost of customers rises over time.
GitLab has a distinct iterative capacity typical of companies that become industry leaders.
I have studied companies like Crowdstrike and UIPath, which are in very similar competitive fights with Microsoft. Both Crowdstrike and UIPath continue to outpace their giant competitor because of their exclusive focus, high iterative capacity, and other organizational properties that I outline in their respective deep dives.
Figuring out what is going on will require tracking the company quarterly. However, I have studied enough B2B sales pipelines at this stage to understand that most corporate entities hire solutions primarily with the intent of not getting fired. To this effect, and with the advent of AI, a consolidated platform with a single data model has a meaningful competitive advantage over other more fragmented offerings. This structural advantage has seen Crowdstrike do very well.
And so the trends with Microsoft remain pretty consistent where we still don't see any competition at about 50% of the deals. We see them in very little deals, but there is more discussion around OpenAI, ChatGPT and Copilot. - CEO Sid Sijbrandij, Q2 2024 ER.
I should note that GitLab´s core is opensource. However, it’s delivered as a single and totally controllable product, with GitLab´s guarantee. GitLab´s paid subscriptions are also available as a self-managed offering, “where the customer installs GitLab in their own on-premise or hybrid cloud environment or a SaaS offering where the platform is managed by GitLab and hosted either in the public cloud or in a private cloud based on the customer’s preference.”
This iterative approach […] is also due in part to our over 3,500 contributors in our global open source community as of January 31, 2023. - GitLab FY2023 10-K.
GitLab´s exclusive focus on CI/CD may yield outsized rewards over time, with the onset of MLOps–all the operations concerned with creating, deploying, and maintaining AI models. I will explore this dynamic in depth in the next section.
3.0 MLOps: GitLab´s Next Frontier
GitLab´s customers will create, deploy, and maintain many AI models over time. GitLab is positioned to support this activity at a marginal cost, which may drive significant operating leverage. Additionally, if GitLab indeed has an edge with larger companies. Another moat may emerge with the rise of MLOps.
Much like other domains in software, coding AI models is but a fraction of the overall work required to make them drive value. For example, the key enabling feature of an AI model is its parameters, which ultimately grant a model its intelligence. Over time, as a model interacts with the world and learns, its parameters may be watered down. This is known as over-fitting and makes a model useless.
Feeding a model data designed to modify their parameters in a malicious manner may result in it being compromised. For instance, suppose we have a model that has been trained to detect skin cancer. Feeding it datapoints with images of skin cancer, which are labeled as non-skin cancer, would effectively retrain the model and lead to many false negatives.
Further, applying a model to the real world is often a rather conceptual and abstract exercise at first. Data scientists spend a lot of time figuring out what model is best used to extract value from a given dataset. But by using its existing infrastructure to observe how data scientists and other personas involved in the MLOps process solve problems, it can gather insightful data. In turn, GitLab can use this data to automate a good part of the process, just like with the current features on GitLab Duo (AI suite).
GitLab can use its current infrastructure to add and capture value in this emerging market. It does not have to build its entire platform again, but can rather extend its single data model to observe MLOps too and ultimately, automate tasks. The accretiveness of MLOps depends on how efficiently GitLab can build out these features, but judging by the declining OPEX as a percentage of revenue (Section 5.0), together with the launch of AI driven features (GitLab Duo), I would say the odds are reasonable.
Further, it so happens that large companies are the ones that have the biggest and richest datasets, which in turn are a prerequisite to train leading AI models. The more and better data fed into a model for a given problem, the more intelligent the model that emerges from it. These companies also have the strictest security and compliance needs, so if GitLab really has an edge in this sense, an additional moat can ensue.
If the above holds true, GitLab would become the preferential home of MLOps–or the kind of MLOps that drive value at scale. Large companies, the ones that actually can train useful models, would default to GitLab firstly for security and compliance needs. They would then create leading AI models on GitLab, generating much more MLOps data than smaller companies would, leading to more valuable forms of automation than otherwise.
[….] our top tier continues to see strong adoption, driven by customer wins for security and compliance use cases. - CEO Sid Sijbrandij, Q2 2024 ER.
Higher switching costs would follow for customers, which would then continue driving the flywheel. This trend would also be enhanced by the general desire of customers to consolidate into one platform, which GitLab can certainly satisfy.
Gitlab has traditionally had three product tiers (free, premium and ultimate) with increasing degrees of feature density and has in fact recently launched GitLab Dedicated, which is designed for companies with very high security and compliance needs. The evolution of this product tier will be the key data point to look out for, in order to discern whether indeed GitLab´s competitive advantage is security.
4.0 Financials
GitLab seems to be going through a financial inflection point, which can be further accentuated by the rise of MLOps over the coming years. It also has a strong balance sheet, but dilution is a source of concern.
Income and Cash Flow Statement
Note: If you refer to Gitlab´s 10-K from last fiscal year, you will see on page 84 that auditor KPMG has an adverse opinion on the effectiveness of the Company’s internal control over financial reporting. This is a major red flag.
There are two very notable financial aspects that have drawn me to study GitLab in depth:
Revenue has increased by 600% from 2020 to the last twelve trailing months.
OPEX as a % of revenue has been declining, with GitLab printing positive cash from operations for the first time, last quarter.
This increase in operating leverage seems due to increased efficiency and scale. Last quarter (Q2 FY2024), GitLab delivered approximately $39M of incremental revenue YoY with only $16M of additional expense. In H2 of FY2024, GitLab has delivered approximately $130M of incremental revenue with just $70M of additional expense.
If the company continues improving efficiency at this rate, positive free cash flow is near. However, notice how sales and marketing spill red all over GitLab´s income statement. Together with R&D, general and administrative expenses make up only 60% of revenue, which is lofty, but reasonable for a company at this stage. The high sales and marketing expense as a percentage of revenue is the price to pay for competing with two distribution giants.
It is also interesting to note that most of GitLab´s revenue derives from self-managed offerings, which supports the idea that GitLab does in fact attract customers for security and compliance:
Further, as mentioned in Section 1.0, in April of 2023 GitLab raised the price of its premium SKU for the first time in five years. During that five-year period, the company added a total of 400 new features. In Q2 FY2024, GitLab reported that the price increase has had no negative impact on churn.
Balance Sheet
GitLab has $986M in cash and no debt. But shareholders pay the price of this pristine balance sheet via considerable dilution. In the TTM, SBC (stock based compensation) was $146M, which is in turn 29% of revenue in the same period. While SBC issuance moderated over the last few quarters, in Q2 we saw a re-acceleration.
5.0 Conclusion
I need more data for/against an Innovation Stack scenario to make a decision.
If GitLab does in fact have a competitive advantage strong enough to fend off Atlassian (Bitbucket) and Microsoft (Github) in the CI/CD domain, the company has a long way to go. I need to get more acquainted with GitLab´s competitive environment, and to fix this issue I will be monitoring the following metrics quarterly:
How GitLab Dedicated evolves. If it succeeds, it will be a very clear sign that customers do flock to GitLab for security and compliance.
How MLOps evolve and whether it manages to lock in large companies.
And generally, how GitLab does in close encounters with Atlassian and Microsoft.
I am currently impressed by GitLab´s pace of iteration and potential financial inflection point. At P/S ratio of over 14, the market is certainly not unaware of the company´s long term potential, so the price leaves little room for error. However, as Nvidia has taught us, higher prices can be justified if the company in question is truly excellent.
Once/if GitLab gains some meaningful scale and solidifies its existence among the competitive threats, it has a very serious chance of gaining escape velocity via MLOps. The fact that scale is paramount in training quality AI models and, in turn, drives a non-linear increase in aversion towards security and compliance risks bodes well for the company.
Dilution from SBC issuance is a concern. For the above business dynamics to be of any use to investors, this metric needs to moderate. However, I note that the competition with the two aforementioned giantsis not only over distribution, but also talent retention. I would imagine that Atlassian and Microsoft, with their deep pockets, can be quite alluring to GitLab employees.
Thus, and as always, SBC is not a black and white metric to analyze.
Lastly–and perhaps most importantly–KPMG's red flag makes this company uninvestable–for now.
⚡ If you enjoyed the post, please feel free to share with friends, drop a like and leave me a comment.
You can also reach me at:
Twitter: @alc2022
LinkedIn: antoniolinaresc
First of all, I'm surprised at the level of depth you get on the sector. That said, my comment is for show you a constructive opinion. Like an active IT guy who has used GitLab and migrated to GitHub I'll give you some numbers. I would talk about GitLab and GitHub, beacause I used it (bitbucket too, but 8 years ago).
Searching for public data on the usage, GitHub is the most used in terms of CI/CD: https://survey.stackoverflow.co/2022#section-version-control-version-control-platforms and https://www.jetbrains.com/es-es/lp/devecosystem-2022/data-science/ (peeked 2022 because in 2023 GitLab does not appear).
In a popular forum for IT, GitHub actions is a more active topic: https://stackoverflow.com/collectives/ci-cd?tab=tags
Google trends show that GitHub actions is by far most searched: https://trends.google.es/trends/explore?date=today%205-y&q=github%20actions,gitlab%20cicd&hl=es
The key for GitHub actions is that you can write your own, becoming part of the open source community. Or using any actions from anyone (or organizations) that they share and maintain.
Pros
* GH go too slow integrating the AI in the platform. And nowadays, some features like you say (test IA, for example) it's still in a WIP status.
* The AI stack integrating all the process (PR, Copilot for Codebase, Testpilot), it's more mature.
* You pointed it, the large orgs, can host for herself the platform. It's an important thing, when talking about law compliance.
* It's Open Source.
Cons
* Almost, the entire Open Source community is at GitHub. It's hard to change the people's mind and habits. And, if you want to contribute to the software/library, you need and account in GitHub.
* The pricing is an important factor, ~x5 more expensive.
* Visual Studio Code is a popular IDE used by a lot of developers. It's fully integrated with GitHub.
* Copilot is a game changer that become the most popular.
* GitHub discussions is a feature used by ~16%: https://survey.stackoverflow.co/2023/#section-most-popular-technologies-asynchronous-tools
* Microsoft have Azure as a cloud provider. He can integrate it with GitHub to make a smooth experience for developers.
My final words: an amazing deep dive that I really enjoyed. Not sure if GitLab can become a market leader, but they are doing good things. The time would say. For now, it's not the case. I think it's important to monitor the stackoverflow and jetbrains surveys, beacause it shows key insights from the sector =D.
Regards.