[{"data":1,"prerenderedAt":816},["ShallowReactive",2],{"/en-us/blog/gitlab-18-7-advancing-ai-automation":3,"navigation-en-us":40,"banner-en-us":450,"footer-en-us":460,"blog-post-authors-en-us-Bill Staples":701,"blog-related-posts-en-us-gitlab-18-7-advancing-ai-automation":715,"blog-promotions-en-us":754,"next-steps-en-us":806},{"id":4,"title":5,"authorSlugs":6,"authors":8,"body":10,"category":11,"categorySlug":11,"config":12,"content":16,"date":20,"description":18,"extension":25,"externalUrl":26,"featured":13,"heroImage":17,"isFeatured":13,"meta":27,"navigation":13,"path":28,"publishedDate":20,"rawbody":29,"seo":30,"slug":15,"stem":34,"tagSlugs":35,"tags":38,"template":14,"updatedDate":26,"__hash__":39},"blogPosts/en-us/blog/gitlab-18-7-advancing-ai-automation.yml","GitLab 18.7: Advancing AI automation, governance, and developer experience",[7],"bill-staples",[9],"Bill Staples","\nGitLab 18.7 delivers development, operations, and security capabilities that strengthen control, improve consistency, and build confidence as teams integrate AI further into their workflows. These improvements arrive as GitLab approaches a major milestone. GitLab Duo Agent Platform will reach general availability in January 2026 with our 18.8 release, pending we continue to meet the exceptionally high quality standards we set for ourselves in service to our customers worldwide across all industries.\n\nGitLab Duo Agent Platform's GA is designed to introduce a unified, governed way for organizations to orchestrate agentic AI across their software lifecycle. With foundational agents, custom agents, and automated flows working together inside GitLab, teams will be able to adopt agentic workflows that help accelerate work while staying aligned to organizational standards. At GA, we also plan to include expanded AI Catalog functionality, stronger administrative controls, reliability enhancements, and a flexible usage-based billing model designed to provide flexibility for agentic AI usage across many roles and projects.\n\nThe [18.7 release](https://docs.gitlab.com/releases/18/gitlab-18-7-released/) adds important building blocks to support GitLab Duo Agent Platform’s upcoming GA. New automation features, stronger governance controls, and enhancements across security and pipeline authoring help teams streamline their work and lay the groundwork for an even more reliable agentic experience in 18.8 and beyond.\n\n\u003Ciframe src=\"https://player.vimeo.com/video/1143231947?badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"18.7 First Look)\">\u003C/iframe>\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>\n\n\n> On February 10, 2026, we will host [a global event](https://about.gitlab.com/events/transcend/virtual/) that brings our vision of GitLab as the intelligent orchestration platform to life, where software teams and their AI agents stay in flow. You will hear how customers are tackling the [AI paradox in software delivery](https://about.gitlab.com/developer-survey/), see intelligent orchestration in action across DevSecOps workflows, and get a jump start on what this next chapter means for your own modernization journey. [Reserve your spot](https://about.gitlab.com/events/transcend/virtual/) to see how GitLab’s next chapter comes together.\n\n**Here's what is new in 18.7:**\n\n## GitLab Duo Agent Platform\n\nAs more teams bring AI into their development and security workflows, GitLab continues to focus on making adoption powerful and predictable. The updates in 18.7 strengthen the foundation for guided, governed AI experiences that will become fully realized when GitLab Duo Agent Platform reaches GA, as planned for 18.8.\n\n[**Custom Flows**](https://docs.gitlab.com/user/duo_agent_platform/flows/custom/)\n\nCustom Flows introduce a new way for teams to automate multistep workflows using YAML-defined sequences that orchestrate agents to complete repetitive development tasks. Custom Flows help eliminate manual effort for scenarios that follow predictable patterns — such as diagnosing and fixing failed pipelines, updating dependencies, or running policy checks when reviewers are assigned. Instead of handling these tasks interactively, teams can define flows that automatically trigger from GitLab events like mentions and assignments. This capability supports developers who want tailored automations for their own projects, as well as administrators who need consistent, organization-wide workflows for compliance and operational efficiency.\n\n[**SAST False Positive Detection Flow**](https://docs.gitlab.com/user/duo_agent_platform/flows/foundational_flows/sast_false_positive_detection/)\n\nAI-powered false positive management for Static Application Security Testing (SAST) works to introduce a faster, more accurate way for teams to assess and act on potential false positives. GitLab now uses AI to help identify which findings may be false positives earlier in the review process, reducing the time developers and security teams spend triaging noise. Users can see an overview of how many vulnerabilities may warrant review, track their analysis progress, and dismiss false positives directly from the vulnerability report. Once dismissed, these findings stay dismissed across future pipelines and continue to reflect the correct dismissed status in merge request widgets. This assists with a consistent and reliable signal as code evolves and helps teams focus on real risks, streamline remediation, and cut down on unnecessary security review cycles.\n\n[**Custom Agent Versioning**](https://docs.gitlab.com/user/duo_agent_platform/ai_catalog/#agent-and-flow-versions)\n\nCustom Agent Versioning gives teams control over which version of an AI Catalog agent or flow they use in their projects. Instead of automatically inheriting updates from the creator, GitLab now pins each project to the exact version of the agent and flow enabled for the team. This helps prevent breaking changes, security risks, and workflow disruptions, especially in production pipelines or security-sensitive environments. Teams can upgrade when they choose, test new versions in staging before promoting them, and clearly see which version is running to avoid confusion. It also enables safer customization by letting users fork an agent at a specific version and evolve it independently. The result is a more predictable, stable, and secure way to adopt custom agents across development and CI/CD workflows.\n\n[**New Settings for Foundational Agents**](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/#turn-foundational-agents-on-or-off)\n\nAdmins now have the ability to turn [foundational agents](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/) on or off, giving teams greater control over how AI is used across their organization. With this update, admins can enable or disable these agents at the instance or group level, choose default availability, and control how new agents are introduced while still providing access to the core agent. The result is more flexible AI adoption with the governance, consistency, and control enterprise teams need.\n\n[**Data Analyst Agent**](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/data_analyst/)\n\nThe Data Analyst Agent gives teams a simple way to explore GitLab data using natural language, automatically generating [GitLab Query Language](https://docs.gitlab.com/user/glql/) (GLQL)  queries, retrieving relevant information, and presenting clear insights without requiring dashboards or manual query writing. Users can analyze work volume, understand team activity, identify development trends, monitor issue and merge request status, and quickly discover work items by labels, authors, milestones, or other criteria. It also creates reusable GLQL queries that can be embedded anywhere GitLab Flavored Markdown is supported, making it easier to share findings and answer everyday questions about project activity directly within GitLab.\n\n## Core DevOps\n\nInnovations with GitLab Duo Agent Platform are most effective when the underlying DevOps experience is equally streamlined and dependable. The improvements in 18.7 to core GitLab workflows help ensure that automation, pipelines, and reusable components operate with highest levels of clarity and consistency.\n\n[**Dynamic Input Selection in GitLab Pipelines**](https://docs.gitlab.com/ci/inputs/#define-conditional-input-options-with-specinputsrules)\n\nDynamic Input Selection in GitLab Pipelines introduces a more intuitive way to trigger pipelines through dynamic, cascading dropdown fields in the GitLab UI. This allows cross-functional teams to run pipelines without editing YAML or relying on developers, while ensuring that only valid, context-aware options are shown as they make selections. The feature supports complex workflows, assists with reducing misconfigured runs, and removes a key blocker for teams migrating from Jenkins Active Choice, helping organizations standardize their CI/CD processes entirely on GitLab.\n\n[**CI/CD Catalog Publication Guardrails**](https://docs.gitlab.com/ci/components/)\n\nAdministrators of GitLab Self-Managed and GitLab Dedicated can now control which projects are allowed to publish components to the CI/CD Catalog. This new setting helps organizations maintain a curated, trusted ecosystem by ensuring only approved sources can add components. It strengthens governance for enterprise customers who want to preserve control over their CI/CD landscape while still enabling teams to discover and reuse sanctioned components.\n\n## Platform Security\n\nAs automation and pipeline workflows become more efficient, it remains essential that teams maintain strong visibility and control over how code changes meet organizational standards. The Platform Security update in 18.7 reinforces this balance by giving teams a more flexible way to introduce and refine policy guidance without interrupting delivery.\n\n[**Warn Mode for MR Approval Policies**](https://docs.gitlab.com/user/application_security/policies/merge_request_approval_policies/#warn-mode)\n\nWarn Mode for MR Approval Policies allows violations to be surfaced without blocking merges, giving teams a lower-friction way to introduce or adjust policies while assessing their impact before full enforcement. It also supports a guidance-based approach, where developers can review or dismiss violations with all actions audited to help AppSec refine policy effectiveness. Beyond merge requests, violations already present or introduced into the default branch now appear with a visual badge in the [Vulnerability Report](https://docs.gitlab.com/user/application_security/vulnerability_report/), making it easier to identify and prioritize issues that break policy.\n\n## Elevating how teams build, secure, and deliver software\n\nThe 18.7 release is about strengthening the foundation for reliable, flexible automation across your GitLab environment.\n\n\u003Ciframe src=\"https://player.vimeo.com/video/1147756347?badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"18.7 Demo V3\">\u003C/iframe>\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>\n\nGitLab Premium and Ultimate users can start using these capabilities today on [GitLab.com](https://GitLab.com) and self-managed environments, with availability for GitLab Dedicated customers planned for next month.\n\nGitLab Duo Agent Platform is currently in **beta** — enable beta and experimental features to experience how full-context AI can transform the way your teams build software. New to GitLab? [Start your free trial](https://about.gitlab.com/free-trial/devsecops/) and see why the future of development is AI-powered, secure, and orchestrated through the world’s most comprehensive DevSecOps platform.\n\n***Note:** Platform capabilities that are in beta are available as part of the GitLab Beta program. They are free to use during the beta period, and when generally available, they will be made available with a paid add-on option for GitLab Duo Agent Platform.*\n\n### Stay up to date with GitLab\n\nTo make sure you’re getting the latest features, security updates, and performance improvements, we recommend keeping your GitLab instance up to date. The following resources can help you plan and complete your upgrade:\n\n* [Upgrade Path Tool](https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/) – enter your current version and see the exact upgrade steps for your instance\n* [Upgrade Documentation](https://docs.gitlab.com/update/upgrade_paths/) – detailed guides for each supported version, including requirements, step-by-step instructions, and best practices\n\nBy upgrading regularly, you’ll ensure your team benefits from the newest GitLab capabilities and remains secure and supported.\n\nFor organizations that want a hands-off approach, consider [GitLab’s Managed Maintenance service](https://content.gitlab.com/viewer/d1fe944dddb06394e6187f0028f010ad#1). With Managed Maintenance, your team stays focused on innovation while GitLab experts keep your Self-Managed instance reliably upgraded, secure, and ready to lead in DevSecOps. Ask your account manager for more information.\n\n*This blog post contains \"forward‑looking statements\" within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934. Although we believe that the expectations reflected in these statements are reasonable, they are subject to known and unknown risks, uncertainties, assumptions and other factors that may cause actual results or outcomes to differ materially. Further information on these risks and other factors is included under the caption \"Risk Factors\" in our filings with the SEC. We do not undertake any obligation to update or revise these statements after the date of this blog post, except as required by law.*\n\n\n","product",{"featured":13,"template":14,"slug":15},true,"BlogPost","gitlab-18-7-advancing-ai-automation",{"heroImage":17,"title":5,"description":18,"authors":19,"date":20,"body":10,"category":11,"tags":21},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1766061346/qky0m84chjftwmyk4kml.png","GitLab 18.7 adds new automation, pipeline controls, and policy updates to help teams reduce manual work, simplify processes, and deliver safer releases.",[9],"2025-12-18",[11,22,23,24],"AI/ML","CI/CD","security","yml",null,{},"/en-us/blog/gitlab-18-7-advancing-ai-automation","seo:\n  config:\n    noIndex: false\n  title: 'GitLab 18.7: Advancing AI automation and developer experience'\n  ogImage: https://res.cloudinary.com/about-gitlab-com/image/upload/v1766061346/qky0m84chjftwmyk4kml.png\n  description: GitLab 18.7 adds new automation, pipeline controls, and policy\n    updates to help teams reduce manual work, simplify processes, and deliver\n    safer releases.\ncontent:\n  heroImage: https://res.cloudinary.com/about-gitlab-com/image/upload/v1766061346/qky0m84chjftwmyk4kml.png\n  title: 'GitLab 18.7: Advancing AI automation, governance, and developer experience'\n  description: GitLab 18.7 adds new automation, pipeline controls, and policy\n    updates to help teams reduce manual work, simplify processes, and deliver\n    safer releases.\n  authors:\n    - Bill Staples\n  date: 2025-12-18\n  body: >+\n\n    GitLab 18.7 delivers development, operations, and security capabilities that strengthen control, improve consistency, and build confidence as teams integrate AI further into their workflows. These improvements arrive as GitLab approaches a major milestone. GitLab Duo Agent Platform will reach general availability in January 2026 with our 18.8 release, pending we continue to meet the exceptionally high quality standards we set for ourselves in service to our customers worldwide across all industries.\n\n\n    GitLab Duo Agent Platform's GA is designed to introduce a unified, governed way for organizations to orchestrate agentic AI across their software lifecycle. With foundational agents, custom agents, and automated flows working together inside GitLab, teams will be able to adopt agentic workflows that help accelerate work while staying aligned to organizational standards. At GA, we also plan to include expanded AI Catalog functionality, stronger administrative controls, reliability enhancements, and a flexible usage-based billing model designed to provide flexibility for agentic AI usage across many roles and projects.\n\n\n    The [18.7 release](https://docs.gitlab.com/releases/18/gitlab-18-7-released/) adds important building blocks to support GitLab Duo Agent Platform’s upcoming GA. New automation features, stronger governance controls, and enhancements across security and pipeline authoring help teams streamline their work and lay the groundwork for an even more reliable agentic experience in 18.8 and beyond.\n\n\n    \u003Ciframe src=\"https://player.vimeo.com/video/1143231947?badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"18.7 First Look)\">\u003C/iframe>\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>\n\n\n\n    > On February 10, 2026, we will host [a global event](https://about.gitlab.com/events/transcend/virtual/) that brings our vision of GitLab as the intelligent orchestration platform to life, where software teams and their AI agents stay in flow. You will hear how customers are tackling the [AI paradox in software delivery](https://about.gitlab.com/developer-survey/), see intelligent orchestration in action across DevSecOps workflows, and get a jump start on what this next chapter means for your own modernization journey. [Reserve your spot](https://about.gitlab.com/events/transcend/virtual/) to see how GitLab’s next chapter comes together.\n\n\n    **Here's what is new in 18.7:**\n\n\n    ## GitLab Duo Agent Platform\n\n\n    As more teams bring AI into their development and security workflows, GitLab continues to focus on making adoption powerful and predictable. The updates in 18.7 strengthen the foundation for guided, governed AI experiences that will become fully realized when GitLab Duo Agent Platform reaches GA, as planned for 18.8.\n\n\n    [**Custom Flows**](https://docs.gitlab.com/user/duo_agent_platform/flows/custom/)\n\n\n    Custom Flows introduce a new way for teams to automate multistep workflows using YAML-defined sequences that orchestrate agents to complete repetitive development tasks. Custom Flows help eliminate manual effort for scenarios that follow predictable patterns — such as diagnosing and fixing failed pipelines, updating dependencies, or running policy checks when reviewers are assigned. Instead of handling these tasks interactively, teams can define flows that automatically trigger from GitLab events like mentions and assignments. This capability supports developers who want tailored automations for their own projects, as well as administrators who need consistent, organization-wide workflows for compliance and operational efficiency.\n\n\n    [**SAST False Positive Detection Flow**](https://docs.gitlab.com/user/duo_agent_platform/flows/foundational_flows/sast_false_positive_detection/)\n\n\n    AI-powered false positive management for Static Application Security Testing (SAST) works to introduce a faster, more accurate way for teams to assess and act on potential false positives. GitLab now uses AI to help identify which findings may be false positives earlier in the review process, reducing the time developers and security teams spend triaging noise. Users can see an overview of how many vulnerabilities may warrant review, track their analysis progress, and dismiss false positives directly from the vulnerability report. Once dismissed, these findings stay dismissed across future pipelines and continue to reflect the correct dismissed status in merge request widgets. This assists with a consistent and reliable signal as code evolves and helps teams focus on real risks, streamline remediation, and cut down on unnecessary security review cycles.\n\n\n    [**Custom Agent Versioning**](https://docs.gitlab.com/user/duo_agent_platform/ai_catalog/#agent-and-flow-versions)\n\n\n    Custom Agent Versioning gives teams control over which version of an AI Catalog agent or flow they use in their projects. Instead of automatically inheriting updates from the creator, GitLab now pins each project to the exact version of the agent and flow enabled for the team. This helps prevent breaking changes, security risks, and workflow disruptions, especially in production pipelines or security-sensitive environments. Teams can upgrade when they choose, test new versions in staging before promoting them, and clearly see which version is running to avoid confusion. It also enables safer customization by letting users fork an agent at a specific version and evolve it independently. The result is a more predictable, stable, and secure way to adopt custom agents across development and CI/CD workflows.\n\n\n    [**New Settings for Foundational Agents**](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/#turn-foundational-agents-on-or-off)\n\n\n    Admins now have the ability to turn [foundational agents](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/) on or off, giving teams greater control over how AI is used across their organization. With this update, admins can enable or disable these agents at the instance or group level, choose default availability, and control how new agents are introduced while still providing access to the core agent. The result is more flexible AI adoption with the governance, consistency, and control enterprise teams need.\n\n\n    [**Data Analyst Agent**](https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/data_analyst/)\n\n\n    The Data Analyst Agent gives teams a simple way to explore GitLab data using natural language, automatically generating [GitLab Query Language](https://docs.gitlab.com/user/glql/) (GLQL)  queries, retrieving relevant information, and presenting clear insights without requiring dashboards or manual query writing. Users can analyze work volume, understand team activity, identify development trends, monitor issue and merge request status, and quickly discover work items by labels, authors, milestones, or other criteria. It also creates reusable GLQL queries that can be embedded anywhere GitLab Flavored Markdown is supported, making it easier to share findings and answer everyday questions about project activity directly within GitLab.\n\n\n    ## Core DevOps\n\n\n    Innovations with GitLab Duo Agent Platform are most effective when the underlying DevOps experience is equally streamlined and dependable. The improvements in 18.7 to core GitLab workflows help ensure that automation, pipelines, and reusable components operate with highest levels of clarity and consistency.\n\n\n    [**Dynamic Input Selection in GitLab Pipelines**](https://docs.gitlab.com/ci/inputs/#define-conditional-input-options-with-specinputsrules)\n\n\n    Dynamic Input Selection in GitLab Pipelines introduces a more intuitive way to trigger pipelines through dynamic, cascading dropdown fields in the GitLab UI. This allows cross-functional teams to run pipelines without editing YAML or relying on developers, while ensuring that only valid, context-aware options are shown as they make selections. The feature supports complex workflows, assists with reducing misconfigured runs, and removes a key blocker for teams migrating from Jenkins Active Choice, helping organizations standardize their CI/CD processes entirely on GitLab.\n\n\n    [**CI/CD Catalog Publication Guardrails**](https://docs.gitlab.com/ci/components/)\n\n\n    Administrators of GitLab Self-Managed and GitLab Dedicated can now control which projects are allowed to publish components to the CI/CD Catalog. This new setting helps organizations maintain a curated, trusted ecosystem by ensuring only approved sources can add components. It strengthens governance for enterprise customers who want to preserve control over their CI/CD landscape while still enabling teams to discover and reuse sanctioned components.\n\n\n    ## Platform Security\n\n\n    As automation and pipeline workflows become more efficient, it remains essential that teams maintain strong visibility and control over how code changes meet organizational standards. The Platform Security update in 18.7 reinforces this balance by giving teams a more flexible way to introduce and refine policy guidance without interrupting delivery.\n\n\n    [**Warn Mode for MR Approval Policies**](https://docs.gitlab.com/user/application_security/policies/merge_request_approval_policies/#warn-mode)\n\n\n    Warn Mode for MR Approval Policies allows violations to be surfaced without blocking merges, giving teams a lower-friction way to introduce or adjust policies while assessing their impact before full enforcement. It also supports a guidance-based approach, where developers can review or dismiss violations with all actions audited to help AppSec refine policy effectiveness. Beyond merge requests, violations already present or introduced into the default branch now appear with a visual badge in the [Vulnerability Report](https://docs.gitlab.com/user/application_security/vulnerability_report/), making it easier to identify and prioritize issues that break policy.\n\n\n    ## Elevating how teams build, secure, and deliver software\n\n\n    The 18.7 release is about strengthening the foundation for reliable, flexible automation across your GitLab environment.\n\n\n    \u003Ciframe src=\"https://player.vimeo.com/video/1147756347?badge=0&autopause=0&player_id=0&app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"18.7 Demo V3\">\u003C/iframe>\u003Cscript src=\"https://player.vimeo.com/api/player.js\">\u003C/script>\n\n\n    GitLab Premium and Ultimate users can start using these capabilities today on [GitLab.com](https://GitLab.com) and self-managed environments, with availability for GitLab Dedicated customers planned for next month.\n\n\n    GitLab Duo Agent Platform is currently in **beta** — enable beta and experimental features to experience how full-context AI can transform the way your teams build software. New to GitLab? [Start your free trial](https://about.gitlab.com/free-trial/devsecops/) and see why the future of development is AI-powered, secure, and orchestrated through the world’s most comprehensive DevSecOps platform.\n\n\n    ***Note:** Platform capabilities that are in beta are available as part of the GitLab Beta program. They are free to use during the beta period, and when generally available, they will be made available with a paid add-on option for GitLab Duo Agent Platform.