CIS Benchmark: DevSecOps Tools

Project description

Complete a CIS GitLab Benchmark v 1.0.0

Why?

• Today, customers may struggle to configure their Gitlab organizations/namespaces in a secure way
• CIS (Center for Internet Security) Benchmarks are well-respected, prescriptive configuration recommendations that help users confidently secure their systems
• GitHub became the first and only DevSecOps vendor with a CIS Benchmark
• This is a competitive gap we need to close to position ourselves as a DevSecOps leader, and improve our visibility and reputation among security practitioners/buyers
• In 2023, CIS benchmarks were included in Forrester's SCA wave score (in the "Dev tools and pipeline scanning" section), and having a benchmark would have improved our score.