{"id":4523,"date":"2023-11-16T12:22:28","date_gmt":"2023-11-16T12:22:28","guid":{"rendered":"https:\/\/gitprotect.io\/blog\/?p=4523"},"modified":"2024-07-10T12:38:58","modified_gmt":"2024-07-10T12:38:58","slug":"gitlab-shared-responsibility-model-a-guide-to-collaborative-security","status":"publish","type":"post","link":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/","title":{"rendered":"GitLab Shared Responsibility Model: A Guide to Collaborative Security"},"content":{"rendered":"\n<p><strong>Read the full article and learn what duties organizations have within the GitLab Shared Responsibility Model. Find out how to reduce your obligations and improve your GitLab data protection. Test a <a href=\"https:\/\/gitprotect.io\/blog\/gitlab-backup-best-practices\/\" target=\"_blank\" rel=\"noreferrer noopener\">GitLab backup<\/a> solution for free during <\/strong><a href=\"https:\/\/gitprotect.io\/sign-up.html\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>a 14-day trial period<\/strong><\/a><strong>.<\/strong><\/p>\n\n\n\n<p>GitLab is a popular DevSecOps and collaborative software development platform that enables businesses to automate software delivery, boost productivity, and secure end-to-end software supply chains. However, not everyone knows that like most SaaS service providers, GitLab operates according to the so-called Shared Responsibility Model (or Limited Liability Model).&nbsp;<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>This model recognizes the responsibilities of each party at the very moment when a customer creates an account on GitLab and starts using this service. But, do all the users know what responsibilities they have at the beginning? Not sure.&nbsp;<\/p>\n\n\n\n<p>Thus, let\u2019s try to understand what is a GitLab Shared Responsibility Model and what obligations each of the parties has to follow in order to achieve the code repository security.&nbsp;<\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">What is the Shared Responsibility Model?<\/h2>\n\n\n\n<p>To make a long story short, the Shared Responsibility Model is a framework for cloud security that defines the security duties for both SaaS providers and their users. It defines that a provider takes care of the infrastructure, and the entire service while a customer should think about his own data and related metadata.&nbsp;<\/p>\n\n\n\n<p>Though GitLab provides a rather full package of tools, including backup and retention schemes, it is always a good idea to know what is really included in the service and what you, as a customer, should think of.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"atbs-responsive-video\"><iframe loading=\"lazy\" title=\"Shared Responsibility Model in DevOps - what you need to know\" width=\"1200\" height=\"675\" src=\"https:\/\/www.youtube.com\/embed\/OHh0yc1JZ3w?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">GitLab\u2019s Shared Responsibility Model in action<\/h2>\n\n\n\n<p>Being transparent with its documentation, <a href=\"https:\/\/about.gitlab.com\/security\/faq\/#cloud-security\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GitLab states<\/a>: \u201c<em>As part of GitLab Inc\u2019s contracting process, GitLab provides all terms and conditions with our customers to ensure all parties understand the shared responsibility model<\/em>.\u201d So, let\u2019s dive deeper and look closely at the <a href=\"https:\/\/about.gitlab.com\/handbook\/legal\/subscription-agreement\/#2-scope-of-agreement-additional-terms\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GitLab Subscription Agreement<\/a> where the Git hosting service states all the responsibilities of both parties &#8211; its own and its users.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is GitLab responsible for?<\/h3>\n\n\n\n<p>If we peer into the GitLab Subscription Agreement mentioned above we will notice that <em>\u201cGitLab shall be responsible for establishing and maintaining a commercially reasonable information security program that is designed to\u201d<\/em>:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>guarantee the confidentiality and security of GitLab user\u2019s content;<\/li>\n\n\n\n<li>guard against potential threats to the security of the user\u2019s content;<\/li>\n\n\n\n<li>prevent unauthorized access or unauthorized use of the user\u2019s content;<\/li>\n\n\n\n<li>make sure that GitLab\u2019s subcontractors, if there are any, abide by the aforementioned requirements.