DevSecOps with GitLab

Integrating security into your DevOps lifecycle is easy with GitLab. Security and compliance are built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software.

Image: devsecops with gitlab

The DevOps platform that simplifies DevSecOps

GitLab is known for industry-leading Source Code Management (SCM) and Continuous Integration (CI). Developers want to use GitLab. We make it easy for them to develop more secure and compliant software. The GitLab DevOps platform shifts both security and compliance earlier in the development process with consistent pipelines that automate scanning and policies. Uniting developers and security pros within one platform streamlines vulnerability management for both and improves collaboration.

  • Application security testing and remediation. With every code commit, GitLab provides actionable vulnerability findings to developers while helping security pros manage remaining vulnerabilities through resolution.

  • Cloud Native Application Protection. GitLab helps you monitor and protect your deployed containerized applications.

  • Policy Compliance and Auditability. GitLab’s MR approvals, end-to-end transparency of who changed what, when, and where, along with a compliance dashboard and common controls help you meet your compliance needs.

  • SDLC Platform Security. See how we secure the GitLab software.

The Gitlab Difference


One platform, one price, with comprehensive application security.


Compliance framework for consistency, common controls, policy automation.


See who changed what, where, when, end-to-end.

DevSecOps simplified

Continuous security testing capabilities

Capabilities included within the GitLab Ultimate tier

Comprehensive Application Security Scanning for developers

Shift security left to empower developers to find and fix security flaws as they are created.

Vulnerability Management for security pros

Assess and triage vulnerabilities that remain after code changes are merged.

Security and Compliance Governance

Automate security and compliance policies across your software development lifecycle.

  • Compliant pipelines for consistent use of security policies. Security configuration via check-boxes and granular controls - no need to code pipelines.

  • Security dashboards at the project, group, and instance level, along with a personalized view of specific projects.

  • Policy management for MR approvals, separation of duties and other common controls, including a Compliance Report.

Cloud native security

Additional Capabilities within GitLab Ultimate

  • Fuzz Testing - Fuzz testing acquisitions have been integrated alongside other scanners in the merge request pipeline. Apply this powerful technology to automatically test for unknown security flaws with coverage-guided fuzzing and API fuzzing
  • Offline Environments - self-managed customers can run most of the GitLab security scanners when not connected to the internet
  • Mobile app testing - Test mobile applications within your CI pipeline including Kotlin, Swift, Objective-C, and Java.

Capabilities included within all GitLab tiers

Basic Application Security

  • SAST and Secret Detection are automatically includeed in your CI pipelines - with no integration required.

  • Provide basic scan results to the developer at code commit, before code is merged. Results may be downloaded for analysis. Note that use of interactive findings in the Vulnerability Report requires the GitLab Ultimate tier.

Why integration matters for DevSecOps

  • Every piece of code is tested upon commit for security threats, without incremental cost.
  • The developer can remediate now, while they are still working in that code, or create an issue with one click.
  • The security pro can see and manage unresolved vulnerabilities captured as a by-product of software development.
  • Single source of truth can focus collaboration on remediation, eliminating translation and finger pointing.
  • A single tool reduces cost to buy, integrate and maintain point solutions throughout the DevOps pipeline.

Meeting your business objectives

We welcome your feedback and contribution to our vision and roadmap

Shift security and compliance left

Empower developers to find and fix flaws.

  • Keep it simple. No need to integrate and maintain disparate tools. One tool, one price
  • Findings from all scanners within the developer's pipeline.

Consistently compliant pipelines

Easily ensure pipelines consistently meet policy requirements

Software Supply Chain Security

Protect your applications and their surrounding infrastructure.

  • Manage security policies across the software development lifecyle.
  • Auditability and traceability to see who changed what, where, from planning through production.


Take GitLab for a spin

See what your team could do with the One DevOps Platform.

Get free trial
Headshots of three people

Have a question? We're here to help.

Talk to an expert