At GitLab, we believe that transparency is critical to our success- and security is no different. Our Customer Assurance Package (CAP) is designed to provide GitLab team members, users, customers, and other community members with the most current information about our Security and Compliance Posture.
We encourage our Customers and Prospects to begin by reviewing our Security Assurance self-service resources below.
Due to the nature of some of GitLab's security certifications and reports, the below resources are availble under a Non Discolsure Agreement. These resources can be requested using the Customer Assurance Activities workflow or by emailing firstname.lastname@example.org.
BitSight utilizes public information collected across multiple domains to provide a numeric score from 250-900. For information on how GitLab maintains this score, refer to our Third Party Security Rating Platforms handbook page. GitLab provides a quarterly company preview report that can be accessed using the links in the drop down section below. The company preview report provides a summary of GitLab's BitSight Score for the production GitLab SaaS offering. We additionally include historical reports for anyone interested in seeing changes to our score quarter over quarter. Note that the company preview report is automatically refreshed by BitSight on a quarterly basis and GitLab does not have the ability to pull a report in real time. The report is refreshed on the first day of the month following a quarter (i.e. the Q1 report for calendar year 2021 is generated on 2021-04-01).
In the table below you will find links to quarterly company preview reports generated by BitSight for GitLab's Production SaaS. The most current report available will always be at the top of the table.
|Calendar Year-Quarter||Link to GitLab Company Preview Report|
|2021-Q1||GitLab Company Preview Report FY21Q1|
If you have any further questions that aren't answered here, please follow the below steps:
Prospective Customers: Please fill out a request and a representative will reach out to you.
GitLab Team Members: Contact the Risk and Field Security team using the Customer Assurance workflow in the slack #sec-fieldsecurity channel.
Coming soon: Regulated Markets Customer Assurance Package