User validation required?

We have a new developer whose pipelines are not running due to an error with a message that starts User validation required To use free pipeline minutes on shared runners, you’ll need to validate your account with a credit or debit card....

I don’t remember validating my account like this, is it now the normal workflow?



1 Like

Hi @snim2 Gitlab added this recently, because of abuse of their platform with people mining crypto via the shared runners, pipelines. So now, all accounts need to be verified first so that the abuse can be reduced.

This is the post relating to that change: Preventing Crypto Mining abuse on SaaS


Thanks @iwalker


all accounts need to be verified

Thank you for the correct answer, @iwalker. A small correction: only new accounts need to be verified.

From the forum post you linked (emphasis mine):

starting May 17th, 2021, GitLab will require new free users to provide a valid credit card in order to use shared runners on


Hello, will there be another option besides ‘credit card’ to use as validation? I could imagine that a lot people in the EU don’t use creditcards but debitcards. Wondering how I can validate my account now :sleepy:

1 Like

@CEikelboom apparently it is possible:


Same issue, here and I’ve already validated with a valid debit card. HOwever, it still asks for validations after refresh

At present the validation banner will still show on pipelines that failed to run before you validated. This is a bit confusing, admittedly and our team is working on making it less so.

In the mean time, please try your pipeline again by pushing a new commit or triggering a pipeline manually.

1 Like

Using gitlab as a company this is no solution for us because every new employee would have to use his private creditcard (or debitcard) but none of them would like to do so.
Is that the recommended way? Is there a sort of Company-Account where we can manage accounts by ourselves?


Hi @thiagocsf understood that only new accounts need to be verified but has anybody thought through the onboarding user experience of this? A new Gitlab user joins a team, they will not be able to run pipelines, they will be stuck and confused why they’re being asked for a credit credit when they are onboarding as a member of a company group. Both resolutions are not ideal:

  • They enter their private card details to GitLab or
  • We share company card details to the new user to enter, this is not ideal either.

Am I missing something cleaner that can be done?

Hi, @vicken.papaya.

has anybody thought through the onboarding user experience of this?

Yes; we’re working on it. You’re not missing anything, as far as I know.

Unfortunately I have no public issue to share since discussions around this topic are being treated as confidential. I’ve asked internally for help providing a better answer here.

I’m sorry I have no better answer for you right now.

@thiagocsf any updates? we’re experiencing the same issue. This is far from ideal. We’ve purchased additional minutes, but new users are unable to run pipelines.

Hi @ thiagocsf! I understand the motivation driving this restriction. But what happens with purchased pipeline minutes?, I purchased additional minutes that I can not use with new developers because of this restriction. Is there away to disable free minutes and only use the minutes I purchased?. Purchased pipeline minutes shouldn’t be affected.

@ricardo000, I’m trying to open-up issue which is currently confidential so anyone can see the latest updates.

@mauricios, I’ve asked internally for help answering questions in this thread. Unfortunately I couldn’t find any answers for you.

For anyone who’s covered by support, I would recommend using it as a channel for requesting updates:

/cc @lkozloff

Any news on this?

We’re on the brink of having to move away from GitLab. For this reason it seems incredibly unnecessary…

1 Like


Hello! I’m one of the EMs from Fulfillment and we worked on implementing this validation.

I understand the frustration and the team hears your feedback.

I think a lot of the frustration is lack of visibility into what GitLab is doing to improve the situation so let me share some context. I suggest reading How to prevent crypto mining abuse on SaaS | GitLab to get even more context on the change.

From the linked blog post I’d especially like to call out “Although imperfect, we believe this solution will reduce the abuse.”

Prior to shipping this user validation the amount of abuse from crypto miners risked instability in the CI/CD service. Our team had to work 24/7 to prevent this which is not sustainable and in the end CI/CD would become unstable for all users. So we shipped this imperfect solution.

So while you’re frustrated with the user validation please bear in mind that the alternative would be an unstable service.

Back to the fact that we knew this was an imperfect solution when we shipped this. Multiple teams are working on improving the UX of the current solution and providing alternative methods for validation. However there’s a need to work on this confidentially as the abusers would also be able to read any public facing issue. If the abusers knew exactly how we were going to prevent abuse they can more easily build workarounds, putting us back in a spot where we need to require credit/debit cards from everyone.

I’ll stress the fact that both credit or debit cards can be used to validate, the card will not be charged, and card information is not stored.

I’ll also call out the options listed at the bottom of How to prevent crypto mining abuse on SaaS | GitLab

I realize this probably isn’t the answer you were hoping for but I hope it helped a little bit just the same.


We are running a short survey on potential alternate methods to validate accounts on free plans (other than credit or debit cards).

If interested, please fill it out here:


My employees do not have credit/debit cards. We live in a country that is mostly unbanked.

I came to the Caribbean and have started teaching and employing aspiring software engineers. We only have five employees to start, but we have secured a software development contract with a Seattle company and my employees will now get on-the-job experience along with some of the top salaries on the island (plus equity and profit sharing). We are creating a tech industry in a place that has good internet and good education but no formal tech opportunities.

But since the island is unbanked, my employees have been excluded from using GitLab.

I understand that you had a hard problem to solve. I understand that the problem had to be solved quickly, and I empathize. I just want to help you realize that the solution you came up with is negligently classist, racist, and immoral. It would have been better to shut down these runners altogether and point people towards alternatives than to make the runners only available to the privileged.

I have spoken with your engineers on the phone before. A few years ago when I was a senior engineer at Nordstrom I spoke with you on the possibility of offering lambda runners. I have always felt very positive about GitLab, so I am trying to give you this feedback empathetically. It is challenging because my personal feelings on the matter include anger and indignation.

I have a team of engineers here who already feel like outsiders. They have dark skin. Some are women. They come from a place with intermittent electricity and shaky infrastructure. They don’t all have cars. We are doing everything in our power to make sure they feel like they belong in this industry, and I feel a lot of anger when a company does something that makes them feel like they don’t really belong.

I will try to contact sales to work around this issue, but GitLab has lost a lot of trust with me.


Thank you for the feedback, Charles.

We strive to make the free and low-cost versions of our service as accessible to as many users as possible while also curtailing the abuse of our platform. Before we put these controls in place, the abuse was sometimes causing challenges for our overall platform stability, impacting all users.

Many similar solutions at other companies have put similar controls in place to combat abuse, and some companies have even removed their free tiers.

We are looking at alternative solutions to validate users that do not have or do not want to provide a credit or debit card while still dissuading abuse. Can you fill out the survey here or respond in this forum with your thoughts on what we are considering?

Some thoughts based on your specific situation:

  • Since you have secured a software development contract, would you be able to buy the lowest cost tier of the service (premium for $19 per user per month)? With this tier, no user needs to verify themselves, and you get other capabilities as well. Ref:

  • If not, would you be willing to host your own runners? Users do not need to be verified even if on a free plan when you use your own runners (rather than ones hosted in our cloud service). Ref:

1 Like