On April 17, 2025, GitLab released version 17.11, introducing significant advancements in compliance management and DevSecOps integration. A standout feature of this release is the introduction of Custom Compliance Frameworks, designed to embed regulatory compliance directly into the software development lifecycle.
These frameworks allow organizations to define, implement, and enforce compliance standards within their GitLab environment. With over 50 out-of-the-box controls, teams can tailor frameworks to meet specific regulatory requirements such as HIPAA, GDPR, and SOC 2. These controls cover areas like separation of duties, security scanning, authentication protocols, and application configurations.
To create a custom compliance framework, as detailed in GitLab’s own post, users identify applicable regulations and map them to specific controls. Within GitLab’s Compliance Center, they can define new frameworks, add requirements, and select relevant controls. Once established, these frameworks can be applied to projects, ensuring consistent compliance across the organization.
Integrating compliance directly into the development workflow offers several key advantages. By automating compliance checks, teams can significantly reduce the manual effort typically required for tracking and documentation. This streamlining not only saves time but also ensures greater accuracy and consistency. Real-time monitoring of compliance status accelerates audit readiness, allowing organizations to respond quickly and efficiently to regulatory requirements. Furthermore, embedding compliance controls into every stage of development enhances the overall security posture, ensuring that security and regulatory standards are continuously enforced throughout the software delivery lifecycle.
With the release of Custom Compliance Frameworks, Ian Khor, a Product Manager at GitLab, highlighted the significance of this milestone, stating:
Big milestone moment – Custom Compliance Frameworks is now officially released in GitLab 17.11! This feature has been a long time coming, and I’m incredibly proud of the team that brought it to life.
Khor emphasized the collaborative effort across product, engineering, UX, and security teams to ensure that organizations can define, manage, and monitor compliance requirements effectively within GitLab.
Joel Krooswyk, CTO at GitLab, also expressed enthusiasm about the new features in GitLab 17.11, particularly the compliance frameworks.
Psst – hey – did you hear? GitLab 17.11 dropped today, and there are 3 huge things I’m excited to share. 1. Compliance frameworks. 50 of them, ready to pull into your projects.
In addition to compliance enhancements, GitLab 17.11 introduces over 60 improvements, including more AI features on GitLab Duo Self-Hosted, custom epic, issue, and task fields, CI/CD pipeline inputs, and a new service accounts UI. These updates aim to streamline development workflows and enhance overall productivity.
.png)
