GitLab, which helps businesses manage their software development and operations lifecycle from planning to deployment and monitoring, has acquired Gemnasium, a service that alerts developers of known security vulnerabilities in open source libraries and helps them resolve those issues.
Gemnasium will wind down its operations over the next few weeks. The company expects to completely shut down its service on May 15. All of the Gemnasium team will move to Gitlab. Until then, signups will remain open, though now is probably not the best time to jump on this service.
GitLab, which is currently in use by almost 100,000 companies, will integrate Gemnasium’s service technology into its own platform, which already includes tools for static and dynamic application security testing.
“GitLab’s vision is to provide best-in-class tools for the complete DevOps lifecycle in a single application,” said Sid Sijbrandij, CEO of GitLab, in today’s announcement. “Gemnasium is the best dependency monitoring solution on the market, and we are excited to be making its team part of the GitLab experience.”
GitLab’s acquisition follows a similar move by GitHub, which recently acquired vulnerability scanner Appcanary and which also offers its users a similar set of security tools to alert them of vulnerabilities in third-party libraries.
In a frank assessment of why this sale happened, the Gemnasium team today notes that it was the launch of GitHub’s own security alerts feature (which the founders argue is inferior to Gemnasium’s) that put an end to the startup’s plans. With the vast majority of its revenue coming from GitHub users, the launch of GitHub’s own service — even after bringing Gemnasium into the GitHub marketplace — meant that the service’s churn rate doubled and its monthly recurring revenue stopped growing.
“I know GitHub’s traction, number of users, and free pricing will eventually put Gemnasium out of business in 2018. It is time to find a new home for the team,” writes Gemnasium founder Philippe Lafoucrière.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
For those who want the features of Gemnasium without having to use GitLab, GitHub and their competitors to also manage their code and projects, there are still a number of similar services on the market. These include the likes of Spacewalk, Landscape, CoreOS Clair, Nessus Agents and ThreatStack — a group of companies that both GitLab and GitHub suggest to previous Appcanary and Gemnasium users (until those, too, get acquired…).
