## Background Our 3 year vision for the Compliance group in GitLab is: > We want to be a first class GRC tool **within** the context of GitLab by giving compliance managers best-in-class features within GitLab to achieve compliance **visibility** of **checks**, **violations** and **audit events** throughout the entire DevSecOps lifecycle. In order to achieve this vision, we want to ensure that compliance management features in GitLa is on par with what compliance and/or AppSec teams come to expect when using a GRC tool outside of GitLab. TL;DR - the work that we are doing now is to ensure that: * We ensure that we are able to provide the basics of what compliance managers and AppSec team members expect when using a GRC tool within GitLab (e.g. creating compliance frameworks, mapping controls to requirements etc.); * We want to improve visibility into the compliance posture of all projects within a group, or for all groups within an instance, on an aggregate or overall basis; * We want to ensure that we have a comprehensive library of compliance controls that compliance managers and AppSec teams can use OOTB in GitLab; and * We want to close the loop by building in a first class remediation workflow which allows compliance and AppSec teams to identify, remediate and record any remediation to assist with future audits of the GitLab platform. All work here would and should reflect the above `Background` items. # Docs Please see https://about.gitlab.com/direction/govern/compliance/compliance-management/ for a description of our strategy and vision for this area of GitLab.