← Back to all integrations
Create an inventory of your code repos in Comply and run checks to ensure they are configured securely
Install

Integration Details

Integrating with GitLab will create an inventory of your code repos in Comply and run checks to ensure they are configured securely as well as merge requests have approvals and pass CI tests.

Automatically update your Asset Inventory

Keep track of your in-scope code repos automatically. Comply maintains this list over time, so you’ll be able to more quickly react to requests from auditors when they are investigating your SDLC policies.

Automatically trigger activities on repo changes

You can leverage Ticket Templates to automatically trigger processes when code repos are added or removed from GitLab (e.g. conduct a risk analysis when a code repo is created or remove sensitive data the code repository was utilizing).

Automatic SDLC evidence

Comply will automatically record every Pull Request merged as an event and then process them using pre-configured checks to provide evidence that your SDLC policies are being followed and visibility into when they are not being followed. The Checks that come with integration will generate healthy evidence for "Approved" and "CI Success" tagged events and unhealthy evidence for all others.

Ensuring secure settings

When syncing your code repos, Comply automatically checks them for secure settings.

How to use Aptible and GitLab

  • Run automated checks on security configuration and changes to repos.
  • Trigger notifications to designated asset owners when changes are made to security configurations and when repos are created without the required permissions.
  • Automatically collect evidence of changes, issues, and remediations.

Assets synced
  • Code Repositories
Controls Automated
  • Secure System Development
EVIDENCE CHECKS PERFORMED
Automated Testing

CI status for each closed pull request is logged as evidence

Branch Protection Enabled

Branch protection means that code requires a review before merging - that’s an important Change Management control that your auditor will want to see when investigating your Secure Software Development Lifecycle procedures.

Change Management

Approval status for each closed pull request is logged as evidence

Integration scopes
  • Read: Specified repos
  • Permission: Read Only API token