<\/li>\n<\/ul>\n\n\n\n<p>It sounds security-proof, doesn\u2019t it? Moreover, if we look at the <a href=\"https:\/\/about.gitlab.com\/security\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GitLab Trust Center<\/a>, we can see that GitLab has a proven compliance and assurance credentials path. The service provider has passed numerous security certifications, including SOC 2 Type 1 and 2, SOC 3, ISO 27001, ISO 27017, GDPR, and others. Thus, it has high-security standards to protect its data:<em> \u201cIn no case shall the safeguards of GitLab\u2019s information security be less stringent than the information security safeguards used by GitLab to protect its own commercially sensitive data\u201d<\/em> (<a href=\"https:\/\/about.gitlab.com\/handbook\/legal\/subscription-agreement\/#14-security--data-protection\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Subscription Agreement: Security \/ Data Protection<\/a>).<\/p>\n\n\n\n<p>So, GitLab is responsible for access to the platform and the infrastructure, backup which is run on the same Linux server as GitLab, configurations and maintenance modes, upgrades (here it\u2019s worth mentioning that GitLab isn\u2019t available when the update is in progress for single node installations), and infrastructure-side Disaster Recovery.&nbsp;<\/p>\n\n\n\n<p>And what about the user\u2019s data? Here is what is stated in the same document:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"1024\" height=\"137\" src=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-GitLabs-responsibilities-1024x137.jpg\" alt=\"GitLab Shared Responsibility - User's responsibilities 1\" class=\"wp-image-4525\" style=\"width:499px;height:auto\" srcset=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-GitLabs-responsibilities-1024x137.jpg 1024w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-GitLabs-responsibilities-300x40.jpg 300w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-GitLabs-responsibilities-768x103.jpg 768w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-GitLabs-responsibilities-400x54.jpg 400w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-GitLabs-responsibilities.jpg 1226w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>So, are the users responsible for their data? Yup\u2026 Let\u2019s continue talking about it\u2026<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">A Customer\u2019s Responsibility: Deep Analysis<\/h3>\n\n\n\n<p>While GitLab takes care of the entire system, a customer is responsible for his authorization credentials and all the data in his code repository. It can include Repositories, Wiki, Issues, Issue comments, Deployment keys, Pull requests, Pull request comments, Webhooks, Labels, Milestones, Pipelines\/Actions, Tag, LFS, Releases, Collaborants, Commits, Branches, Variables, GitLab Groups. So as not to sound unfounded, take a look at what is stated in <a href=\"https:\/\/about.gitlab.com\/handbook\/legal\/subscription-agreement\/#5-restrictions-and-responsibilities\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GitLab documentation<\/a>:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"1024\" height=\"224\" src=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-Customers-responsibilities-1024x224.jpg\" alt=\"GitLab Shared Responsibilities Model - users' responsibilities 2\" class=\"wp-image-4526\" style=\"width:499px;height:auto\" srcset=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-Customers-responsibilities-1024x224.jpg 1024w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-Customers-responsibilities-300x66.jpg 300w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-Customers-responsibilities-768x168.jpg 768w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-Customers-responsibilities-400x87.jpg 400w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-Customers-responsibilities.jpg 1226w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Once again, users are responsible for the security of their accounts, <em>\u201cpasswords, and files\u201d<\/em>. It means that if something, for example, accidental or intentional deletion of the data takes place, the customer&#8217;s problem is figuring out how to restore it if possible.<\/p>\n\n\n\n<p>Don\u2019t forget it\u2019s a myth that if your account data is deleted or corrupted GitLab can recover it. Read our blog post from the <a href=\"https:\/\/gitprotect.io\/blog\/devsecops-mythbuster-nothing-fails-in-the-cloud-saas\/\" target=\"_blank\" rel=\"noreferrer noopener\">DevSecOps MythBuster<\/a> series where we have already debunked this myth: <a href=\"https:\/\/gitprotect.io\/blog\/github-atlassian-gitlab-handles-backup-and-restore-busted\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u201cGitHub \/ Atlassian \/ GitLab handles backup and restore\u201d &#8211; busted!