[{"data":1,"prerenderedAt":3633},["ShallowReactive",2],{"/en-us/releases/whats-new":3,"navigation-en-us":50,"banner-en-us":449,"footer-en-us":459,"whats-new-versions-en-us":701,"whats-coming-en-us":2822,"whats-new-page-data-en-us":3470},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":9,"description":6,"extension":41,"meta":42,"navigation":43,"path":44,"seo":45,"slug":6,"stem":48,"testContent":6,"type":6,"__hash__":49},"pages/en-us/releases/whats-new/index.yml","",null,{"template":8},"ReleaseWhatsNew",{"heading":10,"subheading":11,"description":12,"filters":13,"whatsComing":32},"What's new","GitLab monthly releases","See additions and changes to the GitLab product. New releases monthly.",[14,16,18,20,22,24,26,28,30],{"text":15},"AI",{"text":17},"Manage",{"text":19},"Code",{"text":21},"Build",{"text":23},"Plan",{"text":25},"Secure",{"text":27},"Deploy",{"text":29},"Operate",{"text":31},"Analyze",{"header":33,"disclaimerHeading":34,"disclaimer":35,"form":36},"Upcoming","Plans subject to change","This page outlines the expected most important planned features of upcoming releases. We often move things around, do things that are not listed, and cancel things that are listed. This is an estimate of planned features, but is not definitive.\n",{"label":37,"config":38},"Stay updated with new releases",{"formId":39,"formName":40},1077,"newsletter","yml",{},true,"/en-us/releases/whats-new",{"title":46,"description":47},"GitLab Recently Released","Discover the latest features and updates in GitLab's newest release","en-us/releases/whats-new/index","95WLnei8b7Mxzatih7sVt5Duh_fHmBXg0y9Da51-y08",{"data":51},{"logo":52,"freeTrial":57,"sales":62,"login":67,"items":72,"search":379,"minimal":410,"duo":429,"pricingDeployment":439},{"config":53},{"href":54,"dataGaName":55,"dataGaLocation":56},"/","gitlab logo","header",{"text":58,"config":59},"Get free trial",{"href":60,"dataGaName":61,"dataGaLocation":56},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":63,"config":64},"Talk to sales",{"href":65,"dataGaName":66,"dataGaLocation":56},"/sales/","sales",{"text":68,"config":69},"Sign in",{"href":70,"dataGaName":71,"dataGaLocation":56},"https://gitlab.com/users/sign_in/","sign in",[73,100,195,200,301,360],{"text":74,"config":75,"cards":77},"Platform",{"dataNavLevelOne":76},"platform",[78,84,92],{"title":74,"description":79,"link":80},"The intelligent orchestration platform for DevSecOps",{"text":81,"config":82},"Explore our Platform",{"href":83,"dataGaName":76,"dataGaLocation":56},"/platform/",{"title":85,"description":86,"link":87},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":88,"config":89},"Meet GitLab Duo",{"href":90,"dataGaName":91,"dataGaLocation":56},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":93,"description":94,"link":95},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":96,"config":97},"Learn more",{"href":98,"dataGaName":99,"dataGaLocation":56},"/why-gitlab/","why gitlab",{"text":101,"left":43,"config":102,"link":104,"lists":108,"footer":177},"Product",{"dataNavLevelOne":103},"solutions",{"text":105,"config":106},"View all Solutions",{"href":107,"dataGaName":103,"dataGaLocation":56},"/solutions/",[109,133,156],{"title":110,"description":111,"link":112,"items":117},"Automation","CI/CD and automation to accelerate deployment",{"config":113},{"icon":114,"href":115,"dataGaName":116,"dataGaLocation":56},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[118,122,125,129],{"text":119,"config":120},"CI/CD",{"href":121,"dataGaLocation":56,"dataGaName":119},"/solutions/continuous-integration/",{"text":85,"config":123},{"href":90,"dataGaLocation":56,"dataGaName":124},"gitlab duo agent platform - product menu",{"text":126,"config":127},"Source Code Management",{"href":128,"dataGaLocation":56,"dataGaName":126},"/solutions/source-code-management/",{"text":130,"config":131},"Automated Software Delivery",{"href":115,"dataGaLocation":56,"dataGaName":132},"Automated software delivery",{"title":134,"description":135,"link":136,"items":141},"Security","Deliver code faster without compromising security",{"config":137},{"href":138,"dataGaName":139,"dataGaLocation":56,"icon":140},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[142,146,151],{"text":143,"config":144},"Application Security Testing",{"href":138,"dataGaName":145,"dataGaLocation":56},"Application security testing",{"text":147,"config":148},"Software Supply Chain Security",{"href":149,"dataGaLocation":56,"dataGaName":150},"/solutions/supply-chain/","Software supply chain security",{"text":152,"config":153},"Software Compliance",{"href":154,"dataGaName":155,"dataGaLocation":56},"/solutions/software-compliance/","software compliance",{"title":157,"link":158,"items":163},"Measurement",{"config":159},{"icon":160,"href":161,"dataGaName":162,"dataGaLocation":56},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[164,168,172],{"text":165,"config":166},"Visibility & Measurement",{"href":161,"dataGaLocation":56,"dataGaName":167},"Visibility and Measurement",{"text":169,"config":170},"Value Stream Management",{"href":171,"dataGaLocation":56,"dataGaName":169},"/solutions/value-stream-management/",{"text":173,"config":174},"Analytics & Insights",{"href":175,"dataGaLocation":56,"dataGaName":176},"/solutions/analytics-and-insights/","Analytics and insights",{"title":178,"items":179},"GitLab for",[180,185,190],{"text":181,"config":182},"Enterprise",{"href":183,"dataGaLocation":56,"dataGaName":184},"/enterprise/","enterprise",{"text":186,"config":187},"Small Business",{"href":188,"dataGaLocation":56,"dataGaName":189},"/small-business/","small business",{"text":191,"config":192},"Public Sector",{"href":193,"dataGaLocation":56,"dataGaName":194},"/solutions/public-sector/","public sector",{"text":196,"config":197},"Pricing",{"href":198,"dataGaName":199,"dataGaLocation":56,"dataNavLevelOne":199},"/pricing/","pricing",{"text":201,"config":202,"link":204,"lists":208,"feature":288},"Resources",{"dataNavLevelOne":203},"resources",{"text":205,"config":206},"View all resources",{"href":207,"dataGaName":203,"dataGaLocation":56},"/resources/",[209,242,260],{"title":210,"items":211},"Getting started",[212,217,222,227,232,237],{"text":213,"config":214},"Install",{"href":215,"dataGaName":216,"dataGaLocation":56},"/install/","install",{"text":218,"config":219},"Quick start guides",{"href":220,"dataGaName":221,"dataGaLocation":56},"/get-started/","quick setup checklists",{"text":223,"config":224},"Learn",{"href":225,"dataGaLocation":56,"dataGaName":226},"https://university.gitlab.com/","learn",{"text":228,"config":229},"Product documentation",{"href":230,"dataGaName":231,"dataGaLocation":56},"https://docs.gitlab.com/","product documentation",{"text":233,"config":234},"Best practice videos",{"href":235,"dataGaName":236,"dataGaLocation":56},"/getting-started-videos/","best practice videos",{"text":238,"config":239},"Integrations",{"href":240,"dataGaName":241,"dataGaLocation":56},"/integrations/","integrations",{"title":243,"items":244},"Discover",[245,250,255],{"text":246,"config":247},"Customer success stories",{"href":248,"dataGaName":249,"dataGaLocation":56},"/customers/","customer success stories",{"text":251,"config":252},"Blog",{"href":253,"dataGaName":254,"dataGaLocation":56},"/blog/","blog",{"text":256,"config":257},"Remote",{"href":258,"dataGaName":259,"dataGaLocation":56},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":261,"items":262},"Connect",[263,268,273,278,283],{"text":264,"config":265},"GitLab Services",{"href":266,"dataGaName":267,"dataGaLocation":56},"/services/","services",{"text":269,"config":270},"Community",{"href":271,"dataGaName":272,"dataGaLocation":56},"/community/","community",{"text":274,"config":275},"Forum",{"href":276,"dataGaName":277,"dataGaLocation":56},"https://forum.gitlab.com/","forum",{"text":279,"config":280},"Events",{"href":281,"dataGaName":282,"dataGaLocation":56},"/events/","events",{"text":284,"config":285},"Partners",{"href":286,"dataGaName":287,"dataGaLocation":56},"/partners/","partners",{"backgroundColor":289,"textColor":290,"text":291,"image":292,"link":296},"#2f2a6b","#fff","Insights for the future of software development",{"altText":293,"config":294},"the source promo card",{"src":295},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":297,"config":298},"Read the latest",{"href":299,"dataGaName":300,"dataGaLocation":56},"/the-source/","the source",{"text":302,"config":303,"lists":305},"Company",{"dataNavLevelOne":304},"company",[306],{"items":307},[308,313,319,321,326,331,336,341,346,351,355],{"text":309,"config":310},"About",{"href":311,"dataGaName":312,"dataGaLocation":56},"/company/","about",{"text":314,"config":315,"footerGa":318},"Jobs",{"href":316,"dataGaName":317,"dataGaLocation":56},"/jobs/","jobs",{"dataGaName":317},{"text":279,"config":320},{"href":281,"dataGaName":282,"dataGaLocation":56},{"text":322,"config":323},"Leadership",{"href":324,"dataGaName":325,"dataGaLocation":56},"/company/team/e-group/","leadership",{"text":327,"config":328},"Team",{"href":329,"dataGaName":330,"dataGaLocation":56},"/company/team/","team",{"text":332,"config":333},"Handbook",{"href":334,"dataGaName":335,"dataGaLocation":56},"https://handbook.gitlab.com/","handbook",{"text":337,"config":338},"Investor relations",{"href":339,"dataGaName":340,"dataGaLocation":56},"https://ir.gitlab.com/","investor relations",{"text":342,"config":343},"Trust Center",{"href":344,"dataGaName":345,"dataGaLocation":56},"/security/","trust center",{"text":347,"config":348},"AI Transparency Center",{"href":349,"dataGaName":350,"dataGaLocation":56},"/ai-transparency-center/","ai transparency center",{"text":352,"config":353},"Newsletter",{"href":354,"dataGaName":40,"dataGaLocation":56},"/company/contact/#contact-forms",{"text":356,"config":357},"Press",{"href":358,"dataGaName":359,"dataGaLocation":56},"/press/","press",{"text":361,"config":362,"lists":363},"Contact us",{"dataNavLevelOne":304},[364],{"items":365},[366,369,374],{"text":63,"config":367},{"href":65,"dataGaName":368,"dataGaLocation":56},"talk to sales",{"text":370,"config":371},"Support portal",{"href":372,"dataGaName":373,"dataGaLocation":56},"https://support.gitlab.com","support portal",{"text":375,"config":376},"Customer portal",{"href":377,"dataGaName":378,"dataGaLocation":56},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":380,"login":381,"suggestions":388},"Close",{"text":382,"link":383},"To search repositories and projects, login to",{"text":384,"config":385},"gitlab.com",{"href":70,"dataGaName":386,"dataGaLocation":387},"search login","search",{"text":389,"default":390},"Suggestions",[391,393,397,399,403,407],{"text":85,"config":392},{"href":90,"dataGaName":85,"dataGaLocation":387},{"text":394,"config":395},"Code Suggestions (AI)",{"href":396,"dataGaName":394,"dataGaLocation":387},"/solutions/code-suggestions/",{"text":119,"config":398},{"href":121,"dataGaName":119,"dataGaLocation":387},{"text":400,"config":401},"GitLab on AWS",{"href":402,"dataGaName":400,"dataGaLocation":387},"/partners/technology-partners/aws/",{"text":404,"config":405},"GitLab on Google Cloud",{"href":406,"dataGaName":404,"dataGaLocation":387},"/partners/technology-partners/google-cloud-platform/",{"text":408,"config":409},"Why GitLab?",{"href":98,"dataGaName":408,"dataGaLocation":387},{"freeTrial":411,"mobileIcon":416,"desktopIcon":421,"secondaryButton":424},{"text":412,"config":413},"Start free trial",{"href":414,"dataGaName":61,"dataGaLocation":415},"https://gitlab.com/-/trials/new/","nav",{"altText":417,"config":418},"Gitlab Icon",{"src":419,"dataGaName":420,"dataGaLocation":415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":417,"config":422},{"src":423,"dataGaName":420,"dataGaLocation":415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":425,"config":426},"Get Started",{"href":427,"dataGaName":428,"dataGaLocation":415},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":430,"mobileIcon":435,"desktopIcon":437},{"text":431,"config":432},"Learn more about GitLab Duo",{"href":433,"dataGaName":434,"dataGaLocation":415},"/gitlab-duo/","gitlab duo",{"altText":417,"config":436},{"src":419,"dataGaName":420,"dataGaLocation":415},{"altText":417,"config":438},{"src":423,"dataGaName":420,"dataGaLocation":415},{"freeTrial":440,"mobileIcon":445,"desktopIcon":447},{"text":441,"config":442},"Back to pricing",{"href":198,"dataGaName":443,"dataGaLocation":415,"icon":444},"back to pricing","GoBack",{"altText":417,"config":446},{"src":419,"dataGaName":420,"dataGaLocation":415},{"altText":417,"config":448},{"src":423,"dataGaName":420,"dataGaLocation":415},{"title":450,"button":451,"config":456},"See how agentic AI transforms software delivery",{"text":452,"config":453},"Watch GitLab Transcend now",{"href":454,"dataGaName":455,"dataGaLocation":56},"/events/transcend/virtual/","transcend event",{"layout":457,"icon":458},"release","AiStar",{"data":460},{"text":461,"source":462,"edit":468,"contribute":473,"config":478,"items":483,"minimal":690},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":463,"config":464},"View page source",{"href":465,"dataGaName":466,"dataGaLocation":467},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":469,"config":470},"Edit this page",{"href":471,"dataGaName":472,"dataGaLocation":467},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":474,"config":475},"Please contribute",{"href":476,"dataGaName":477,"dataGaLocation":467},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":479,"facebook":480,"youtube":481,"linkedin":482},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[484,531,585,629,656],{"title":196,"links":485,"subMenu":500},[486,490,495],{"text":487,"config":488},"View plans",{"href":198,"dataGaName":489,"dataGaLocation":467},"view plans",{"text":491,"config":492},"Why Premium?",{"href":493,"dataGaName":494,"dataGaLocation":467},"/pricing/premium/","why premium",{"text":496,"config":497},"Why Ultimate?",{"href":498,"dataGaName":499,"dataGaLocation":467},"/pricing/ultimate/","why ultimate",[501],{"title":502,"links":503},"Contact Us",[504,507,509,511,516,521,526],{"text":505,"config":506},"Contact sales",{"href":65,"dataGaName":66,"dataGaLocation":467},{"text":370,"config":508},{"href":372,"dataGaName":373,"dataGaLocation":467},{"text":375,"config":510},{"href":377,"dataGaName":378,"dataGaLocation":467},{"text":512,"config":513},"Status",{"href":514,"dataGaName":515,"dataGaLocation":467},"https://status.gitlab.com/","status",{"text":517,"config":518},"Terms of use",{"href":519,"dataGaName":520,"dataGaLocation":467},"/terms/","terms of use",{"text":522,"config":523},"Privacy statement",{"href":524,"dataGaName":525,"dataGaLocation":467},"/privacy/","privacy statement",{"text":527,"config":528},"Cookie preferences",{"dataGaName":529,"dataGaLocation":467,"id":530,"isOneTrustButton":43},"cookie preferences","ot-sdk-btn",{"title":101,"links":532,"subMenu":541},[533,537],{"text":534,"config":535},"DevSecOps platform",{"href":83,"dataGaName":536,"dataGaLocation":467},"devsecops platform",{"text":538,"config":539},"AI-Assisted Development",{"href":433,"dataGaName":540,"dataGaLocation":467},"ai-assisted development",[542],{"title":543,"links":544},"Topics",[545,550,555,560,565,570,575,580],{"text":546,"config":547},"CICD",{"href":548,"dataGaName":549,"dataGaLocation":467},"/topics/ci-cd/","cicd",{"text":551,"config":552},"GitOps",{"href":553,"dataGaName":554,"dataGaLocation":467},"/topics/gitops/","gitops",{"text":556,"config":557},"DevOps",{"href":558,"dataGaName":559,"dataGaLocation":467},"/topics/devops/","devops",{"text":561,"config":562},"Version Control",{"href":563,"dataGaName":564,"dataGaLocation":467},"/topics/version-control/","version control",{"text":566,"config":567},"DevSecOps",{"href":568,"dataGaName":569,"dataGaLocation":467},"/topics/devsecops/","devsecops",{"text":571,"config":572},"Cloud Native",{"href":573,"dataGaName":574,"dataGaLocation":467},"/topics/cloud-native/","cloud native",{"text":576,"config":577},"AI for Coding",{"href":578,"dataGaName":579,"dataGaLocation":467},"/topics/devops/ai-for-coding/","ai for coding",{"text":581,"config":582},"Agentic AI",{"href":583,"dataGaName":584,"dataGaLocation":467},"/topics/agentic-ai/","agentic ai",{"title":586,"links":587},"Solutions",[588,590,592,597,601,604,608,611,613,616,619,624],{"text":143,"config":589},{"href":138,"dataGaName":143,"dataGaLocation":467},{"text":132,"config":591},{"href":115,"dataGaName":116,"dataGaLocation":467},{"text":593,"config":594},"Agile development",{"href":595,"dataGaName":596,"dataGaLocation":467},"/solutions/agile-delivery/","agile delivery",{"text":598,"config":599},"SCM",{"href":128,"dataGaName":600,"dataGaLocation":467},"source code management",{"text":546,"config":602},{"href":121,"dataGaName":603,"dataGaLocation":467},"continuous integration & delivery",{"text":605,"config":606},"Value stream management",{"href":171,"dataGaName":607,"dataGaLocation":467},"value stream management",{"text":551,"config":609},{"href":610,"dataGaName":554,"dataGaLocation":467},"/solutions/gitops/",{"text":181,"config":612},{"href":183,"dataGaName":184,"dataGaLocation":467},{"text":614,"config":615},"Small business",{"href":188,"dataGaName":189,"dataGaLocation":467},{"text":617,"config":618},"Public sector",{"href":193,"dataGaName":194,"dataGaLocation":467},{"text":620,"config":621},"Education",{"href":622,"dataGaName":623,"dataGaLocation":467},"/solutions/education/","education",{"text":625,"config":626},"Financial services",{"href":627,"dataGaName":628,"dataGaLocation":467},"/solutions/finance/","financial services",{"title":201,"links":630},[631,633,635,637,640,642,644,646,648,650,652,654],{"text":213,"config":632},{"href":215,"dataGaName":216,"dataGaLocation":467},{"text":218,"config":634},{"href":220,"dataGaName":221,"dataGaLocation":467},{"text":223,"config":636},{"href":225,"dataGaName":226,"dataGaLocation":467},{"text":228,"config":638},{"href":230,"dataGaName":639,"dataGaLocation":467},"docs",{"text":251,"config":641},{"href":253,"dataGaName":254,"dataGaLocation":467},{"text":246,"config":643},{"href":248,"dataGaName":249,"dataGaLocation":467},{"text":256,"config":645},{"href":258,"dataGaName":259,"dataGaLocation":467},{"text":264,"config":647},{"href":266,"dataGaName":267,"dataGaLocation":467},{"text":269,"config":649},{"href":271,"dataGaName":272,"dataGaLocation":467},{"text":274,"config":651},{"href":276,"dataGaName":277,"dataGaLocation":467},{"text":279,"config":653},{"href":281,"dataGaName":282,"dataGaLocation":467},{"text":284,"config":655},{"href":286,"dataGaName":287,"dataGaLocation":467},{"title":302,"links":657},[658,660,662,664,666,668,670,674,679,681,683,685],{"text":309,"config":659},{"href":311,"dataGaName":304,"dataGaLocation":467},{"text":314,"config":661},{"href":316,"dataGaName":317,"dataGaLocation":467},{"text":322,"config":663},{"href":324,"dataGaName":325,"dataGaLocation":467},{"text":327,"config":665},{"href":329,"dataGaName":330,"dataGaLocation":467},{"text":332,"config":667},{"href":334,"dataGaName":335,"dataGaLocation":467},{"text":337,"config":669},{"href":339,"dataGaName":340,"dataGaLocation":467},{"text":671,"config":672},"Sustainability",{"href":673,"dataGaName":671,"dataGaLocation":467},"/sustainability/",{"text":675,"config":676},"Diversity, inclusion and belonging (DIB)",{"href":677,"dataGaName":678,"dataGaLocation":467},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":342,"config":680},{"href":344,"dataGaName":345,"dataGaLocation":467},{"text":352,"config":682},{"href":354,"dataGaName":40,"dataGaLocation":467},{"text":356,"config":684},{"href":358,"dataGaName":359,"dataGaLocation":467},{"text":686,"config":687},"Modern Slavery Transparency Statement",{"href":688,"dataGaName":689,"dataGaLocation":467},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":691},[692,695,698],{"text":693,"config":694},"Terms",{"href":519,"dataGaName":520,"dataGaLocation":467},{"text":696,"config":697},"Cookies",{"dataGaName":529,"dataGaLocation":467,"id":530,"isOneTrustButton":43},{"text":699,"config":700},"Privacy",{"href":524,"dataGaName":525,"dataGaLocation":467},[702,901,1213,1427,1585,1705,1882,2063,2265,2357,2436,2524,2598,2674,2750],{"config":703,"content":707,"stem":900},{"template":8,"noContent":704,"version":705,"releaseDate":706},false,"18.9","Feb 19, 2026",{"components":708},[709,720],{"componentName":710,"type":710,"componentContent":711,"config":719},"ReleasesWhatsNewHero",{"title":712,"description":713,"heading":714,"button":715},"What's new in GitLab 18.9","Self-hosted agentic AI with model choice, security insights that drive remediation, and developer experience improvements your teams have been asking for. GitLab 18.9 extends governed agentic AI to your infrastructure and model choice, and delivers security insights that drive remediation over detection.\n","Learn more about how teams use GitLab",{"text":716,"config":717},"Visit the GitLab blog",{"href":718},"https://about.gitlab.com/blog/",{"id":705},{"componentName":721,"type":721,"componentContent":722},"ReleasesWhatsNewFeatureList",{"features":723},[724,739,752,766,781,794,807,820,839,853,866,879],{"text":725,"description":726,"labels":727,"config":730,"items":732},"GitLab Duo Agent Platform Self-Hosted for Online Cloud Licenses","Organizations in regulated industries can now run GitLab Duo Agent Platform in production on online cloud licenses while using models hosted on their own infrastructure or approved cloud environments. Powered by a usage-based billing model through GitLab Credits, this deployment option:\n",[728,729],"ai","manage",{"href":731},"https://docs.gitlab.com/administration/gitlab_duo_self_hosted/#gitLab-duo-agent-platform",[733,735,737],{"text":734},"Keeps inference traffic within your approved boundaries, helping organizations meet data residency and sovereignty requirements in financial services, government, and other regulated industries.",{"text":736},"Provides granular cost transparency through per-request metering for accurate internal chargeback and regulatory reporting.",{"text":738},"Removes a significant deployment blocker for enterprises where routing data through external AI vendors is not an option.",{"text":740,"description":741,"labels":742,"config":743,"items":745},"Bring Your Own Model (BYOM)","Many customers in highly regulated industries have already invested in domain-tuned LLMs, in-region deployments, and closed-source internal models. BYOM extends GitLab Duo Agent Platform flexibility by allowing administrators to connect third-party or self-hosted models through the GitLab AI Gateway. This capability:\n",[728,729],{"href":744},"https://docs.gitlab.com/development/ai_features/glossary/#bring-your-own-model-byom",[746,748,750],{"text":747},"Surfaces custom models alongside GitLab-managed models within the AI control plane, treating them as enterprise-ready options for agents and flows.",{"text":749},"Maps registered models to specific Duo Agent Platform flows or features for fine-grained control over which agents use which models.",{"text":751},"Replaces a fragmented mix of point solutions and unmanaged AI tools with a single, governed control plane for agentic AI.",{"text":753,"description":754,"labels":755,"config":757,"items":759},"Repository file tree browser","The repository file tree browser has been a highly requested feature that we’ve been working with the community on, and it’s now enabled on GitLab.com, GitLab Self-Managed, and GitLab Dedicated in 18.9. It is structured like a collapsible drawer that displays your repository's files and directories alongside the file list and file view. This feature:\n",[756],"code",{"href":758},"https://docs.gitlab.com/user/project/repository/files/file_tree_browser/",[760,762,764],{"text":761},"Supports full keyboard navigation (Shift+F to toggle, F to search) with complete W3C ARIA treeview accessibility compliance.",{"text":763},"Adapts responsively from side-by-side on desktop to drawer on smaller viewports, with pagination for large repositories (1000+ items).",{"text":765},"Syncs tree state with the file list and persists your open/closed preference across sessions.",{"text":767,"description":768,"labels":769,"config":772,"items":774},"Security Dashboard: Track vulnerability remediation","GitLab's updated Security Dashboard, generally available since 18.8, consolidates vulnerability data into a single view spanning projects, groups, and business units with risk scoring, remediation velocity, and vulnerability age distribution. In 18.9, the vulnerabilities over time chart now excludes no-longer-detected vulnerabilities. This change:\n",[770,771],"secure","analyze",{"href":773},"https://docs.gitlab.com/user/application_security/security_dashboard/#new-security-dashboards",[775,777,779],{"text":776},"Reflects the number of detected vulnerabilities that require attention, removing stale findings that skew trend lines.",{"text":778},"Applies automatically to vulnerabilities no longer detected in pipelines run from 18.9 onward, with a background migration handling earlier pipeline data.",{"text":780},"Gives AppSec leaders cleaner trendlines for executive briefings, with open vulnerabilities decreasing, risk posture improving, and remediation velocity tracking real progress rather than noise.",{"text":782,"description":783,"labels":784,"config":785,"items":787},"Security attributes and context filtering","Security teams need to identify the greatest risks to their business, not just the highest raw scan counts. Security attributes let teams tag groups and projects with business context and filter security inventory and security policies by those attributes. This capability:\n",[770,771,729],{"href":786},"https://docs.gitlab.com/user/application_security/attributes/",[788,790,792],{"text":789},"Tags assets with pre-defined attributes including business impact (Mission Critical through Non-essential), application, business unit, internet exposure (true or false), and lifecycle stage such as Production or Development.",{"text":791},"Filters vulnerability data by business context so security teams can prioritize by impact, application, or team rather than raw scan volume.",{"text":793},"Pairs with the security dashboards to surface risk scoring and remediation tracking through a business-relevant lens.",{"text":795,"description":796,"labels":797,"config":798,"items":800},"Vulnerability resolution with GitLab Duo Agent Platform (Beta)","Triaging and remediating SAST vulnerabilities is often one of the most time-consuming tasks in application security, but with Duo Agent Platform it doesn’t have to be. With the new SAST vulnerability resolution flow, GitLab Duo kicks in when you trigger a resolution and autonomously analyzes the finding, reasons through the surrounding code context, generates a context-aware fix, and creates a merge request. This flow:\n",[770,728],{"href":799},"https://docs.gitlab.com/user/duo_agent_platform/flows/foundational_flows/agentic_sast_vulnerability_resolution/",[801,803,805],{"text":802},"Reasons through the vulnerability and evaluates the codebase through agentic multi-step resolution rather than producing a single code suggestion.",{"text":804},"Generates a ready-to-review merge request with the proposed code fix for critical and high severity SAST vulnerabilities.",{"text":806},"Includes quality scoring on each generated fix so reviewers can quickly gauge confidence in the proposed remediation.",{"text":808,"description":809,"labels":810,"config":811,"items":813},"Show security reports from child pipelines in merge requests","Teams using parent-child pipeline architectures previously could not see security and compliance reports from child pipelines in the merge request widget, forcing manual navigation through multiple pipelines to identify issues. Now the merge request widget displays security findings from child pipelines alongside parent pipeline results. This improvement:\n",[770],{"href":812},"https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#view-child-pipeline-reports-in-merge-requests",[814,816,818],{"text":815},"Surfaces security scan results from child pipelines directly in the merge request, removing a manual navigation step for enterprise teams with complex CI/CD architectures.",{"text":817},"Supports monorepo and compliance-driven setups where security scans run in sandboxed child pipelines for isolation and access control.",{"text":819},"Closes a long-standing workflow gap for customers enforcing security policies across parent-child pipeline structures.",{"text":821,"description":822,"labels":823,"config":826,"items":828},"Container virtual registry (Beta)","Organizations pulling container images from multiple registries have to deal with authentication management across providers and often excessive bandwidth costs from repeated pulls. The experimental container virtual registry creates a single GitLab endpoint with multiple upstream sources (Docker Hub, Harbor, Quay, and registries using long-lived token auth) and built-in pull-through caching. This registry:\n",[824,825],"deploy","operate",{"href":827},"https://docs.gitlab.com/user/packages/virtual_registry/container/",[829,831,833,835],{"text":830},"Resolves image pulls automatically across upstream sources, eliminating per-provider authentication management.",{"text":832},"Caches pulled images to reduce bandwidth costs and improve reliability for repeated pulls.",{"text":834},"Gives teams evaluating GitLab as a container registry replacement a consolidated access layer that works alongside existing registries during transition.",{"text":836,"config":837},"Share your feedback to help shape this capability.",{"href":838},"https://gitlab.com/gitlab-org/gitlab/-/issues/589630",{"text":840,"description":841,"labels":842,"config":844,"items":846},"CI/CD job performance metrics (Limited-Availability Beta)","Previously there hasn’t been an easy way to figure out when a job's build time started trending up or which jobs are dragging down your pipeline. With CI/CD job performance metrics you can see P50 and P95 job duration, failure rate, and stage for each job directly in the CI/CD Analytics page, sortable and searchable by job name across the last 30 days. This view:\n",[843,771],"build",{"href":845},"https://docs.gitlab.com/user/analytics/ci_cd_analytics/#cicd-job-performance-metrics",[847,849,851],{"text":848},"Surfaces job-level performance data where platform teams already work, without requiring external dashboards or tooling.",{"text":850},"Helps identify slow or failing jobs faster to improve developer velocity and reduce pipeline troubleshooting time.",{"text":852},"Supports stage grouping (coming next) to aggregate metrics across build, test, and deploy stages.",{"text":854,"description":855,"labels":856,"config":857,"items":859},"GitLab Duo Agent Platform included in free trials with GitLab Ultimate","Ultimate trials on GitLab.com and self-managed now ship with GitLab Duo Agent Platform trial credits, so teams can evaluate agents and flows under the same usage model they'll use in production. This trial experience:\n",[728,729],{"href":858},"https://docs.gitlab.com/subscriptions/free_trials/#gitlab-duo-agent-platform-trials",[860,862,864],{"text":861},"Provides 24 credits per user, valid for the full 30-day trial period, for trying DAP agents and flows with realistic usage patterns.",{"text":863},"Demonstrates GitLab's cost controls and credit system during evaluation, so customers understand the billing model before committing.",{"text":865},"Requires GitLab 18.9 or later for GitLab Self-Managed deployments with an internet connection, aligning the trial experience with the production usage-based pricing launched in 18.8.",{"text":867,"description":868,"labels":869,"config":870,"items":872},"99.9% uptime SLA for GitLab Ultimate","GitLab now commits to a 99.9% monthly uptime percentage for Ultimate customers who purchased or renewed on or after January 1, 2026. This platform commitment covers core experiences including issues and merge requests, Git operations, container registry, package registry, and API access. This SLA:\n",[729,825],{"href":871},"https://handbook.gitlab.com/handbook/engineering/infrastructure-platforms/service-level-agreement/#covered-experiences",[873,875,877],{"text":874},"Provides a defined service credit schedule, including 5% of monthly fees for uptime between 99.5% and 99.9%, with a clear request process through support.gitlab.com.",{"text":876},"Signals enterprise-grade reliability for teams with regulated and mission-critical workloads evaluating GitLab as their primary development platform.",{"text":878},"Applies to Ultimate tier SaaS customers, reinforcing the value of the highest tier for organizations with strict availability requirements.",{"text":880,"description":881,"labels":882,"config":883,"items":885},"Zero downtime upgrades for cloud-native deployments","Previously, organizations running GitLab on Kubernetes had no documented path for performing zero downtime upgrades with the GitLab Helm Chart. After validating the process against GitLab.com, GitLab Dedicated, and Operator v1 implementations, comprehensive documentation is now available for all Chart users. This documentation:\n",[825,824],{"href":884},"https://docs.gitlab.com/charts/installation/upgrade.html",[886,888,890,892,896],{"text":887},"Provides a tested, validated process for zero downtime upgrades on multi-node Helm Chart deployments with rolling updates for Webservice and Sidekiq.",{"text":889},"Follows patterns already proven in production across GitLab.com and GitLab Dedicated, adapted for general Helm Chart usage.",{"text":891},"Supports enterprise upgrade planning for organizations that cannot afford service interruptions during monthly release adoption.",{"text":893,"config":894},"Currently applies only to cloud-native hybrid deployments.",{"href":895},"https://docs.gitlab.com/charts/installation/#use-the-reference-architectures",{"text":897,"config":898},"Will support zero downtime upgrades for Gitaly on Kubernetes deployments as that work completes.",{"href":899},"https://gitlab.com/groups/gitlab-org/-/work_items/6127","shared/en-us/releases/whats-new/versions/18-9",{"config":902,"content":905,"stem":1212},{"template":8,"noContent":704,"version":903,"releaseDate":904},"18.8","Jan 15, 2026",{"components":906},[907,921],{"componentName":710,"type":710,"componentContent":908},{"title":909,"description":910,"video":911},"What's new in GitLab 18.8","GitLab Duo Agent Platform brings agentic AI orchestration to the entire software lifecycle, with expanded security capabilities and flexible usage-based pricing.",{"button":912,"heading":916,"description":917,"config":918},{"text":913,"config":914},"Read CEO's blog",{"href":915},"https://about.gitlab.com/blog/gitlab-duo-agent-platform-is-generally-available/","GitLab Duo Agent Platform is generally available","Intelligent orchestration for the full software lifecycle is here.",{"href":919,"thumbnail":920},"https://player.vimeo.com/video/1154785472?