gitlab-org--gitlab-foss/doc/administration/compliance.md

5.5 KiB

stage group info
Manage Compliance To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

Compliance features (FREE)

You can configure the following GitLab features to help ensure that your GitLab instance meets common compliance standards. Click a feature name for additional documentation.

The security features in GitLab may also help you meet relevant compliance standards.

Feature GitLab tier GitLab SaaS Product level
Restrict SSH Keys
Control the technology and key length of SSH keys used to access GitLab.
Free+ {dotted-circle} No Instance
Granular user roles and flexible permissions
Manage access and permissions with five different user roles and settings for external users. Set permissions according to people's role, rather than either read or write access to a repository. Don't share the source code with people that only need access to the issue tracker.
Free+ {check-circle} Yes Instance, Group, Project
Generate reports on permission levels of users
Administrators can generate a report listing all users' access permissions for groups and projects in the instance.
Premium+ {dotted-circle} No Instance
Enforce TOS acceptance
Enforce your users accepting new terms of service by blocking GitLab traffic.
Free+ {dotted-circle} No Instance
Email all users of a project, group, or entire server
An administrator can email groups of users based on project or group membership, or email everyone using the GitLab instance. This is great for scheduled maintenance or upgrades.
Premium+ {dotted-circle} No Instance
Omnibus package supports log forwarding
Forward your logs to a central system.
Premium+ {dotted-circle} No Instance
Lock project membership to group
Group owners can prevent new members from being added to projects within a group.
Premium+ {check-circle} Yes Group
LDAP group sync
GitLab Enterprise Edition gives administrators the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools.
Premium+ {dotted-circle} No Instance
LDAP group sync filters
GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions.
Premium+ {dotted-circle} No Instance
Audit events
To maintain the integrity of your code, GitLab Enterprise Edition Premium gives administrators the ability to view any modifications made within the GitLab server in an advanced audit events system, so you can control, analyze, and track every change.
Premium+ {check-circle} Yes Instance, Group, Project
Auditor users
Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance.
Premium+ {dotted-circle} No Instance
Credentials inventory
With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance.
Ultimate {dotted-circle} No Instance
Separation of Duties using Protected branches and custom CI Configuration Paths
GitLab Premium users can leverage the GitLab cross-project YAML configurations to define deployers of code and developers of code. View the Separation of Duties Deploy Project and Separation of Duties Project to see how to use this set up to define these roles.
Premium+ {check-circle} Yes Project
Compliance frameworks
Create a custom compliance framework at the group level to describe the type of compliance requirements any child project needs to follow.
Premium+ {check-circle} Yes Group
Compliance pipelines
Define a pipeline configuration to run for any projects with a given compliance framework.
Ultimate {check-circle} Yes Group
Compliance report
Quickly get visibility into the compliance posture of your organization.
Ultimate {check-circle} Yes Group
External Status Checks
Interface with third party systems you already use during development to ensure you remain compliant.
Ultimate {check-circle} Yes Project