Skip to main content

Gitlab automatically generates gitlab documentation from yaml files

Project description

gitlab-compliance

gitlab-compliance (PyPI package gitlab-compliance) is a lightweight, security and compliance focused test framework for GitLab CI/CD. It runs Gherkin policies against .gitlab-ci.yml and optional GitLab API settings — the same BDD model as terraform-compliance uses for Terraform plans.

Source code: MaturityBuilder/gitlab-compliance.

  • compliance: Ensure pipeline YAML and project settings follow your security standards and custom policies
  • behaviour driven development: Policies are readable Gherkin scenarios that developers and security teams share
  • portable: Install from pip. See Installation
  • pre-merge: Validate configuration before changes land on protected branches
  • YAML and API: Offline checks against pipeline files; optional GitLab API checks for project settings and CI variables
  • easy to integrate: Run in GitLab CI or local git hooks
  • segregation of duty: Keep policy packs in a separate repository or OCI registry
  • documentation: Generate Markdown or HTML reference docs from .gitlab-ci.yml

Idea

gitlab-compliance focuses on negative testing — catching misconfigurations and policy violations — rather than proving that a job runs successfully end to end.

GitLab CI pipelines are defined in YAML that composes jobs, includes, variables, and workflow rules. What was missing is a lightweight way to assert that this configuration follows organizational standards before merge. GitLab offers native compliance features in higher tiers; gitlab-compliance provides an open, portable alternative inspired by terraform-compliance and Conftest.

For example, a policy might require that no job uses a floating latest image tag:

if a job defines an image, it must not use the :latest tag

translates into:

Given I have any job defined
When it has image
Then its image must not match ":latest$"

The image value comes from your pipeline YAML:

scan:
  image: python:3.12
build:
  image: docker:latest   # violates the policy above

In CI, this scenario runs against .gitlab-ci.yml (and resolved local includes) so merge requests cannot introduce violations.

See Examples for more sample use cases.

Supporting / Requirements

  • Python: 3.12 (see Installing via pip)
  • Pipeline file: .gitlab-ci.yml or another path passed with -p
  • API checks (optional): GitLab token plus --project or --group for settings and CI variable policies

Full CLI options: Usage. Step grammar: BDD Reference.

How can you support the project?

Contributions are welcome — see Contributing.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gitlab_compliance-2.0.0.tar.gz (51.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

gitlab_compliance-2.0.0-py3-none-any.whl (68.4 kB view details)

Uploaded Python 3

File details

Details for the file gitlab_compliance-2.0.0.tar.gz.

File metadata

  • Download URL: gitlab_compliance-2.0.0.tar.gz
  • Upload date:
  • Size: 51.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for gitlab_compliance-2.0.0.tar.gz
Algorithm Hash digest
SHA256 e61ab26dfa3474c4c908f3ba246ca2c7643e8e78ede28bf827a77e86006e4f7b
MD5 7cc5d24b9ae117aa22d7a25cf0d38afc
BLAKE2b-256 605d998e8e07dae2388c7f33d8164d038925ac419c86d69bd5542e4a4da702dd

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_compliance-2.0.0.tar.gz:

Publisher: release.yml on MaturityBuilder/gitlab-compliance

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file gitlab_compliance-2.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for gitlab_compliance-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cfcd00222cfe5952fe97699be81d6722c0abe19cdcd8f1672d34ff0ffad55ba3
MD5 99e9608d053fa7de9f6c273815c640b2
BLAKE2b-256 37ef61699950c6a1560097982ae7b46a36b366654d1cc0fdf1c11010ef1aeed5

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_compliance-2.0.0-py3-none-any.whl:

Publisher: release.yml on MaturityBuilder/gitlab-compliance

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page