Automate compliance, reduce risks

Software Compliance with GitLab

Build applications that meet common regulatory standards with a secure software supply chain.

compliance-hero

Trusted By:

Logo: Duncan Aviation logoLogo: Curve logoHilti logo logoLogo: The Zebra logoLogo: New10 logoLogo: Chorus logo

Simplify and automate software compliance

Manage risk

Go beyond simply reducing security flaws in the code

Simple and frictionless

An integrated experience to define, enforce, and report on compliance

Implement guardrails

Control access and implement policies

Fast, secure, compliant.

Policy management

Define rules and policies to adhere to compliance frameworks and common controls

  • Granular user roles and permissions: Define user roles and permission levels that make sense for your organization

  • Access control: Limit access with two-factor authentication and expiration tokens

  • Compliance settings: Define and enforce compliance policies for specific projects, groups, and users

  • Credentials inventory: Keep track of all the credentials that can be used to access a GitLab self-managed instance

  • Protected branches: Control unauthorized modifications to specific branches — including creating, pushing, and deleting a branch — without adequate permissions or approvals

Compliant workflow automation

Enforce defined rules, policies, and separation of duties while reducing overall business risk

  • Compliance framework project templates: Create projects that map to specific audit protocols such as HIPAA to help maintain an audit trail and manage compliance programs

  • Compliance framework project labels: Easily apply common compliance settings to a project with a label

  • Compliance framework pipelines: Define compliance jobs that should be run in every pipeline to ensure that security scans are run, artifacts are created and stored, or any other steps required by your organizational requirements

Audit management

Prepare for audits and better understand the root cause of issues with easy access to audit data

  • Audit events: Track important events such as changes to user permission levels, who added a new user, or who removed a user

  • Streaming audit events: Consolidate your audit logs in a tool of your choice

  • Audit reports: Respond to auditors by generating comprehensive reports such as instance, group, and project events, impersonation data, sign-in, and user events

  • Compliance report: Get a high-level view of compliance violations and the reasons and severity of violations in merge requests

Vulnerability and dependency management

View, triage, trend, track, and resolve vulnerabilities and dependencies in your applications

  • Security dashboards: Access current security status applications and initiate remediation

  • Software bill of materials: Scan application and container dependencies for security flaws and create a software bill of materials (SBOM) of the dependencies used

An illustration of 3 headshots of people next to copy messages

Which tier is right for you?

Which tier is right for you?

Free

  • Static application security testing (SAST) and secrets detection
  • Findings in json file
Learn more

Premium

  • Static application security testing (SAST) and secrets detection
  • Findings in json file
  • MR approvals and more common controls
Learn about GitLab Premium

Ultimate

  • Everything in Premium plus
  • Comprehensive security scanners include SAST, DAST, Secrets, dependencies, containers, IaC, APIs, cluster images, and fuzz testing
  • Actionable results within the MR pipeline
  • Compliance pipelines
  • Security and Compliance dashboards
  • Much more
Start your free trial Learn more

Do more with GitLab

Explore more Solutions

DevSecOps

GitLab empowers your teams to balance speed and security by automating software delivery and securing your end-to-end software supply chain.

Learn more

Software Supply Chain Security

Ensure your software supply chain is secure and compliant.

Learn more

Automated software delivery

Automation essentials for achieving digital innovation, cloud native transformations and application modernization

Learn more

Ready to get started?

See what your team can do with the most comprehensive
AI-powered DevSecOps platform.