Integrating with GitLab will create an inventory of your code repos in Comply and run automations to ensure they are configured securely as well as merge requests have approvals and pass CI tests.
Not all of your code repos will be in scope of your ISMS. By maintaining this list over time, you’ll be able to more quickly react to requests from auditors and customers when they are investigating your SDLC policies.
You can leverage procedures to automatically trigger processes when code repos are added or removed from GitLab (e.g. conduct a risk analysis when a code repo is created or remove sensitive data the code repository was utilizing).
When syncing your code repos, we automatically check them for secure settings and collect evidence of all correct instances as well as create an issue and collect evidence for all non-secure settings identified.
Comply will automatically record every Pull Request merged as an event and then process them using pre-configured checks to provide evidence that your SDLC policies are being followed and visibility into when they are not being followed. The automations that come with integration will generate healthy evidence for "Approved" and "CI Success" tagged events as well as unhealthy evidence and an issue for all others.