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/f_auto,q_auto,c_lfill/v1768314192/llizjeumcduj2enqpdi4.png",{"componentName":721,"type":721,"componentContent":922},{"features":923},[924,926,941,957,972,987,1002,1017,1040,1055,1070,1085,1088,1103,1118,1133,1148,1161,1176,1191,1193,1202],{"text":925},"The following features and capabilities now generally available in GitLab Duo Agent Platform:",{"text":927,"description":928,"labels":929,"config":930,"items":932},"Agentic Chat: Intelligent, context-aware assistance","GitLab Duo Agentic Chat brings true multi-step reasoning across the GitLab Web UI and IDEs, using full lifecycle context from issues, merge requests, pipelines, and security findings. This capability:",[728,756],{"href":931},"https://docs.gitlab.com/user/gitlab_duo_chat/agentic_chat/",[933,935,937,939],{"text":934},"Performs actions autonomously on your behalf and answers complex questions comprehensively.",{"text":936},"Generates code, configuration, and Infrastructure-as-Code across a wide range of languages and frameworks.",{"text":938},"Provides summaries, highlights key findings, and offers actionable guidance based on real-time project context.",{"text":940},"Supports optional user- and workspace-level rules to tailor responses.",{"text":942,"description":943,"labels":944,"config":946,"items":948},"Planner Agent ","The Planner Agent is now generally available, helping product managers structure, prioritize, and break down work directly inside GitLab. This agent:",[728,945],"plan",{"href":947},"https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/planner/",[949,951,953,955],{"text":950},"Creates, edits, and analyzes GitLab work items like issues and epics through natural language commands.",{"text":952},"Analyzes backlogs and applies frameworks like RICE or MoSCoW to surface what needs attention.",{"text":954},"Breaks down epics into appropriately scoped work items for sprint planning.",{"text":956},"Suggests labels, milestones, and assignments based on project context.",{"text":958,"description":959,"labels":960,"config":961,"items":963},"Developer (Issue to Merge Request) Flow","The Developer Flow automates the transition from a ready issue to a structured merge request so teams can begin work immediately. Teams can:\n",[728,756],{"href":962},"https://docs.gitlab.com/user/duo_agent_platform/flows/foundational_flows/developer/",[964,966,968,970],{"text":965},"Analyze issue requirements and generate implementation-ready merge requests.",{"text":967},"Create branch structures and initial code scaffolding based on issue context.",{"text":969},"Link merge requests to source issues for complete traceability.",{"text":971},"Work to reduce manual setup time for repetitive development patterns.",{"text":973,"description":974,"labels":975,"config":976,"items":978},"Software Development in IDE Flow","The Software Development in IDE Flow guides work through everyday development and review stages directly within your IDE. This flow:\n",[728,756],{"href":977},"https://docs.gitlab.com/user/duo_agent_platform/flows/software_development/",[979,981,983,985],{"text":980},"Provides contextual assistance throughout the coding workflow from implementation to review.",{"text":982},"Surfaces relevant project context, documentation, and code patterns as you work.",{"text":984},"Supports iterative development with inline suggestions and refactoring guidance.",{"text":986},"Works across VS Code, JetBrains IDEs, Cursor, and Windsurf.",{"text":988,"description":989,"config":990,"items":992,"labels":1001},"Convert to GitLab CI/CD Flow","The Convert to GitLab CI/CD Flow helps teams migrate or modernize pipeline configurations without manual rewriting. Organizations can:",{"href":991},"https://docs.gitlab.com/user/duo_agent_platform/flows/convert_to_gitlab_ci/",[993,995,997,999],{"text":994},"Analyze existing pipeline configurations from Jenkins to GitLab CI/CD.",{"text":996},"Generate equivalent GitLab CI/CD YAML with best practices applied.",{"text":998},"Preserve pipeline logic while adapting syntax and structure for GitLab.",{"text":1000},"Work to reduce migration effort and accelerate platform consolidation.",[728,843],{"text":1003,"description":1004,"labels":1005,"config":1006,"items":1008},"Fix CI/CD Pipeline Flow","The Fix CI/CD Pipeline Flow analyzes failures, identifies likely causes, and prepares recommended changes. This flow:\n",[728,843],{"href":1007},"https://docs.gitlab.com/user/duo_agent_platform/flows/foundational_flows/fix_pipeline/",[1009,1011,1013,1015],{"text":1010},"Automatically diagnoses pipeline failures and surfaces root cause analysis.",{"text":1012},"Generates targeted fixes for common failure patterns.",{"text":1014},"Creates merge requests with proposed changes ready for review.",{"text":1016},"Helps reduce time spent manually debugging CI/CD issues.",{"text":1018,"config":1019,"labels":1021,"items":1022,"description":1031,"highlightCards":1032},"AI Catalog: A unified foundation for AI at work",{"href":1020},"https://docs.gitlab.com/user/duo_agent_platform/ai_catalog/",[728,729],[1023,1025,1027,1029],{"text":1024},"Discover and reuse AI capabilities through a single, organized system.",{"text":1026},"Bring in custom agents that connect to internal systems.",{"text":1028},"Share reusable workflows that reflect real development practices.",{"text":1030},"Assign specific agents and flows to projects for controlled rollout.","The AI Catalog serves as the central place where teams can create, publish, manage, and share the agents and flows they choose to rely on. Teams can:",[1033],{"video":1034,"title":1038,"description":1039},{"config":1035},{"href":1036,"thumbnail":1037},"https://player.vimeo.com/video/1154786333?badge=0&autopause=0&player_id=0&app_id=58479","https://vumbnail.com/1154785472.jpg"," Orchestrating AI across the software development lifecycle","GitLab Duo Agent Platform introduces specialized agents and multi-step agentic flows designed to support the moments in software development where clarity, insight, and structured decision-making matter most.",{"text":1041,"description":1042,"config":1043,"labels":1045,"items":1046},"MCP Client: Connect to the tools your teams already use","The MCP Client enables GitLab Duo Agent Platform to securely connect to external systems like Jira, Slack, Confluence, and other MCP-compatible tools. With MCP Client, teams can:\n",{"href":1044},"https://docs.gitlab.com/user/gitlab_duo/model_context_protocol/mcp_clients/",[728,729],[1047,1049,1051,1053],{"text":1048},"Pull in context and take action across their DevSecOps toolchain.",{"text":1050},"Reduce manual context switching between disconnected tools.",{"text":1052},"Enable end-to-end AI-powered workflows that reflect how teams work in practice.",{"text":1054},"Configure connections via workspace and user-level JSON files with group-level controls.",{"text":1056,"description":1057,"labels":1058,"config":1059,"items":1061},"Model selection for GitLab Duo Agent Platform","GitLab Duo Agent Platform is built on a flexible model selection framework that lets teams tailor AI behavior to their needs. This capability:\n",[728,729],{"href":1060},"https://docs.gitlab.com/user/gitlab_duo/model_selection/",[1062,1064,1066,1068],{"text":1063},"Defaults to an optimal LLM for each feature while allowing administrator overrides.",{"text":1065},"Supports models from OpenAI, Mistral, Meta, and Anthropic.",{"text":1067},"Provides granular control over model choices for chat, coding tasks, and agent interactions.",{"text":1069},"Enables self-hosted model options for GitLab Self-Managed deployments.",{"text":1071,"description":1072,"labels":1073,"config":1074,"items":1076},"Group access control for GitLab Duo Agent Platform features","Administrators can now define group access rules to control who can use GitLab Duo Agent Platform features, for flexible adoption strategies from immediate organization-wide access to phased rollouts. Administrators can:",[728,729],{"href":1075}," https://docs.gitlab.com/administration/gitlab_duo/configure/access_control/",[1077,1079,1081,1083],{"text":1078},"Set namespace-level rules governing which users can access GitLab Duo Agent Platform features.",{"text":1080},"Integrate with LDAP and SAML for governance at scale without manual configuration.",{"text":1082},"Deliver consistent experiences across GitLab.com, Self-Managed, and Dedicated deployments.",{"text":1084},"Roll out capabilities gradually as teams evaluate agent capabilities.",{"text":1086,"description":1087},"Strengthening security across the SDLC","GitLab 18.8 extends AI-powered security capabilities while adding new controls for vulnerability management and credential governance.",{"text":1089,"description":1090,"labels":1091,"items":1092,"config":1101},"Security Analyst Agent ","The Security Analyst Agent, lets engineers manage vulnerabilities using natural language commands in GitLab Duo Agentic Chat, is now generally available. Instead of manually clicking through vulnerability dashboards or writing custom scripts for bulk operations, security teams can now triage, assess, and remediate vulnerabilities in chat conversations. This agent:",[728,770],[1093,1095,1097,1099],{"text":1094},"Replaces manual dashboard navigation with conversational triage and assessment.",{"text":1096},"Supports bulk operations for vulnerability remediation without custom scripts.",{"text":1098},"Requires no manual setup as a foundational agent available by default.",{"text":1100},"Surfaces contextual vulnerability information to help accelerate decision-making.",{"href":1102},"https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/security_analyst_agent/",{"text":1104,"description":1105,"labels":1106,"config":1107,"items":1109},"Auto-dismiss irrelevant vulnerabilities with vulnerability management policies","Security teams can now automatically dismiss vulnerabilities that don't apply to their organization using vulnerability management policies. Dismissing vulnerabilities that are not relevant to your organization reduces noise and helps developers focus on vulnerabilities that pose actual risk. Security teams can:",[770,729],{"href":1108},"https://docs.gitlab.com/user/application_security/policies/vulnerability_management_policy/#auto-dismiss-policies",[1110,1112,1114,1116],{"text":1111},"Create policies to auto-dismiss based on file path, directory, or identifier (CVE, CWE, or OWASP).",{"text":1113},"See auto-dismissed vulnerabilities in the merge request security widget with an Auto-dismissed label.",{"text":1115},"Track dismissals in the vulnerability report for audit purposes.",{"text":1117},"Help developers prioritize remediation on what matters most.",{"text":1119,"description":1120,"labels":1121,"config":1122,"items":1124},"C/C++ support in Advanced SAST (GA)","Cross-file, cross-function scanning support for C/C++ is now generally available in GitLab Advanced SAST. This capability:",[770],{"href":1123},"https://docs.gitlab.com/user/application_security/sast/advanced_sast_cpp/",[1125,1127,1129,1131],{"text":1126},"Extends Advanced SAST coverage to C and C++ codebases.",{"text":1128},"Provides deeper analysis through cross-file and cross-function scanning.",{"text":1130},"Helps identify vulnerabilities that single-file analysis would miss.",{"text":1132},"Requires minimal configuration to enable.",{"text":1134,"description":1135,"labels":1136,"config":1137,"items":1139},"Multi-container scanning (Beta)","GitLab 18.8 introduces multi-container scanning in Beta, allowing users to pass in an array of images to be scanned as part of container scanning jobs. Teams managing multiple container images can:",[770],{"href":1138},"https://docs.gitlab.com/user/application_security/container_scanning/multi_container_scanning/",[1140,1142,1144,1146],{"text":1141},"Scan