Clients cases – Gitlab –
Client Case: PrivatBank 
About the company
PrivatBank is Ukraine’s largest state-owned bank, serving over 18 million active customers—more than 70% of the country's population. The bank’s infrastructure includes 1,173 branches, 6,860 ATMs, nearly 10,400 self-service terminals, and over 311,000 POS terminals nationwide, supported by a team of almost 20,000 employees.
A leader in retail banking, PrivatBank continuously introduces and improves services for small and medium-sized businesses while maintaining a powerful digital ecosystem.
Ukraine
Finance
FinTech
GitLab Self-Hosted
GitLab CI/CD
Merge Requests / Code Review
SAST, DAST, Vulnerability Scanning
Infrastructure as Code
1,000+ developers
700+ internal and external platforms
14,119 projects and 150,367 commits in 2 months
15–25% time savings on review cycles
5+ years of stable GitLab performance without incidents
PrivatBank is one of the largest banks in Eastern Europe. From a technical perspective, it is also one of the largest IT organizations in Ukraine.
Over 80% of the software used internally and by customers is built by in-house teams. Simultaneously, the bank must meet rigorous requirements for security, compliance, stability, and change management. To solve this, the bank needed a single platform that could standardize development across the organization.
Previously, the bank relied on fragmented tools: Jenkins handled CI, code was stored in separate systems, and processes were spread across different platforms.
This led to several challenges:
To resolve these issues, the bank began transitioning to a unified DevSecOps platform.
Over the past two years, GitLab was established as the bank’s standard development platform. Beyond code storage, GitLab became the foundation for project management, CI/CD, code security, change control, auditing, and compliance.
At PrivatBank, GitLab has become the core of the DevSecOps process.
PrivatBank’s main challenge was not code storage, but establishing one engineering workflow across the organization.
With hundreds of engineers and dozens of teams, even minor process variations can lead to complications. By adopting GitLab as its central platform, the bank integrated all key stages of the code lifecycle:
Developers can now track the full delivery path in one place, from the first commit to production.
GitLab now underpins the bank’s engineering standards. Every code change follows a merge request workflow where peer engineers review the changes. During the review, the team can:
The system maintains a full history of changes, providing transparency on how the code evolved and why specific decisions were made.
This is particularly critical for large-scale organizations: GitLab makes the review process transparent and automated, even across distributed teams. As a result, code reviews function as a direct mechanism for improving code quality.
For PrivatBank, another critical advantage is the ability to manage multiple workstreams in parallel.
In banking, long-term projects often run alongside urgent regulatory updates. To manage this, PrivatBank teams use GitLab’s flexible branching model. This allows simultaneous work on:
In practical terms, this means the team can create a separate branch for an urgent change, implement it, and deliver it to production without halting work on a major project.
Another core principle of the bank’s engineering practice is managing infrastructure alongside the code. This approach ensures teams interact with the system as a unified environment rather than a collection of isolated code fragments.
When a new engineer joins a team, they gain immediate access to the full system context, including:
This shortens onboarding and allows for faster project contributions. Furthermore, GitLab enables the execution of independent branches to test specific changes. Developers can implement updates and deploy them within their own environment to see immediate results—eliminating the need to wait for a full system build.
For an organization of PrivatBank’s scale, this substantially reduces the time between feature development and verification.
For a financial institution, security cannot be a final step; it must be part of the build. At PrivatBank, security tools run automatically within the pipeline before changes reach the main repository.
PrivatBank utilizes the following GitLab security mechanisms:
These checks run directly within the CI/CD pipeline, allowing the team to identify issues before the code even reaches the test environment.
By integrating security checks earlier, engineers get feedback while code is still being written. If a library contains a vulnerability, the system alerts the developer during the coding phase, eliminating the need for late-stage rework.
This change fundamentally alters the development lifecycle. Previously, the workflow followed this sequence:
Now, many of these repetitive steps are removed. Engineers identify problems instantly and resolve them while still working on the code, increasing overall output.
The bank estimates this approach has removed multiple redundant verification steps, saving 15–25% of the time previously spent on these cycles. The primary outcome, however, is code quality. When security is part of the workflow, engineers produce code that inherently meets organizational standards. They account for security requirements, organizational standards, and architectural rules from the outset. Consequently, the code entering the system aligns with internal policies on the first attempt.
This shift drives several key outcomes:
Another critical priority for the bank is the management of open-source components.
Different licenses can impose serious limitations:
For an organization of PrivatBank’s scale, manual control of such risks is virtually impossible, which is why the bank automated this process using GitLab.
During the CI/CD pipeline, the system generates a Software Bill of Materials (SBOM) — a comprehensive list of components included in the software product. For this purpose, industrial standards CycloneDX and SPDX are used.
Based on this information, the bank’s team configures its own open-source usage policies.
This means the system automatically:
If a new library does not comply with organizational policies, the developer receives a signal directly during the merge request. They can either obtain the necessary approval or immediately choose another dependency.
Thus, license control ceases to be a separate process that occurs after development. It becomes a natural part of the engineer’s workflow.
For a financial institution, controlling changes in the code is equally important. Any change must be traceable and understandable.
That is why PrivatBank uses GitLab’s policy and access control mechanisms to regulate the process of making changes.
Specifically, the team has configured:
This means that at any moment, the bank can answer three key questions: who introduced the change to the code, who reviewed and approved it, and why it made it into the release.
