Transparency Reports
Law Enforcement Requests - This is our most recent Law Enforcement Report which details government requests received by GitLab
2024 Law Enforcement Transparency Report
This report covers legal requests received by GitLab over a period from January 2024 to December 2024 and provides insights into the types of requests received, their disposition, and GitLab’s commitment to user privacy and transparency. GitLab reviews and responds to requests according to our published Guidelines for Law Enforcement Requests.
Request Volume and Type
GitLab received a total of 18 valid U.S. law enforcement requests during the reporting period. The requests were distributed across the categories of:
- Subpoenas
- Court Orders
- Search Warrants
- Preservation Orders
In this period GitLab did not receive any valid international requests for User Data.
| Type of Request | Total Requests Received | Total Identifiers Included in Request* | Number of Impacted User Accounts* |
|---|---|---|---|
| Court Order | 3 | 24 | 6 |
| Preservation Request | 4 | 8 | 3 |
| Search Warrant | 1 | 1 | 1 |
| Subpoena | 10 | 64 | 8 |
*Total identifiers reflect the total number of identifiers included in the request.
*Number of impacted user accounts reflects how many GitLab accounts match to one or more identifiers included in the request.
*Content - GitLab uses the definition of Content as defined in the SCA (18 U.S.C. § 2510(8)). Content data essentially is the content of a repository and would include data such as profile photos, code and files uploaded as well as the content of messages exchanged through the GitLab platform.
*Non-Content data includes metadata (e.g., data/time and IP address associated with user activity), log-in event information, payment/billing history, and any user information captured at sign-up.
User Notice and Transparency
GitLab strictly enforces our policy of notifying users of requests for their account or repository information unless prohibited by law or a court order. While most requests are accompanied with a time-limited Non-Disclosure Order, upon expiration of those orders GitLab notifies affected Users that a request for User Data was processed.
National Security Requests
As of January 2025, GitLab has never received a National Security Letter or a request under the Foreign Intelligence Surveillance Act. GitLab has also not been served with legal process under the national security laws of any other country.
EU Digital Services Act Transparency Report - This report is published by GitLab Inc. in relation to GitLab's services in accordance with Articles 15 and 24 of the EU Digital Services Act for the period February 17, 2024 to December 31, 2024
EU Digital Services Act Transparency Report
1. Introduction
This report is published by GitLab Inc. in relation to GitLab’s services in accordance with Articles 15 and 24 of the EU Digital Services Act (“DSA”) for the period February 17, 2024 to December 31, 2024.
About GitLab
GitLab Inc. is the most comprehensive, intelligent DevSecOps platform for software innovation. GitLab.com hosts user-generated content in the form of source code, documentation, issues, comments, and other development artifacts. Our platform serves millions of developers globally, from individual contributors working on personal projects to enterprise customers.
GitLab’s Trust & Safety team
GitLab’s Trust and Safety team, part of GitLab’s Security Operations department, is responsible for maintaining user trust while ensuring the GitLab platform remains safe and harm-free. The team’s mission is to “help build and maintain user trust, while keeping the GitLab platform safe and harm-free to help enable everyone to contribute” through building a culture of care, protection, and respect for privacy.
The team is responsible for:
- Detecting and reviewing user-generated abuse on GitLab.com
- Removing content that violates GitLab’s Terms of Service
- Mitigating malicious activity on the platform
- Reviewing account reinstatement requests
- Processing intellectual property notices, including DMCA notices
Submitting a report
GitLab provides the following reporting options for users and non-users:
- In-platform reporting: GitLab users may click the “report abuse” button available throughout GitLab.com from user profiles, issues, merge requests, comments, and other areas.
- Via email: Anyone may contact abuse@gitlab.com directly. Note that copyright infringement notices should be submitted to dmca@gitlab.com.
- EU illegal content: Anyone in the EU can also submit a report via the Illegal Content Reporting Form.
2. Monthly Active Recipients information (Article 24(2))
GitLab publishes information about the average monthly active recipients of our services in the European Union (EU) every six months. The most current information about GitLab’s average monthly active recipients in the EU can be found on our public handbook page.
