« Blog Home

How to gain Software Compliance using GitLab ?

In the next article I will explain what Software Compliance is And how the GitLab system can help you achieve this effectively. At the end of the article, there is also access to download an up-to-date and detailed table that we have prepared, detailing all the Compliance capabilities included in GitLab.

software compliance checklist

What is Software Compliance ?

It is a process where you make sure that you develop software or use other software according to a defined set of rules that you must adhere to. This could be code development standards you must meet, information security standards you must meet, or compliance with the legal use of third-party code or libraries according to the licensing policy under which they were released. It is also possible that your organization needs to comply with certain standards (such as ISO, SOC2 and others) so that you can develop the software for your customers, deploy it to the cloud and in general meet licensing conditions, certain standards, any regulation or any security requirements. The ongoing work to achieve such compliance involves monitoring the regulations and usage, strict keeping of documentation and understanding the terms of the software licenses, and hence it is sometimes a continuous and long work that requires a lot of work time and a lot of manpower.

Compliance & GitLab

In GitLab you have dozens of features that will help you achieve compliance in an efficient and convenient way. Some through automation and some through reports and real-time status display. Using these capabilities can save you a lot of work time, and free your people to handle other tasks. We recently prepared an up-to-date and comprehensive table on this topic, which includes all the Compliance capabilities included in GitLab, including:
(this list is partial – you can download the fully detailed list)

    • Policy management
        • Credentials inventory
        • Granular user roles and flexible permissions
        • Merge request approvals
        • Push rules
        • Separation of duties using protected branches
        • Granular user roles and permissions
    • Compliant workflow automation
        • Compliance frameworks
        • Compliance pipelines
        • Compliance framework project labels
    • Audit management
        • Audit events
        • Audit reports
        • Auditor users
        • Compliance Center
    • Vulnerability and dependency management
        • Security dashboards
        • Software bill of materials
    • General
        • External Status Checks
        • Generate reports on permission levels of users
        • License approval policies
        • Lock project membership to group
        • LDAP group sync
        • Restrict SSH Keys

(The above list is partial – the full list can be downloaded below)

For each such ability (and more), the table we prepared lists:

    • Is the capability available at the server level (GitLab Instance), at the GitLab Groups level or at the GitLab Projects level (Some abilities are available at all levels, and some are not)
    • From which edition is the ability available (free / premium / ultimate edition)? Some are available in the free edition and some only in the paid editions (For a complete list of all GitLab capabilities according to release availability, You can contact us [by email – details below] or download from the above link)
    • Is the capability available in Self-managed (installation in a closed network or in a private cloud / managed service)
    • Is available on GitLab SaaS (public cloud)
    • A description of each functionality
    • A URL for further technical information
    • Starting from which release the ability exists (which sometimes represents its maturity level)

This is the latest content we have prepared, based on our accumulated knowledge and it is added to the manufacturer’s information. Here is part of the table:

You can download the complete and latest table here:

To download the full table (an Excel sheet), you can leave an email here, And it will be sent to you immediately to the email address you specified:

Error: Contact form not found.

Some Comments:

    • Please note that some features are not available in GitLab SaaS (public cloud) due to technological limitations of this solution, while all features are available in Self-managed GitLab.
      If you prefer a cloud solution, you can still achieve all capabilities using GitLab in a private cloud (single tenant / Dedicated) as a managed service – we provide this solution – contact us.
    • We update the table from time to time. If you have downloaded it before, you may want to download it again
    • The full document is currently up to date up to edition 16.5 (released on 10/22/2023)

The article was written by ALM-Toolbox – the official GitLab representatives in Israel since 2016. We provide consulting, support, managed services (including a private cloud in Israel), licenses and training for GitLab and complementary tools.
For more details contact us: gitlab@almtoolbox.com or 072-240-5222

Related links: