►
Description
@mmaneval presents GitLab's Trust Center (https://about.gitlab.com/security/) and Customer Assurance Package (https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/customer-assurance-package.html)
A
Hi
everyone,
my
name
is
megan-
and
I
am
here
today
to
show
you
two
of
these
self-service
resources
that
the
risk
and
field
security
team
has
put
together
to
support
the
sales
process.
If
you
want
to
follow
along
at
home,
you
can
go
to
about.gitlab.com
security
for
our
trust
center,
which
is
the
first
page
we'll
look
at
or
you
can
go
into
your
handbook
and
use
the
search
bar
and
search
for
customer
assurance
package.
That'll
be
the
second
page
we
look
at
starting
on
the
trust
center
page.
A
What
you'll
see
is
that
this
is
a
landing
page
for
resources
specific
to
security,
compliance
and
privacy.
Looking
over
on
the
left
hand,
side
over
here
you'll
see
security
resources
specific
to
our
internal
security
department,
as
well
as
gitlab
security
practices.
There's
also
a
link
there
for
security
best
practices
for
a
gitlab
instance.
A
Moving
towards
the
center
you'll
see
security
compliance
resources,
including
our
compliance
controls,
as
well
as
our
certifications
and
all
the
way
over
on
the
right
are
some
privacy,
specific
links
to
our
privacy
policy,
as
well
as
personal
data
requests.
The
other
two
boxes
are
very
important
for
customers
who
are
getting
into
the
configuration
and
implementation
phases.
This
has
a
link
out
to
the
customer
assurance
package,
we'll
look
at
which
we'll
look
at
in
a
moment,
but
it
also
has
links
to
security.
Faqs
security,
blog
posts
and
gitlab
documentation
related
to
configurations
at
the
bottom.
A
Moving
over
to
gitlab's
customer
assurance
package,
this
is
a
page
that
you
probably
want
to
bookmark
and
send
to
every
single
one
of
your
customers
or
prospects.
This
page
is
a
one-stop
shop
for
anything
you
need
to
know
about
gitlab
security.
We
start
with
these
self-service
resources,
which
are
specific
links
that
our
customers
and
prospects
are
likely
going
to
want
to
know
they're
going
to
ask
you
for
our
information
security
policies
and
we
provide
links
to
them
here.
A
Moving
down
to
the
security
compliance
area.
You'll
see,
there's
a
link
going
back
to
the
trust
center
for
ease
for
our
customers.
We
also
include
our
security
control
framework,
which
is
usually
a
common
request
from
customers
who
want
to
see
what
we
test
and
how
we
test.
We've
also
included
a
link
to
get
lab's
stock,
3
report
and
links
to
the
request
process
for
stock
2
reports
and
our
annual
penetration
tests.
A
These
two
items
do
require
a
non-disclosure
agreement
below
this
is
a
really
valuable
tool
that
not
a
lot
of
people
know
how
to
use-
and
that's
our
completed
questionnaire
section
right
now,
there's
only
one,
but
by
the
time
you're
watching
this
video
there's
probably
going
to
be
two,
if
not
more.
But
this
is
the
consensus
assessment
initiative
questionnaire.
It's
over
250
commonly
asked
security
questions
that
we've
already
answered
and
provided
information
on.
A
If
you're
not
familiar
with
bitsight,
they
collect
public
information
and
assign
a
numeric
score.
Similarly,
to
a
credit
score
for
an
organization,
we
will
be
posting
the
monthly
reports.
As
you
can
see,
this
one
is
december
2020,
but
by
the
time
you
are
watching,
this
it'll
probably
be
more
appropriate
to
the
months
that
you
are
in
when
you're
watching
this.
A
It
gives
our
customers
a
little
more
information
about
how
our
score
is
derived
and
also
allows
us
to
target
where
we
can
improve
at
the
bottom.
You'll
see
links
for
additional
information.
As
a
gitlab
team
member,
you
have
access
to
the
sec
dot
field
security
channel
within
slack,
we've
made
a
handy
workflow
for
you
all
that
you
can
use
to
request
assistance
if
you've
never
used
a
workflow
before
down
at
the
bottom.
Here
you
will
see
a
lightning
bolt
when
you
click
on
that
you'll
see
customer
assurance.
A
We
ask
that
you
fill
in
information
specific
to
the
customer
or
the
prospect,
because
we
do
track
that
as
part
of
our
metric
there's
a
couple
of
questions
here
about
the
type
of
industry
that
they're
in
the
customer
size
as
well
as
any
additional
links
that
you
can
provide
to
us
once
you
fill
it
out.
It
goes
into
rq
and
we
are
happy
to
assist
you
with
anything
that
you
need.