GitLab Customer Assurance Package

At GitLab, we believe that transparency is critical to our success. We want all GitLab customers to be empowered with confidence and trust that their data is protected. Our Customer Assurance Packages (CAPs) are designed to provide GitLab customers and community members with self-serve access to the most current information about our Security and Compliance posture. Whether completing a security assessment or just wanting to learn more about GitLab security practices, THIS is your one stop shop.

For more details about GitLab's trust practices, visit the GitLab Trust Center.

Customer Assurance Package Overview

GitLab offers and actively maintains two Customer Assurance Packages:

  • Community Package: The first step on the trust journey, this package is a compilation of publicly available documentation designed to introduce GitLab’s approach to security.
  • Customer Package: This package provides detailed security information to prospective and existing customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.

Community Package

Continuously updated, check back often

Customer Package

  • December 2020 SOC 2 Type 2 Report
  • October 2021 SOC 2 Type 2 Report and Bridge Letter
  • Annual GCP SOC 3 Report ( Hosting Provider)
  • Annual PCI DSS SAQ-A Self-Assessment
  • Annual GitLab Business Continuity Test Executive Summary
  • Annual Third Party Penetration Test Executive Summary
  • ISO/IEC 27001:2013 Customer Summary Letter
  • Transfer Impact Assessment Guide for Customers
  • TISAX Self-Attestation

Or send a request directly to your account manager

To sign up for Security Notices or our Twice Monthly Newsletter, visit the Sign up for security notices

Open in Web IDE View source

Try GitLab Ultimate risk-free for 30 days.

No credit card required. Have questions? Contact us.