<\/a>&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Let\u2019s look further into the Shared Responsibility Model<\/h2>\n\n\n\n<p>After figuring out which security obligations both parties have, we should definitely speak about cooperation\u2026 As the GitLab Shared Responsibility Model, like any other of its type, emphasizes the collaboration between the platform provider and its users. Here are the key aspects that are worth mentioning as well:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Education and training<\/h3>\n\n\n\n<p>There are thousands of resources and documentation that GitLab prepares to educate its users about best security practices. Thus, in turn, users should always try their best to stay in the loop &#8211; read documentation, blog posts, and undergo security training to boost their security skills.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Feedback and reporting<\/h3>\n\n\n\n<p>As it has already been mentioned GitLab encourages its users to provide timely feedback about any issues they face. By promptly reporting vulnerabilities or any suspicious activity, users not only play an active role in the security ecosystem but also help the provider respond to the issues faster.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Continuous improvement<\/h3>\n\n\n\n<p>As any other SaaS provider, GitLab regularly updates its product. So, it\u2019s critically important for the users to follow these updates as they are usually aimed at improving user experience and security.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What can go wrong?<\/h2>\n\n\n\n<p>Human mistakes, <a href=\"https:\/\/gitprotect.io\/blog\/ransomware-attacks-on-github-bitbucket-and-gitlab-what-you-should-know\/\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware attacks<\/a> (which are on the rise now!), service provider\u2019s outages, or your own infrastructure outages &#8211; all of that can severely impact your business continuity and, what\u2019s worse, lead to data loss. Why not track the history of incidents and see on Use Cases why your GitLab data needs proper protection?&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">GitLab\u2019s backup failure<\/h3>\n\n\n\n<p>Let\u2019s just remember the year 2017 when the worst incident in GitLab\u2019s history took place. Due to the accidental deletion of data, GitLab suffered an outage and needed urgent database maintenance. The service provider\u2019s backup failed to restore, and, consequently, users who used the SaaS solution suffered data loss:&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cThe company has reached out to confirm that the outage only affects GitLab.com &#8211; meaning that customers using its platform on-premise are not affected.\u201d<\/em><\/p>\n<cite><a href=\"https:\/\/techcrunch.com\/2017\/02\/01\/gitlab-suffers-major-backup-failure-after-data-deletion-incident\/?guccounter=1&amp;guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&amp;guce_referrer_sig=AQAAANGfN4XNQ6_5YvTcG5OVoXEmmBC-Ja4bpca4UHZlS6jZZH7cTtfMQSobsQq0QdFh0Wmlb2jl_A9z8cwR8njl_ZoeTT4p1RzYIz6hd7dixlqMoiFYPIYQI9jhgw01jnr_Sqmileq9FdZb6383juRN_nFS5pD1XrLPkTEU_g7oIdKJ\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">TechCrunch<\/a><\/cite><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Proxyjacking and cryptojacking malware attack on GitLab<\/h3>\n\n\n\n<p>In August 2023 researchers from Sysdig were alerted to a persistent campaign of attacks targeting vulnerable GitLab servers that resulted in the deployment of proxyjacking and cryptojacking malware, leveraging the platform\u2019s resources for the attacker&#8217;s own gains.&nbsp;<\/p>\n\n\n\n<p>Though, GitLab effectively addressed and patched the mentioned vulnerabilities labeled as 13.8.8, 13.9.6, and 13.10.3 in April 2021, <em>\u201cindividuals who failed to apply these patches have now become targets for the LABRAT threat.\u201d<\/em> &#8211; states <a href=\"https:\/\/www.cybersecurity-insiders.com\/gitlab-vulnerability-leads-to-proxyjacking-malware-campaign\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cybersecurity Insiders<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Is there anything DevSecOps teams should be aware of?&nbsp;<\/h2>\n\n\n\n<p>If a company is really conscious about its repository data, it will think about backup &#8211; it\u2019s nice to have the possibility to roll your data back in case of a failure. They can make up their own backup options, such as <a href=\"https:\/\/gitprotect.io\/blog\/how-to-write-a-gitlab-backup-script-and-why-not-to-do-it\/\" target=\"_blank\" rel=\"noreferrer noopener\">backup scripts<\/a>, clones, and snapshots, or use any other <a href=\"https:\/\/xopero.com\/blog\/en\/the-best-gitlab-backup-options-and-tools-to-ensure-gitlab-data-resilience\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GitLab backup option<\/a>. But at the same time, they should keep in mind that they will need to do it manually, which is time-consuming and takes a lot of resources.