multiple images in a single job.",{"text":1143},"Reduce pipeline complexity for multi-container environments.",{"text":1145},"Consolidate container security findings across images in a single scan.",{"text":1147},"Use existing container scanning configuration patterns.",{"text":1149,"description":1150,"labels":1151,"config":1152,"items":1154},"Centralized credential management API for group owners","The Credentials Inventory API is now available for enterprise users on GitLab.com. This adds credential management capabilities previously only available on self-hosted instances, and helps organizations better manage and secure their authentication tokens and keys. This capability:",[770,729],{"href":1153}," https://docs.gitlab.com/api/groups#credentials-inventory-management",[1155,1157,1159],{"text":1156},"Provides programmatic access to personal access tokens, group access tokens, project access tokens, SSH Keys, and GPG Keys.",{"text":1158},"Enables automated security workflows for monitoring, auditing, and revoking credentials.",{"text":1160},"Complements the existing credentials inventory UI for enterprise administrators.",{"text":1162,"description":1163,"config":1164,"labels":1166,"items":1167},"Group owners can disable SSH keys for enterprise users","Group owners can now disable SSH keys for all enterprise users in their group. When disabled, users cannot add new SSH keys and their existing keys are deactivated. Group owners can:",{"href":1165},"https://docs.gitlab.com/user/ssh_advanced/#disable-ssh-keys-for-enterprise-users",[770,729],[1168,1170,1172,1174],{"text":1169},"Apply this setting to all enterprise users in the group, including those with the Owner role.",{"text":1171},"Prevent users from adding new SSH keys when disabled.",{"text":1173},"Deactivate existing SSH keys across all enterprise users in the group.",{"text":1175},"Work to meet organizational security policies requiring centralized key management.",{"text":1177,"description":1178,"labels":1179,"config":1180,"items":1182},"Introducing GitLab Credits: Usage-based pricing for GitLab Duo Agent Platform","GitLab Credits is a usage-based pricing model that addresses the limitations of seat-based AI pricing, which creates AI \"haves\" and \"have-nots\" for engineering teams. With GitLab Credits, organizations can:",[728,729],{"href":1181},"https://about.gitlab.com/blog/introducing-gitlab-credits/ ",[1183,1185,1189],{"text":1184},"Allow every member with a GitLab account to use agentic AI capabilities without paying for an AI seat.",{"text":1186,"config":1187},"Access included credits at no extra cost: $12 per user per month for Premium, $24 per user per month for Ultimate (limited-time promotion per promo terms).",{"href":1188},"https://about.gitlab.com/pricing/terms/",{"text":1190},"Get volume discounts for enterprise customers with annual commitments.",{"description":1192},"Usage dashboards provide detailed attribution and cost breakdowns, while granular access controls let administrators enable or disable GitLab Duo Agent Platform for specific teams or projects. Automated email alerts notify you at 50%, 80%, and 100% of committed monthly credits.",{"text":1194,"items":1195},"Getting started:",[1196,1198,1200],{"text":1197},"GitLab.com SaaS customers gain access automatically.",{"text":1199},"GitLab Self-Managed customers gain access when upgrading to GitLab 18.8.",{"text":1201},"GitLab Dedicated customers will be upgraded to GitLab 18.8 during their scheduled maintenance window in February.",{"description":1203,"items":1204},"GitLab Credits is not available for GitLab Duo with Amazon Q or GitLab Dedicated for Government.",[1205,1209],{"text":1206,"config":1207},"Learn more: Introducing GitLab Credits ",{"href":1208},"https://about.gitlab.com/blog/introducing-gitlab-credits/",{"text":1210,"config":1211},"Learn more: GitLab Duo Agent Platform GA announcement",{"href":915},"shared/en-us/releases/whats-new/versions/18-8",{"config":1214,"content":1217,"stem":1426},{"template":8,"noContent":704,"releaseDate":1215,"version":1216},"Dec 18, 2025","18.7",{"components":1218},[1219,1232],{"componentName":710,"type":710,"componentContent":1220},{"title":1221,"description":1222,"video":1223},"What’s new in GitLab 18.7","GitLab 18.7 provides improved automation, visibility and control capabilities for teams to integrate AI with their development and security workflows.",{"config":1224,"description":1227,"heading":1228,"button":1229},{"href":1225,"thumbnail":1226},"https://player.vimeo.com/video/1143231947?badge=0&autopause=0&player_id=0&app_id=58479","https://vumbnail.com/1143231947.jpg","GitLab 18.7 adds new automation, pipeline controls, and policy updates to help teams reduce manual work, simplify processes, and deliver safer releases.","CEO Corner: Advancing AI automation, governance, and developer experience.",{"text":913,"config":1230},{"href":1231},"https://about.gitlab.com/blog/gitlab-18-7-advancing-ai-automation/",{"componentName":721,"type":721,"componentContent":1233},{"features":1234},[1235,1251,1266,1281,1296,1311,1326,1349,1364,1379,1393,1409],{"text":1236,"description":1237,"labels":1238,"items":1239,"config":1249},"Custom Flows (Beta)","Custom Flows introduce a new way to automate multi-step workflows using YAML-defined sequences that orchestrate agents to complete repetitive development tasks. This capability:\n",[728],[1240,1242,1244,1246],{"text":1241},"Helps remove manual effort from predictable patterns like diagnosing failed pipelines, updating dependencies, or running policy checks.",{"text":1243},"Can be triggered automatically from GitLab events like @ mentioning a service account or assigning the account in an issue or merge request — no manual invocation required.",{"text":1245},"Enables autonomous actions such as analyzing failed tests, generating fixes, committing changes, and notifying teams.",{"text":1247,"config":1248},"Supports both individual project automations and consistent organization-wide workflows for compliance.",{"href":5},{"href":1250},"https://docs.gitlab.com/user/duo_agent_platform/flows/custom/",{"text":1252,"description":1253,"labels":1254,"config":1255,"items":1257},"SAST False Positive Detection Flow (Beta)","AI-powered SAST false positive detection helps teams focus on the vulnerabilities that matter by automatically analyzing Critical and High severity findings for false positives. Security teams can:",[728,770],{"href":1256},"https://docs.gitlab.com/user/duo_agent_platform/flows/foundational_flows/sast_false_positive_detection/",[1258,1260,1262,1264],{"text":1259},"Receive automatic false positive analysis after each security scan with no manual triggering required.",{"text":1261},"Manually trigger detection for individual vulnerabilities on-demand from the vulnerability details page.",{"text":1263},"View contextual AI reasoning explaining why each finding may or may not be a true positive.",{"text":1265},"Dismiss false positives directly from the vulnerability report with the dismissed status persisting across future pipelines.",{"text":1267,"description":1268,"labels":1269,"config":1270,"items":1272},"AI agent and flow versioning (Beta)","GitLab now pins agents and flows from the AI Catalog to a specific version when enabled in your project, helping to prevent breaking changes and workflow disruptions. Teams can:",[728],{"href":1271},"https://docs.gitlab.com/user/duo_agent_platform/ai_catalog/#agent-and-flow-versions",[1273,1275,1277,1279],{"text":1274},"Maintain stable, predictable AI-powered workflows even as catalog items evolve.",{"text":1276},"Test and validate new versions before upgrading in production pipelines.",{"text":1278},"Fork an agent at a specific version and evolve it independently for safer customization.",{"text":1280},"See clearly which version is running to avoid confusion across environments.",{"text":1282,"description":1283,"labels":1284,"config":1285,"items":1287},"Data Analyst Agent (Beta)","The Data Analyst Agent helps teams explore GitLab data using natural language, automatically generating GitLab Query Language (GLQL) queries and presenting clear insights. This agent:",[728,771],{"href":1286},"https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/data_analyst/",[1288,1290,1292,1294],{"text":1289},"Helps remove the need for manual query writing when analyzing work volume, team activity, and development trends.",{"text":1291},"Surfaces issue and merge request status quickly, with filtering by labels, authors, or milestones.",{"text":1293},"Generates reusable GLQL queries embeddable anywhere GitLab Flavored Markdown is supported.",{"text":1295},"Answers everyday questions about project activity directly within GitLab — no dashboard navigation required.",{"text":1297,"description":1298,"labels":1299,"config":1300,"items":1302},"Configure foundational agent availability (Beta)","Administrators can now control which foundational agents are available across their top-level group or instance. This capability:",[728,729],{"href":1301},"https://docs.gitlab.com/user/duo_agent_platform/agents/foundational_agents/#turn-foundational-agents-on-or-off",[1303,1305,1307,1309],{"text":1304},"Enables organization-wide governance over AI agent availability with a single configuration.",{"text":1306},"Allows administrators to toggle individual agents off to help align with specific security and compliance policies.",{"text":1308},"Provides flexibility to turn all foundational agents on or off by default.",{"text":1310},"Supports gradual rollout strategies as teams evaluate agent capabilities.",{"text":1312,"description":1313,"labels":1314,"config":1315,"items":1317},"Separate model selection for Agentic Chat and agents (Beta)","Administrators can now configure separate models for Agentic Chat and for all other agents at the top-level group or instance level. This capability:\n",[728,729],{"href":1316},"https://docs.gitlab.com/user/gitlab_duo/model_selection/#select-a-model-for-a-feature",[1318,1320,1322,1324],{"text":1319},"Provides granular control over model selection across different GitLab Duo Agent Platform features.",{"text":1321},"Enables organizations to optimize model choices based on specific use case requirements.",{"text":1323},"Supports differentiated cost and performance strategies for chat versus agent workflows.",{"text":1325},"Expands flexibility for teams balancing model capabilities with governance requirements.",{"text":1327,"description":1328,"labels":1329,"config":1330,"items":1332,"highlightCards":1341},"Support for AGENTS.md with GitLab Duo Chat in IDEs (Beta)","GitLab Duo Chat now supports the AGENTS.md specification, an emerging standard for providing context and instructions to AI coding assistants. This support:",[728,756],{"href":1331},"https://docs.gitlab.com/user/gitlab_duo_chat/agentic_chat/#create-agentsmd-instruction-files",[1333,1335,1337,1339],{"text":1334},"Makes build commands, testing instructions, and code style guidelines available to any AI tool that supports the specification.",{"text":1336},"Automatically applies instructions from AGENTS.md files in your repository at the user or workspace level.",{"text":1338},"Supports monorepos with subdirectory-specific AGENTS.md files for tailored component instructions.",{"text":1340},"Enables portable AI context that works across multiple AI coding tools beyond GitLab Duo.",[1342],{"video":1343,"title":1347,"description":1348},{"config":1344},{"href":1345,"thumbnail":1346},"https://player.vimeo.com/video/1147756347?badge=0&autopause=0&player_id=0&app_id=58479","https://vumbnail.com/1147756347.jpg","Elevating how teams build, secure, and deliver","The 18.7 release is about strengthening the foundation for reliable, flexible automation across your GitLab environment.",{"text":1350,"labels":1351,"config":1352,"description":1354,"items":1355},"Dynamic input selection in CI/CD pipelines",[843],{"href":1353},"https://docs.gitlab.com/ci/inputs/#define-conditional-input-options-with-specinputsrules","Dynamic input selection introduces cascading dropdown fields in the GitLab UI for triggering pipelines with context-aware options. This capability:",[1356,1358,1360,1362],{"text":1357},"Helps remove the need for YAML editing, enabling cross-functional teams to run pipelines independently.",{"text":1359},"Assists with reducing misconfigured runs by displaying only valid, context-aware options as users make selections.",{"text":1361},"Supports complex workflows with dynamic options that update based on previous selections.",{"text":1363},"Simplifies migration from Jenkins Active Choice by standardizing CI/CD processes on a single platform.",{"text":1365,"description":1366,"labels":1367,"config":1368,"items":1370},"CI/CD catalog publication guardrails","Administrators of GitLab Self-Managed and GitLab Dedicated can now restrict which projects are allowed to publish components to the CI/CD Catalog. This setting:",[843,729],{"href":1369},"https://docs.gitlab.com/ee/ci/components/",[1371,1373,1375,1377],{"text":1372},"Maintains a curated, trusted CI/CD Catalog by controlling what components can be published.",{"text":1374},"Provides an allowlist of projects authorized to publish components.",{"text":1376},"Prevents unauthorized or unapproved components from cluttering published components.",{"text":1378},"Helps ensure all components meet organizational standards and security requirements.",{"text":1380,"description":1381,"labels":1382,"config":1383,"items":1384},"New security dashboards enabled by default","The updated and modernized security dashboards are now enabled by default on GitLab Dedicated and GitLab Self-Managed. The new features include:",[770,771],{"href":773},[1385,1387,1389,1391],{"text":1386},"A chart showing vulnerabilities over time, with filtering options by project or report type as well as grouping by severity.",{"text":1388},"  Direct links from chart data points to vulnerabilities in the vulnerability report.",{"text":1390},"A risk score module that calculates estimated risk for groups or projects based on a GitLab algorithm.",{"text":1392},"Consistent dashboard experience across GitLab.com, Self-Managed, and Dedicated deployments.",{"text":1394,"labels":1395,"config":1396,"items":1398,"description":1408},"Secret validity checks improved (GA)",[770],{"href":1397},"https://docs.gitlab.com/user/application_security/vulnerabilities/validity_check/",[1399,1402,1404,1406],{"text":1400,"config":1401},"Expanded vendor integrations with Google Cloud, AWS, and Postman. View the full list of supported token types in our documentation. ",{"href":1397},{"text":1403},"Report filtering by validity status (active, inactive, possibly active) for faster triage.",{"text":1405},"Group-level API to enable validity checks across all projects with a single call.",{"text":1407},"Streamlined organization-wide rollout for comprehensive secret management.","Validity checks automatically verify if tokens discovered during Secret Detection are active or inactive. This helps teams prioritize real urgent threats when secrets are leaked in your repositories. This release includes:",{"text":1410,"description":1411,"labels":1412,"config":1413,"items":1415},"Warn mode for MR approval policies","Warn mode allows policy violations to be surfaced without blocking merges, giving teams a lower-friction way to introduce or adjust policies. This approach:",[770,729],{"href":1414},"https://docs.gitlab.com/user/application_security/policies/merge_request_approval_policies/#warn-mode",[1416,1418,1420,1422,1424],{"text":1417},"Helps security teams test and validate policy impact before applying full enforcement.",{"text":1419},"Generates informative bot comments without blocking merge requests.",{"text":1421},"Designates optional approvers as points of contact for policy questions.",{"text":1423},"Tracks all policy violations and dismissals through audit events for compliance reporting.",{"text":1425},"Surfaces policy violation badges in the Vulnerability Report for issues on the default branch.","shared/en-us/releases/whats-new/versions/18-7",{"config":1428,"content":1431,"stem":1584},{"template":8,"noContent":704,"version":1429,"releaseDate":1430},18.6,"Nov 20, 2025",{"components":1432},[1433,1447],{"type":710,"componentName":710,"componentContent":1434},{"title":1435,"description":1436,"video":1437,"config":1445},"What's new in GitLab 18.6","From configuration to control: Enhanced security and productivity through modern interfaces and brand new platform capabilities to keep your software teams in flow. Note: After this page was originally published, the default Security Manager role was withdrawn from the release. It will be included in a future update. The content below is updated for accuracy.",{"config":1438,"heading":1440,"description":1441,"button":1442},{"href":1439},"https://player.vimeo.com/video/1138657697?badge=0&autopause=0&player_id=0&app_id=58479","Enterprise governance meets development needs","GitLab 18.6 enables teams to move fast within clear boundaries, building software their way — with their standards and their approved technologies.",{"text":913,"config":1443},{"href":1444},"/blog/gitlab-18-6-from-configuration-to-control/",{"id":1446},"18.6",{"type":721,"componentName":721,"componentContent":1448},{"features":1449},[1450,1465,1480,1493,1508,1523,1538,1553,1568],{"text":1451,"description":1452,"labels":1453,"items":1454,"config":1463},"Modern interface for self-managed instances","Self-managed instances now default to the streamlined interface that keeps teams in flow. With this update, teams can:\n",[756,945,729],[1455,1457,1459,1461],{"text":1456},"Minimize context switching with side-by-side panels that eliminate tab-juggling during debugging.",{"text":1458},"Maximize code visibility with dynamic layouts that adapt to your current task, whether you’re reviewing, coding, or planning.",{"text":1460},"Experience the same consistent interface and unified navigation across GitLab.com and self-managed deployments.",{"text":1462},"Retain flexibility through feature flags for teams requiring gradual transitions.",{"href":1464},"https://docs.gitlab.com/user/interface_redesign/",{"text":1466,"description":1467,"labels":1468,"items":1469,"config":1478},"Exact code search powered by open-source Zoekt","Find any pattern across millions of lines instantly — enhanced by AI-powered suggestions when enabled. With exact search, developers can:\n",[756,771],[1470,1472,1474,1476],{"text":1471},"Locate code in seconds using regex patterns across entire instances without local clones.",{"text":1473},"Start immediately on GitLab.com with zero-configuration deployment already active.",{"text":1475},"Deploy in secure environments where Zoekt runs completely offline for air-gapped networks.",{"text":1477},"Combine with AI assistance (when enabled) for intelligent search suggestions based on natural language.",{"href":1479},"https://docs.gitlab.com/user/search/exact_code_search.html",{"text":1481,"description":1482,"labels":1483,"items":1484,"config":1491},"Web IDE for completely offline environments","Full IDE capabilities now available in air-gapped environments, including optional AI assistance for classified networks. Users can:\n",[756,824,825],[1485,1487,1489],{"text":1486},"Remove all external dependencies by hosting Web IDE assets internally without internet connectivity.",{"text":1488},"Enable full development features including markdown preview, extensions, and debugging in isolated networks.",{"text":1490},"Meet strict compliance requirements for government, defense, and financial institutions.",{"href":1492},"https://docs.gitlab.com/user/project/web_ide/",{"text":1494,"description":1495,"labels":1496,"items":1497,"config":1506},"Security attributes cut through vulnerability noise to surface real risks","Apply business context to security data — enhanced by AI that learns your prioritization patterns. With security attributes, teams can:\n",[770,771,729],[1498,1500,1502,1504],{"text":1499},"Reduce triage time by filtering \"Production + Internet-facing\" vulnerabilities first.",{"text":1501},"Filter by business unit tags to help identify which teams should handle specific vulnerabilities.",{"text":1503},"Bulk dismiss false positives with one click, removing test file noise from critical paths.",{"text":1505},"Let AI suggest priorities (when enabled) based on your historical remediation patterns.",{"href":1507},"https://docs.gitlab.com/user/application_security/security_inventory/",{"text":1509,"description":1510,"labels":1511,"items":1512,"config":1521},"CI/CD components self-reference for version consistency","Components now know their own metadata — from commit SHAs to version numbers — to eliminate version drift, with AI assistance for configuration when enabled. Users can:\n",[843,824],[1513,1515,1517,1519],{"text":1514},"Eliminate version mismatches with spec:component ensuring Docker images match component versions automatically.",{"text":1516},"Reduce pipeline complexity using dynamic dependencies that adapt to your matrix builds.",{"text":1518},"Prevent \"works locally\" failures by ensuring consistent versioning across environments.",{"text":1520},"Get AI configuration help (when enabled) for complex multi-platform scenarios.",{"href":1522},"https://docs.gitlab.com/ci/components/",{"text":1524,"description":1525,"labels":1526,"items":1527,"config":1536},"Helm charts without limits","Unlimited chart storage with pre-computed metadata for instant access to any version. Platform teams can:\n",[824,729,825],[1528,1530,1532,1534],{"text":1529},"Access any historical version without 404 errors disrupting critical rollbacks.",{"text":1531},"Improve performance with pre-computed metadata eliminating on-demand generation.",{"text":1533},"Centralize chart governance without splitting across repositories for scale workarounds.",{"text":1535},"Maintain deployment history across all releases for simpler compliance and debugging.",{"href":1537},"https://docs.gitlab.com/user/packages/helm_repository/",{"text":1539,"description":1540,"labels":1541,"items":1542,"config":1551},"Code Owners with inherited permissions","Simplified ownership management that respects organizational hierarchy and is enhanced by AI review when configured. Teams can:\n",[756,729],[1543,1545,1547,1549],{"text":1544},"Eliminate redundant configuration with parent group permissions automatically applying to projects.",{"text":1546},"Reduce approval delays as the right reviewers already have access through inheritance.",{"text":1548},"Keep existing CODEOWNERS files working without migration or changes required.",{"text":1550},"Add AI pre-review (when enabled) before human code owners for faster feedback cycles.",{"href":1552},"https://docs.gitlab.com/user/project/codeowners/",{"text":1554,"description":1555,"labels":1556,"items":1557,"config":1566},"GitLab Duo Agents ready by default in Agentic Chat (Beta)","GitLab-built agents for planning and security are now available by default in the Agentic Chat dropdown. When activated, teams can:\n",[728,945,770],[1558,1560,1562,1564],{"text":1559},"Break down complex work instantly with the GitLab Duo Planner Agent, turning vague requirements into implementable tasks.",{"text":1561},"Maintain milestone alignment as the Duo Planner Agent respects your