*\n\n\n    ### Stay up to date with GitLab\n\n\n    To make sure you’re getting the latest features, security updates, and performance improvements, we recommend keeping your GitLab instance up to date. The following resources can help you plan and complete your upgrade:\n\n\n    * [Upgrade Path Tool](https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/) – enter your current version and see the exact upgrade steps for your instance\n\n    * [Upgrade Documentation](https://docs.gitlab.com/update/upgrade_paths/) – detailed guides for each supported version, including requirements, step-by-step instructions, and best practices\n\n\n    By upgrading regularly, you’ll ensure your team benefits from the newest GitLab capabilities and remains secure and supported.\n\n\n    For organizations that want a hands-off approach, consider [GitLab’s Managed Maintenance service](https://content.gitlab.com/viewer/d1fe944dddb06394e6187f0028f010ad#1). With Managed Maintenance, your team stays focused on innovation while GitLab experts keep your Self-Managed instance reliably upgraded, secure, and ready to lead in DevSecOps. Ask your account manager for more information.\n\n\n    *This blog post contains \"forward‑looking statements\" within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934. Although we believe that the expectations reflected in these statements are reasonable, they are subject to known and unknown risks, uncertainties, assumptions and other factors that may cause actual results or outcomes to differ materially. Further information on these risks and other factors is included under the caption \"Risk Factors\" in our filings with the SEC. We do not undertake any obligation to update or revise these statements after the date of this blog post, except as required by law.*\n\n\n  category: product\n  tags:\n    - product\n    - AI/ML\n    - CI/CD\n    - security\nconfig:\n  featured: true\n  template: BlogPost\n  slug: gitlab-18-7-advancing-ai-automation\n",{"config":31,"title":33,"ogImage":17,"description":18},{"noIndex":32},false,"GitLab 18.7: Advancing AI automation and developer experience","en-us/blog/gitlab-18-7-advancing-ai-automation",[11,36,37,24],"aiml","cicd",[11,22,23,24],"fKS5ASDTdSMpwXqhsEcUy4EGpA-o_7ZqgU1Jmne3oKE",{"data":41},{"logo":42,"freeTrial":47,"sales":52,"login":57,"items":62,"search":370,"minimal":401,"duo":420,"switchNav":429,"pricingDeployment":440},{"config":43},{"href":44,"dataGaName":45,"dataGaLocation":46},"/","gitlab logo","header",{"text":48,"config":49},"Get free trial",{"href":50,"dataGaName":51,"dataGaLocation":46},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":53,"config":54},"Talk to sales",{"href":55,"dataGaName":56,"dataGaLocation":46},"/sales/","sales",{"text":58,"config":59},"Sign in",{"href":60,"dataGaName":61,"dataGaLocation":46},"https://gitlab.com/users/sign_in/","sign in",[63,90,184,189,291,351],{"text":64,"config":65,"cards":67},"Platform",{"dataNavLevelOne":66},"platform",[68,74,82],{"title":64,"description":69,"link":70},"The intelligent orchestration platform for DevSecOps",{"text":71,"config":72},"Explore our Platform",{"href":73,"dataGaName":66,"dataGaLocation":46},"/platform/",{"title":75,"description":76,"link":77},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":78,"config":79},"Meet GitLab Duo",{"href":80,"dataGaName":81,"dataGaLocation":46},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":83,"description":84,"link":85},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":86,"config":87},"Learn more",{"href":88,"dataGaName":89,"dataGaLocation":46},"/why-gitlab/","why gitlab",{"text":91,"left":13,"config":92,"link":94,"lists":98,"footer":166},"Product",{"dataNavLevelOne":93},"solutions",{"text":95,"config":96},"View all Solutions",{"href":97,"dataGaName":93,"dataGaLocation":46},"/solutions/",[99,122,145],{"title":100,"description":101,"link":102,"items":107},"Automation","CI/CD and automation to accelerate deployment",{"config":103},{"icon":104,"href":105,"dataGaName":106,"dataGaLocation":46},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[108,111,114,118],{"text":23,"config":109},{"href":110,"dataGaLocation":46,"dataGaName":23},"/solutions/continuous-integration/",{"text":75,"config":112},{"href":80,"dataGaLocation":46,"dataGaName":113},"gitlab duo agent platform - product menu",{"text":115,"config":116},"Source Code Management",{"href":117,"dataGaLocation":46,"dataGaName":115},"/solutions/source-code-management/",{"text":119,"config":120},"Automated Software Delivery",{"href":105,"dataGaLocation":46,"dataGaName":121},"Automated software delivery",{"title":123,"description":124,"link":125,"items":130},"Security","Deliver code faster without compromising security",{"config":126},{"href":127,"dataGaName":128,"dataGaLocation":46,"icon":129},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[131,135,140],{"text":132,"config":133},"Application Security Testing",{"href":127,"dataGaName":134,"dataGaLocation":46},"Application security testing",{"text":136,"config":137},"Software Supply Chain Security",{"href":138,"dataGaLocation":46,"dataGaName":139},"/solutions/supply-chain/","Software supply chain security",{"text":141,"config":142},"Software Compliance",{"href":143,"dataGaName":144,"dataGaLocation":46},"/solutions/software-compliance/","software compliance",{"title":146,"link":147,"items":152},"Measurement",{"config":148},{"icon":149,"href":150,"dataGaName":151,"dataGaLocation":46},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[153,157,161],{"text":154,"config":155},"Visibility & Measurement",{"href":150,"dataGaLocation":46,"dataGaName":156},"Visibility and Measurement",{"text":158,"config":159},"Value Stream Management",{"href":160,"dataGaLocation":46,"dataGaName":158},"/solutions/value-stream-management/",{"text":162,"config":163},"Analytics & Insights",{"href":164,"dataGaLocation":46,"dataGaName":165},"/solutions/analytics-and-insights/","Analytics and insights",{"title":167,"items":168},"GitLab for",[169,174,179],{"text":170,"config":171},"Enterprise",{"href":172,"dataGaLocation":46,"dataGaName":173},"/enterprise/","enterprise",{"text":175,"config":176},"Small Business",{"href":177,"dataGaLocation":46,"dataGaName":178},"/small-business/","small business",{"text":180,"config":181},"Public Sector",{"href":182,"dataGaLocation":46,"dataGaName":183},"/solutions/public-sector/","public sector",{"text":185,"config":186},"Pricing",{"href":187,"dataGaName":188,"dataGaLocation":46,"dataNavLevelOne":188},"/pricing/","pricing",{"text":190,"config":191,"link":193,"lists":197,"feature":282},"Resources",{"dataNavLevelOne":192},"resources",{"text":194,"config":195},"View all resources",{"href":196,"dataGaName":192,"dataGaLocation":46},"/resources/",[198,231,254],{"title":199,"items":200},"Getting started",[201,206,211,216,221,226],{"text":202,"config":203},"Install",{"href":204,"dataGaName":205,"dataGaLocation":46},"/install/","install",{"text":207,"config":208},"Quick start guides",{"href":209,"dataGaName":210,"dataGaLocation":46},"/get-started/","quick setup checklists",{"text":212,"config":213},"Learn",{"href":214,"dataGaLocation":46,"dataGaName":215},"https://university.gitlab.com/","learn",{"text":217,"config":218},"Product documentation",{"href":219,"dataGaName":220,"dataGaLocation":46},"https://docs.gitlab.com/","product documentation",{"text":222,"config":223},"Best practice videos",{"href":224,"dataGaName":225,"dataGaLocation":46},"/getting-started-videos/","best practice videos",{"text":227,"config":228},"Integrations",{"href":229,"dataGaName":230,"dataGaLocation":46},"/integrations/","integrations",{"title":232,"items":233},"Discover",[234,239,244,249],{"text":235,"config":236},"Customer success stories",{"href":237,"dataGaName":238,"dataGaLocation":46},"/customers/","customer success stories",{"text":240,"config":241},"Blog",{"href":242,"dataGaName":243,"dataGaLocation":46},"/blog/","blog",{"text":245,"config":246},"The Source",{"href":247,"dataGaName":248,"dataGaLocation":46},"/the-source/","the source",{"text":250,"config":251},"Remote",{"href":252,"dataGaName":253,"dataGaLocation":46},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":255,"items":256},"Connect",[257,262,267,272,277],{"text":258,"config":259},"GitLab Services",{"href":260,"dataGaName":261,"dataGaLocation":46},"/services/","services",{"text":263,"config":264},"Community",{"href":265,"dataGaName":266,"dataGaLocation":46},"/community/","community",{"text":268,"config":269},"Forum",{"href":270,"dataGaName":271,"dataGaLocation":46},"https://forum.gitlab.com/","forum",{"text":273,"config":274},"Events",{"href":275,"dataGaName":276,"dataGaLocation":46},"/events/","events",{"text":278,"config":279},"Partners",{"href":280,"dataGaName":281,"dataGaLocation":46},"/partners/","partners",{"textColor":283,"title":284,"text":285,"link":286},"#000","What’s new in GitLab","Stay updated with our latest features and improvements.",{"text":287,"config":288},"Read