Go beyond simply reducing security flaws in the code
An integrated experience to define, enforce, and report on compliance
Control access and implement policies
Fast, secure, compliant.
Policy management
Define rules and policies to adhere to compliance frameworks and common controls
Granular user roles and permissions: Define user roles and permission levels that make sense for your organization
Access control: Limit access with two-factor authentication and expiration tokens
Compliance settings: Define and enforce compliance policies for specific projects, groups, and users
Credentials inventory: Keep track of all the credentials that can be used to access a GitLab self-managed instance
Protected branches: Control unauthorized modifications to specific branches — including creating, pushing, and deleting a branch — without adequate permissions or approvals
Enforce defined rules, policies, and separation of duties while reducing overall business risk
Compliance framework project templates: Create projects that map to specific audit protocols such as HIPAA to help maintain an audit trail and manage compliance programs
Compliance framework project labels: Easily apply common compliance settings to a project with a label
Compliance framework pipelines: Define compliance jobs that should be run in every pipeline to ensure that security scans are run, artifacts are created and stored, or any other steps required by your organizational requirements
Audit reports: Respond to auditors by generating comprehensive reports such as instance, group, and project events, impersonation data, sign-in, and user events
Compliance report: Get a high-level view of compliance violations and the reasons and severity of violations in merge requests
Vulnerability and dependency management
View, triage, trend, track, and resolve vulnerabilities and dependencies in your applications
Security dashboards: Access current security status applications and initiate remediation
Software bill of materials: Scan application and container dependencies for security flaws and create a software bill of materials (SBOM) of the dependencies used
"GitLab helped us to automate manual processes using pipelines. Now we are deploying code regularly, getting essential changes and fixes to our customers a lot faster"