Access to modify source code is restricted to authorized personnel.
As GitLab is open source and we have contributors outside of the company from across the world, anybody can view and submit edits to the codebase to fix issues, add features, and so on. The spirit of this control is to ensure there's a process in place for all additions, including from the GitLab community, are appropriately reviewed and approved before being merged into the codebase.
This control applies to any system or process where source code can be modified.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.