
Self-hosted GitLab
One control plane for source, CI, registry, package, and pages.
Runs in-cluster or on-prem. Group-level CI templates are reused across every repo — zero per-repo boilerplate. Runners span docker, dind, shell, and a cleared TS/SCI tier. SAML / OIDC federation with PIV at the admin tier, and the container registry sits behind a Cosign verification gate.