&nbsp;<\/p>\n\n\n\n<p>Well, it may seem easy and cheap but in the long-term perspective, it will be tiring and cost-ineffective. Why? In short &#8211; in a situation like that, somebody from the company will need to switch from his usual duties to provide backup copies. He will need to make those backup scripts, snapshots, and clones, keep his hand on the pulse to delete the old ones because they can waste a lot of storage space, and, when it is needed, write the script to restore the data. So, your developer will be always distracted from his core duties, which will affect his productivity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Is there any other option to back up the data?&nbsp;<\/h3>\n\n\n\n<p>The solution is on the surface! A lot of SaaS providers don\u2019t exclude the possibility of turning to a third-party backup and recovery solutions. In this case, companies can rely on professionals who will help them reduce their responsibilities and compliance. For example, <a href=\"https:\/\/gitprotect.io\/gitlab.html\" target=\"_blank\" rel=\"noreferrer noopener\">GitLab backup<\/a> by GitProtect.&nbsp;<\/p>\n\n\n\n<p>If a customer decides to share his responsibilities with a third-party backup provider, he can get <strong>automated backups and data protection<\/strong> using the most popular and reliable backup rule, <strong>the 3-2-1 strategy<\/strong>. Under this rule, you can have three copies of your data in two different locations including one outside the company. This sounds great because GitLab gives the possibility to store all the data only on the same Linux server as GitLab. Also, it is possible to set up more advanced retention schemes, like FIFO, GFS, or Forever Incremental, which will surely help when you need to restore your data, whether it is point-in-time or <a href=\"https:\/\/gitprotect.io\/blog\/gitlab-restore-and-disaster-recovery-how-to-eliminate-data-loss\/\" target=\"_blank\" rel=\"noreferrer noopener\">Disaster Recovery<\/a>.&nbsp;<\/p>\n\n\n\n<p>We have mentioned that GitLab, like any other SaaS service, provides its customers with a retention option, but it is always limited. Some companies may need to keep their data for long periods due to their legal regulations or archive purposes. Thus, <strong>they may need long-term retention options<\/strong>. When a third-party backup service steps in, it is possible to get unlimited retention for backup copies. It means that all your information, even the oldest one, can be kept in a safe place and easily restored at any time you need.&nbsp;<\/p>\n\n\n\n<p>Another point we need to pay attention to is updating. For single-node installations, GitLab isn\u2019t available when the update is proceeding. In this case, a third-party solution can relieve the stress again. In situations like that you shouldn\u2019t stop your work and wait, you can <strong>restore your repository using cross-over recovery to another platform<\/strong>, like GitHub or Bitbucket, and continue your work.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Once you decide to use a service, it is always good to know the legal side and the responsibilities of the parties. Because, when you know what to do, what responsibilities you have, and what to expect, you won\u2019t be taken aback.&nbsp;<\/p>\n\n\n\n<p>The way the so-called Shared Responsibility Model defines the roles is that it is always a customer, who should protect their data because he is a data owner. The SaaS provider, in our case, GitLab is just a data processor, who can process the data when and if the data owner permits. And if the customer &#8211; data owner &#8211; wants, he can add a data guard (a third-party backup and recovery solution) which will guarantee data accessibility and sustainability.&nbsp;<\/p>\n\n\n\n<p class=\"has-background\" style=\"background-color:#f4fafe\"><strong>See yourself how backup software can help you reduce your responsibilities!<\/strong><br><strong><a href=\"https:\/\/gitprotect.io\/sign-up.html\" target=\"_blank\" rel=\"noreferrer noopener\">[FREE TRIAL] Ensure compliant GitLab backup and recovery with a 14-day trial<\/a> <\/strong>\ud83d\ude80<br><br><strong><a href=\"https:\/\/calendly.com\/d\/3s9-n9z-pgc\/gitprotect-live-demo?month=2024-07\" target=\"_blank\" rel=\"noreferrer noopener\">[CUSTOM DEMO] Let&#8217;s talk on how backup &amp; DR software for GitLab can help you meet the Shared Responsibility Model<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Read the full article and learn what duties organizations have within the GitLab Shared Responsibility Model. Find out how to reduce your obligations and improve your GitLab data protection. Test a GitLab backup solution for free during a 14-day trial period. GitLab is a popular DevSecOps and collaborative software development platform that enables businesses to automate software delivery, boost productivity, and secure end-to-end software supply chains. However, not everyone knows that like most SaaS service providers, GitLab operates according to the so-called Shared Responsibility Model (or Limited Liability Model).