What's new in GitLab

Define workflows for accurate reporting and replace label workarounds with real visibility.

Update the status of multiple items with bulk operations across portfolios simultaneously.

Board automations can be configured with precise workflow transitions to improve accuracy in workflow stages.

Role-based views separate author vs. reviewer responsibilities so developers can focus on specific tasks.

Workflow view organizes group flows by the review state of MRs for clear next actions.

Expanded visibility combines authored and assigned MRs to ensure nothing is missed across projects.

The Active merge requests tab makes it easy to find what needs attention now.

Deployment integrity enforces production tags that remain unchanged in order to prevent accidental modifications.

Audit trails provide a complete view into container modifications for compliance reporting and security reviews.

Pattern-based rules support up to 5 RE2 regex patterns per project to help automatically protect semantic versions and critical tags.

Automated exclusions respect immutable tags in cleanup policies to prevent accidental deletion of critical images.

Multi-architecture support provides native Linux Arm64 scanning to eliminate emulation and speeds up scans.

Enhanced archive scanning delivers better vulnerability attribution across images to understand where the issues exist.

JavaScript reachability analysis identifies actually-used vulnerable code to reduce false positives and focus remediation efforts.

Reachability filtering highlights the most critical vulnerabilities.

Native AWS support enables direct Secrets Manager and Parameter Store access to eliminate the need for custom scripting.

Removes third-party tools to simplify architecture and reduce attack surface.

OIDC authentication provides keyless access so teams can manage secrets without storing credentials.

Centralized management consolidates secret handling to enable comprehensive security auditing.

Define once in the CSP, apply everywhere with instance-wide policy enforcement.

Business unit flexibility allows teams to inherit and extend organizational policies from the CSP group.

Least privilege ensures centralized control with delegated execution.

Complete coverage supports all existing security policy types.

PDF Security Reports enable dashboard export for board reporting.

Audit Stream controls allow updates to streaming without reconfiguration, preventing manual maintenance.

Enhanced filtering by event type, groups, or projects are now available.

Vulnerability GraphQL API tracks introduction and resolution pipelines.

Credentials Inventory now includes service accounts to show complete token visibility.

Framework coverage, which shows the percentage of projects with compliance frameworks.

Requirement status, which tracks pass/fail rates across the organization.

Control effectiveness, which measures aggregate performance data to provide actionable compliance insights.

Risk prioritization, which identifies frameworks to focus on the highest-impact improvements.

Epic assignments provide clear ownership for strategic initiatives.

Milestone-to-epic linking connects quarterly objectives to daily work.

Unified references introduce new work_item:123 syntax across GitLab, making it easier to cross-reference items.

Display preferences offer customizable metadata visibility for teams to find relevant information.

Drawer/full-page toggle lets users choose how to view epic details for their specific needs and preferences.

Custom Admin Role (Beta) provides granular permissions for Admin Area.

Workspace Kubernetes Agents enable instance-wide agent mapping.

Natural workflow integration gives full context in the IDE to eliminate context switching.

Comprehensive access provides Issues, MRs, pipelines, and security data to enable better-informed code decisions.

MCP support connects to external tools and data sources to expand capabilities.

Pattern-based search enables advanced grep and file discovery to help developers find code quickly.

Hierarchical controls cascade from instance to project to simplify policy management.

Feature-specific toggles separate Code Suggestions and Chat controls to enable a controlled rollout.

Compliance alignment meets diverse regulatory requirements to ensure responsible AI usage.

User flexibility balances innovation with control to support varying team needs.