Gitlab hero border pattern left svg Gitlab hero border pattern right svg
Gitlab logo svg

Manage Compliance with GitLab

Building applications that meet common regulatory compliance standards

Compliance management

Compliance management can be hard and time consuming. It requires coordination within organizations to ensure different functional groups are aligned and that processes meet the regulatory requirements for relevant standards. The cost of non compliance can be high - appearing in the form of revenue loss, business disruptions, fines, or negative brand perceptions, among others.

Organizations need a compliance program that is built-in, not bolted-on, to their existing workflows and processes. "Traditional compliance practices are incompatible with continuous software delivery processes, leading to slower delivery and unexpected, expensive remediation work." (Gartner®, Hype Cycle™ for Agile and DevOps, 2021, Herschmann, Joachim and Spafford, George, 2021) As a complete DevOps platform, GitLab is a great choice for compliance teams to keep up with the changing regulations and emerging risks, while ensuring compliance is integrated into their organization, rather than being an afterthought.

GitLab's approach to DevSecOps directly integrates required compliance jobs into developer pipelines, ensures proper seperation of duties, audit systems, and more This makes it possible to "Implement a shift-left approach to ensure compliance controls are understood earlier in the development process," ( Gartner®, Hype Cycle™ for Agile and DevOps, 2021, Herschmann, Joachim and Spafford, George, 2021 )

Compliance Management with Gitlab

GitLab compliance management aims to change the current paradigm for compliance to create an experience that's simple, friendly, and as frictionless as possible by enabling you to define, enforce and report on compliance policies and frameworks.

  • Policy Management helps you define rules and policies to adhere to compliance frameworks
  • Compliant Workflow Automation helps you enforce the defined rules and policies
  • Audit Management helps you log activities to identify incidents and prove adherence to compliance rules and policies defined
  • Security Management helps you ensure security scanning and license compliance for every piece of code and a dashboard to track and manage vulnerabilities

Policy Management

Policy Management helps you define rules and policies to adhere to - either internal company policies or policies based on legal or regulatory frameworks such as GDPR, SOC2, PCI-DSS, SOX, HIPAA, ISO, COBIT, FedRAMP, and so on.
  • Granular User Roles and Permissions GitLab supports multiple different user roles with permissions according to the user's role, rather than access required to a repository.
  • Compliance Settings Define and enforce compliance policies on specific projects, groups, and users.
  • Credentials Inventory Keep track of all the credentials that can be used to access the GitLab self-managed instance.
  • Protected Branches Control unauthorized modifications to specific branches - including creating, pushing, deleting of a branch - without adequate permissions or approvers.

Compliant Workflow Automation

"Organizations are facing an increasing number of regulatory obligations and more stringent enforcement, so automating compliance will become even more valuable to I&O [Infrastructure and Operations] leaders" (Gartner®, Hype Cycle™ for Agile and DevOps, 2021, Herschmann, Joachim and Spafford, George, 2021). GitLab enables powerful compliance automation through enforcing policies and separation of duties while reducing overall business risk.

  • Compliance Framework Project Labels Clearly delineate which projects need certain compliance controls and which do not. Easily apply common compliance settings to a project with a label.
  • Compliance Framework Pipelines Define compliance jobs that should be run in every pipeline to ensure that security scans are run, artifacts are created and stored, or any other steps required by your organizational requirements. These jobs are automatically merged with the project's jobs, enabling developers to stay focused on adding business value while still remaining compliant.
  • Compliance Framework Project Templates Create projects that map to specific audit protocols such as HIPAA - to help maintain an audit trail & manage compliance programs. Templates are managed by admins to ensure consistent and compliant use.

Audit Management

Audits require traceability of compliance events to show what happened, when it happened, and who did it. GitLab's robust audit event system records this for the most important actions and provides mulitple ways to consume the results.
  • Audit Events Aims to satisfy organizational audit logging requirements within the UI or via API.
  • Compliance Dashboard Provide compliance insights in a consolidated view with all relevant compliance signals such as segregation of duties, framework compliance, license compliance, pipeline and MR results. Currently, the dashboard focuses on most recently merged MR activity.

GitLab for Compliance Frameworks

GitLab eased SOC 2 Audit for Chorus.ai

During a recent audit for SOC2 compliance, the auditors said that Chorus had the fastest auditing process they have seen and most of that is due to the capabilities of GitLab

Russell Levy
Co-Founder, and Chief Technology Officer, Chorus.ai
Read full story

Help and More Information

GARTNER and HYPE CYCLE are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved..

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license
View page source — Edit in Web IDE — please contribute. Creative Commons License