3. EU Content moderation (Article 15(1)(c))
Moderation Approach
GitLab’s content moderation approach involves two user-level actions:
- Blocking users: A temporary solution typically used only in relation to intellectual property infringement reports. Blocking restricts access and prevents the user from using GitLab, while preserving their content while the report is investigated.
- Banning users: A more permanent action taken in verified cases of abuse. When a user is banned, their projects, comments, and most contributions are hidden from public view, though their profile page will remain visible with a disclaimer that the User is blocked.
Collectively reported as “Moderation Actions” herein.
During the reporting period, GitLab took 1,597 Moderation Actions related to users based in the EU as outlined below:
EU Content Moderation Category Overview
| DSA Category | Sub-Category | Automated Account Moderation Actions | Manual Account Moderation Actions | Total Moderation Actions |
|---|---|---|---|---|
| Intellectual Property Infringement | DMCA | 0 | 75 | 75 |
| Scams/Fraud | Malware, Phishing | 0 | 2 | 2 |
| Violations of Terms of Service | Code of Conduct Violation | 0 | 7 | 7 |
| Violations of Terms of Service | Cryptomining | 551 | 373 | 924 |
| Violations of Terms of Service | Infrastructure Abuse | 201 | 15 | 216 |
| Violations of Terms of Service | Spam | 373 | 0 | 373 |
| Total | 1,125 | 472 | 1,597 |
4. EU illegal content reporting (Article 16)
GitLab has implemented a specific reporting mechanism for illegal content, located here: /handbook/legal/dsa/. This mechanism is available to users within the European Union who wish to report content they believe is illegal according to EU or Member State laws.
GitLab has received zero (0) reports through this dedicated EU illegal content reporting mechanism as of 31 December 2024.
5. Trusted Flaggers (Article 22)
GitLab has received zero (0) reports by designated Trusted Flaggers as of 31 December 2024.
6. Out-of-court settlement body disputes (Article 21)
GitLab has received zero (0) notices of disputes submitted to an out-of-court dispute settlement body as of 31 December 2024.
7. Government requests (Article 9-10)
GitLab carefully reviews all requests from government authorities to determine the validity of the legal process, assess proportionality, and ensure compliance with our data protection commitments.
During the reporting period, GitLab received zero (0) orders to remove content and seven (7) requests for user information from EU Member State judicial or administrative authorities. After review, no information was produced as none of the requests met the necessary legal requirements.
8. Automated content moderation (Article 15(1)(e))
During the reporting period, 1,125 automated EU user bans (70.4% of the total EU Moderation Actions during this reporting period) were implemented, related to cryptomining, spam and infrastructure abuse. All automated banning decisions can be appealed through GitLab’s appeal process, which includes human review.
9. Notice and appeals (Article 15(1)(d) and 20)
During the reporting period, GitLab took 1,597 Moderation Actions related to EU user accounts. Of these 1,597 accounts, 73 accounts (4.6% of the total Moderation Actions during this reporting period) have since been reinstated and are currently active. These reinstatements have resulted from successful appeals, internal review, and/or remediation of the violation.
Appeal process
Upon notification, impacted users and reporters can appeal Moderation Actions by contacting GitLab’s Support team and/or by emailing abuse@gitlab.com. Each request is reviewed by GitLab’s Trust and Safety team according to established criteria.
An account may be reinstated when:
- The content in question has been removed
- The user has provided a substantial reason that they are not violating GitLab’s Terms of Use
- The user agrees to remove or export the content away from GitLab.com within 24 hours
- An intellectual property related complaint has been resolved
Reinstatement requests are evaluated on a case-by-case basis. If a reinstated account violates GitLab’s Terms of Use again within a 12-month period, it may result in a permanent ban.
Response times
GitLab has established response time commitments for user support that demonstrate our commitment to timely responses. We are implementing similar tracking mechanisms specifically for DSA-related Moderation Actions and will include these metrics in future reporting.
d9b354c9)
