Gitlab hero border pattern left svg Gitlab hero border pattern right svg
Gitlab logo svg

Manage Compliance with GitLab

Building applications that meet common regulatory compliance standards

Compliance management

Compliance management is hard. And traditionally boring. Per Gartner, the need for compliance continues to grow significantly but the budgets are expected to remain flat or decrease. On the other hand, the cost of non compliance is very high - manifesting in the form of revenue loss, business disruptions, fines, brand image, stock prices and so on.

Hence, you need a compliance program that must be built into the operations of the business to be impactful, rather than be a separate process attached to various other systems. This helps compliance teams to keep up with the changing regulations and emerging risks.

Compliance Management with Gitlab

GitLab compliance management aims to change the current paradigm for compliance to create an experience that's simple, friendly, and as frictionless as possible by enabling you to define, enforce and report on compliance policies and frameworks.

  • Policy Management helps you define rules and policies to adhere to compliance frameworks
  • Automate Compliance Workflows helps you enforce the defined rules and policies
  • Audit Management helps you log activities to identify incidents and prove adherence to compliance rules and policies defined
  • Security Management helps you ensure security scanning and license compliance for every piece of code and a dashboard to track and manage vulnerabilities

Policy Management

Policy Management helps you define rules and policies to adhere to - either internal company policies or policies based on legal or regulatory frameworks such as GDPR, SOC2, PCI-DSS, SOX, HIPAA, ISO, COBIT, FedRAMP, and so on.
  • Granular User Roles and Permissions GitLab supports five different user roles with permissions according to people’s role, rather than access required to a repository
  • Compliance Settings Create and enforce on compliance policies for users based on compliance rules for specific projects / groups
  • Credentials inventory Keep track of all the credentials that can be used to access the GitLab self-managed instance
  • Protected Branches Control unauthorized modifications to specific branches - including creating, pushing, deleting of a branch - without adequate permissions or approvers

Automate Compliance Workflows

Once the policies and rules are defined, you need a way to enforce these policies. Compliance controls and automation of compliance workflows focus on enforcing policies, separation of duties while reducing overall risk.
  • Compliance Framework Project Templates Create projects with issues that map to specific audit protocols such as HIPAA - to help maintain an audit trail & manage compliance programs
  • Compliance Framework Project Labels Enable common compliance settings to be applied to projects with specific framework labels

Audit Management

Compliance audits require traceability of various compliance events - such as user actions, permission changes, approval changes, logins, password changes and so on. Such information exists in GitLab, audit management aims to provide a consolidated view of these insights.
  • Audit Events aims to satisfy organizational audit logging requirements within the UI or via API
  • Advanced log system of 20+ system logs - where everything is logged to analyze the GitLab instance
  • Compliance Dashboard aims to provide compliance insights in a consolidated view with all relevant compliance signals such as segregation of duties, framework compliance, license compliance, pipeline and MR results. Currently, the dashboard focuses on most recently merged MR activity.

GitLab eased SOC 2 Audit for

During a recent audit for SOC2 compliance, the auditors said that Chorus had the fastest auditing process they have seen and most of that is due to the capabilities of GitLab

Russell Levy
Co-Founder, and Chief Technology Officer,
Read full story

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license