diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
index 25d3f503..24c24028 100644
--- a/.github/workflows/ci-docs-shim.yaml
+++ b/.github/workflows/ci-docs-shim.yaml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       matrix:
         type: [install, upgrade]
-        flavor: [upstream, registry1]
+        flavor: [upstream, registry1, unicorn]
     uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
     with:
       flavor: ${{ matrix.flavor }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6bfed1c9..3425984b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -36,7 +36,7 @@ jobs:
     if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
     strategy:
       matrix:
-        flavor: [upstream, registry1]
+        flavor: [upstream, registry1, unicorn]
         architecture: [amd64, arm64]
         exclude:
           - flavor: registry1
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 790e41f6..dc203e3e 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -55,7 +55,7 @@ jobs:
       fail-fast: true
       matrix:
         type: [install, upgrade]
-        flavor: [upstream, registry1]
+        flavor: [upstream, registry1, unicorn]
     uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
     with:
       upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}
diff --git a/values/unicorn-values.yaml b/values/unicorn-values.yaml
new file mode 100644
index 00000000..a842c1bb
--- /dev/null
+++ b/values/unicorn-values.yaml
@@ -0,0 +1,73 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+gitlab:
+  webservice:
+    image:
+      repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee
+      tag: v17.3.6
+    workhorse:
+      image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee
+      # renovate: datasource=docker depName=cgr.dev/du-uds-defenseunicorns/gitlab-workhorse-ee-fips versioning=semver
+      tag: v17.3.6
+  sidekiq:
+    image:
+      repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee
+      tag: v17.3.6
+  migrations:
+    image:
+      repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee
+      tag: v17.3.6
+  gitaly:
+    image:
+      repository: registry.gitlab.com/gitlab-org/build/cng/gitaly
+      tag: v17.3.6
+  gitlab-exporter:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/gitlab-exporter-fips
+      tag: 17.3.6
+  gitlab-pages:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/gitlab-pages-fips
+      tag: 17.3.6
+  gitlab-shell:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/gitlab-shell-fips
+      tag: 17.3.6
+  praefect:
+    image:
+      repository: registry.gitlab.com/gitlab-org/build/cng/gitaly
+      tag: v17.3.6
+  toolbox:
+    image:
+      repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee
+      tag: v17.3.6
+global:
+  certificates:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/gitlab-certificates-fips
+      tag: 17.3.6
+  gitlabBase:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/gitlab-base-fips
+      tag: 17.3.6
+  kubectl:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/gitlab-kubectl-fips
+      tag: 1.31.1
+
+registry:
+  image:
+    repository: cgr.dev/du-uds-defenseunicorns/gitlab-container-registry-fips
+    tag: 17.3.6
+
+shared-secrets:
+  selfsign:
+    image:
+      repository: cgr.dev/du-uds-defenseunicorns/cfssl-self-sign-fips
+      tag: 17.3.6
+
+upgradeCheck:
+  image:
+    repository: cgr.dev/du-uds-defenseunicorns/gitlab-base-fips
+    tag: 17.3.6
diff --git a/zarf.yaml b/zarf.yaml
index 93b4ced8..b3901992 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -96,3 +96,33 @@ components:
       - "registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.3.6"
       - "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.3.6"
       - "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:v17.3.6"
+
+ # Note: unicorn flavor is experimental
+  - name: gitlab
+    required: true
+    description: "Deploy gitlab with chainguard images"
+    import:
+      path: common
+    only:
+      flavor: unicorn
+    charts:
+      - name: gitlab
+        valuesFiles:
+          - values/unicorn-values.yaml
+      - name: uds-gitlab-settings
+        valuesFiles:
+          - values/unicorn-values.yaml
+    images:
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-certificates-fips:17.3.6"
+      - "cgr.dev/du-uds-defenseunicorns/cfssl-self-sign-fips:17.3.6"
+      - "registry.gitlab.com/gitlab-org/build/cng/gitaly:v17.3.6"
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-container-registry-fips:17.3.6"
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-pages-fips:17.3.6"
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-shell-fips:17.3.6"
+      - "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v17.3.6"
+      - "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee:v17.3.6"
+      - "registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee:v17.3.6"
+      - "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v17.3.6"
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-kubectl-fips:1.31.1"
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-base-fips:17.3.6"
+      - "cgr.dev/du-uds-defenseunicorns/gitlab-exporter-fips:17.3.6"