GitLab's Customer Assurance Activities

Submit a Request!

Questionnaire or Customer Call Request CAP Request Contract Review Request

The above are for GitLab Team Members only. Customers should contact their GitLab Account Owner to initiate their requests. If a customer doesn’t know their Account Owner or does not yet have an assigned Account Owner, they can contact the sales team. Once you have submitted the issue, it is now in our queue and will be assigned to one of our Field Security Engineers when it is next up (please see SLA’s listed below).

Customer Assurance Activity Requests Overview

It’s no surprise that GitLab Customers and Prospects conduct Security due diligence activities prior to contracting with GitLab. We recognize the importance of these reviews and have designed this procedure for GitLab Team Members to request Customer Assurance Activities.

GitLab Team Members

We will start all CAA requests (with the exception of Contract Reviews) by sending the Customer Assurance Package to the customer. The CAP will answer many of the customers questions and will enable us to provide the customer with a more efficient and comprehensive experience. Please select the appropriate box for your request below, it will direct you to an issue template on our board. Please be sure to complete all of the requested information in the template, and please reach out to us in #sec-fieldsecurity with any questions.

Please do not assign the issue. Field Security will assign the issue to the appropriate team member. Thank you!

For Documentation, Questionnaires, and Customer Calls

Please use the Customer Request Box above and follow the instructions.

  • An email address and name should be included so the CAP can be sent to the customer
  • Be sure to include all requested information to expedite the process.
  • ARR or potential ARR is required
  • Customer calls require a preview of the topics the customer would like to cover to ensure we bring in any required subject matter experts for the call.
  • If you are unsure of which type it is, please include as much information as you can and our team will adjust as needed.

For RFP completion

Please follow the directions above for submission, and for more information about our RFP process please view our RFP page here.

For Contract Reviews

Please use the Contract Review Box above and follow the instructions.

Collaborate with Field Security

The Field Security Team also maintains the following resources for GitLab Team Members to collaborate with us!

Customer Feedback Internal Feedback Collateral Request Ad Hoc Request


For information on how Field Security uses AnswerBase and how it can support your workflows, please visit our AnswerBase page.

Feedback from Field Security

The Field Security Team has the unique privilege of conversing with and receiving feedback from both customers and fellow GitLab team members. To ensure we always support our customers, Field Security follows GitLab’s observation creation procedure to relay customers’ requirements or concerns internally to the appropriate teams. To proactively request feedback from Field Security, use the Internal Feedback button to open a request.

Note: Field Security’s observations must follow the Field Security Observation and OFI Quality Guide

Public Documentation


In the spirit of iteration, GitLab is continuously evolving our list of compliance self-attestations. Completed self-attestations are reviewed annually for continued applicability and can be found in our Customer Assurance Package. Customers can submit suggestions and requests for new self-attestations through their Account Manager. GitLab team members can submit recommendations for future compliance assessments through the Regulatory Security Compliance Feedback and Field Research epic.

Service Level Agreements

  • Security Questionnaires: 10 Business Day. SA or CSM will utlize AnswerBase and/or other self-service resources prior to requesting Field Security assistance. SA or CSM will ensure everyone on the Field Security team has access to any files or portals.
  • Contract Reviews: 5 Business Days. The VP of Security must be engaged in all Contract Reviews.
  • Customer Calls: SA or CSM will provide context to the Customer or Prospects questions or concerns prior to the meeting. Field Security will provide a PowerPoint presentation with critical information about GitLab Security and specifics to the Customer or Prospect’s request. The VP of Security must be invited to all Customer Meetings.
  • Security Documents: 2 Business Days. SA or CSM must provide the name and email address of the recipient.


If the Account Owner or Customer Success point of contact feel they have sufficient knowledge and resources to complete a Customer Assessment, this procedure does not have to used. These exceptions will not be tracked.

Last modified September 6, 2023: Replace taps with spaces (69f17a79)