2024/2025 Bridge Letter is Now Available

Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

At GitLab, we're committed to Information Security. It is GitLab’s mission to make it so that everyone can contribute, and it's our Security Division's mission to enable everyone to innovate and succeed on a safe, secure, and trusted DevSecOps platform. To learn more, visit the security section of our handbook.

GitLab's AI Transparency Center can be found here.

Documents

Featured Documents

REPORTSPenetration Test Executive Summary (Pentest)
Knowledge Base (FAQ)
    Is an SDLC process defined and implemented for application design, development, deployment, and operation per organizationally designed security requirements?
    Does GitLab have a process for handling personal data subject requests?
    Do you have a lawful transfer mechanism to transfer Customer personal data from the UK?
    Does GitLab use a lawful transfer mechanism to transfer Customer personal data from the EEA to GitLab's affiliate sub-processors in third-countries?
    Does GitLab use a lawful transfer mechanism to transfer Customer personal data from the EEA to GitLab's third-party sub-processors in third-countries?
View more
Trust Center Updates

2024/2025 Bridge Letter is Now Available

Compliance
Copy link

GitLab's 2024/2025 SOC2 Bridge Letter is now available for both GitLab.com and GitLab Dedicated.

Published at N/A

Updated SOC Reports and ISO Certificate!

Compliance
Copy link

The 2024 GitLab.com and GitLab Dedicated SOC2 reports are now available on the trust center. GitLab's ISO certificate, which covers ISO 27001, 27017, and 27018 is also available on the trust center in English, French, German, and Japanese.

Published at N/A

Updated Penetration Test Executive Summary

General
Copy link

GitLab has published its FY25 Penetration Test Executive Summary report. The report covers both GitLab.com and GitLab Dedicated. Please download the report from the trust center at your convenience.

Published at N/A

Documents Updated with Japanese, German, and French Translations

General
Copy link

GitLab has updated the following documents for both GitLab.com and GitLab Dedicated with Japanese, German, and French translations:

  • Securing Customer Data Report
  • GitLab Technical Paper - Securing GitLab's Supply Chain
  • CAIQ
  • ISO Certificate
  • ISO 27001 Summary Letter
Published at N/A

Sisense Incident

Incidents
Copy link

GitLab is aware of a recently reported data breach at Sisense. GitLab does not currently use Sisense for GitLab.com, GitLab Dedicated, or GitLab self-hosted deployments.

GitLab is a former customer of Sisense and at the termination of our contract in March 2024, GitLab rotated secrets as part of our routine security operations. Out of an abundance of caution following the reported data breach, GitLab followed Sisense's recommended remediation measures on 2024-04-11.

We have taken additional measures to identify any unauthorized usage of Sisense related keys, tokens or credentials within GitLab and have not uncovered any suspicious activity to date.

Please reach out if you have any further questions.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo