If you don't want to worry about downloading, installing, and managing GitLab yourself, then you'll want to use GitLab SaaS, where there is no technical setup required. If you want full control of your GitLab environment, then you can choose to download and install GitLab self-managed, on your own infrastructure or in the public cloud environment.
Choose the version of GitLab that is best for you — let us host it for you, or host GitLab on your servers:
GitLab SaaS is hosted, managed, and administered by GitLab, Inc., with free and paid options for individuals and teams: Free, Premium and Ultimate.
To support the open source community and encourage the development of open source projects, GitLab grants access to Ultimate features for all GitLab SaaS public projects, regardless of the subscription.
With GitLab self-managed, you deploy your own GitLab instance on-premises or in the cloud. From bare metal to Kubernetes, you can run GitLab almost anywhere, with free and paid options: Core, Premium, and Ultimate.
Feature by feature, GitLab SaaS and self-managed are mostly the same.
Features that are not available to .com customers are primarily configuration or administration tasks that GitLab, Inc. necessarily manages for GitLab SaaS, with a few exceptions as detailed below.
Your subscription determines which tier of features you can access. There are some differences in how a subscription applies, between use of GitLab SaaS or a self-managed instance.
On GitLab SaaS, you can apply a subscription to either a group or a personal namespace. On a self-managed instance, a GitLab subscription provides the same set of features for all users.
While there are several dozen minor functional differences, they amount to a few key considerations:
Key differences between GitLab SaaS & self-managed
| type of difference | GitLab SaaS | GitLab self-managed |
|---|---|---|
| Infrastructure | GitLab manages HA Architecture, and instance-level backups, recovery, and upgrades | manage your own, anywhere |
| Instance wide settings | same for all users | custom |
| Access controls | customer is group owner | customer is admin |
| Features availability, such as: | SAML SSO is Premium | SAML or LDAP is Core |
Log information and auditing* |
no access, but Support or Security can answer questions | unrestricted access |
* On GitLab SaaS, each user agrees to our TOS and privacy policy as an individual, regardless of what email domain they use. Thus, we cannot provide their employer with personally identifiable information such as an email address, log info, etc., as that would be a violation of our user agreement.
We should work on removing as many difference between GitLab SaaS and self-managed as possible. Please contribute relevant issues to this epic for the Product team to consider and prioritize.
The GitLab Pricing page includes a "Frequently asked questions" section which answers "What features do not apply to GitLab SaaS?" Some of the bullets below require clarification, here and on the web site. That list includes:
| Feature missing on GitLab.com | Status |
|---|---|
| Custom Text in Emails | To be determined |
| Server Hooks | Server hooks must be configured on the file system of the GitLab server. Only GitLab server administrators are able to complete these tasks. Webhooks are available to SaaS users as a workaround. |
| Access to the server | As a SaaS service, server access is not available. |
| AD / LDAP integration | To be determined |
| Multiple LDAP / AD server support | To be determined |
| Create and remove admins based on an LDAP group | To be determined |
| Kerberos user authentication | To be determined |
| Integrate with Atlassian Crowd | To be determined |
| Email all users of a project, group, or entire server | To be determined |
| Limit project size at a global, group, and project level | To be determined |
| Restrict SSH Keys | This feature is only available to instance-level administrators for self-managed instances, due to the architecture of GitLab.com. It will require significant work to refactor this feature for SaaS accounts and it not planned. |
| LDAP group sync | To be determined |
| LDAP group sync filters | To be determined |
| Auditor users | To be determined |
| DevOps Score | DevOps Score depends on usage ping from self-managed instances of GitLab to compare usage across instances. |
| Mattermost integration | To be determined |
| Container Registry geographic replication | To be determined |
| Globally distributed cloning with GitLab Geo | To be determined |
| You decide when you upgrade | As a SaaS service, GitLab.com is always running the latest and greatest version of GitLab. |
| Retrieval | To be determined |
| Configurable issue closing pattern | To be determined |
| Custom header and footer system message in web and email | To be determined |
| Various authentication mechanisms | To be determined |
| Plugins | To be determined |
| Enforce accepting terms of service | To be determined |
| Supports geolocation-aware DNS | To be determined |
| Restrict access by IP address | To be determined |
| Go Proxy | Disabled on GitLab.com due to performance concerns and missing features. |
| Instance-level Kubernetes cluster configuration | As a SaaS service, intance level configurations are not allowed. |
| Smart card support | To be determined |
| Instance-level kubernetes clusters | As a SaaS service, intance level configurations are not allowed. |
| Credentials Management | To be determined |
| Export a user access report | To be determined |
| Instance-level project integration management for external services | To be determined |
Some features of GitLab do not apply for users of GitLab.com, as they are focused on the operations of an instance itself. For example we run a fault-tolerant PostgreSQL cluster on GitLab.com, but communicating this in our feature list to users can be confusing, as it is not something they can turn on or directly use. These features include:
