Stay updated with our latest features and improvements.
GitLab Duo Agent Platform brings agentic AI orchestration to the entire software lifecycle, with expanded security capabilities and flexible usage-based pricing.
Intelligent orchestration for the full software lifecycle is here.
Read CEO's blogThe following features and capabilities now generally available in GitLab Duo Agent Platform:
GitLab Duo Agentic Chat brings true multi-step reasoning across the GitLab Web UI and IDEs, using full lifecycle context from issues, merge requests, pipelines, and security findings. This capability:
Performs actions autonomously on your behalf and answers complex questions comprehensively.
Generates code, configuration, and Infrastructure-as-Code across a wide range of languages and frameworks.
Provides summaries, highlights key findings, and offers actionable guidance based on real-time project context.
Supports optional user- and workspace-level rules to tailor responses.
Planner Agent
AI
Plan
The Planner Agent is now generally available, helping product managers structure, prioritize, and break down work directly inside GitLab. This agent:
Creates, edits, and analyzes GitLab work items like issues and epics through natural language commands.
Analyzes backlogs and applies frameworks like RICE or MoSCoW to surface what needs attention.
Breaks down epics into appropriately scoped work items for sprint planning.
Suggests labels, milestones, and assignments based on project context.
The Developer Flow automates the transition from a ready issue to a structured merge request so teams can begin work immediately. Teams can:
Analyze issue requirements and generate implementation-ready merge requests.
Create branch structures and initial code scaffolding based on issue context.
Link merge requests to source issues for complete traceability.
Work to reduce manual setup time for repetitive development patterns.
The Software Development in IDE Flow guides work through everyday development and review stages directly within your IDE. This flow:
Provides contextual assistance throughout the coding workflow from implementation to review.
Surfaces relevant project context, documentation, and code patterns as you work.
Supports iterative development with inline suggestions and refactoring guidance.
Works across VS Code, JetBrains IDEs, Cursor, and Windsurf.
Convert to GitLab CI/CD Flow
AI
Build
The Convert to GitLab CI/CD Flow helps teams migrate or modernize pipeline configurations without manual rewriting. Organizations can:
Analyze existing pipeline configurations from Jenkins to GitLab CI/CD.
Generate equivalent GitLab CI/CD YAML with best practices applied.
Preserve pipeline logic while adapting syntax and structure for GitLab.
Work to reduce migration effort and accelerate platform consolidation.
Fix CI/CD Pipeline Flow
AI
Build
The Fix CI/CD Pipeline Flow analyzes failures, identifies likely causes, and prepares recommended changes. This flow:
Automatically diagnoses pipeline failures and surfaces root cause analysis.
Generates targeted fixes for common failure patterns.
Creates merge requests with proposed changes ready for review.
Helps reduce time spent manually debugging CI/CD issues.
The AI Catalog serves as the central place where teams can create, publish, manage, and share the agents and flows they choose to rely on. Teams can:
Discover and reuse AI capabilities through a single, organized system.
Bring in custom agents that connect to internal systems.
Share reusable workflows that reflect real development practices.
Assign specific agents and flows to projects for controlled rollout.
GitLab Duo Agent Platform introduces specialized agents and multi-step agentic flows designed to support the moments in software development where clarity, insight, and structured decision-making matter most.
The MCP Client enables GitLab Duo Agent Platform to securely connect to external systems like Jira, Slack, Confluence, and other MCP-compatible tools. With MCP Client, teams can:
Pull in context and take action across their DevSecOps toolchain.
Reduce manual context switching between disconnected tools.
Enable end-to-end AI-powered workflows that reflect how teams work in practice.
Configure connections via workspace and user-level JSON files with group-level controls.
GitLab Duo Agent Platform is built on a flexible model selection framework that lets teams tailor AI behavior to their needs. This capability:
Defaults to an optimal LLM for each feature while allowing administrator overrides.
Supports models from OpenAI, Mistral, Meta, and Anthropic.
Provides granular control over model choices for chat, coding tasks, and agent interactions.
Enables self-hosted model options for GitLab Self-Managed deployments.
