Skip to main content

Gitlab automatically generates gitlab documentation from yaml files

Project description

gitlab-compliance

gitlab-compliance (PyPI package gitlab-compliance) is a lightweight, security and compliance focused test framework for GitLab CI/CD. It runs Gherkin policies against .gitlab-ci.yml and optional GitLab API settings — the same BDD model as terraform-compliance uses for Terraform plans.

Source code: MaturityBuilder/gitlab-compliance.

  • compliance: Ensure pipeline YAML and project settings follow your security standards and custom policies
  • behaviour driven development: Policies are readable Gherkin scenarios that developers and security teams share
  • portable: Install from pip. See Installation
  • pre-merge: Validate configuration before changes land on protected branches
  • YAML and API: Offline checks against pipeline files; optional GitLab API checks for project settings and CI variables
  • easy to integrate: Run in GitLab CI or local git hooks
  • segregation of duty: Keep policy packs in a separate repository or OCI registry
  • documentation: Generate Markdown or HTML reference docs from .gitlab-ci.yml

Idea

gitlab-compliance focuses on negative testing — catching misconfigurations and policy violations — rather than proving that a job runs successfully end to end.

GitLab CI pipelines are defined in YAML that composes jobs, includes, variables, and workflow rules. What was missing is a lightweight way to assert that this configuration follows organizational standards before merge. GitLab offers native compliance features in higher tiers; gitlab-compliance provides an open, portable alternative inspired by terraform-compliance and Conftest.

For example, a policy might require that no job uses a floating latest image tag:

if a job defines an image, it must not use the :latest tag

translates into:

Given I have any job defined
When it has image
Then its image must not match ":latest$"

The image value comes from your pipeline YAML:

scan:
  image: python:3.12
build:
  image: docker:latest   # violates the policy above

In CI, this scenario runs against .gitlab-ci.yml (and resolved local includes) so merge requests cannot introduce violations.

See Examples for more sample use cases.

Supporting / Requirements

  • Python: 3.12 (see Installing via pip)
  • Pipeline file: .gitlab-ci.yml or another path passed with -p
  • API checks (optional): GitLab token plus --project or --group for settings and CI variable policies

Full CLI options: Usage. Step grammar: BDD Reference.

How can you support the project?

Contributions are welcome — see Contributing.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gitlab_compliance-2.0.1.tar.gz (51.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

gitlab_compliance-2.0.1-py3-none-any.whl (68.4 kB view details)

Uploaded Python 3

File details

Details for the file gitlab_compliance-2.0.1.tar.gz.

File metadata

  • Download URL: gitlab_compliance-2.0.1.tar.gz
  • Upload date:
  • Size: 51.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for gitlab_compliance-2.0.1.tar.gz
Algorithm Hash digest
SHA256 13055db21b0d9c53d5646c33c587247ba3491463678637c9a77fc6b8c4fdfe6f
MD5 2af99947aee06906703401034c5eda98
BLAKE2b-256 02183430bc788e91edbf1ddbd4ee0106ce5ebf251ba746aa8b54e485e90c9ba8

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_compliance-2.0.1.tar.gz:

Publisher: release.yml on MaturityBuilder/gitlab-compliance

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file gitlab_compliance-2.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for gitlab_compliance-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ec4e8871a9c8e4e37091fc3b6a3028c62418f13c7a4fc0e53166841522ed838b
MD5 4c36c919735ea0cb84950c886b0f512e
BLAKE2b-256 4b42f53c31c8c34b011dc5299a3da303eae9b1e2b8fa2dc790cdf09f214b6d0c

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_compliance-2.0.1-py3-none-any.whl:

Publisher: release.yml on MaturityBuilder/gitlab-compliance

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page