Customer Assurance Package
We believe that transparency is critical to our success. We want all GitLab customers to be empowered with confidence and trust that their data is protected.
At GitLab, your data is protected
Stay current on security best practices
Our Customer Assurance Packages (CAPs) are designed to provide GitLab customers and community members with self-serve access to the most current information about our Security and Compliance posture. Whether completing a GitLab.com security assessment or just wanting to learn more about GitLab security practices, this is your one stop shop.
GitLab Trust Center
For more details about GitLab's trust practices, visit the GitLab Trust Center.
Learn More
Community Package
The first step on the trust journey, this package is a compilation of publicly available documentation designed to introduce GitLab’s approach to security. All the documents in the Community Package are included in the Customer Packages.
October 2021 GitLab.com SOC 3 Report
October 2022 GitLab.com SOC 3 Report
Standard Information Gathering (SIG) Questionnaire for GitLab.com
Standard Information Gathering (SIG) Questionnaire for GitLab Dedicated
BitSight Security Report for GitLab.com
GitLab Technical Report: Securing GitLab's Supply Chain
GitLab Technical Report: SSDF Guide to Compliance
Annual PCI DSS SAQ-A Self-Assessment
FIPS 140-2 Attestation
Continuously updated, check back often
GitLab.com Package
This package provides detailed security information to prospective and existing GitLab.com SaaS and self-managed customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.
October 2021 SOC 2 Type 2 Report
October 2022 SOC 2 Type 2 Report and Bridge Letter
Annual GCP SOC 3 Report (GitLab.com Hosting Provider)
Annual GitLab Business Continuity and Disaster Recovery Test Executive Summary
Annual Third Party Penetration Test Executive Summary
ISO/IEC 27001, 27017, 27018 Customer Summary Letter
Transfer Impact Assessment Guide for Customers
TISAX Self-Attestation
GitLab Technical Report: Securing GitLab.com Customer Data
Or send a request directly to your account manager
GitLab Dedicated Package
This package provides detailed security information to prospective and existing GitLab Dedicated customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.
Introducing GitLab Dedicated, our new single-tenant SaaS offering
October 2022 SOC 2 Type 1 Report
ISO/IEC 27001, 27017, 27018 Customer Summary Letter
Annual AWS SOC 3 Report (GitLab Dedicated Hosting Provider)
GitBITS on GitLab Dedicated Data Residency
GitBITS on GitLab Dedicated in 1 Minute
GitLab Technical Report: Securing GitLab Dedicated Customer Data
Or send a request directly to your account manager
U.S. Public Sector Package
This package provides detailed security information to prospective and existing U.S. Public Sector customers for completing vendor security assessments. Due to the sensitive nature of the documentation, an NDA is required to be in place prior to sharing.
NIST SSDF Self-Attestation
NIST SSDF Attestation Letter
Or send a request directly to your account manager
GitLab SBOMs
This package provides SBOMs for GitLab core and features.
Download now
Or send a request directly to your account manager
Resources
Security solutions with GitLab
Explore more Solutions
DevSecOps
GitLab empowers your teams to balance speed and security by automating software delivery and securing your end-to-end software supply chain.
Learn more
Continuous Software Compliance
Integrating security into your DevOps lifecycle is easy with GitLab.
Learn more
Software Supply Chain Security
Ensure your software supply chain is secure and compliant.
Learn more