Three Small Caps I’m Watching (Part 3/3): GitLab Inc.
This is Part 3 of a three-part mini-series.
The initial plan was to write a single article with an overview of three small-cap stocks I've been watching, allowing you to choose which one to dive deeper into.
However, I quickly realized I have a hard time keeping overviews short.
After asking my subscribers for feedback, I decided to change course and write a separate article for each company (but not as deep as usual).
The third one is GitLab Inc. (GTLB).
Origins
GitLab began as a passion project in October 2011, when Ukrainian developer Dmitriy Zaporozhets built an open-source Git repository manager to address collaboration challenges he faced at work. Its appeal was simple: unlike GitHub, it could be self-hosted, giving teams more control over their code.
In 2012, Dutch entrepreneur Sytse “Sid” Sijbrandij came across the project on Hacker News and saw its commercial potential. The two eventually co-founded GitLab Inc. in 2014 to turn the open-source tool into a business. What started as a version control and collaboration platform quickly grew into a much broader vision: a single application for the entire DevOps lifecycle, from planning and coding to testing, deployment, and monitoring.
A key turning point came when GitLab expanded beyond DevOps into DevSecOps. By integrating security and compliance features directly into its platform, things like vulnerability management, dependency scanning, and compliance reporting, GitLab positioned itself as more than just a development tool. It became a unified environment where developers, operations teams, and security teams could work together seamlessly.
This shift not only broadened GitLab’s addressable market but also differentiated it from competitors who relied on piecing together multiple tools. Over time, the company leaned further into automation and AI/ML integrations, with the goal of reducing complexity and speeding up software delivery without compromising security.
From a one-developer project in Ukraine to a publicly traded DevSecOps leader, GitLab’s journey reflects how open source innovation can evolve into enterprise-grade infrastructure when paired with the right vision and execution.
Most recently, the company entered a new chapter under difficult circumstances. In late 2024, Sid Sijbrandij, GitLab’s long-time CEO and driving force, stepped down after being diagnosed with bone cancer. Although he remains a major shareholder with significant voting control, day-to-day leadership has passed to Bill Staples.
Bill Staples brings deep experience from Adobe and Microsoft, and as the former CEO of New Relic, where he steered the company through a business model transformation and eventual sale to private equity.
Business Model
To understand GitLab, you first need to know about DevOps. Traditionally, software development and IT operations worked in silos: developers wrote code, and operations teams deployed and maintained it. This separation created delays, errors, and inefficiencies.
DevOps combines development (Dev) and operations (Ops) into a single workflow. It’s about automating and streamlining the entire software lifecycle: writing code, testing it, deploying it, and monitoring performance, all in one continuous process.
DevSecOps goes a step further by adding security (Sec) into that pipeline. Instead of checking for vulnerabilities at the end, security is embedded from the start. This prevents costly mistakes and makes software safer from day one.
What GitLab Does
GitLab is an all-in-one DevSecOps platform. Think of it as a digital control room where teams can collaborate on every step of software creation, from writing code to deploying it in production.
Whereas many companies use a patchwork of tools (e.g., one for coding, another for testing, another for security scanning, and yet another for monitoring), GitLab’s pitch is: “Why juggle ten tools when you can use one?”
On GitLab, teams can:
Store and manage code (like GitHub).
Collaborate with merge requests, code reviews, and version control.
Automate testing and deployment (CI/CD pipelines).
Scan for vulnerabilities early in the process.
Monitor software in production and gather feedback.
This unified approach reduces complexity, speeds up development, and cuts costs.
GitLab vs. GitHub
It’s natural to compare GitLab with GitHub, since both started out as platforms to host and manage code. But over time, their focus diverged significantly:
GitHub became the world’s most popular platform for open-source collaboration. It’s a massive community where millions of developers share, contribute, and build on each other’s code. After Microsoft acquired GitHub in 2018, it doubled down on that role, becoming the default place where developers publish open-source projects, with additional enterprise offerings layered on top.
GitLab, by contrast, built its brand around the entire DevSecOps lifecycle, not just code hosting. It provides source code management like GitHub, but also offers continuous integration/continuous delivery (CI/CD), automated testing, vulnerability scanning, compliance, monitoring, and more, all within one platform.
In other words:
If GitHub is like a massive public library where developers share code and collaborate
GitLab is more like an integrated campus: with labs, testing facilities, production lines, and security checkpoints all under one roof
The key selling point for GitLab is consolidation: instead of stitching together 10 different tools (one for version control, one for CI/CD, another for security scanning, another for monitoring), teams can run everything inside GitLab.