the latest",{"href":289,"dataGaName":290,"dataGaLocation":46},"/releases/whats-new/","whats new",{"text":292,"config":293,"lists":295},"Company",{"dataNavLevelOne":294},"company",[296],{"items":297},[298,303,309,311,316,321,326,331,336,341,346],{"text":299,"config":300},"About",{"href":301,"dataGaName":302,"dataGaLocation":46},"/company/","about",{"text":304,"config":305,"footerGa":308},"Jobs",{"href":306,"dataGaName":307,"dataGaLocation":46},"/jobs/","jobs",{"dataGaName":307},{"text":273,"config":310},{"href":275,"dataGaName":276,"dataGaLocation":46},{"text":312,"config":313},"Leadership",{"href":314,"dataGaName":315,"dataGaLocation":46},"/company/team/e-group/","leadership",{"text":317,"config":318},"Team",{"href":319,"dataGaName":320,"dataGaLocation":46},"/company/team/","team",{"text":322,"config":323},"Handbook",{"href":324,"dataGaName":325,"dataGaLocation":46},"https://handbook.gitlab.com/","handbook",{"text":327,"config":328},"Investor relations",{"href":329,"dataGaName":330,"dataGaLocation":46},"https://ir.gitlab.com/","investor relations",{"text":332,"config":333},"Trust Center",{"href":334,"dataGaName":335,"dataGaLocation":46},"/security/","trust center",{"text":337,"config":338},"AI Transparency Center",{"href":339,"dataGaName":340,"dataGaLocation":46},"/ai-transparency-center/","ai transparency center",{"text":342,"config":343},"Newsletter",{"href":344,"dataGaName":345,"dataGaLocation":46},"/company/contact/#contact-forms","newsletter",{"text":347,"config":348},"Press",{"href":349,"dataGaName":350,"dataGaLocation":46},"/press/","press",{"text":352,"config":353,"lists":354},"Contact us",{"dataNavLevelOne":294},[355],{"items":356},[357,360,365],{"text":53,"config":358},{"href":55,"dataGaName":359,"dataGaLocation":46},"talk to sales",{"text":361,"config":362},"Support portal",{"href":363,"dataGaName":364,"dataGaLocation":46},"https://support.gitlab.com","support portal",{"text":366,"config":367},"Customer portal",{"href":368,"dataGaName":369,"dataGaLocation":46},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":371,"login":372,"suggestions":379},"Close",{"text":373,"link":374},"To search repositories and projects, login to",{"text":375,"config":376},"gitlab.com",{"href":60,"dataGaName":377,"dataGaLocation":378},"search login","search",{"text":380,"default":381},"Suggestions",[382,384,388,390,394,398],{"text":75,"config":383},{"href":80,"dataGaName":75,"dataGaLocation":378},{"text":385,"config":386},"Code Suggestions (AI)",{"href":387,"dataGaName":385,"dataGaLocation":378},"/solutions/code-suggestions/",{"text":23,"config":389},{"href":110,"dataGaName":23,"dataGaLocation":378},{"text":391,"config":392},"GitLab on AWS",{"href":393,"dataGaName":391,"dataGaLocation":378},"/partners/technology-partners/aws/",{"text":395,"config":396},"GitLab on Google Cloud",{"href":397,"dataGaName":395,"dataGaLocation":378},"/partners/technology-partners/google-cloud-platform/",{"text":399,"config":400},"Why GitLab?",{"href":88,"dataGaName":399,"dataGaLocation":378},{"freeTrial":402,"mobileIcon":407,"desktopIcon":412,"secondaryButton":415},{"text":403,"config":404},"Start free trial",{"href":405,"dataGaName":51,"dataGaLocation":406},"https://gitlab.com/-/trials/new/","nav",{"altText":408,"config":409},"Gitlab Icon",{"src":410,"dataGaName":411,"dataGaLocation":406},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":408,"config":413},{"src":414,"dataGaName":411,"dataGaLocation":406},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":416,"config":417},"Get Started",{"href":418,"dataGaName":419,"dataGaLocation":406},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/get-started/","get started",{"freeTrial":421,"mobileIcon":425,"desktopIcon":427},{"text":422,"config":423},"Learn more about GitLab Duo",{"href":80,"dataGaName":424,"dataGaLocation":406},"gitlab duo",{"altText":408,"config":426},{"src":410,"dataGaName":411,"dataGaLocation":406},{"altText":408,"config":428},{"src":414,"dataGaName":411,"dataGaLocation":406},{"button":430,"mobileIcon":435,"desktopIcon":437},{"text":431,"config":432},"/switch",{"href":433,"dataGaName":434,"dataGaLocation":406},"#contact","switch",{"altText":408,"config":436},{"src":410,"dataGaName":411,"dataGaLocation":406},{"altText":408,"config":438},{"src":439,"dataGaName":411,"dataGaLocation":406},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":441,"mobileIcon":446,"desktopIcon":448},{"text":442,"config":443},"Back to pricing",{"href":187,"dataGaName":444,"dataGaLocation":406,"icon":445},"back to pricing","GoBack",{"altText":408,"config":447},{"src":410,"dataGaName":411,"dataGaLocation":406},{"altText":408,"config":449},{"src":414,"dataGaName":411,"dataGaLocation":406},{"title":451,"button":452,"config":457},"See how agentic AI transforms software delivery",{"text":453,"config":454},"Watch GitLab Transcend now",{"href":455,"dataGaName":456,"dataGaLocation":46},"/events/transcend/virtual/","transcend event",{"layout":458,"icon":459,"disabled":13},"release","AiStar",{"data":461},{"text":462,"source":463,"edit":469,"contribute":474,"config":479,"items":484,"minimal":690},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":464,"config":465},"View page source",{"href":466,"dataGaName":467,"dataGaLocation":468},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":470,"config":471},"Edit this page",{"href":472,"dataGaName":473,"dataGaLocation":468},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":475,"config":476},"Please contribute",{"href":477,"dataGaName":478,"dataGaLocation":468},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":480,"facebook":481,"youtube":482,"linkedin":483},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[485,532,585,629,656],{"title":185,"links":486,"subMenu":501},[487,491,496],{"text":488,"config":489},"View plans",{"href":187,"dataGaName":490,"dataGaLocation":468},"view plans",{"text":492,"config":493},"Why Premium?",{"href":494,"dataGaName":495,"dataGaLocation":468},"/pricing/premium/","why premium",{"text":497,"config":498},"Why Ultimate?",{"href":499,"dataGaName":500,"dataGaLocation":468},"/pricing/ultimate/","why ultimate",[502],{"title":503,"links":504},"Contact Us",[505,508,510,512,517,522,527],{"text":506,"config":507},"Contact sales",{"href":55,"dataGaName":56,"dataGaLocation":468},{"text":361,"config":509},{"href":363,"dataGaName":364,"dataGaLocation":468},{"text":366,"config":511},{"href":368,"dataGaName":369,"dataGaLocation":468},{"text":513,"config":514},"Status",{"href":515,"dataGaName":516,"dataGaLocation":468},"https://status.gitlab.com/","status",{"text":518,"config":519},"Terms of use",{"href":520,"dataGaName":521,"dataGaLocation":468},"/terms/","terms of use",{"text":523,"config":524},"Privacy statement",{"href":525,"dataGaName":526,"dataGaLocation":468},"/privacy/","privacy statement",{"text":528,"config":529},"Cookie preferences",{"dataGaName":530,"dataGaLocation":468,"id":531,"isOneTrustButton":13},"cookie preferences","ot-sdk-btn",{"title":91,"links":533,"subMenu":542},[534,538],{"text":535,"config":536},"DevSecOps platform",{"href":73,"dataGaName":537,"dataGaLocation":468},"devsecops platform",{"text":539,"config":540},"AI-Assisted Development",{"href":80,"dataGaName":541,"dataGaLocation":468},"ai-assisted development",[543],{"title":544,"links":545},"Topics",[546,550,555,560,565,570,575,580],{"text":547,"config":548},"CICD",{"href":549,"dataGaName":37,"dataGaLocation":468},"/topics/ci-cd/",{"text":551,"config":552},"GitOps",{"href":553,"dataGaName":554,"dataGaLocation":468},"/topics/gitops/","gitops",{"text":556,"config":557},"DevOps",{"href":558,"dataGaName":559,"dataGaLocation":468},"/topics/devops/","devops",{"text":561,"config":562},"Version Control",{"href":563,"dataGaName":564,"dataGaLocation":468},"/topics/version-control/","version control",{"text":566,"config":567},"DevSecOps",{"href":568,"dataGaName":569,"dataGaLocation":468},"/topics/devsecops/","devsecops",{"text":571,"config":572},"Cloud Native",{"href":573,"dataGaName":574,"dataGaLocation":468},"/topics/cloud-native/","cloud native",{"text":576,"config":577},"AI for Coding",{"href":578,"dataGaName":579,"dataGaLocation":468},"/topics/devops/ai-for-coding/","ai for coding",{"text":581,"config":582},"Agentic AI",{"href":583,"dataGaName":584,"dataGaLocation":468},"/topics/agentic-ai/","agentic ai",{"title":586,"links":587},"Solutions",[588,590,592,597,601,604,608,611,613,616,619,624],{"text":132,"config":589},{"href":127,"dataGaName":132,"dataGaLocation":468},{"text":121,"config":591},{"href":105,"dataGaName":106,"dataGaLocation":468},{"text":593,"config":594},"Agile development",{"href":595,"dataGaName":596,"dataGaLocation":468},"/solutions/agile-delivery/","agile delivery",{"text":598,"config":599},"SCM",{"href":117,"dataGaName":600,"dataGaLocation":468},"source code management",{"text":547,"config":602},{"href":110,"dataGaName":603,"dataGaLocation":468},"continuous