&nbsp;<\/p>\n","protected":false},"author":8,"featured_media":4528,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70],"tags":[],"class_list":["post-4523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gitlab","post--single"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GitLab Shared Responsibility Model: A Guide to Collaborative Security - Blog | GitProtect.io<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitLab Shared Responsibility Model: A Guide to Collaborative Security - Blog | GitProtect.io\" \/>\n<meta property=\"og:description\" content=\"Read the full article and learn what duties organizations have within the GitLab Shared Responsibility Model. Find out how to reduce your obligations and improve your GitLab data protection. Test a GitLab backup solution for free during a 14-day trial period. GitLab is a popular DevSecOps and collaborative software development platform that enables businesses to automate software delivery, boost productivity, and secure end-to-end software supply chains. However, not everyone knows that like most SaaS service providers, GitLab operates according to the so-called Shared Responsibility Model (or Limited Liability Model).&nbsp;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog | GitProtect.io\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-16T12:22:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-10T12:38:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Daria Kulikova, Content Writer at GitProtect.io\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:site\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daria Kulikova, Content Writer at GitProtect.io\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\"},\"author\":{\"name\":\"Daria Kulikova, Content Writer at GitProtect.io\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3\"},\"headline\":\"GitLab Shared Responsibility Model: A Guide to Collaborative Security\",\"datePublished\":\"2023-11-16T12:22:28+00:00\",\"dateModified\":\"2024-07-10T12:38:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\"},\"wordCount\":1884,\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg\",\"articleSection\":[\"GitLab\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\",\"name\":\"GitLab Shared Responsibility Model: A Guide to Collaborative Security - Blog | GitProtect.io\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg\",\"datePublished\":\"2023-11-16T12:22:28+00:00\",\"dateModified\":\"2024-07-10T12:38:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg\",\"width\":1200,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\/\/gitprotect.io\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitLab Shared Responsibility Model: A Guide to Collaborative Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"name\":\"GitProtect.io Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/gitprotect.io\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\",\"name\":\"GitProtect.io\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"width\":528,\"height\":528,\"caption\":\"GitProtect.io\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/XoperoSoftware\/\",\"https:\/\/x.com\/GitProtectio\",\"https:\/\/www.linkedin.com\/company\/xopero-software\/\",\"https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3\",\"name\":\"Daria Kulikova, Content Writer at GitProtect.io\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg\",\"caption\":\"Daria Kulikova, Content Writer at GitProtect.io\"},\"description\":\"Daria is a Content Specialist at GitProtect.io, who has a degree in linguistics and an extensive translation background in different areas, including technology, IT, economics, etc. She loves self-improvement, so when she is offline, it\u2019s easy to find her learning and expanding her knowledge in Cybersecurity, and DevSecOps.