What's new in GitLab

Keeps inference traffic within your approved boundaries, helping organizations meet data residency and sovereignty requirements in financial services, government, and other regulated industries.

Provides granular cost transparency through per-request metering for accurate internal chargeback and regulatory reporting.

Removes a significant deployment blocker for enterprises where routing data through external AI vendors is not an option.

Surfaces custom models alongside GitLab-managed models within the AI control plane, treating them as enterprise-ready options for agents and flows.

Maps registered models to specific Duo Agent Platform flows or features for fine-grained control over which agents use which models.

Replaces a fragmented mix of point solutions and unmanaged AI tools with a single, governed control plane for agentic AI.

Supports full keyboard navigation (Shift+F to toggle, F to search) with complete W3C ARIA treeview accessibility compliance.

Adapts responsively from side-by-side on desktop to drawer on smaller viewports, with pagination for large repositories (1000+ items).

Syncs tree state with the file list and persists your open/closed preference across sessions.

Reflects the number of detected vulnerabilities that require attention, removing stale findings that skew trend lines.

Applies automatically to vulnerabilities no longer detected in pipelines run from 18.9 onward, with a background migration handling earlier pipeline data.

Gives AppSec leaders cleaner trendlines for executive briefings, with open vulnerabilities decreasing, risk posture improving, and remediation velocity tracking real progress rather than noise.

Tags assets with pre-defined attributes including business impact (Mission Critical through Non-essential), application, business unit, internet exposure (true or false), and lifecycle stage such as Production or Development.

Filters vulnerability data by business context so security teams can prioritize by impact, application, or team rather than raw scan volume.

Pairs with the security dashboards to surface risk scoring and remediation tracking through a business-relevant lens.

Reasons through the vulnerability and evaluates the codebase through agentic multi-step resolution rather than producing a single code suggestion.

Generates a ready-to-review merge request with the proposed code fix for critical and high severity SAST vulnerabilities.

Includes quality scoring on each generated fix so reviewers can quickly gauge confidence in the proposed remediation.

Surfaces security scan results from child pipelines directly in the merge request, removing a manual navigation step for enterprise teams with complex CI/CD architectures.

Supports monorepo and compliance-driven setups where security scans run in sandboxed child pipelines for isolation and access control.

Closes a long-standing workflow gap for customers enforcing security policies across parent-child pipeline structures.

Resolves image pulls automatically across upstream sources, eliminating per-provider authentication management.

Caches pulled images to reduce bandwidth costs and improve reliability for repeated pulls.

Gives teams evaluating GitLab as a container registry replacement a consolidated access layer that works alongside existing registries during transition.

Surfaces job-level performance data where platform teams already work, without requiring external dashboards or tooling.

Helps identify slow or failing jobs faster to improve developer velocity and reduce pipeline troubleshooting time.

Supports stage grouping (coming next) to aggregate metrics across build, test, and deploy stages.

Provides 24 credits per user, valid for the full 30-day trial period, for trying DAP agents and flows with realistic usage patterns.

Demonstrates GitLab's cost controls and credit system during evaluation, so customers understand the billing model before committing.

Requires GitLab 18.9 or later for GitLab Self-Managed deployments with an internet connection, aligning the trial experience with the production usage-based pricing launched in 18.8.

Provides a defined service credit schedule, including 5% of monthly fees for uptime between 99.5% and 99.9%, with a clear request process through support.gitlab.com.

Signals enterprise-grade reliability for teams with regulated and mission-critical workloads evaluating GitLab as their primary development platform.

Applies to Ultimate tier SaaS customers, reinforcing the value of the highest tier for organizations with strict availability requirements.

Provides a tested, validated process for zero downtime upgrades on multi-node Helm Chart deployments with rolling updates for Webservice and Sidekiq.

Follows patterns already proven in production across GitLab.com and GitLab Dedicated, adapted for general Helm Chart usage.

Supports enterprise upgrade planning for organizations that cannot afford service interruptions during monthly release adoption.