For a large financial organization, such transparency is critical. It allows for quick internal audits, incident analysis, and ensuring compliance with regulatory requirements.
As a result, security ceases to be a separate function or process controlled only by a specific team. It becomes an integral part of the daily work of engineers, integrated into the development platform itself.
In an environment where dozens of teams change hundreds of systems every day, writing code is only half the task. Equally important is how this code is delivered to the system. Every change must follow a clearly controlled path — from commit to production.
After GitLab was approved as the standard development platform, the team created internal rules for working with CI/CD. The bank even developed separate regulations defining how pipelines should be built and how teams should manage code delivery.
The majority of projects today use GitLab CI/CD as their primary automation mechanism. This has allowed for the standardization of build, testing, and delivery processes across different teams.
At the same time, pipelines remain flexible enough to account for the specifics of various systems. In the CI/CD processes, the bank integrates not only the standard capabilities of GitLab but also its own quality and security control tools.
Specifically, the following can be connected to the pipeline:
This approach allows combining GitLab automation with the internal control mechanisms the bank has developed over the years.
A distinct challenge for a large financial organization is the presence of a significant number of legacy systems.
Many of them were created before the emergence of modern DevOps practices and do not always easily integrate into standard automation processes. Completely rebuilding such systems in a short time is practically impossible.
Therefore, the bank’s team used GitLab’s flexibility to gradually integrate these systems into the CI/CD process as well.
Even if certain stages for legacy projects remain partially manual, GitLab allows building a controlled pipeline around them. This means:
Ultimately, even old systems become part of the bank’s unified engineering process.
For the PrivatBank team, the main value of CI/CD lies not just in release speed. More importantly, code delivery becomes a predictable and controlled process.
When a pipeline automates system checks and builds, teams can be confident that every change passes through the same stages. This reduces the risk of errors and makes the release process more stable.
In combination with Dev and Sec mechanisms, this creates a unified work model:
In this way, GitLab has helped PrivatBank build a full-fledged DevSecOps process, where development, security, and operations function as a single system.
At PrivatBank, the results of GitLab implementation are evaluated not by individual speed indicators, but by the quality of the code the organization receives as a result.
This changes not only the technical process but also the way teams work. Engineers spend less time troubleshooting issues in production and more time on product development.
Another important effect is faster onboarding for new developers. When code is structured, documented, and passes standardized checks, it is much easier for new engineers to dive into projects.
To understand why process standardization is so vital, one only needs to look at the scale of development at PrivatBank. Today, GitLab is used to work on hundreds of systems and thousands of components. In particular:
And this scale is clearly visible not only at the organizational level but also in the daily interaction with the platform. In the last two months alone, the GitLab environment at PrivatBank has recorded:
At this scale, any lack of standards quickly turns into a serious problem. This is why the centralization of development processes became a key factor for success.
GitLab at PrivatBank operates in a self-hosted environment, which allows full control over the infrastructure and ensures compliance with the security requirements of a financial institution.
According to the bank’s team, the platform demonstrates a very high level of stability.
For an organization where thousands of engineers work with code every day, this is a critically important factor. Platform reliability means that teams can focus on product development without spending time resolving infrastructure issues.
PrivatBank’s transition to the commercial version of GitLab took place in cooperation with Cloudfresh—the official GitLab partner in GCC.
The Cloudfresh team supports the bank in several key areas: from platform licensing to supporting engineering teams during the scaling of DevSecOps processes.
In particular, the collaboration includes:
For a large organization where thousands of engineers use the platform daily, it is important to have access to expertise and fast support.
This format of collaboration allows PrivatBank not only to maintain stable platform operations but also to gradually expand its use. Together with Cloudfresh, the bank’s team tests new GitLab capabilities and implements them into its engineering processes.
The next stage of platform development is the integration of AI tools into the development process. The team is already testing new IDEs and AI agents, as well as experimenting with the capabilities of GitLab Duo Agent Platform.
Among the potential areas of use:
At the moment, these capabilities are used in pilot scenarios, but the bank’s team is actively exploring how to integrate AI into developers’ day-to-day workflows.
Ultimately, GitLab has become more than just a code storage system for PrivatBank. The platform has unified development, security, and operations into a single engineering ecosystem, which allows for further scaling of one of the country’s largest financial organizations.
Ukraine
IT, Software & Technology
“For us, Cloudfresh is not just a reseller but a partner who helps us get the most out of Google Cloud and GitLab. Their support saves us time and gives us confidence as we move forward.”
Czech Republic
Marketing, Media & Entertainment
“GitLab established itself as our central code management platform through user-driven adoption rather than top-down mandate. We don't enforce uniform DevOps practices. Instead, teams adopt GitLab features at their own pace, selecting and combining tools as best serves their workflows. This approach has allowed organic growth of DevOps maturity across the organization. Our cooperation with Cloudfresh has been instrumental. The team supported us in optimizing pricing, exploring new GitLab features, and ensuring our developers stay aligned with the platform’s evolving capabilities.”
Ukraine
Finance & FinTech
“Thanks to the professional support of Cloudfresh, we were able to solve one of the challenges that was impacting the productivity of our development teams. Their promptness, flexibility, and deep understanding of the GitLab ecosystem allowed us to return to stable work and focus on product development.”