integration & delivery",{"text":605,"config":606},"Value stream management",{"href":160,"dataGaName":607,"dataGaLocation":468},"value stream management",{"text":551,"config":609},{"href":610,"dataGaName":554,"dataGaLocation":468},"/solutions/gitops/",{"text":170,"config":612},{"href":172,"dataGaName":173,"dataGaLocation":468},{"text":614,"config":615},"Small business",{"href":177,"dataGaName":178,"dataGaLocation":468},{"text":617,"config":618},"Public sector",{"href":182,"dataGaName":183,"dataGaLocation":468},{"text":620,"config":621},"Education",{"href":622,"dataGaName":623,"dataGaLocation":468},"/solutions/education/","education",{"text":625,"config":626},"Financial services",{"href":627,"dataGaName":628,"dataGaLocation":468},"/solutions/finance/","financial services",{"title":190,"links":630},[631,633,635,637,640,642,644,646,648,650,652,654],{"text":202,"config":632},{"href":204,"dataGaName":205,"dataGaLocation":468},{"text":207,"config":634},{"href":209,"dataGaName":210,"dataGaLocation":468},{"text":212,"config":636},{"href":214,"dataGaName":215,"dataGaLocation":468},{"text":217,"config":638},{"href":219,"dataGaName":639,"dataGaLocation":468},"docs",{"text":240,"config":641},{"href":242,"dataGaName":243,"dataGaLocation":468},{"text":235,"config":643},{"href":237,"dataGaName":238,"dataGaLocation":468},{"text":250,"config":645},{"href":252,"dataGaName":253,"dataGaLocation":468},{"text":258,"config":647},{"href":260,"dataGaName":261,"dataGaLocation":468},{"text":263,"config":649},{"href":265,"dataGaName":266,"dataGaLocation":468},{"text":268,"config":651},{"href":270,"dataGaName":271,"dataGaLocation":468},{"text":273,"config":653},{"href":275,"dataGaName":276,"dataGaLocation":468},{"text":278,"config":655},{"href":280,"dataGaName":281,"dataGaLocation":468},{"title":292,"links":657},[658,660,662,664,666,668,670,674,679,681,683,685],{"text":299,"config":659},{"href":301,"dataGaName":294,"dataGaLocation":468},{"text":304,"config":661},{"href":306,"dataGaName":307,"dataGaLocation":468},{"text":312,"config":663},{"href":314,"dataGaName":315,"dataGaLocation":468},{"text":317,"config":665},{"href":319,"dataGaName":320,"dataGaLocation":468},{"text":322,"config":667},{"href":324,"dataGaName":325,"dataGaLocation":468},{"text":327,"config":669},{"href":329,"dataGaName":330,"dataGaLocation":468},{"text":671,"config":672},"Sustainability",{"href":673,"dataGaName":671,"dataGaLocation":468},"/sustainability/",{"text":675,"config":676},"Diversity, inclusion and belonging (DIB)",{"href":677,"dataGaName":678,"dataGaLocation":468},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":332,"config":680},{"href":334,"dataGaName":335,"dataGaLocation":468},{"text":342,"config":682},{"href":344,"dataGaName":345,"dataGaLocation":468},{"text":347,"config":684},{"href":349,"dataGaName":350,"dataGaLocation":468},{"text":686,"config":687},"Modern Slavery Transparency Statement",{"href":688,"dataGaName":689,"dataGaLocation":468},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":691},[692,695,698],{"text":693,"config":694},"Terms",{"href":520,"dataGaName":521,"dataGaLocation":468},{"text":696,"config":697},"Cookies",{"dataGaName":530,"dataGaLocation":468,"id":531,"isOneTrustButton":13},{"text":699,"config":700},"Privacy",{"href":525,"dataGaName":526,"dataGaLocation":468},[702],{"id":703,"title":9,"body":26,"config":704,"content":706,"description":26,"extension":25,"meta":710,"navigation":13,"path":711,"seo":712,"stem":713,"__hash__":714},"blogAuthors/en-us/blog/authors/bill-staples.yml",{"template":705},"BlogAuthor",{"name":9,"config":707,"role":709},{"headshot":708},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750434080/glxv59lh9qftpdbsb4ph.png","CEO",{},"/en-us/blog/authors/bill-staples",{},"en-us/blog/authors/bill-staples","K-ulWVa7KOFAxgiGSmeiIjz3KeQyIkhm95lIRX_r6Zc",[716,727,741],{"content":717,"config":725},{"title":718,"description":719,"heroImage":720,"date":721,"category":11,"tags":722},"GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6","Discover what's in this latest patch release.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661926/Blog/Hero%20Images/security-patch-blog-image-r2-0506-700x400-fy25_2x.jpg","2026-04-22",[723,724],"patch releases","security releases",{"featured":32,"template":14,"externalUrl":726},"https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-1-released/",{"content":728,"config":739},{"title":729,"description":730,"body":731,"category":11,"tags":732,"date":734,"authors":735,"heroImage":738},"GitLab + Amazon: Platform orchestration on a trusted AI foundation","Pair GitLab Duo Agent Platform with Amazon Bedrock for agentic software development and orchestration.","If your team runs GitLab and has a strong AWS practice, a new combination of Duo Agent Platform and Amazon Bedrock is just for you. The model is simple: GitLab acts as your orchestration layer to help accelerate your entire software lifecycle with agentic AI, and Bedrock is designed to provide a secure, compliant foundation model layer with AI inference behind the scenes.\n\nGitLab Duo Agent Platform enables you to handle planning, merge pipelines, security scanning, vulnerability remediation, and more as part of your GitLab workflows, while the GitLab AI Gateway routes model calls to Bedrock (or GitLab-managed Bedrock-backed endpoints, depending on your setup). That means you can build on the identity and access management (IAM) policies, virtual private cloud (VPC) boundaries, regional controls, and cloud spend commitments you already have in AWS.\n\nIf you already use Amazon Bedrock and want AI to help inside the work you already do in GitLab, not in yet another standalone chat tool, this is the pairing for you.\n\n\nIn this article, we look at the real problem many teams face today: AI is fragmented, data paths are fuzzy, and Bedrock investment gets underused when AI sits outside the software development lifecycle. Then we break down your deployment options for GitLab Duo Agent Platform:\n\n* Integrated with self-hosted models on Amazon Bedrock for GitLab Self-Managed deployments and self-hosted AI gateway   \n* Integrated with GitLab-operated models on Amazon Bedrock (with GitLab-owned keys) for GitLab Self-Managed deployments and GitLab-hosted AI gateway  \n* Integrated with GitLab-operated models on Amazon Bedrock (with GitLab-owned keys) for GitLab.com instances and GitLab-hosted AI gateway\n\nWe wrap with a summary on how this approach helps avoid shadow AI and point-tool sprawl without creating a parallel tech stack for AI tooling.\n\n## AI everywhere, control nowhere\n\nSomewhere in your company right now, software teams might be using an AI tool that your security team hasn't approved. Prompt data might be leaving your environment through a path no one has fully mapped. And your organization’s Amazon Bedrock investment might be underused while individual teams expense separate AI tools, pulling workloads and cloud spend away from the platforms you’ve already committed to.\n\nInstead of being a people problem, this might be an architecture problem. And it surfaces the same three constraints in nearly every enterprise:\n\n**Operational fragmentation.** Each team, or sometimes even an individual developer, picks their own development toolset, including AI tooling and model selection. That fragmentation makes end-to-end governance within the software development lifecycle nearly impossible.\n\n**Security and sovereignty.** Where does prompt and code data actually flow? Who owns the logs?\n\n**Cloud spend optimization.** Commitments to key cloud providers like AWS are diluted as workloads and AI usage drift to point tools outside of customers’ existing agreements.\n\nGitLab Duo Agent Platform and Amazon Bedrock help solve this together. The division of labor is straightforward: Duo Agent Platform owns the workflow orchestration with agentic AI for software development, Bedrock owns the inference layer and hosts approved foundational models, and your organization has full control over the data and policy boundaries you already defined in AWS. Three jobs, three owners, no fragmentation.\n\n## GitLab Duo Agent Platform: The agentic control plane\n\nGitLab Duo Agent Platform is GitLab's agentic AI layer: a framework of specialized agents and flows that operate simultaneously and in-parallel, going beyond the traditional stage-based handoffs  and helping automate work across the entire software lifecycle. Rather than a single assistant responding to prompts, Duo Agent Platform enables teams to orchestrate many AI agents asynchronously using unified data and project context, including issues, merge requests, pipelines, and security findings. Linear workflows are turned into coordinated, continuous collaboration between software teams and their AI agents, at scale.