In support of our ongoing commitment to information security and transparent operations, the GitLab Security Compliance team is dedicated to obtaining and maintaining industry recognized security and privacy third party certifications and attestations. The benefits from these activities include:
The following security certifications and attestations are currently on our roadmap for consideration and have not yet been formally committed or contracted:
The nature of SOC2 reports is such that these reports cannot be made publicly available. Not only do these reports contain very detailed information about how our systems operate (which could make a potential attack against GitLab easier) but these reports also contain proprietary information about how these audit firms conduct their testing. For these reasons we can only share SOC2 reports with prospective customers that are under an NDA with GitLab or with current customers bound by the confidentiality of our customer agreements. The report should not be shared with anyone other than the individual requestor(s).
Is publicly available and can be found here