GitLab is known for industry-leading Source Code Management (SCM) and Continuous Integration (CI). Developers want to use GitLab. We make it easy for them to develop more secure and compliant software. The GitLab DevOps platform shifts both security and compliance earlier in the development process with consistent pipelines that automate scanning and policies. Uniting developers and security pros within one platform streamlines vulnerability management for both and improves collaboration.
Application security testing and remediation. With every code commit, GitLab provides actionable vulnerability findings to developers while helping security pros manage remaining vulnerabilities through resolution.
Cloud Native Application Protection. GitLab helps you monitor and protect your deployed containerized applications.
Policy Compliance and Auditability. GitLab’s MR approvals, end-to-end transparency of who changed what, when, and where, along with a compliance dashboard and common controls help you meet your compliance needs.
SDLC Platform Security. See how we secure the GitLab software.
Continuous security testing capabilities
Shift security left to empower developers to find and fix security flaws as they are created.
Automatically include application security testing in your CI pipelines - one tool, one cost, one user interface, one source of truth to unite dev and sec.
Provide actionable scan results to the developer to assess and resolve potential vulnerabilities at code commit, before code is merged - even for DAST.
Auto Remediation automatically creates a patch to resolve some vulnerabilities.
Scanners include SAST , DAST, Dependency scanning, License Compliance, Container scanning, Cluster Image Scanning, web API testing, Infrastructure-as-code](https://docs.gitlab.com/ee/user/application_security/iac_scanning/) (IaC) testing, Secret Detection
Assess and triage vulnerabilities that remain after code changes are merged.
Dynamically test running web applications on demand for known runtime vulnerabilities.
Show all dependencies used in a project via a Dependency List (also called a Bill of Materials).
Automate security and compliance policies across your software development lifecycle.
Compliant pipelines for consistent use of security policies. Security configuration via check-boxes and granular controls - no need to code pipelines.
Security dashboards at the project, group, and instance level, along with a personalized view of specific projects.
Container scanning, cluster image scanning, Infrastructure-as-code (IaC) scanning , web API fuzzing. All scan results are provided to the developer within their CI pipeline alongside more traditional scan results - no do-it-yourself integration is required.
Alerts and protection for applications deployed in connected Kubernetes clusters. At the network layer, Container Network Security filters traffic going in and out of the cluster and traffic between pods inside the cluster. Inside the container, Container Host Security can monitor and block activity inside the containers themselves.
Provide basic scan results to the developer at code commit, before code is merged. Results may be downloaded for analysis. Note that use of interactive findings in the Vulnerability Report requires the GitLab Ultimate tier.
We welcome your feedback and contribution to our vision and roadmap