That doesn’t mean GitLab is closed off. Enterprises with existing workflows can still integrate third-party apps (e.g., Jira, Slack, cloud services), but the difference is that GitLab doesn’t require them to cover the core DevSecOps cycle. For many customers, this means lower costs, simpler setups, and faster development.
From a business perspective, this difference in focus explains why:
GitHub dominates in the open-source and individual developer community (and maybe Microsoft-centric teams).
GitLab has carved out a strong reputation among enterprises and regulated industries that need security, compliance, and end-to-end control.
How GitLab Makes Money
GitLab started as an open-source project. Developers could freely download, use, and even modify the software. This grassroots approach helped it spread quickly among engineering teams who wanted control and flexibility.
As adoption grew, GitLab introduced a commercial layer on top of the open-source core. The idea was simple: keep the community version free, but charge companies for advanced features, enterprise-grade support, and additional security and compliance tools.
Today, GitLab operates under a freemium model:
Free Tier (Community Edition): Basic features for individuals, small teams, and open-source projects. This helps GitLab stay close to the developer community and attract new users at little cost.
Paid Plans (Enterprise Editions): Companies pay for premium features such as advanced CI/CD automation, security scanning, compliance tools, and customer support. Pricing scales by number of users, which means revenue grows as customers expand their engineering teams.
This model is powerful because it combines bottom-up adoption (developers start for free) with top-down sales (enterprise contracts once the platform becomes mission-critical).
GitLab has been rolling out features to strengthen its enterprise appeal:
Advanced Security & Compliance Tools: Important for regulated industries like finance and healthcare.
Cloud Integrations: GitLab works seamlessly with major cloud providers (AWS, Azure, Google Cloud), making it easier for companies to standardize development.
Dedicated & Premium Plans: These give enterprises private, secure instances of GitLab with priority support, critical for Fortune 500 customers.
GitLab Duo (AI-Powered Development Assistant): Perhaps the most important recent launch, GitLab Duo integrates artificial intelligence directly into the development workflow. It can suggest code, generate tests, help with vulnerability fixes, and improve developer productivity. This isn’t just about convenience — for large enterprises, even small efficiency gains across hundreds or thousands of engineers translate into enormous cost savings.
By bundling all these capabilities under one roof, GitLab strengthens its position not just as a developer tool, but as a strategic platform for enterprises.
GitLab as a Technology Leader
GitLab’s vision is bold: to become the backbone of modern software development at the enterprise level. And there’s a strong case to say it’s already achieving that.
Most major companies, from startups scaling fast to Fortune 500 giants, use GitLab in some capacity. In industries like finance, healthcare, telecom, and government (where security, compliance, and speed are mission-critical), GitLab has carved out a reputation as a trusted, enterprise-ready platform.
Now, I’ll be transparent: I’m not someone who works in this field day to day, and I usually avoid investing in SaaS companies because it’s not where I’m most knowledgeable. But in my research on GitLab, and after talking with people who do live in the developer world, I kept hearing the same thing:
“GitLab is a technology leader. It’s one of those platforms that you just can’t avoid if you’re building serious software.”
That feedback, combined with the company’s growing product strength and enterprise adoption, makes GitLab feel less like a niche software vendor and more like critical infrastructure for the digital economy.
For reference, here’s the 2024 Gartner Magic Quadrant for DevOps platforms:
Why AI is a Tailwind for GitLab
Artificial intelligence is reshaping software development, and GitLab is particularly well-positioned to benefit from this shift.
First, AI can directly enhance developer productivity. Features like automated code completion, test generation, and bug detection accelerate the pace of development and reduce human error. GitLab has already embedded these capabilities into its platform, allowing teams to ship software faster without compromising quality.
Second, AI strengthens GitLab’s core DevSecOps value proposition. By spotting patterns that humans might miss, AI-driven security tools improve vulnerability detection and remediation. This makes GitLab even more attractive to enterprises in highly regulated industries where compliance and security are non-negotiable.
Third, GitLab enjoys a unique data advantage. Because its platform spans the entire software development lifecycle, it captures a rich dataset across planning, coding, testing, deployment, and monitoring. This end-to-end visibility enables GitLab to train and fine-tune AI models that are more tailored, and therefore more effective, than those of point-solution competitors.
Finally, AI aligns with today’s enterprise mandate to “do more with less.” With budgets under pressure, companies want smaller teams to deliver greater output. AI-enhanced DevOps offers exactly that, positioning GitLab as a natural hub for organizations seeking efficiency at scale.
In short, AI isn’t just a feature add-on for GitLab. It amplifies the company’s integrated approach, deepens its moat, and could reaccelerate growth by making the platform even more indispensable to modern software teams.
