In 2002 the United States Congress passed the Sarbanes-Oxley Act, also known as SOX to help protect the public from fraudulent practices by corporations. For publicly traded companies, SOX compliance is critical. The software development process of these organizations must be designed, developed, tested, and deployed in ways that adhere to SOX compliance.
GitLab can help you meet SOX IT General Controls (ITGC) compliance requirements by providing you a powerful set of features that support best practice in software development from a single platform.
New features are added to GitLab every month.
| Solution | Tier | SaaS / Self-Managed |
|---|---|---|
| LDAP synchronization | Premium | Self-Managed |
| SAML group sync | Premium | SaaS & Self-Managed |
| SCIM for Self-Managed Instances | Premium | Self-Managed |
| Users with Minimal access | Premium | SaaS & Self-Managed |
| User permissions export | Premium | Self-Managed |
| Account deletion | Premium | SaaS & Self-Managed |
| Group access and permissions | Premium | SaaS & Self-Managed |
| Restrict project and group access by using impersonation | Premium | SaaS & Self-Managed |
| Confidential issues | Premium | SaaS & Self-Managed |
| Protected branches | Premium | SaaS & Self-Managed |
| Auditor users | Premium | Self-Managed |
| Solution | Tier | SaaS / Self-Managed |
|---|---|---|
| Disable signups | Premium | Self-Managed |
| Installation security | Premium | SaaS & Self-Managed |
| Two-factor auth | Premium | SaaS & Self-Managed |
| Verified authors with signed commits | Premium | SaaS & Self-Managed |
| Ensure removed users cannot invite themselves back | Premium | SaaS & Self-Managed |
| Secret detection | Premium | SaaS & Self-Managed |
| Group and project access report | Premium | SaaS & Self-Managed |
| Audit events | Premium | SaaS & Self-Managed |
| Log system | Premium | Self-Managed |
| Incident management | Premium | SaaS & Self-Managed |
| Alerts | Premium | SaaS & Self-Managed |
| Monitor GitLab with Prometheus | Premium | Self-Managed |
| Application security | Ultimate | SaaS & Self-Managed |
| Compliance reports | Ultimate | SaaS & Self-Managed |
| Security dashboard | Ultimate | SaaS & Self-Managed |
| Vulnerability reports | Ultimate | SaaS & Self-Managed |
| Vulnerability pages | Ultimate | SaaS & Self-Managed |
| Vulnerability severity levels | Ultimate | SaaS & Self-Managed |
| Dependency list | Ultimate | SaaS & Self-Managed |
| Credentials inventory | Ultimate | Self-Managed |
| Solution | Tier | SaaS / Self-Managed |
|---|---|---|
| Backup and restore GitLab | Premium | Self-Managed |
| Encrypted system configuration | Premium | Self-Managed |
| SSL configuration | Premium | Self-Managed |
| PostgreSQL replication and failover | Premium | Self-Managed |
| Audit event streaming | Ultimate | SaaS & Self-Managed |
| Solution | Tier | SaaS / Self-Managed |
|---|---|---|
| MR approval rules | Premium | SaaS & Self-Managed |
| Push rules | Premium | SaaS & Self-Managed |
| Code owners | Premium | SaaS & Self-Managed |
| Enable delayed project deletion | Premium | SaaS & Self-Managed |
| View description of change history | Premium | SaaS & Self-Managed |
| Security policies | Ultimate | SaaS & Self-Managed |
| MR security approvals | Ultimate | SaaS & Self-Managed |
| Requirements management | Ultimate | SaaS & Self-Managed |
| Status checks | Ultimate | SaaS & Self-Managed |
| License approval policies | Ultimate | SaaS & Self-Managed |
THE INFORMATION PROVIDED ON THIS WEBSITE IS TO BE USED FOR INFORMATIONAL PURPOSES ONLY. THE INFORMATION SHOULD NOT BE RELIED UPON OR CONSTRUED AS LEGAL OR COMPLIANCE ADVICE OR OPINIONS. THE INFORMATION IS NOT COMPREHENSIVE AND WILL NOT GUARANTEE COMPLIANCE WITH ANY REGULATION OR INDUSTRY STANDARD. YOU MUST NOT RELY ON THE INFORMATION FOUND ON THIS WEBSITE AS AN ALTERNATIVE TO SEEKING PROFESSIONAL ADVICE FROM YOUR ATTORNEY AND/OR COMPLIANCE PROFESSIONAL.