GitLab Customer Assurance Package

At GitLab, we believe that transparency is critical to our success. We want all GitLab customers to be empowered with confidence and trust that their data is protected. Our Customer Assurance Packages (CAPs) are designed to provide GitLab customers and community members with self-serve access to the most current information about our Security and Compliance posture. Whether completing a GitLab.com security assessment or just wanting to learn more about GitLab security practices, THIS is your one stop shop.

For more details about GitLab's trust practices, visit the GitLab Trust Center.


Customer Assurance Package Overview

GitLab offers and actively maintains two Customer Assurance Packages:

  • Community Package: The first step on the trust journey, this package is a compilation of publicly available documentation designed to introduce GitLab’s approach to security.
  • Customer Package: This package provides detailed security information to prospective and existing customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.

Community Package

  • Welcome Letter
  • SOC 3 Report
  • CSA CAIQ Level 1
  • Standard Information Gathering (SIG) Lite Questionnaire
  • BitSight Security Report for GitLab
  • GitLab Technical Report: Securing Customer Data

Continuously updated, check back often

Customer Package

  • Annual SOC 2 Type 2 Report and Bridge Letter
  • Annual GCP SOC 3 Report (GitLab.com Hosting Provider)
  • Annual PCI DSS SAQ-A Self Assessment
  • Annual GitLab Business Continuity Test Executive Summary
  • Annual Third Party Penetration Test Executive Summary
  • Coming Soon: ISO/IEC 20243-1:2018 Self Assessment

Or send a request directly to your account manager

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license

Try GitLab Ultimate risk-free for 30 days.

No credit card required. Have questions? Contact us.