At GitLab, your data is protected

Customer Assurance Package

We believe that transparency is critical to our success. We want all GitLab customers to be empowered with confidence and trust that their data is protected.

cap-hero

Stay current on security best practices

Our Customer Assurance Packages (CAPs) are designed to provide GitLab customers and community members with self-serve access to the most current information about our Security and Compliance posture. Whether completing a GitLab.com security assessment or just wanting to learn more about GitLab security practices, this is your one stop shop.

GitLab Trust Center

For more details about GitLab's trust practices, visit the GitLab Trust Center.
Learn More
Community Package
The first step on the trust journey, this package is a compilation of publicly available documentation designed to introduce GitLab’s approach to security. All the documents in the Community Package are included in the Customer Packages.
Download now
Continuously updated, check back often
GitLab.com Package
This package provides detailed security information to prospective and existing GitLab.com SaaS and self-managed customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.

  • October 2021 SOC 2 Type 2 Report


  • October 2022 SOC 2 Type 2 Report and Bridge Letter


  • Annual GCP SOC 3 Report (GitLab.com Hosting Provider)


  • Annual GitLab Business Continuity and Disaster Recovery Test Executive Summary


  • Annual Third Party Penetration Test Executive Summary


  • ISO/IEC 27001, 27017, 27018 Customer Summary Letter


  • Transfer Impact Assessment Guide for Customers


  • TISAX Self-Attestation


  • GitLab Technical Report: Securing GitLab.com Customer Data

Request by Email
Or send a request directly to your account manager
GitLab Dedicated Package
This package provides detailed security information to prospective and existing GitLab Dedicated customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.

  • Introducing GitLab Dedicated, our new single-tenant SaaS offering


  • October 2022 SOC 2 Type 1 Report


  • ISO/IEC 27001, 27017, 27018 Customer Summary Letter


  • Annual AWS SOC 3 Report (GitLab Dedicated Hosting Provider)


  • GitBITS on GitLab Dedicated Data Residency


  • GitBITS on GitLab Dedicated in 1 Minute


  • GitLab Technical Report: Securing GitLab Dedicated Customer Data

Request by Email
Or send a request directly to your account manager
U.S. Public Sector Package
This package provides detailed security information to prospective and existing U.S. Public Sector customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.

  • NIST SSDF Self-Attestation


  • NIST SSDF Attestation Letter

Request by Email
Or send a request directly to your account manager
GitLab SBOMs
This package provides SBOMs for GitLab core and features.
Download now
Or send a request directly to your account manager

Security solutions with GitLab

Explore more Solutions

DevSecOps

GitLab empowers your teams to balance speed and security by automating software delivery and securing your end-to-end software supply chain.

Learn more

Continuous Software Compliance

Integrating security into your DevOps lifecycle is easy with GitLab.

Learn more

Software Supply Chain Security

Ensure your software supply chain is secure and compliant.

Learn more

Take GitLab for a spin

See what your team could do with The DevSecOps Platform.

Get free trial
Headshots of three people

Have a question? We're here to help.

Talk to an Expert