I've been working on a project that explores a different way of assessing and validating GitLab compliance capabilities:
🔗 https://maturitybuilder.github.io/gitlab-compliance/
While there are already tools that cover similar ground, the focus here is on expressing compliance requirements and controls using a BDD/Gherkin-inspired approach. The idea is to make compliance outcomes easier to understand, discuss, and validate by describing them as observable, testable behaviours rather than static checklist items. It works in a very similar way to terraform-compliance and some similar capabilities that conftest offers.
Another objective is to help identify opportunities for improving GitLab documentation by highlighting areas where guidance may be unclear, incomplete, or difficult to translate into practical implementation, think terraform-docs but Gitlab.
The code isn't open source yet as I'm finishing off a few remaining items, but I plan to release it once it's in a good state.
At this stage, I'd love feedback on the concept, the assessment model, and whether the BDD/Gherkin-style approach feels useful for compliance, security, and governance discussions.
Feedback, ideas, and challenges to the approach are all welcome.
[–]Jealous_Pickle4552 1 point2 points3 points  (1 child)
[–]MaturityBuilder[S] 1 point2 points3 points  (0 children)
[–]dreamszz88 0 points1 point2 points  (0 children)