Gitlab automatically generates gitlab documentation from yaml files
Project description
gitlab-compliance
gitlab-compliance (PyPI package gitlab-compliance) is a lightweight, security and compliance focused test framework for GitLab CI/CD. It runs Gherkin policies against .gitlab-ci.yml and optional GitLab API settings — the same BDD model as terraform-compliance uses for Terraform plans.
Source code: MaturityBuilder/gitlab-compliance.
- compliance: Ensure pipeline YAML and project settings follow your security standards and custom policies
- behaviour driven development: Policies are readable Gherkin scenarios that developers and security teams share
- portable: Install from
pip. See Installation - pre-merge: Validate configuration before changes land on protected branches
- YAML and API: Offline checks against pipeline files; optional GitLab API checks for project settings and CI variables
- easy to integrate: Run in GitLab CI or local git hooks
- segregation of duty: Keep policy packs in a separate repository or OCI registry
- documentation: Generate Markdown or HTML reference docs from
.gitlab-ci.yml
Idea
gitlab-compliance focuses on negative testing — catching misconfigurations and policy violations — rather than proving that a job runs successfully end to end.
GitLab CI pipelines are defined in YAML that composes jobs, includes, variables, and workflow rules. What was missing is a lightweight way to assert that this configuration follows organizational standards before merge. GitLab offers native compliance features in higher tiers; gitlab-compliance provides an open, portable alternative inspired by terraform-compliance and Conftest.
For example, a policy might require that no job uses a floating latest image tag:
if a job defines an image, it must not use the :latest tag
translates into:
Given I have any job defined
When it has image
Then its image must not match ":latest$"
The image value comes from your pipeline YAML:
scan:
image: python:3.12
build:
image: docker:latest # violates the policy above
In CI, this scenario runs against .gitlab-ci.yml (and resolved local includes) so merge requests cannot introduce violations.
See Examples for more sample use cases.
Supporting / Requirements
- Python: 3.12 (see Installing via pip)
- Pipeline file:
.gitlab-ci.ymlor another path passed with-p - API checks (optional): GitLab token plus
--projector--groupfor settings and CI variable policies
Full CLI options: Usage. Step grammar: BDD Reference.
How can you support the project?
Contributions are welcome — see Contributing.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gitlab_compliance-2.0.0.tar.gz.
File metadata
- Download URL: gitlab_compliance-2.0.0.tar.gz
- Upload date:
- Size: 51.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e61ab26dfa3474c4c908f3ba246ca2c7643e8e78ede28bf827a77e86006e4f7b
|
|
| MD5 |
7cc5d24b9ae117aa22d7a25cf0d38afc
|
|
| BLAKE2b-256 |
605d998e8e07dae2388c7f33d8164d038925ac419c86d69bd5542e4a4da702dd
|
Provenance
The following attestation bundles were made for gitlab_compliance-2.0.0.tar.gz:
Publisher:
release.yml on MaturityBuilder/gitlab-compliance
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gitlab_compliance-2.0.0.tar.gz -
Subject digest:
e61ab26dfa3474c4c908f3ba246ca2c7643e8e78ede28bf827a77e86006e4f7b - Sigstore transparency entry: 2109046987
- Sigstore integration time:
-
Permalink:
MaturityBuilder/gitlab-compliance@20ede716be4189ae1c2a9968440f6974ea606357 -
Branch / Tag:
refs/tags/v2.0.0 - Owner: https://github.com/MaturityBuilder
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@20ede716be4189ae1c2a9968440f6974ea606357 -
Trigger Event:
push
-
Statement type:
File details
Details for the file gitlab_compliance-2.0.0-py3-none-any.whl.
File metadata
- Download URL: gitlab_compliance-2.0.0-py3-none-any.whl
- Upload date:
- Size: 68.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cfcd00222cfe5952fe97699be81d6722c0abe19cdcd8f1672d34ff0ffad55ba3
|
|
| MD5 |
99e9608d053fa7de9f6c273815c640b2
|
|
| BLAKE2b-256 |
37ef61699950c6a1560097982ae7b46a36b366654d1cc0fdf1c11010ef1aeed5
|
Provenance
The following attestation bundles were made for gitlab_compliance-2.0.0-py3-none-any.whl:
Publisher:
release.yml on MaturityBuilder/gitlab-compliance
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gitlab_compliance-2.0.0-py3-none-any.whl -
Subject digest:
cfcd00222cfe5952fe97699be81d6722c0abe19cdcd8f1672d34ff0ffad55ba3 - Sigstore transparency entry: 2109047108
- Sigstore integration time:
-
Permalink:
MaturityBuilder/gitlab-compliance@20ede716be4189ae1c2a9968440f6974ea606357 -
Branch / Tag:
refs/tags/v2.0.0 - Owner: https://github.com/MaturityBuilder
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@20ede716be4189ae1c2a9968440f6974ea606357 -
Trigger Event:
push
-
Statement type: