Skip to content
GitLab

Comparison of GitLab self-managed with GitLab SaaS

GitLab SaaS is the largest hosted instance of GitLab in the world, managed by an all-remote team that knows GitLab best. With GitLab SaaS, updates, maintenance, and patches are all performed by this team.

Self-managed GitLab gives you a deeper breadth of control over many of the functions and systems of the application.

Administration

In GitLab SaaS, administration tasks are limited compared to a self-managed application.

In a self-managed instance:

  • You have complete access and administrative control over the application, including the Admin Area.
  • You can impersonate, create, add, and remove users.
  • You can assign the Auditor user type and External role.

On GitLab SaaS:

  • You have limited administrative control. For example, you cannot impersonate, create, add, or remove users.
  • You cannot access the Admin Area.
  • You cannot assign the Auditor user type and External role.

Logs

Logs give insight into your processes and can help GitLab Support maintain your application and resolve problems.

In a self-managed instance:

  • You have full access to system logs.

On GitLab SaaS:

Runners

Runners are available for both SaaS and self-managed applications.

In a self-managed instance, your runner availability and options are broader, but there are more security concerns to consider.

On GitLab SaaS:

  • Private runners are available for GitLab SaaS groups and projects.
  • Shared runners provided by GitLab SaaS are not configurable. Each runner instance is used once for only one job, ensuring any sensitive data left on the system is destroyed after the job is complete.
  • Shared runners are subject to usage limits and are plan specific.

Custom Git hooks

In a self-managed instance you can use any custom Git hooks.

On GitLab SaaS:

  • SaaS users do not have access to the file system, and cannot use custom Git hooks.
  • You can use webhooks as an alternative.

API and GraphQL

In a self-managed instance, users can access all API endpoints, including those that require instance admin permissions.

On GitLab SaaS:

  • SaaS users have access to all of the API endpoints except those that require instance admin permissions.
  • Only authorized GitLab engineers have administrative access.

Authentication

In a self-managed instance:

  • You can use an internal encryption key for your data store.
  • You can view console logs.
  • You can enforce jobs on every pipeline across the group or organization.
  • You have control over your data backup.
  • You can use the Interactive Web Terminal for shared runners.

On GitLab SaaS:

  • You cannot use internal encryption key for the data store (bring-your-own-key).
  • You cannot view console logs.
  • You cannot enforce jobs on every pipeline across the group or organization.
  • You cannot configure or control data backups. You must use group and project export.
  • The Interactive Web Terminal is not available for shared runners.

Public or private projects

Project privacy is different when using a self-managed application or GitLab SaaS.

In a self-managed instance, you control who can view your projects.

On GitLab SaaS:

  • The GitLab SaaS instance is open to the public.
  • When your projects are set as Public, they are open to everyone on the public internet.

Encryption

In a self-managed instance, you control the encryption type and configuration.

On GitLab SaaS:

  • An Access Management Process is in place.
  • All data on GitLab.com is encrypted at rest by default. Access to encryption keys is strictly managed by GitLab.
  • GitLab does not access your tenant data except as part of a verified service request from you.

Support

In a self-managed instance:

  • You can access any of your back-end systems.
  • Our Support team can request logs to assist you.

On GitLab SaaS:

  • For your privacy and security, there is no public access to GitLab back-end systems.
  • Support staff work with Site Reliability Engineers to support the infrastructure.
  • GitLab Support can access instance logs and view projects, as well as impersonate users. The Support Team can access your logs.