Compliance management with Gitlab¶
Veit Schiele
14 February 2021
~2 minutes
A compliance management system comprises all measures, structures and processes that are to be carried out in compliance with rules. With GitLab, compliance management can be realised that integrates seamlessly into the software development process and can be connected to other systems. This makes it easier for teams to keep up with changing regulations and emerging risks.
In detail, GitLab supports
managing rules and policies
automating compliance workflows
audit management that logs activities, identifies incidents and proves compliance with rules
security management that checks the security of the source code to track and manage vulnerabilities (→ DevSecOps).
Policy management¶
Rules and policies to be followed can be defined, both internal company policies and policies based on legal or regulatory frameworks such as GDPR, SOC2, PCI-DSS, SOX, HIPAA, ISO, COBIT, FedRAMP, etc. GitLab provides the following functions for this purpose:
- Fine-grained user roles and permissions
GitLab supports five different roles with different permissions
- Compliance settings
Different compliance policies can be set for different projects.
- Inventory
All actions are inventoried.
Automate compliance workflows¶
Once the policies and rules are established, the processes can be automated, for example through
- Project templates
Project templates with specific audit protocols and audit trails, such as HIPAA, can be created.
- Project label
Depending on the policy, different labels can be predefined for projects and tasks.
Audit management¶
Compliance audits require the traceability of various events such as user actions, changes to authorisations or approvals.
Related content¶
