We're committed to Information Security

GitLab Trust Center

It's our mission to be the leading example in security, innovation, and transparency.
security-hero

We take compliance seriously

At GitLab, we know how much security, privacy and accessibility matters to our customers and stakeholders.

Learn more about GitLab security compliance controls.

Customer Assurance Package

For detailed information on our Security and Compliance posture, see our Customer Assurance Package.
Learn More
Compliance & Assurance Credentials
SOC NonCPA
SOC Certification
GitLab maintains SOC 2 Type 2 and SOC 3 reports for the Security, Confidentiality and Availability Trust Services Criteria for GitLab.com. GitLab maintains SOC 2 Type 1 report for the Security, and Confidentiality Trust Services Criteria for GitLab Dedicated.
Learn More
27001
ISO/IEC 27001:2013 Certification
GitLab maintains ISO/IEC 27001:2013 certification for the information security management system supporting the supporting the GitLab software-as-a-service (SaaS) subscriptions, GitLab.com and GitLab Dedicated.
Learn More
27017
ISO/IEC 27017:2015 Standard
ISO/IEC 27017:2015 established guidelines for information security controls applicable to the provision and use of cloud services. GitLab maintains ISO/IEC 27017:2015 compliance for GitLab software-as-a-service (SaaS) subscriptions, GitLab.com and GitLab Dedicated.
Learn More
27018
ISO/IEC 27018:2019 Standard
ISO/IEC 27018:2019 establishes guidelines for implementing measures to protect Personally Identifiable Information (PII) in the cloud. GitLab maintains ISO/IEC 27018:2019 compliance for GitLab software-as-a-service (SaaS) subscriptions, GitLab.com and GitLab Dedicated.
Learn More
vpat
VPAT Compliance
GitLab's Accessibility Conformance Report shows our commitment to maintaining a product where everyone can contribute.
Learn More
gdpr
GDPR Compliance
GitLab is compliant with GDPR requirements.
Learn More
BitSight Logo Tagline
Bitsight Security Rating
GitLab maintains an advanced Bitsight security rating for our production environment.
Learn More
CSA Trusted Cloud Provider badge
CSA Trusted Cloud Provider
GitLab is a Cloud Security Alliance (CSA) Trusted Cloud Provider.
Learn More

Security topics

More security post

Blog

Monitor your web attack surface with GitLab CI/CD and GitLab Pages

Use this tutorial to build an automated web application screenshot report.

Read post

Blog

Why 2022 was a record-breaking year in bug bounty awards

Find out about the researchers who together earned more than $1 million USD in prizes and their bug hunting contributions.

Read post

Blog

Achieve SLSA Level 2 compliance with GitLab

Compliance mandates call for controls to prevent software tampering, improve integrity of builds and artifacts, and support attestation.

Read post
cap-hero

Customer Assurance Package

Learn about our Security and Compliance posture.

Reach out to our Security Team if you have questions or concerns

Contact our Security Team

Get security release notifications and alerts delivered to your inbox

Sign up for security notices
Resources

Security solutions with GitLab

Explore more Solutions

DevSecOps

GitLab empowers your teams to balance speed and security by automating software delivery and securing your end-to-end software supply chain.

Learn more

Continuous Software Compliance

Integrating security into your DevOps lifecycle is easy with GitLab.

Learn more

Software Supply Chain Security

Ensure your software supply chain is secure and compliant.

Learn more

Take GitLab for a spin

See what your team could do with The DevSecOps Platform.

Get free trial
Headshots of three people

Have a question? We're here to help.

Talk to an Expert