Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

GitLab's Mission

At GitLab, we're committed to Information Security. It is GitLab’s mission to make it so that everyone can contribute, and it's our Security Division's mission to enable everyone to innovate and succeed on a safe, secure, and trusted DevSecOps platform. To learn more, visit the security section of our handbook.

GitLab's AI Transparency Center can be found here.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
CSA Trusted Cloud Provider Logo
CSA Trusted Cloud Provider
GDPR Logo
GDPR
ISO/IEC 27001 Logo
ISO/IEC 27001
ISO/IEC 27017 Logo
ISO/IEC 27017
ISO/IEC 27018 Logo
ISO/IEC 27018
ISO/IEC 42001:2023 Logo
ISO/IEC 42001:2023
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
TISAX Logo
TISAX
VPAT Logo
VPAT

Documents

Featured Documents

REPORTSPenetration Test Executive Summary (Pentest)
COMPLIANCEISO/IEC 27001
COMPLIANCESOC 2

Policies

Acceptable Use Policy
Access Management Policy
Audit Logging Policy
View more

AI

AI Risk Management
AI Transparency Center
Prompt Guardrails

Security Asset Portfolio

Namespace Isolation in GitLab.com

Self-Assessments

CAIQ
SIG Core

Public Sector

U.S. Army DSOP

Product Security

2-Factor Authentication
Audit Logging
Compromised Password Detection
View more

Data Security

Data Backups
Data Retention
Encryption in-transit
View more

App Security

Bug Bounty Program
HackerOne Mark
Software Bill of Materials (SBOM)
Code Analysis
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Anti-DDoS
Business Continuity & Disaster Recovery Test Report (BC/DR)
View more

Network Security

DMARC
Firewall
Security Information and Event Management

Corporate Security

Email Protection
Employee Training
HR Security
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Risk Profile

Data Access LevelInternal
Impact LevelSubstantial
Critical DependenceNo
View more

Reports

GitLab.com Data Security Overview
ISO/IEC 42001
Penetration Test Executive Summary (Pentest)

Data Privacy

Cookies
Data Breach Notifications
Data Privacy Contact
View more

Legal

Subprocessors
Cyber Insurance
Data Processing Agreement
View more

ESG/Sustainability

AI-Related Emissions
CDP Disclosure
Green DevOps
View more

Security Grades

Qualys SSL Labs
gitlab.com
A+
Knowledge Base (FAQ)
  • Is there an established formal, documented, and leadership-sponsored enterprise risk management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks?
  • Are policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained for all endpoints?
  • Are logging and monitoring policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained?
  • Are key management system processes, procedures, and technical measures being defined, implemented, and evaluated to track and report all cryptographic materials and status changes that include legal and regulatory requirements provisions?
  • Are information governance program policies and procedures sponsored by organizational leadership established, documented, approved, communicated, applied, evaluated, and maintained?
View more
Trust Center Updates

Updated Bridge Letter is Now Available

Copy link
Compliance

GitLab's 2025-2026 SOC 2 Bridge Letter is now available for both GitLab.com and GitLab Dedicated.

Updated SOC Reports and ISO Certificate!

Copy link
Compliance

The 2025 GitLab.com and GitLab Dedicated SOC 2 reports are now available on the Trust Center. GitLab's ISO certificate, which covers ISO 27001, 27017, and 27018, is also available on the Trust Center in English, French, German, and Japanese.

The 2024 GitLab.com and GitLab Dedicated SOC2 reports are now available on the trust center. GitLab's ISO certificate, which covers ISO 27001, 27017, and 27018 is also available on the trust center in English, French, German, and Japanese.

PCI DSS AoC is Now Available

Copy link
Compliance

GitLab's PCI DSS AoC - SAQ D for Service Providers is now available for GitLab.com. Please visit the Trust Center to download the Attestation of Compliance (AoC), Responsibility Matrix, and Pentest Letter of Attestation.

GitLab's PCI DSS AoC - SAQ D for Service Providers is now available for GitLab.com. Please visit the Trust Center to download the AoC and the Responsibility Matrix.

ISO 42001 Certification

Copy link
Compliance

GitLab has achieved ISO/IEC 42001 certification for AI governance. You can access the certificate on our trust center.

Updated Penetration Test Executive Summary

Copy link
General

GitLab has published its FY26 Penetration Test Executive Summary reports. The reports cover both GitLab.com and GitLab Dedicated. Please download the reports from the trust center at your convenience.

GitLab has published its FY25 Penetration Test Executive Summary report. The report covers both GitLab.com and GitLab Dedicated. Please download the report from the trust center at your convenience.

If you think you may have discovered a vulnerability, please send us a note.
Report issue