GitLab now has the ability to allow you to use compliance frameworks to label projects with specific compliance needs, then tie a set of security policies- both scan execution policies and merge request approvals, that will be enforced for projects with that compliance framework label.