\n\nWith that control plane in place, the natural next question is which AI foundation should power these agents. For customers who run GitLab Self-Managed on AWS and need inference traffic, prompt data, and logs to also stay within their AWS environment along with their software lifecycle data, Amazon Bedrock acting as the AI inference layer is the natural fit. \n\n## Amazon Bedrock: The trusted AI foundation\n\nAmazon Bedrock is a fully managed, serverless foundation model layer that runs entirely within your AWS environment. Customer data stays in the customer's AWS account: inputs and outputs are encrypted in transit and at rest, never shared with model providers, and never used to train base models. Bedrock carries compliance certifications across GDPR, HIPAA, and FedRAMP High, covering many regulated industry requirements out of the box. Teams can also bring fine-tuned models from elsewhere via Custom Model Import and deploy them alongside native Bedrock models through the same infrastructure, without managing separate deployment pipelines. Bedrock Guardrails adds configurable safeguards across all models for content filtering, hallucination detection, and sensitive data protection.\n\nTogether, GitLab Duo Agent Platform and Bedrock consolidate DevSecOps orchestration and AI model governance, helping eliminate the fragmentation that happens when teams roll out AI tools independently.\n\n## Choosing your deployment path\n\nThe integration delivers the same core GitLab Duo Agent Platform capabilities regardless of how it is deployed. What varies is who runs GitLab, who operates the AI Gateway, and whose Bedrock account the inference runs through. The right pattern depends on where your organization already operates.\n\nAt a high level, the integration has three main components:\n\n* **GitLab Duo Agent Platform:** agentic workflows embedded across the software development lifecycle  \n* **AI Gateway (GitLab-managed or self-hosted):** the abstraction layer between Duo Agent Platform and the foundational model backend   \n* **Amazon Bedrock:** the AI model and inference substrate\n\n![Deployment of GitLab and AWS Bedrock](https://res.cloudinary.com/about-gitlab-com/image/upload/v1776362365/udmvmv2efpmwtkxgydch.png)\n\nChoosing a deployment pattern is informed by where an organization wants to place the levers of control. The patterns below are designed to meet teams where they already are, whether that's SaaS-first, self-managed for compliance, or all-in on AWS with existing Bedrock investments.\n\n| Deployment Model | GitLab.com instance with GitLab-hosted AI Gateway with GitLab-operated Bedrock models   | GitLab Self-Managed with GitLab-hosted AI Gateway with GitLab-operated Bedrock models | GitLab Self-Managed  with self-hosted AI Gateway and customer-operated Bedrock models |\n| :---- | :---- | :---- | :---- |\n| **Ideal if you:** | Are primarily on GitLab.com and don’t want to self-host AI gateway and Bedrock models  | Need GitLab Self-Managed for compliance and operational reasons but don’t want to manage AI layer | Are AWS-centric with existing Bedrock usage and strict data/control needs  |\n| **Key Benefits** | Fastest, turnkey way to get Duo Agent Platform workflows: GitLab runs GitLab.com, the AI Gateway, integrated with Bedrock AI models. | Keep GitLab deployed in your own environment while consuming Bedrock models via a GitLab-managed AI Gateway, combining deployment control with simplified AI operations. | Run GitLab and AI Gateway in your AWS account, reuse existing IAM/VPC/regions, keep logs and data in your environment, and draw Bedrock usage from your existing AWS spend commitments. |\n\n## How customers use GitLab Duo Agent Platform with Amazon Bedrock\n\nPlatform teams can use GitLab Duo Agent Platform with Amazon Bedrock to standardize which models handle code suggestions, security analysis, and pipeline remediation. This helps enforce guardrails and logging centrally rather than letting individual teams adopt separate tools independently.\n\nSecurity workflows see particular benefit. GitLab Duo Agent Platform agents can propose and validate fixes for security findings within GitLab, helping reduce the manual triage work developers would otherwise handle outside the platform.\n\nFor enterprises already committed to AWS, routing AI workloads through Bedrock from within GitLab enables you to keep developer AI usage aligned with existing cloud agreements rather than generating separate, unplanned spend.\n\n## Closing the loop\n\nThe constraints that slow enterprise AI adoption are often not technical. They are organizational: fragmented tooling, ungoverned data flows, and cloud spend that never consolidates. Those are the problems that can stall AI programs even after the pilots succeed.\n\nGitLab Duo Agent Platform and Amazon Bedrock help address each one directly. Platform teams get consistent governance, auditability, and standardized paths for AI usage across the software development lifecycle. Development teams get streamlined, agentic workflows that feel native to GitLab. And AWS-centric organizations get to extend their existing Bedrock investment rather than build parallel AI infrastructure alongside it.\n\nThe result is an AI program that scales without fragmenting. Governance and velocity on the same stack, serving the same teams, under policies the organization already owns.\n\n\n> To explore which deployment pattern is right for your organization and how to align GitLab Duo Agent Platform and Amazon Bedrock with your existing AWS strategy, [contact the GitLab sales team](https://about.gitlab.com/sales/) and we’ll help you design and implement the best architecture for your environment. You can also [visit our AWS partner page](https://about.gitlab.com/partners/technology-partners/aws/) to learn more.",[281,733,22],"AWS","2026-04-21",[736,737],"Joe Mann","Mark Kriaf","https://res.cloudinary.com/about-gitlab-com/image/upload/v1776362275/ozbwn9tk0dditpnfddlz.png",{"featured":13,"template":14,"slug":740},"gitlab-amazon-platform-orchestration-on-a-trusted-ai-foundation",{"content":742,"config":752},{"title":743,"description":744,"authors":745,"heroImage":747,"date":748,"body":749,"category":11,"tags":750},"GitLab 18.11: Budget guardrails for GitLab Credits","Learn how new spending caps and per-user credit limits give organizations the budget guardrails to scale GitLab Duo Agent Platform.",[746],"Bryan Rothwell","https://res.cloudinary.com/about-gitlab-com/image/upload/v1776259080/cakqnwo5ecp255lo8lzo.png","2026-04-16","Teams using GitLab Duo Agent Platform with on-demand GitLab Credits are shipping faster, catching bugs earlier, and automating tasks that used to take entire sprints. But as adoption grows, so does oversight from finance, procurement, and platform teams to prove that AI spending is bounded, predictable, and controllable.\n\nOne of the greatest barriers to broader AI adoption isn't skepticism about the technology. It's uncertainty about managing spend. Without budget caps, a busy month could produce unexpected expenses. Without per-user limits, a handful of power users could burn through the team's credits before the month is over. And without either, engineering leaders who want to expand their use of agentic AI for software development have to jump through more hoops for budget approval.\n\nSince its [general availability](https://about.gitlab.com/blog/gitlab-duo-agent-platform-is-generally-available/), GitLab Duo Agent Platform has provided usage governance and visibility. With GitLab 18.11, we're introducing usage controls for [GitLab Credits](https://about.gitlab.com/blog/introducing-gitlab-credits/): spending caps and budget guardrails that give your organization even more control and transparency over how credits are consumed.\n\n## Managing GitLab Credits\n\nGitLab 18.11 adds three layers of control over GitLab Credits consumption: a subscription-level spending cap, per-user credit limits, and visibility into cap status and enforcement.\n\n### Subscription-level spending cap\n\nBilling account managers can now set a hard monthly ceiling for on-demand GitLab Credits consumption for their entire subscription.\n\nHere's how it works:\n\n* **Set a cap** in the `Customers Portal` under your subscription's GitLab Credits settings.  \n* **Enforce spend limits automatically.**  When on-demand usage reaches the cap, DAP access is paused for all users on that subscription until the next monthly period begins.  \n* **Make adjustments as you go.** Raise or disable the cap mid-month to restore access.\n\nThe cap resets each monthly period and your configured limit carries forward unless you change it. Because usage data is synchronized periodically rather than in real time, a small amount of additional usage may occur after the cap is reached before enforcement takes effect. See the [GitLab Credits documentation](https://docs.gitlab.com/subscriptions/gitlab_credits/) for details.