Better Health for All

GitLab Inc. provides a DevOps platform for software development, and its core products and services do not have a direct positive or negative impact on health outcomes. The provided article focuses on software development efficiency metrics such as time savings, cycle time reduction, and faster vulnerability detection. There is no evidence of revenue from products with negative health outcomes, nor are there direct safety implications for physical or mental health from its software. The company does not offer health-related products or services, engage in health equity programs, support healthcare workforce development, or conduct health education or research. While the platform contributes to a 17% boost in developer happiness scores, this is an indirect outcome of improved efficiency for its users rather than a direct mental health initiative or program.

The company's operations do not generate significant health externalities, nor does it collect or manage health-related data.

Fair Money & Economic Opportunity

GitLab Inc. is a software development company that provides a DevOps platform, not a financial institution.

The company generates revenue through subscriptions to its platform. As such, GitLab does not offer lending, deposit, or insurance services to consumers, nor does it manage customer financial data or provide consumer credit products. Therefore, all KPIs related to financial products, services, pricing, fees, debt, and financial inclusion initiatives are not applicable to GitLab's core business model. The rubric assigns a score of 0 for KPIs that do not apply to companies outside the financial services sector or those that do not offer consumer credit products.

Fair Pay & Worker Respect

GitLab's CEO to median employee pay ratio was 202:1 in 2025.

The company reported a pay ratio of 1.0032 for men to women in FY23, which translates to a women-to-men pay equity ratio of approximately 0.9968. The employee engagement score was 81% in FY23. The global voluntary turnover rate was 16% in FY23. 100% of full-time employees had access to benefits in both FY22 and FY23, which includes health insurance.

Honest & Fair Business

GitLab has a formal whistleblower protection policy that includes multiple reporting methods such as supervisors, the Chief Legal Officer, Audit Committee, Legal Team, Corporate Secretary, and 24/7 anonymous hotlines (EthicsPoint and Lighthouse Services) and an online portal.

The policy allows for anonymous reporting and includes retaliation prevention. Country-specific policies are also mentioned, applying where they offer greater protections, and toll-free numbers are provided for various regions. GitLab also has a comprehensive anti-corruption policy that prohibits bribery, kickbacks, and improper payments, emphasizing compliance with the Foreign Corrupt Practices Act (FCPA). It requires prior written approval from the Chief Legal Officer for facilitating payments, political, and charitable contributions, and mandates due diligence for third-party relationships. Violations can lead to disciplinary action, including termination.

Kind to Animals

GitLab Inc. is a software development company providing a web-based DevOps platform. Its core business model does not involve physical products, animal-derived ingredients, animal testing, animal agriculture, or direct impact on wildlife habitats. Therefore, all KPIs related to 'Kind to Animals' are not applicable to the company's operations. While one article mentions GitLab's platform being used for wildlife camera trap projects,

this does not constitute evidence of GitLab's own conservation initiatives or measurable biodiversity impact.

No War, No Weapons

GitLab disclosed apparent violations to BIS and OFAC in September 2019 for inadvertently exporting software to entities in embargoed countries and on denied parties lists.

This resulted in a Warning Letter from BIS and a Cautionary Letter from OFAC in early 2020. The company's policy prohibits users from exporting its software for end use involving sensitive nuclear, rocket systems, unmanned aerial vehicles, missiles, chemical, or biological weapons. However, there is no evidence of a broader ban on all conventional arms or small arms. While the company states users may not export for end use involving certain sensitive weapons, there is no independent audit or verification of zero exposure to controversial weapons.

Planet-Friendly Business

GitLab reported total Scope 1, 2, and 3 greenhouse gas emissions of 26,293 metric tons of CO2e for FY24.

The company is working to establish emission targets for FY25, but no SBTi-validated targets are currently in place. In FY24, GitLab conducted its first climate risk assessment and scenario analysis in alignment with the TCFD framework. This analysis covered 10 remote team member hotspots, considering physical hazards across multiple scenarios (SSP 5-8.5 and 2-4.5). GitLab purchased and retired 8,580 tonnes of carbon removal credits for a reforestation program in FY24. The company allocated 0.5% of its annual revenue to environmental sustainability projects in 2023. GitLab assessed the climate maturity of its top 5 suppliers by spend and engaged its top 20 suppliers by spend who are not disclosing emissions data, asking them to measure and share data publicly. 90% of AWS global data centers' energy, which GitLab utilizes, was from renewables in 2023.

Safe & Smart Tech

GitLab has established AI Ethics Principles for Product Development and an AI Continuity Plan, along with documentation on AI features and model vendors.

The company holds SOC 2 Type 2, ISO/IEC 27001:2022, ISO/IEC 27017:2015, and ISO/IEC 27018:2019 certifications, and is a CSA Trusted Cloud Provider. In 2024, GitLab's bug bounty program awarded over US$1 million in bounties, receiving 1,440 reports from 457 researchers. The company takes a transparency- and privacy-first approach, guided by its AI Ethics Principles. GitLab offers various security testing types, including SAST and DAST. Documentation on AI model vendors' retention periods is available. GitLab is compliant with GDPR, and CISA has mandated remediation for Federal Civilian Executive Branch agencies regarding a critical vulnerability. A critical security vulnerability (CVE-2023-7028) in GitLab, rated CVSS 10, is actively exploited, allowing attackers to reset passwords and take over accounts. Multi-factor authentication (MFA) is highlighted as a crucial countermeasure against password resets. GitLab provides documentation on AI features, intended purposes, models used, data usage, and vendor retention periods. The company has a Privacy Statement regarding user data control.

Zero Waste & Sustainable Products

The provided articles do not contain specific quantitative data or concrete facts related to any of the KPIs under the 'Zero Waste & Sustainable Products' value.

Information regarding waste diversion rates, product recyclability, packaging sustainability, recycled content, single-use plastic reduction, take-back programs, circular design principles, waste reduction initiatives, hazardous waste management, product durability, repairability, waste audit frequency, zero waste certification, waste disposal violations, material efficiency, packaging-to-product ratio, waste reduction targets, supplier waste requirements, or customer waste education is not available in the provided evidence.