\",\"url\":\"https:\/\/gitprotect.io\/blog\/author\/daria-kulikova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitLab Shared Responsibility Model: A Guide to Collaborative Security - Blog | GitProtect.io","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/","og_locale":"en_US","og_type":"article","og_title":"GitLab Shared Responsibility Model: A Guide to Collaborative Security - Blog | GitProtect.io","og_description":"Read the full article and learn what duties organizations have within the GitLab Shared Responsibility Model. Find out how to reduce your obligations and improve your GitLab data protection. Test a GitLab backup solution for free during a 14-day trial period. GitLab is a popular DevSecOps and collaborative software development platform that enables businesses to automate software delivery, boost productivity, and secure end-to-end software supply chains. However, not everyone knows that like most SaaS service providers, GitLab operates according to the so-called Shared Responsibility Model (or Limited Liability Model).&nbsp;","og_url":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/","og_site_name":"Blog | GitProtect.io","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2023-11-16T12:22:28+00:00","article_modified_time":"2024-07-10T12:38:58+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg","type":"image\/jpeg"}],"author":"Daria Kulikova, Content Writer at GitProtect.io","twitter_card":"summary_large_image","twitter_creator":"@GitProtectio","twitter_site":"@GitProtectio","twitter_misc":{"Written by":"Daria Kulikova, Content Writer at GitProtect.io","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#article","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/"},"author":{"name":"Daria Kulikova, Content Writer at GitProtect.io","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3"},"headline":"GitLab Shared Responsibility Model: A Guide to Collaborative Security","datePublished":"2023-11-16T12:22:28+00:00","dateModified":"2024-07-10T12:38:58+00:00","mainEntityOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/"},"wordCount":1884,"publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg","articleSection":["GitLab"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/","url":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/","name":"GitLab Shared Responsibility Model: A Guide to Collaborative Security - Blog | GitProtect.io","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg","datePublished":"2023-11-16T12:22:28+00:00","dateModified":"2024-07-10T12:38:58+00:00","breadcrumb":{"@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#primaryimage","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/11\/GitLab-Shared-Responsibility-Model-black.jpg","width":1200,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/gitprotect.io\/blog\/gitlab-shared-responsibility-model-a-guide-to-collaborative-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/gitprotect.io\/blog\/"},{"@type":"ListItem","position":2,"name":"GitLab Shared Responsibility Model: A Guide to Collaborative Security"}]},{"@type":"WebSite","@id":"https:\/\/gitprotect.io\/blog\/#website","url":"https:\/\/gitprotect.io\/blog\/","name":"GitProtect.io Blog","description":"","publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gitprotect.io\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/gitprotect.io\/blog\/#organization","name":"GitProtect.io","url":"https:\/\/gitprotect.io\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","width":528,"height":528,"caption":"GitProtect.io"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/GitProtectio","https:\/\/www.linkedin.com\/company\/xopero-software\/","https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w"]},{"@type":"Person","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/6618fde5a7cf7e327fefa4f0035466d3","name":"Daria Kulikova, Content Writer at GitProtect.io","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2024\/09\/daria-kulikova-content-writer-at-gitprotect.io_avatar-96x96.jpg","caption":"Daria Kulikova, Content Writer at GitProtect.io"},"description":"Daria is a Content Specialist at GitProtect.io, who has a degree in linguistics and an extensive translation background in different areas, including technology, IT, economics, etc. She loves self-improvement, so when she is offline, it\u2019s easy to find her learning and expanding her knowledge in Cybersecurity, and DevSecOps.","url":"https:\/\/gitprotect.io\/blog\/author\/daria-kulikova\/"}]}},"_links":{"self":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/4523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/comments?post=4523"}],"version-history":[{"count":8,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/4523\/revisions"}],"predecessor-version":[{"id":5418,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/4523\/revisions\/5418"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media\/4528"}],"wp:attachment":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media?parent=4523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/categories?post=4523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/tags?post=4523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}