It is the goal of the GitLab Security Compliance team to:
A member of the Security Assurance organization, these are the primary functions of the Security Compliance team:
GitLab uses a common control framework that maps to a variety of industry compliance requirements and best practices. For information about how we developed this framework and a list of all of our security controls, please see the security controls handbook page.
The Security Compliance team uses an application-based ownership model for control testing. The information below represents the current ownership for systems that have already been tested or scheduled to being testing. This list will expand as our continuous control testing expands to include new systems.