Compliance standards adherence dashboard

Tier: Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated
History

The compliance standards adherence dashboard lists the adherence status of projects complying to the GitLab standard.

When a project is added, or an associated project or group setting is changed, an adherence scan is run on that project to update the standards adherence for that project. The field in the Date since last status change column reflects the date of the initial status and any subsequent changes to the status.

View the compliance standards adherence dashboard

Prerequisites:

  • You must be an administrator or have the Owner role for the project or group.

To view the compliance standards adherence dashboard:

  1. On the left sidebar, select Search or go to and find your project or group.
  2. Select Secure > Compliance center.

You can filter the compliance standards adherence dashboard on:

  • The project that the check was performed on.
  • The type of check that was performed on a project.
  • The standard that the check belongs to.

You can group the compliance standards adherence dashboard on:

  • The project that the check was performed on.
  • The type of check that was performed on a project.
  • The standard that the check belongs to.

GitLab standard

The GitLab standard consists of the following rules:

  • Prevent authors as approvers.
  • Prevent committers as approvers.
  • At least two approvals.
  • Static Application Security Testing (SAST) scanner artifact.
  • Dynamic Application Security Testing (DAST) scanner artifact.

Prevent authors as approvers

To comply with the GitLab standard, you must prevent users from approving their own merge requests. For more information, see Prevent approval by author.

On self-managed GitLab, when instance-level setting for prevent approval by author is updated, the adherence status for all the projects on the instance is not updated automatically. To update the adherence status for these projects, the group-level or the project-level setting must be updated.

Prevent committers as approvers

To comply with the GitLab standard, you must prevent users from approving merge requests where they’ve added commits. For more information, see Prevent approvals by users who add commits.

On self-managed GitLab, when instance-level setting for prevent approvals by users who add commits is updated, the adherence status for all the projects on the instance is not updated automatically. To update the adherence status for these projects, the group-level or the project-level setting must be updated.

At least two approvals

To comply with the GitLab standard, you must have at least two users approve a merge request to get it merged. For more information, see Merge request approval rules.

SAST scanner artifact

To comply with the GitLab standard, you must have the SAST scanner enabled, configured, and producing an artifact in the project’s pipeline. For more information, see Static Application Security Testing (SAST).

DAST scanner artifact

To comply with the GitLab standard, you must have the DAST scanner enabled, configured, and producing an artifact in the project’s pipeline. For more information, see DAST on-demand scan.

SOC 2 standard

History
  • At least one non-author approval SOC 2 check introduced in GitLab 16.10.

The SOC 2 standard consists of one rule:

  • At least one non-author approval.

At least one non-author approval

To comply with the SOC 2 standard, you must:

These settings are available for an entire self-managed GitLab instance. However, when these settings are updated at the instance level, the adherence status for all the projects on the instance is not updated automatically. To update the adherence status for these projects, you must update the group-level or project-level setting. For more information on the instance-level settings, see:

Export compliance standards adherence report for projects in a group

History
  • Introduced in GitLab 16.8 with a flag named compliance_standards_adherence_csv_export. Disabled by default.
  • Generally available in GitLab 16.9. Feature flag compliance_standards_adherence_csv_export removed.

Exports the contents of a standards adherence report for projects in a group. Reports are truncated at 15 MB to avoid a large email attachment.

Prerequisites:

  • You must be an administrator or have the Owner role for the group.

To export the compliance standards adherence report for projects in a group:

  1. On the left sidebar, select Search or go to and find your group.
  2. Select Secure > Compliance center.
  3. In the top-right corner, select Export.
  4. Select Export standards adherence report.

A report is compiled and delivered to your email inbox as an attachment.