Gitlab hero border pattern left svg Gitlab hero border pattern right svg Background wave
GitLab
vs
GitHub
Decision Kit
Decision Kit
Securing Your DevOps Process
  GitLab Capability Features
Single Touch Point Maintain Confidentiality of issues and activity Issues marked as Confidential, Private Profile Pages (Activity related info disabled in profile settings for certain sensitive users)
Technical Support for Production Environment Fine grained controls on who can access repository, submit code, deploy. Granular user roles and flexible permissions (five different user roles and settings for external users, Set permissions according to people’s role, rather than either read or write access to a repository.), Reject Unsigned Commits, Verified Committer, Protected Environments (Control who can deploy to which environment)
Cross Product Knowledge Securely access remote assets Proxy remote package registries for safer, more reliable builds

GitLab Compliance Capabilities Missing in GitHub

  • Financial Services Regulatory Compliance
GitLab Capability Features
Segregation of Incompatible Duties (SODs) Defined Project Permissions, Protected branches, Protected environments, Merge request approvals, Unprotect permission
Identity and Access Approval Controls to Ensure Proper SODs Role-Based Access Controls (RBAC) within protected branches and environments.
Configuration Management & Change Control CI-CD Configurations, CI/CD pipeline configuration management, Audit Events
Auditing One concept of a user across the lifecycle to ensure the right level of permissions and access, Audit logs, Audit events, Container image retention, Artifact retention, Test result retention
  • Other Compliances
GitLab Capability Features
PCI Compliance GitLab addresses application security, which is a critical element for the enterprise wishing to be PCI-compliant.
HIPPA Identify and manage risks and vulnerabilities, Define and enforce development standards and processes
GDPR Membership locking, rejecting unsigned commits,
user permissions, push rules etc. prevent sensitive files from accidentally being pushed to production.
IEC 62304:2006
ISO 13485:2016
ISO 26262-6:2018
Creating and documenting plans and processes, maintaining end to end traceability etc. help support these compliance needs