GitLab Customer Assurance Package

At GitLab, we believe that transparency is critical to our success. We want all GitLab customers to be empowered with confidence and trust that their data is protected. Our Customer Assurance Packages (CAPs) are designed to provide GitLab customers and community members with self-serve access to the most current information about our Security and Compliance posture. Whether completing a GitLab.com security assessment or just wanting to learn more about GitLab security practices, THIS is your one stop shop.

For more details about GitLab's trust practices, visit the GitLab Trust Center.

Customer Assurance Package Overview

GitLab offers and actively maintains two Customer Assurance Packages:

Community Package: The first step on the trust journey, this package is a compilation of publicly available documentation designed to introduce GitLab’s approach to security.
Customer Package: This package provides detailed security information to prospective and existing customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.

Community Package

Welcome Letter
SOC 3 Report
CSA CAIQ Level 1
Standard Information Gathering (SIG) Lite Questionnaire
BitSight Security Report for GitLab
GitLab Technical Report: Securing Customer Data

Download Now!

Continuously updated, check back often

Customer Package

Annual SOC 2 Type 2 Report and Bridge Letter
Annual GCP SOC 3 Report (GitLab.com Hosting Provider)
Annual PCI DSS SAQ-A Self Assessment
Annual GitLab Business Continuity Test Executive Summary
Annual Third Party Penetration Test Executive Summary
Coming Soon: ISO/IEC 20243-1:2018 Self Assessment

Request by Email

Or send a request directly to your account manager

GitLab Customer Assurance Package

Customer Assurance Package Overview

Community Package

Customer Package

GitLab's Key Policies and Procedures