Gitlab hero border pattern left svg Gitlab hero border pattern right svg

VUL.7.01 - Vulnerability Remediation Control Guidance

VUL.7.01 - Vulnerability Remediation

Control Statement

GitLab assigns a risk rating to identified vulnerabilities and prioritizes remediation of legitimate vulnerabilities according to the assigned risk.


It is not reasonable for GitLab to patch 100% of vulnerabilities every day so we need a method to prioritize the remediation. Since the goal of this remediation is to reduce to the risk to the organization, we should perform this prioritization by risk which starts with assigning risk to vulnerabilities as they are identified. This prioritization and remediation is among the best way to reduce risk to GitLab's customers and reputation since unresolved vulnerabilities are among the most common attacks to organizations.


This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting and its subdomains. This may include third-party systems that support the business of


Control Owner:

Process Owner:


Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Vulnerability Remediation control issue.

Policy Reference

Framework Mapping