DevSecOps with GitLab
Integrating security into your DevOps lifecycle is easy with GitLab. Security and compliance are built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software.
Integrating security into your DevOps lifecycle is easy with GitLab. Security and compliance are built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software.
GitLab is known for industry-leading Source Code Management (SCM) and Continuous Integration (CI). Developers want to use GitLab. We make it easy for them to develop more secure and compliant software. The GitLab DevOps platform shifts both security and compliance earlier in the development process with consistent pipelines that automate scanning and policies. Uniting developers and security pros within one platform streamlines vulnerability management for both and improves collaboration.
Application security testing and remediation. With every code commit, GitLab provides actionable vulnerability findings to developers while helping security pros manage remaining vulnerabilities through resolution.
Cloud Native Application Protection. GitLab helps you monitor and protect your deployed containerized applications.
Policy Compliance and Auditability. GitLab’s MR approvals, end-to-end transparency of who changed what, when, and where, along with a compliance dashboard and common controls help you meet your compliance needs.
SDLC Platform Security. See how we secure the GitLab software.
Simplicity
One platform, one price, with comprehensive application security.
Control
Compliance framework for consistency, common controls, policy automation.
Visibility
See who changed what, where, when, end-to-end.
Continuous security testing capabilities
Shift security left to empower developers to find and fix security flaws as they are created.
Automatically include application security testing in your CI pipelines - one tool, one cost, one user interface, one source of truth to unite dev and sec.
Provide actionable scan results to the developer to assess and resolve potential vulnerabilities at code commit, before code is merged - even for DAST.
Auto Remediation automatically creates a patch to resolve some vulnerabilities.
Scanners include SAST , DAST, Dependency scanning, License Compliance, Container scanning, Cluster Image Scanning, web API testing, Infrastructure-as-code (IaC) testing, Secret Detection
Assess and triage vulnerabilities that remain after code changes are merged.
Security pros can manage vulnerabilities across projects and groups to evaluate and triage vulnerabilities.
Dynamically test running web applications on demand for known runtime vulnerabilities.
Show all dependencies used in a project via a Dependency List (also called a Bill of Materials).
Export findings, import findings from their party scanners and bug bounties. Filter by scanner vendor
Automate security and compliance policies across your software development lifecycle.
Compliant pipelines for consistent use of security policies. Security configuration via check-boxes and granular controls - no need to code pipelines.
Security dashboards at the project, group, and instance level, along with a personalized view of specific projects.
Policy management for MR approvals, separation of duties and other common controls, including a Compliance Report.
SAST and Secret Detection are automatically includeed in your CI pipelines - with no integration required.
Provide basic scan results to the developer at code commit, before code is merged. Results may be downloaded for analysis. Note that use of interactive findings in the Vulnerability Report requires the GitLab Ultimate tier.
We welcome your feedback and contribution to our vision and roadmap
Shift security and compliance left
Empower developers to find and fix flaws.
Consistently compliant pipelines
Easily ensure pipelines consistently meet policy requirements
Software Supply Chain Security
Protect your applications and their surrounding infrastructure.