Gitlab Duo Regulatory Compliance

Hi, I am not able to find any information about Gitlab Duo’s regulatory compliance like SOC2. I know there is a Gitlab Trust Centre which lists some compliance certificates, but I don’t think they extend to the Duo product. Can someone provide more information in this regard?

Hi @Awayah,

Yes, GitLab Trust Center site lists all the up-to-date certifications.

Specifically, about wether our compliance certificates extend to Duo, I can say the following:

  1. For SaaS:

    1. GitLab’s ISO 27001 certification is over the information security management system (ISMS) supporting GitLab SaaS Subscriptions, and GitLab Dedicated. GitLab SaaS includes GitLab Duo.
    2. GitLab Duo is not currently included in GitLab’s existing SOC 2 Type 2 certifications. GitLab intends to include GitLab Duo in our next SOC 2 Type 2 reports for and GitLab Dedicated, which have the reporting period of 2023-11-01 - 2024-10-31, with estimated report issuance in December 2024.
  2. Self-Managed: GitLab external certifications are not applicable to self-managed customers as the customer is responsible for the administration of their environment.

I hope this helps and if not please, let me know what else you need.

Note: this page might also be interesting to you: AI Transparency Center | GitLab. But the compliance certificates are all in the GitLab Trust Center.


Thank you for the information!