Numbers
I started drafting this article before Q2 results were released, but the timing allows me to highlight the main points. Execution has been extremely strong so far, with GitLab delivering sixteen consecutive quarters of double beats since its IPO.
The main concern, however, is growth deceleration. While Q2 appeared to suggest a possible reversal of that trend, guidance does not confirm it. The midpoint of full-year guidance implies 23.7% YoY revenue growth, which represents a meaningful slowdown compared to prior years.
That said, guidance looks deliberately conservative. The tone of the earnings call suggests the new CEO is choosing to sandbag expectations, and RPO growth indicates demand may be stronger than official guidance reflects.
Margins continue to stand out as one of GitLab’s greatest strengths. Non-GAAP gross margins have consistently been at or above 90%, while operating leverage is becoming increasingly evident on the bottom line.
In Q2, the company posted a Non-GAAP Net Income margin of 17%, but GAAP Net Income was slightly negative. Adj. FCF margin came in at 19.7%, though the absolute figure was not enough to cover stock-based compensation, which remains a major issue at 23% of revenue. This gap between GAAP and non-GAAP results is important for shareholders to keep in mind.
Finally, GitLab’s balance sheet is exceptionally strong. Benefiting from its lofty 2021 IPO valuation, the company holds nearly $1.2B in cash and carries essentially no debt.
All in all, GitLab is a very healthy business with outstanding margins and a solid financial position, though the combination of slowing growth and heavy SBC is something investors will want to monitor closely.
It’s also important to note that GitLab announced the departure of its CFO, who is leaving to take the same role at Snowflake.
Valuation
As I often say, if I need to build a detailed DCF model just to decide whether a company looks cheap, then it probably isn’t cheap enough.
That’s essentially how I feel about GitLab today. It’s not the type of mispricing I usually look for, which, to be fair, would be nearly impossible to find in a high-quality SaaS business with industry-leading margins and this strategic importance in the software world.
Looking at peers, we could say the stock trades below the median and mean valuations, particularly when factoring in that nearly 15% of its market cap is net cash. I would also argue that GitLab enjoys one of the strongest moats among software platforms. Still, trading at roughly 31x this year’s FCF estimates, the stock is far from a bargain, especially when considering two important caveats: revenue growth has been decelerating, and SBC continues to fully offset FCF.
That said, AI could prove to be a powerful tailwind that reaccelerates growth and supports a higher valuation, and there is also the possibility of GitLab becoming an acquisition target. Google was once a major shareholder, holding over 25% of the voting rights through its investment arm, though it recently liquidated that position for undisclosed reasons. Perhaps an acquisition was on the table and later abandoned, after all, Microsoft’s purchase of GitHub in 2018 shows that such deals can make strategic sense. On another note, the company’s new CEO previously led New Relic through a sale to private equity, which might hint at what lies ahead for GitLab, though for now this remains pure speculation.
In the end, it is normal to see top-tier SaaS companies trade at premium valuations, and GitLab is no exception. Personally, I don’t find the current valuation attractive enough to fit my strategy. Still, I would not be surprised to see the company compound value over the long term, particularly as earnings power begins to matter more than valuation the further out one extends the time horizon.
Final Thoughts
GitLab is undoubtedly a great company, but as you’ve probably gathered by now, I’m not buying it at current levels. For my strategy, the valuation simply isn’t attractive enough. I’m always looking for asymmetric opportunities, and this doesn’t fit that mold. On top of that, the challenges I’ve highlighted: slowing growth, high SBC, and leadership changes that introduce execution risk, make the current price hard to justify in the context of my highly concentrated portfolio.
That being said, if I weren’t so selective and simply wanted exposure to a best-in-class SaaS business, GitLab would likely be near the top of my list. It has the product, the margins, and the long-term relevance to remain a critical player in enterprise software. But for me, other opportunities look far more compelling right now.
As a reminder, the original purpose of this three-part series was to let you vote on which company I should cover in greater depth. However, even before any poll, the winner was clear: Harrow, Inc. I’ve already taken a position there and will continue covering it closely. You can expect a full Deep Dive after the company’s Investor and Analyst Day on September 26, which should provide valuable insights to sharpen the investment thesis.
In the meantime, stay tuned. Tomorrow I’ll be publishing a Portfolio Update with my latest thoughts on each of my holdings, along with how I’m currently thinking about cash allocation.
That’s it, thanks for reading!
Disclaimer: As of this writing, M. V. Cunha does NOT hold a position in GitLab.
Thank you
congratulations aand thnk you re: NBIS ❤