GitLab Features

Fundamentally changing the way Development, Security, and Ops teams collaborate and build software - GitLab provides all of the essential DevSecOps tools in one DevSecOps platform. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development costs, speed time to market, and deliver more secure and compliant applications.

Compliance

Adhere to compliance by managing security vulnerabilities, policies, and compliance across your entire organization.

GitLab allows you to ensure your software development process achieves regulatory compliance across different industries from a single platform. For finance, our customers use GitLab to comply with several compliance framework such as FEB, FCA, FINMA, and many more. For healthcare, GitLab provides the right tool-set to address the requirements of HIPAA. Additionally, other compliance frameworks can be met (SOC2, ISO, etc.) using GitLab's comprehensive compliance management solutions.

Govern

Security Policy Management

Unified security policy management provides security and compliance teams with a way to enforce controls across their organization for all of GitLab's scanners and security technologies. Policies can be used to ensure security scanners are enforced in development team pipelines with proper configuration, all scan jobs execute without any changes or alterations, and proper approvals are provided on merge requests based on results from those findings.

Security Policy Management

image for Security Policies

Security Policies

Allow security teams to manage and enforce security policies for GitLab projects and for Kubernetes clusters.

Security Policy Management

image for Security Approvals

Security Approvals

Require approval from your security team before allowing developers to merge in code that introduces new vulnerabilities.

Security Policy Management

image for License Approvals

License Approvals

Require approval from your legal and compliance team before allowing developers to merge in code when the licenses that are used are out of compliance with organizational policy

Security Policy Management

image for Merge Request Approval Policies

Merge Request Approval Policies

Enforce multiple approvals from designated roles before allowing developers to merge in code. Additional merge request and repository settings can be overridden in projects to ensure compliance.

Security Policy Management

image for External status checks

External status checks

Send merge request data to third-party systems for validation before merging.

Security Policy Management

image for Security Policy Scopes

Security Policy Scopes

Scope each of your policies to projects using a project list or compliance framework labels

Security Policy Management

image for Pipeline Execution Policies

Pipeline Execution Policies

Enforce custom CI configuration across all of your projects, including GitLab analyzers, compliance reports, and custom scripts

Vulnerability Management

Vulnerability Management enables collaboration between security teams by providing a uniform interface to assess the security posture of their applications. Security teams can view, triage, trend, track, and resolve vulnerabilities detected by the various GitLab scanners.

Vulnerability Management

image for Security findings integrated in the IDE

Security findings integrated in the IDE

Developers can see and fix security findings directly in VS Code.
After a merge request is opened for a branch, the GitLab Workflow extension for VS Code shows new security findings that weren't previously found on the default branch.

Vulnerability Management

image for Vulnerability Management

Vulnerability Management

Empower your entire team, and not just Security, to act on security findings with a
unified interface for scan results from all GitLab Security scanners.

Vulnerability Management

image for GitLab Duo Vulnerability Explanation

GitLab Duo Vulnerability Explanation

Learn about a vulnerability with GitLab Duo Vulnerability Explanation. Use the explanation to better understand a vulnerability and its possible mitigation.

Vulnerability Management

image for GitLab Duo Vulnerability Resolution

GitLab Duo Vulnerability Resolution

Use GitLab Duo Vulnerability resolution to automatically create a merge request that resolves the vulnerability.

Vulnerability Management

image for Standalone Vulnerability Objects

Standalone Vulnerability Objects

Track and manage detected project vulnerabilities like you would an Issue.
Link directly to a specific vulnerability occurrence's page, create and
link a remediation issue, and see vulnerability information persisted
between security scans on the same branch.

Vulnerability Management

image for Vulnerability Reports

Vulnerability Reports

Vulnerability Reports give teams an efficient way to view, triage, track, and resolve vulnerabilities
detected in applications, giving you full visibility into your organization’s risk. They are available for
groups, projects, and the Security Center.

Vulnerability Management

image for Security Dashboards

Security Dashboards

Gain visibility into top-priority fixes by identifying and tracking trends in security risk across your entire organization.

Vulnerability Management

image for Create Jira issues from vulnerabilities

Create Jira issues from vulnerabilities

Efficiently collaborate between teams using GitLab for security testing and Jira for
agile planning. Create a Jira issue type of your choosing directly from a vulnerability
record.

Vulnerability Management

image for Security Scan summary in Merge Requests

Security Scan summary in Merge Requests

All merge requests will show a helpful high level security scan summary of finding severities if there have been security scans run. This helps developers understand the risk of introduced vulnerabilities and helps users easily find secure job artifacts. Ultimate customers will continue to enjoy Vulnerability Management features across all our scan types.

Vulnerability Management

image for Integrated security training

Integrated security training

Enable security training from our content partners to see lessons embedded
in the vulnerability management experience. Links to training are dynamically provided
in merge request security scan results, the pipeline security tab, and vulnerability details pages.
We use the type of security issue and project language to provide the best available
match for the most relevant, targeted learning experience.

Vulnerability Management

image for Auto-resolve vulnerabilities when not found in subsequent scans

Auto-resolve vulnerabilities when not found in subsequent scans

Configure a Security Policy to automatically resolve vulnerabilities that are no longer detected
in subsequent scans.

Dependency Management

Dependency Management allows users to review project/group dependencies and key details about those dependencies, including their vulnerabilities, licenses, and packager.

Dependency Management

image for Project Dependency List

Project Dependency List

Identify components included in your project by accessing the Dependency List
(also referred to as Bill of Materials or BOM)
,which is often requested by Security and Compliance teams.

Ready to get started?

See what your team can do with the most comprehensive
AI-powered DevSecOps platform.