\n\n### User-level spending caps\n\nNot every user consumes credits at the same rate, and that's expected. But when one or two power users account for a disproportionate share of the pool, the rest of the team can lose access before the month is over.\n\nPer-user credit caps prevent any single user from consuming more than their fair share:\n\n* **Flat per-user cap.** Set a uniform credit limit that applies equally to every user on the subscription through the GitLab GraphQL API. Unlike the subscription-level cap, the per-user cap applies to a user's total consumption across all credit sources.  \n* **Custom per-user overrides.** For organizations that need differentiated limits, you can set individual credit caps for specific users through the GraphQL API. For example, you could give your staff engineers a higher allocation while applying a standard limit to the broader team.  \n* **Individual enforcement.** When a user reaches their cap, they retain full access to GitLab. Only their Duo Agent Platform credit usage is paused until the next billing cycle. Everyone else keeps working uninterrupted until they hit their own limit or the subscription-level cap is reached, whichever comes first.\n\n### Visibility and notifications\n\nWhen a subscription-level cap is reached, GitLab sends an email notification to billing account managers so they can take action: raise the cap, wait for the next period, or redistribute credits.\n\nWithin GitLab, group owners (GitLab.com) and instance administrators (Self-Managed) can view which users have been blocked due to reaching their per-user cap and restore access by adjusting the cap through the GraphQL API. \n\n## How budget guardrails help organizations scale AI usage\n\nGuardrails are essential as organizations ramp up their AI adoption. Here's why:\n\n### Predictable AI budgets\n\nUsage controls for GitLab Duo Agent Platform turn AI into a bounded, predictable budget item using on-demand GitLab Credits. That makes it easier to deploy agents across the software development lifecycle and get sign-off from finance, justify renewals, and plan quarterly spend.\n\n### Governance and chargeback\n\nLarge organizations often need to align AI consumption with internal budgets, cost centers, or departmental policies. Per-user caps give platform teams a straightforward mechanism to allocate credits fairly and track consumption at the individual level. The API import options make it practical to manage caps at enterprise scale. Combined with per-user usage data from the GitLab Credits dashboard, organizations can track consumption patterns to inform their own internal chargeback or budget allocation processes.\n\n### Confidence to scale\n\nMany customers start GitLab Duo Agent Platform with a small pilot group. Usage controls remove risks associated with expanding that pilot across the organization. You can roll out Duo Agent Platform to hundreds or thousands of developers knowing there's a hard ceiling protecting your budget. If usage grows faster than expected, you'll hit the cap, not an unexpected invoice.\n\n## Addressing the seat-based and visibility conundrum\n\nMany AI coding tools take a seat-based approach to cost management. You buy a fixed number of seats at a flat per-user price, and that's your budget. It's simple, but rigid. You pay the same whether a developer uses the tool ten times a day or never touches it. And as vendors introduce premium models and usage-based overages on top of seat pricing, the cost predictability that seat-based licensing promised starts to erode.\n\n\nGitLab takes a different approach. Usage-based pricing with hard caps and a single governance dashboard. You get the flexibility of paying for what your teams actually use, with the budget predictability of enforced spending limits.\n\n## Real-world usage controls\n\n**One example is a mid-size SaaS customer that wants to protect their monthly budget.** A 200-person engineering organization sets a subscription-level cap equal to their expected on-demand usage. Their VP of Engineering can confidently tell finance that GitLab Duo Agent Platform spend will never exceed the approved amount, even as they onboard new teams. If they approach the cap mid-month, the billing account manager gets a notification and can decide whether to raise the limit or wait for the next period.\n\n**At GitLab, we also work with large enterprises that want to keep usage fair across teams.** A global financial services company with 2,000 developers uses per-user caps to ensure equitable access. Staff engineers working on complex refactoring projects get a higher individual allocation via API, while most developers receive a standard flat cap. No single user can exhaust the pool, and the platform team uses the per-user usage data in the GitLab Credits dashboard to track consumption patterns and inform quarterly budget planning.\n\n## Getting started\n\nUsage controls are available for both GitLab.com and Self-Managed customers running GitLab 18.11. Different controls are configured in different places depending on the scope and your role.\n\n**Subscription-level cap**\n\nBilling account managers set the subscription-level on-demand cap in the Customers Portal:\n\n1. Sign in to the `Customers Portal`.  \n2. On your subscription card, navigate to **GitLab Credits** settings.  \n3. Enable the monthly on-demand credits cap and enter your desired limit.\n\n**Flat per-user cap**\n\nThe flat per-user cap can be set through the GitLab GraphQL API by namespace owners (GitLab.com) or instance administrators (Self-Managed). Check the [GitLab Credits documentation](https://docs.gitlab.com/subscriptions/gitlab_credits/) for the latest on available configuration surfaces.\n\n**Custom per-user overrides**\n\nFor differentiated limits, namespace owners (GitLab.com) and instance administrators (Self-Managed) can set individual caps programmatically. This is useful for automation and infrastructure-as-code workflows.\n\n**Monitor usage and cap status**\n\n* **Customers Portal:** View detailed usage and cap status.  \n* **GitLab.com:** Group owners can view blocked users under **Settings > GitLab Credits**.  \n* **Self-Managed:** Instance administrators can view cap status and blocked users under **Admin > GitLab Credits**.\n\n## GitLab Duo Agent Platform is ready to scale\n\nUsage controls are available now in GitLab 18.11. If you've been waiting for the right guardrails before expanding GitLab Duo Agent Platform across your organization, this is your moment. Set your caps, roll out Duo Agent Platform to more teams, and start shipping faster!\n\n> [Learn more about GitLab Credits and usage controls](https://docs.gitlab.com/subscriptions/gitlab_credits/).",[11,22,751],"news",{"featured":32,"template":14,"slug":753},"gitlab-18-11-budget-guardrails-for-gitlab-credits",{"promotions":755},[756,770,781,792],{"id":757,"categories":758,"header":760,"text":761,"button":762,"image":767},"ai-modernization",[759],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":763,"config":764},"Get your AI maturity score",{"href":765,"dataGaName":766,"dataGaLocation":243},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":768},{"src":769},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":771,"categories":772,"header":773,"text":761,"button":774,"image":778},"devops-modernization",[11,569],"Are you just managing tools or shipping innovation?",{"text":775,"config":776},"Get your DevOps maturity score",{"href":777,"dataGaName":766,"dataGaLocation":243},"/assessments/devops-modernization-assessment/",{"config":779},{"src":780},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":782,"categories":783,"header":784,"text":761,"button":785,"image":789},"security-modernization",[24],"Are you trading speed for security?",{"text":786,"config":787},"Get your security maturity score",{"href":788,"dataGaName":766,"dataGaLocation":243},"/assessments/security-modernization-assessment/",{"config":790},{"src":791},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":793,"paths":794,"header":797,"text":798,"button":799,"image":804},"github-azure-migration",[795,796],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Is your team ready for GitHub's Azure move?","GitHub is already rebuilding around Azure. Find out what it means for you.",{"text":800,"config":801},"See how GitLab compares to GitHub",{"href":802,"dataGaName":803,"dataGaLocation":243},"/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":805},{"src":780},{"header":807,"blurb":808,"button":809,"secondaryButton":814},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":810,"config":811},"Get your free trial",{"href":812,"dataGaName":51,"dataGaLocation":813},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":506,"config":815},{"href":55,"dataGaName":56,"dataGaLocation":813},1777493572066]