Administrators can now define group access rules to control who can use GitLab Duo Agent Platform features, for flexible adoption strategies from immediate organization-wide access to phased rollouts. Administrators can:
Set namespace-level rules governing which users can access GitLab Duo Agent Platform features.
Integrate with LDAP and SAML for governance at scale without manual configuration.
Deliver consistent experiences across GitLab.com, Self-Managed, and Dedicated deployments.
Roll out capabilities gradually as teams evaluate agent capabilities.
Strengthening security across the SDLC
GitLab 18.8 extends AI-powered security capabilities while adding new controls for vulnerability management and credential governance.
Security Analyst Agent
AI
Secure
The Security Analyst Agent, lets engineers manage vulnerabilities using natural language commands in GitLab Duo Agentic Chat, is now generally available. Instead of manually clicking through vulnerability dashboards or writing custom scripts for bulk operations, security teams can now triage, assess, and remediate vulnerabilities in chat conversations. This agent:
Replaces manual dashboard navigation with conversational triage and assessment.
Supports bulk operations for vulnerability remediation without custom scripts.
Requires no manual setup as a foundational agent available by default.
Surfaces contextual vulnerability information to help accelerate decision-making.
Security teams can now automatically dismiss vulnerabilities that don't apply to their organization using vulnerability management policies. Dismissing vulnerabilities that are not relevant to your organization reduces noise and helps developers focus on vulnerabilities that pose actual risk. Security teams can:
Create policies to auto-dismiss based on file path, directory, or identifier (CVE, CWE, or OWASP).
See auto-dismissed vulnerabilities in the merge request security widget with an Auto-dismissed label.
Track dismissals in the vulnerability report for audit purposes.
Help developers prioritize remediation on what matters most.
Cross-file, cross-function scanning support for C/C++ is now generally available in GitLab Advanced SAST. This capability:
Extends Advanced SAST coverage to C and C++ codebases.
Provides deeper analysis through cross-file and cross-function scanning.
Helps identify vulnerabilities that single-file analysis would miss.
Requires minimal configuration to enable.
GitLab 18.8 introduces multi-container scanning in Beta, allowing users to pass in an array of images to be scanned as part of container scanning jobs. Teams managing multiple container images can:
Scan multiple images in a single job.
Reduce pipeline complexity for multi-container environments.
Consolidate container security findings across images in a single scan.
Use existing container scanning configuration patterns.
The Credentials Inventory API is now available for enterprise users on GitLab.com. This adds credential management capabilities previously only available on self-hosted instances, and helps organizations better manage and secure their authentication tokens and keys. This capability:
Provides programmatic access to personal access tokens, group access tokens, project access tokens, SSH Keys, and GPG Keys.
Enables automated security workflows for monitoring, auditing, and revoking credentials.
Complements the existing credentials inventory UI for enterprise administrators.
Group owners can now disable SSH keys for all enterprise users in their group. When disabled, users cannot add new SSH keys and their existing keys are deactivated. Group owners can:
Apply this setting to all enterprise users in the group, including those with the Owner role.
Prevent users from adding new SSH keys when disabled.
Deactivate existing SSH keys across all enterprise users in the group.
Work to meet organizational security policies requiring centralized key management.
GitLab Credits is a usage-based pricing model that addresses the limitations of seat-based AI pricing, which creates AI "haves" and "have-nots" for engineering teams. With GitLab Credits, organizations can:
Allow every member with a GitLab account to use agentic AI capabilities without paying for an AI seat.
Access included credits at no extra cost: $12 per user per month for Premium, $24 per user per month for Ultimate (limited-time promotion per promo terms).
Get volume discounts for enterprise customers with annual commitments.
Usage dashboards provide detailed attribution and cost breakdowns, while granular access controls let administrators enable or disable GitLab Duo Agent Platform for specific teams or projects. Automated email alerts notify you at 50%, 80%, and 100% of committed monthly credits.
Getting started:
GitLab.com SaaS customers gain access automatically.
GitLab Self-Managed customers gain access when upgrading to GitLab 18.8.
GitLab Dedicated customers will be upgraded to GitLab 18.8 during their scheduled maintenance window in February.
GitLab Credits is not available for GitLab Duo with Amazon Q or GitLab Dedicated for Government.