sprint deadlines automatically.",{"text":1563},"Understand vulnerabilities quickly with the GitLab Duo Security Analyst Agent that explains CVEs in plain language.",{"text":1565},"Access both agents on GitLab.com and self-managed instances.",{"href":1567},"https://docs.gitlab.com/user/duo_agent_platform/agents/",{"text":1569,"description":1570,"labels":1571,"items":1573,"config":1582},"End-user model selection for cloud-connected self-managed instances (GA)","Cloud-connected self-managed users can now select which AI model powers their GitLab Duo Agentic Chat experience directly in the GitLab UI. This gives teams more flexibility to manage performance, cost, and governance while choosing models that best fit their environment — whether on-premises, in a private cloud, or in a public cloud. This gives teams:\n",[1572,729],"aI",[1574,1576,1578,1580],{"text":1575},"Greater control over model performance, accuracy, and cost.",{"text":1577},"The ability to choose regionally compliant or in-house models for data residency needs.",{"text":1579},"Flexibility to match models to organizational policies and priorities.",{"text":1581},"Consistent model selection across any self-managed deployment environment.",{"href":1583},"https://docs.gitlab.com/user/gitlab_duo_chat/agentic_chat/#select-a-model","shared/en-us/releases/whats-new/versions/18.6",{"config":1586,"content":1589,"stem":1704},{"template":8,"noContent":704,"version":1587,"releaseDate":1588},18.5,"Oct 21, 2025",{"title":1590,"components":1591},"GitLab 18.5",[1592,1607],{"type":710,"componentName":710,"componentContent":1593},{"title":1594,"description":1595,"video":1596,"config":1605},"What's new in GitLab 18.5","GitLab 18.5 reduces friction across planning, security, and deployment with intelligent orchestration across the software lifecycle — keeping teams in control through human-in-the-loop workflows.",{"config":1597,"heading":1600,"description":1601,"button":1602},{"href":1598,"thumbnail":1599},"https://player.vimeo.com/video/1128975773?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1760993630/ztw407dtyzdo25xqund5.jpg","Intelligence that moves software development forward","With GitLab 18.5, we are delivering new specialized agents, security insights that cut through the noise, and a reimagined interface that keeps your AI teammate always in view.",{"text":913,"config":1603},{"href":1604},"/blog/gitlab-18-5-intelligence-that-moves-software-development-forward/",{"id":1606},"18.5",{"type":721,"componentName":721,"componentContent":1608},{"features":1609},[1610,1622,1636,1648,1661,1676,1691],{"text":1611,"description":1612,"labels":1613,"items":1614,"config":1621},"Enhanced user experience with contextual access to Agentic Chat (Beta)","Improve access to project data and context with an integrated UI that surfaces AI assistance contextually across GitLab. Helps you eliminate hours lost to context-switching and accelerate issue resolution and development velocity. This release provides:",[729,756,825,728],[1615,1617,1619],{"text":1616},"Accessibility to GitLab Duo Chat panel from anywhere in the platform.",{"text":1618},"Side-by-side information display for contextual work without losing your place.",{"text":1620},"Left-side navigation menu, which collapses and expands for flexible workspace management.",{"href":1464},{"text":1623,"description":1624,"labels":1625,"items":1626,"config":1635},"GitLab Security Analyst Agent (Beta)","Transform vulnerability noise into actionable threat management with agentic security analysis. Now teams can orchestrate remediation workflows, prioritize exploitable risks, and complete bulk operations in minutes while working to maintain consistent security policies and audit trails. With this agent, teams can:\n",[770,945,728],[1627,1629,1631,1633],{"text":1628},"Use conversational commands to run AI-powered vulnerability management workflows.",{"text":1630},"Perform bulk operations for dismissing false positives and creating issues at scale.",{"text":1632},"Get enriched vulnerability data, including reachability analysis and code flow information.",{"text":1634},"Orchestrate multiple security tools through a single interface.",{"href":1102},{"text":1637,"description":1638,"labels":1639,"items":1640,"config":1647},"GitLab Duo Planner (Beta)","Turn hundreds of backlog issues into actionable task lists with an agentic workflow powered by GitLab Duo within an Agile framework. Instead of tedious manual analysis, product and engineering teams can make fast, informed decisions. GitLab Duo Planner:\n",[945,728,729],[1641,1643,1645],{"text":1642},"Turns vague ideas into structured planning hierarchies.",{"text":1644},"Identifies stale backlog items and suggests priorities automatically.",{"text":1646},"Drafts structured progress summaries for key stakeholders.",{"href":947},{"text":1649,"description":1650,"labels":1651,"items":1652,"config":1659},"Popular AI tools as native agents in the AI Catalog (Experimental)","Bring your preferred CLI agents directly into your GitLab Duo experience while maintaining enterprise governance, security, and audit trails. This capability includes:",[824,825,728,756,729],[1653,1655,1657],{"text":1654},"Access to Claude, OpenAI Codex, Google Gemini, and Amazon Q in the GitLab AI Catalog.",{"text":1656},"Seamless authentication with composite identity management.",{"text":1658},"Session tracking for full visibility into flow execution and history.",{"href":1660},"https://docs.gitlab.com/user/duo_agent_platform/agent_assistant/",{"text":1662,"description":1663,"labels":1664,"items":1665,"config":1674},"Self-Hosted Duo Agent Platform (now Beta)","Unlock the full power of agentic AI within your own infrastructure so you can control where GitLab Duo executes, how it accesses your code, and what data it processes. This beta update gives you:\n",[824,825,729,728],[1666,1668,1670,1672],{"text":1667},"The power to execute Duo workflows within your infrastructure.",{"text":1669},"The ability to address data sovereignty requirements with enterprise-grade security for sensitive code within organizational boundaries.",{"text":1671},"Improved timeout configurations and AI Gateway settings for production deployment.",{"text":1673},"Support for code reviews, bug fixes, and feature implementations.",{"href":1675},"https://docs.gitlab.com/user/duo_agent_platform/",{"text":1677,"description":1678,"labels":1679,"items":1680,"config":1689},"Precise security: Focus on real risks","Accelerate security feedback without sacrificing coverage by focusing scans and helping to distinguish exploitable vulnerabilities from theoretical ones. Reduce noise, identify real risks, and keep developers in flow with:\n",[770,825,756],[1681,1683,1685,1687],{"text":1682},"Diff-based scanning that focuses on changed code, reducing pipeline execution time and alert fatigue.",{"text":1684},"Reachability analysis that helps identify whether vulnerable code is actually invoked.",{"text":1686},"Clear identification of expired secrets.",{"text":1688},"Strong security coverage focused on exploitable risks.",{"href":1690},"https://docs.gitlab.com/user/application_security/sast/gitlab_advanced_sast/#diff-based-scanning-in-merge-requests",{"text":1692,"description":1693,"labels":1694,"items":1695,"config":1702},"Maven Virtual Registry","A new web-based interface that simplifies how teams create and manage Maven virtual registries. Instead of configuring through APIs, package administrators can now:\n",[729],[1696,1698,1700],{"text":1697},"Create registries and order upstreams to help improve performance and compliance.",{"text":1699},"View and clear stale cache entries directly in the UI.",{"text":1701},"Help reduce operational overhead and gives teams clearer insight into dependency resolution.",{"href":1703},"https://docs.gitlab.com/user/packages/virtual_registry/maven/","shared/en-us/releases/whats-new/versions/18.5",{"config":1706,"content":1709,"stem":1881},{"template":8,"noContent":704,"version":1707,"releaseDate":1708},18.4,"Sep 23, 2025",{"title":1710,"components":1711},"GitLab 18.4",[1712,1727],{"componentName":710,"type":710,"componentContent":1713},{"title":1714,"description":1715,"video":1716,"config":1725},"What's new in GitLab 18.4","New CI/CD workflows, a library of specialized agents, GitLab Runner improvements, richer Knowledge Graph for navigating complex codebases, enhanced AI governance, and much more.",{"config":1717,"heading":1720,"description":1721,"button":1722},{"href":1718,"thumbnail":1719},"https://player.vimeo.com/video/1120293274?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758575154/wri1blj60yzo4p476m5o.png","AI-native development with automation and insight","With GitLab 18.4, we're evolving the way humans and AI work together with custom agents, code-aware accuracy, and automated pipeline fixes to keep developers in flow.",{"text":913,"config":1723},{"href":1724},"/blog/gitlab-18-4-ai-native-development-with-automation-and-insight/",{"id":1726},"18.4",{"componentName":721,"type":721,"componentContent":1728},{"features":1729},[1730,1744,1756,1771,1786,1801,1811,1824,1835,1846,1857,1870],{"text":1731,"config":1732,"description":1733,"labels":1734,"items":1735},"AI Catalog (Beta)",{"href":1020},"A shared library of reusable and specialized agents, allowing developers to:",[729,945,756,728],[1736,1738,1740,1742],{"text":1737},"Create custom agents with defined behaviors and tools.",{"text":1739},"Share agents project-wide or across the organization.",{"text":1741},"Test agents before rollout to ensure predictable performance.",{"text":1743},"Build common use cases like security scanning, docs drafting, or deployment validation.",{"text":1745,"config":1746,"description":1747,"labels":1748,"items":1749},"Smarter Agentic Chat (Beta)",{"href":931},"Enables AI agents to act as teammates, allowing developers to:",[756,945,728],[1750,1752,1754],{"text":1751},"Start fresh conversations or resume previous ones with custom agents.",{"text":1753},"Run agents synchronously or asynchronously.",{"text":1755},"Access session views with logs, user info, and tool metadata for visibility.",{"text":1757,"config":1758,"description":1760,"labels":1761,"items":1762},"Knowledge Graph upgrades (Beta)",{"href":1759},"https://gitlab-org.gitlab.io/rust/knowledge-graph/","Developers and AI agents use the Knowledge Graph to accelerate large codebase navigation and quickly answer complex questions. Developers can:",[756,771,945,728],[1763,1765,1767,1769],{"text":1764},"Utilize real-time indexing to map files, routes, and references across projects.",{"text":1766},"Use go-to-definition, reference tracking, and in-chat search.",{"text":1768},"Ask precise questions like \"show me all route files\" or \"what does this change impact?