What's new in GitLab

Helps remove manual effort from predictable patterns like diagnosing failed pipelines, updating dependencies, or running policy checks.

Can be triggered automatically from GitLab events like @ mentioning a service account or assigning the account in an issue or merge request — no manual invocation required.

Enables autonomous actions such as analyzing failed tests, generating fixes, committing changes, and notifying teams.

Supports both individual project automations and consistent organization-wide workflows for compliance.

Receive automatic false positive analysis after each security scan with no manual triggering required.

Manually trigger detection for individual vulnerabilities on-demand from the vulnerability details page.

View contextual AI reasoning explaining why each finding may or may not be a true positive.

Dismiss false positives directly from the vulnerability report with the dismissed status persisting across future pipelines.

Maintain stable, predictable AI-powered workflows even as catalog items evolve.

Test and validate new versions before upgrading in production pipelines.

Fork an agent at a specific version and evolve it independently for safer customization.

See clearly which version is running to avoid confusion across environments.

Helps remove the need for manual query writing when analyzing work volume, team activity, and development trends.

Surfaces issue and merge request status quickly, with filtering by labels, authors, or milestones.

Generates reusable GLQL queries embeddable anywhere GitLab Flavored Markdown is supported.

Answers everyday questions about project activity directly within GitLab — no dashboard navigation required.

Enables organization-wide governance over AI agent availability with a single configuration.

Allows administrators to toggle individual agents off to help align with specific security and compliance policies.

Provides flexibility to turn all foundational agents on or off by default.

Supports gradual rollout strategies as teams evaluate agent capabilities.

Provides granular control over model selection across different GitLab Duo Agent Platform features.

Enables organizations to optimize model choices based on specific use case requirements.

Supports differentiated cost and performance strategies for chat versus agent workflows.

Expands flexibility for teams balancing model capabilities with governance requirements.

Makes build commands, testing instructions, and code style guidelines available to any AI tool that supports the specification.

Automatically applies instructions from AGENTS.md files in your repository at the user or workspace level.

Supports monorepos with subdirectory-specific AGENTS.md files for tailored component instructions.

Enables portable AI context that works across multiple AI coding tools beyond GitLab Duo.

Helps remove the need for YAML editing, enabling cross-functional teams to run pipelines independently.

Assists with reducing misconfigured runs by displaying only valid, context-aware options as users make selections.

Supports complex workflows with dynamic options that update based on previous selections.

Simplifies migration from Jenkins Active Choice by standardizing CI/CD processes on a single platform.

Maintains a curated, trusted CI/CD Catalog by controlling what components can be published.

Provides an allowlist of projects authorized to publish components.

Prevents unauthorized or unapproved components from cluttering published components.

Helps ensure all components meet organizational standards and security requirements.

A chart showing vulnerabilities over time, with filtering options by project or report type as well as grouping by severity.

Direct links from chart data points to vulnerabilities in the vulnerability report.

A risk score module that calculates estimated risk for groups or projects based on a GitLab algorithm.

Consistent dashboard experience across GitLab.com, Self-Managed, and Dedicated deployments.

Report filtering by validity status (active, inactive, possibly active) for faster triage.

Group-level API to enable validity checks across all projects with a single call.

Streamlined organization-wide rollout for comprehensive secret management.

Helps security teams test and validate policy impact before applying full enforcement.

Generates informative bot comments without blocking merge requests.

Designates optional approvers as points of contact for policy questions.

Tracks all policy violations and dismissals through audit events for compliance reporting.

Surfaces policy violation badges in the Vulnerability Report for issues on the default branch.