Make a dedicated site on gitlab.com about security (make it bold) and about private repos. Some buzzwords: Countermeasures, security tracking, rate limiting, DDoS attacks, Backups... what do you do to ensure security, privacy or that nothing is lost? It's a littlebit in the dark. I would love to see comparisons between gitlab, bitbucket and github if possible (but I'm guessing that's not easy) or I would love to see somehow you take that extremely seriously for gitlab.com. I only have this gut feeling (I cannot exactly say why) that bitbucket and github feel more secure for private repos than gitlab because their business is dependent on security of hosting private repos. On gitlab.com the hosted private repos are a bonus and not the business of gitlab (because the real business is selling gitlab enterprise software and their support).

Just ask yourself and imagine this: You have a new start up company based on very valuable closed source but you entirely do not want to host my own gitlab etc. server. Which service would you use? I'm guessing it is bitbucket or github because they are offering "premium" private repos and have a good reputation (at least I do not know that a private repo there was once disclosed).

Creating a Security page on the site to explain your infosec policies would go a long way. I like that we're able to view previous disclosures [1] and active security issues [2], but I had to dig a bit to find them. Surface those.

[1] https://about.gitlab.com/vulnerability-acknowledgements/

[2] https://gitlab.com/gitlab-org/gitlab-ce/issues?label_name%5B...