Compliance Frameworks and Pipelines

  1. Optionally create a .yml file like this one
  2. Create the compliance framework in the UI for the group. This can not be done at the subgroup level.
  3. Optionally add the .yml file that you created in step one, with a path like .compliance-gitlab-ci.yml@gitlab-gold/briecarranza/secure/compliant/the-file.
  4. Add the framework.

OK, you've know configured the compliance framework and a compliance pipeline associated with it. We want to apply this to a project now. You have to add the compliance framework to the project from the Settings for that project.

Choose the framework from the list and click Save changes.

When you browse to the project, you'll see a label.

Example: https://gitlab.com/gitlab-gold/briecarranza/secure/compliant/scanning-dependencies

./compliance-label.png