Compliance management with Gitlab

by Veit Schiele last modified 2021-02-14T20:40:18+02:00
A compliance management system comprises all measures, structures and processes that are to be carried out in compliance with rules. With GitLab, compliance management can be realised that integrates seamlessly into the software development process and can be connected to other systems. This makes it easier for teams to keep up with changing regulations and emerging risks.

In detail, GitLab supports

  • managing rules and policies
  • automating compliance workflows
  • audit management that logs activities, identifies incidents and proves compliance with rules
  • security management that checks the security of the source code to track and manage vulnerabilities (→ DevSecOps).

Policy management

Rules and policies to be followed can be defined, both internal company policies and policies based on legal or regulatory frameworks such as GDPR, SOC2, PCI-DSS, SOX, HIPAA, ISO, COBIT, FedRAMP, etc. GitLab provides the following functions for this purpose:

Fine-grained user roles and permissions
GitLab supports five different roles with different permissions
Compliance settings
Different compliance policies can be set for different projects.
Inventory
All actions are inventoried.

Automate compliance workflows

Once the policies and rules are established, the processes can be automated, e.g. through

Project templates
Project templates with specific audit protocols and audit trails, such as HIPAA, can be created.
Project label
Depending on the policy, different labels can be predefined for projects and tasks.

Audit management

Compliance audits require the traceability of various events such as user actions, changes to authorisations or approvals.


[1]ISO 19600:2014 Compliance management systems — Guidelines