\"",{"text":1770},"Accelerates onboarding, deep research, and confident refactors.",{"text":1772,"config":1773,"description":1775,"labels":1776,"items":1777},"Fix Failed Pipelines Flow (Beta)",{"href":1774},"https://docs.gitlab.com/ci/pipeline_editor/#validate-cicd-configuration","New flow keeps software development pipelines functional by balancing technical fixes and business priorities. To keep developers in the flow state, it is designed to:",[825,728,824],[1778,1780,1782,1784],{"text":1779},"Detect and prioritize failures based on business importance.",{"text":1781},"Perform root-cause analysis across logs, dependencies, and recent changes.",{"text":1783},"Suggest and apply fixes aligned with deadlines and priorities.",{"text":1785},"Automatically create merge requests with business context.",{"text":1787,"config":1788,"description":1790,"labels":1791,"items":1792},"GitLab Duo model selection (now GA)",{"href":1789},"https://docs.gitlab.com/user/gitlab_duo/model_selection/#select-a-model-to-use-in-gitlab-duo-agentic-chat","Ensure consistent and compliant AI use across features and namespaces. GitLab 18.4 allows teams to:",[729,945,825,728],[1793,1795,1797,1799],{"text":1794},"Set model defaults at org or feature level.",{"text":1796},"Apply consistent preferences across namespaces.",{"text":1798},"Support GPT-OSS and GPT-5.",{"text":1800},"Note: Model selection is not available for gitlab.com customers, and GPT models are not supported on gitlab.com.",{"text":1802,"config":1803,"description":1804,"labels":1805,"items":1806},"End-user model selection (Beta)",{"href":1789},"When group-level model selection is not active, developers can choose their preferred model in Agentic Chat. It allows for:",[729,756,728],[1807,1809],{"text":1808},"A dropdown selection in Agentic Chat to easily switch models.",{"text":1810},"The selection to persist between conversations.",{"text":1812,"config":1813,"description":1815,"labels":1816,"items":1817},"GitLab Duo context exclusion (Beta)",{"href":1814},"https://docs.gitlab.com/user/gitlab_duo/context/#exclude-context-from-gitlab-duo","Helps developers protect sensitive information by controlling the context shared with AI models. It makes it possible to:",[729,756,825,728],[1818,1820,1822],{"text":1819},"Exclude specific files (e.g., secrets, proprietary algorithms).",{"text":1821},"Apply path-based rules by directory or file type.",{"text":1823},"Configure at project level with audit visibility.",{"text":1825,"config":1826,"description":1828,"labels":1829,"items":1830},"New CI/CD workflows",{"href":1827},"https://docs.gitlab.com/ci/jobs/ci_job_token/#allow-git-push-requests-to-your-project-repository","Developers can accelerate their workflows even further with new workflows to:",[945,824,825],[1831,1833],{"text":1832},"Simulate pipelines against any branch to test and validate changes before commit.",{"text":1834},"Utilize CI/CD job tokens to authenticate Git push requests with fine-grained permissions.",{"text":1836,"config":1837,"description":1839,"labels":1840,"items":1841},"New security capabilities",{"href":1838},"https://docs.gitlab.com/user/application_security/secret_detection/pipeline/#excluded-items","In GitLab 18.4, new security capabilities allow developers to:",[770,771,825],[1842,1844],{"text":1843},"Speed up secret detection scans and reduce noise by excluding low-signal files.",{"text":1845},"Quickly trace original pipeline IDs for resolved vulnerabilities in case they reappear.",{"text":1847,"config":1848,"description":1850,"labels":1851,"items":1852},"Self-Hosted AI: Expanded model support",{"href":1849},"https://docs.gitlab.com/administration/gitlab_duo_self_hosted/","Additional flexibility for developers with newly added models for Duo Enterprise self-hosted deployments:",[729,824,825,728],[1853,1855],{"text":1854},"GPT-5 on Azure OpenAI.",{"text":1856},"GPT-OSS 20B/120B via vLLM and Azure.",{"text":1858,"config":1859,"description":1861,"labels":1862,"items":1863},"GitLab Runner 18.4",{"href":1860},"https://docs.gitlab.com/runner/","Developers can run pipelines with increased reliability thanks to these improvements in GitLab Runner:",[824,825],[1864,1866,1868],{"text":1865},"FIPS startup fixes.",{"text":1867},"New fastzip flag support.",{"text":1869},"Improved long-polling in Kubernetes.",{"text":1871,"config":1872,"description":1874,"labels":1875,"items":1876},"Dedicated: Expanded AWS region support",{"href":1873},"https://docs.gitlab.com/administration/dedicated/create_instance/data_residency_high_availability/","DevOps teams can now deploy GitLab Dedicated in more regions with enterprise-grade availability and disaster recovery (DR) thanks to following improvements in 18.4:",[729,824,825],[1877,1879],{"text":1878},"io2-backed storage and disaster recovery.",{"text":1880},"Availability of all AWS regions in Switchboard.","shared/en-us/releases/whats-new/versions/18.4",{"config":1883,"content":1886,"stem":2062},{"template":8,"noContent":704,"version":1884,"releaseDate":1885},18.3,"Aug 20, 2025",{"title":1887,"components":1888},"GitLab 18.3",[1889,1904],{"componentName":710,"type":710,"componentContent":1890},{"title":1891,"description":1892,"video":1893,"config":1902},"What's new in GitLab 18.3","Embedded views for real-time work status visibility, new flows, enhanced compliance violations reporting, enterprise governance, and more.",{"config":1894,"heading":1897,"description":1898,"button":1899},{"href":1895,"thumbnail":1896},"https://player.vimeo.com/video/1111796316?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758626541/zirykfid9us9tbjfhzjn.png","Expanding AI orchestration in software engineering","With GitLab 18.3, we're advancing human-AI collaboration with Flows, governance, and integrations.",{"text":913,"config":1900},{"href":1901},"/blog/gitlab-18-3-expanding-ai-orchestration-in-software-engineering/",{"id":1903},"18.3",{"componentName":721,"type":721,"componentContent":1905},{"features":1906},[1907,1929,1955,1968,1998,2015,2028,2043],{"text":1908,"config":1909,"description":1911,"labels":1912,"highlightCard":1913,"items":1920},"Expanded integrations and interoperability",{"href":1910},"https://docs.gitlab.com/integration/","Enable first- and third-party agents within development workflows, giving developers the ability to choose the right AI tools within GitLab's governance and context:",[729,756,728,824,825],{"video":1914,"title":1918,"description":1919},{"config":1915},{"href":1916,"thumbnail":1917},"https://player.vimeo.com/video/1111784124?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758580270/jed3urwxtyih1y2hicjx.png","Watch the integrations demo","See how GitLab 18.4 integrates any AI agent into your workflow. No more tool switching—mention @Claude in merge requests.",[1921,1923,1925,1927],{"text":1922},"MCP server provides standardized, secure AI integration with GitLab projects and APIs.",{"text":1924},"CLI agent support allows @mention Claude Code, Codex, Amazon Q, Google Gemini, or opencode in issues/MRs to generate code or comments.",{"text":1926},"Agentic Chat for Visual Studio + GitLab UI provides access to Duo agents natively where you work to reduce context-switching.",{"text":1928},"Expanded AI model support (Self-Hosted) allows running GPT (20B/120B), Claude 4, and more through vLLM, Azure, or AWS Bedrock.",{"text":1930,"config":1931,"description":1933,"labels":1934,"items":1935,"highlightCards":1940},"Automated development Flows",{"href":1932},"https://docs.gitlab.com/user/duo_agent_platform/flows/","Eliminate repetitive tasks with multi-agent workflows that take ideas from concept to code in minutes, freeing developers to focus on higher-value work:",[728,945,756,824],[1936,1938],{"text":1937},"Issue to MR Flow automatically converts issues into merge requests with implementation plans and production-ready code.",{"text":1939},"Convert CI File Flow migrates Jenkins CI/CD configurations into GitLab CI pipelines without manual rewriting.",[1941,1948],{"video":1942,"title":1946,"description":1947},{"config":1943},{"href":1944,"thumbnail":1945},"https://player.vimeo.com/video/1120981865?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758580270/y6alfpmtrwnxqez1swok.png","Watch the Issue to MR Flow demo","See AI turn a simple issue into production-ready code with implementation plans. No more manual coding—just describe the problem.",{"video":1949,"title":1953,"description":1954},{"config":1950},{"href":1951,"thumbnail":1952},"https://player.vimeo.com/video/1111783724?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758580269/rqn56ak0a6noig2trekm.png","Watch the Convert CI File Flow demo here","See how AI automatically converts your Jenkins configurations into GitLab CI pipelines. Reliable code conversion, quick and easy validation.",{"text":1956,"config":1957,"description":1959,"labels":1960,"items":1961},"Knowledge Graph for real-time code intelligence",{"href":1958},"https://gitlab-org.gitlab.io/rust/knowledge-graph/getting-started/overview/","Context-aware insights that help agents and developers understand complex codebases and cut hours off discovery and refactoring tasks:",[756,771,945,728],[1962,1964,1966],{"text":1963},"Real-time code indexing accelerates search and navigation.",{"text":1965},"Maps dependencies and file relationships across the codebase.",{"text":1967},"Provides AI agents with richer context for more accurate answers.",{"text":1969,"config":1970,"description":1972,"labels":1973,"items":1974,"highlightCards":1983},"Enterprise governance",{"href":1971},"https://docs.gitlab.com/administration/gitlab_duo_self_hosted/#decide-on-your-configuration-type","Adopt AI confidently with visibility and control. New governance features ensure agent actions are transparent and compliant with organizational security standards:",[729,825,728,770],[1975,1977,1979,1981],{"text":1976},"Agent Insights track and optimize how agents make decisions.",{"text":1978},"Duo Code Review for Self-Hosted provides AI code review with data sovereignty.",{"text":1980},"Hybrid model configurations combine self-hosted and GitLab-managed AI models.",{"text":1982},"OAuth 2.0 for MCP server provides modern, secure authentication to protected resources.",[1984,1991],{"video":1985,"title":1989,"description":1990},{"config":1986},{"href":1987,"thumbnail":1988},"https://player.vimeo.com/video/1111783244?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758580269/iz95ziezxvykrnsibqh8.png","Watch the Agent Insights demo","Discover how Agent Insights tracks every AI decision with full transparency. Complete control – every agent action accounted for. ",{"video":1992,"title":1996,"description":1997},{"config":1993},{"href":1994,"thumbnail":1995},"https://player.vimeo.com/video/1111783569?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758580270/uyn2rdbdyjobrni2zvdn.png","Watch the GitLab Duo Code Review for Self-hosted demo","See how Duo Code Review provides intelligent feedback while keeping your code secure. Your data never leaves your infrastructure.",{"text":1999,"config":2000,"description":2002,"labels":2003,"items":2004},"Secure by Design platform: Governance that scales",{"href":2001},"https://docs.gitlab.com/user/custom_roles/#create-a-custom-admin-role","Apply least-privilege principles and compliance at scale. GitLab 18.3 embeds security and governance across the SDLC so organizations can standardize without slowing teams down:",[770,729,825,824],[2005,2007,2009,2011,2013],{"text":2006},"Custom admin roles create specialized roles with precise admin access.",{"text":2008},"Instance-level compliance frameworks apply policies once and cascade across groups and projects.",{"text":2010},"Enhanced violations reporting provides immediate, actionable alerts tied to compliance controls.",{"text":2012},"Fine-grained CI/CD job tokens limit tokens to only required API endpoints.",{"text":2014},"AWS Secrets Manager integration retrieves secrets securely in CI/CD jobs via OIDC.",{"text":2016,"config":2017,"description":2019,"labels":2020,"items":2021},"Artifact management",{"href":2018},"https://docs.gitlab.com/user/packages/container_registry/immutable_container_tags/","Protect against vulnerabilities and outages by ensuring artifacts and images are immutable and consistently governed across the supply chain:",[824,825,729],[2022,2024,2026],{"text":2023},"Conan revisions support provides immutable identifiers for C++ packages.",{"text":2025},"Immutable container tags prevent modification of critical production images.",{"text":2027},"Extended immutability protections across npm, PyPI, Maven, NuGet, Helm, and more.",{"text":2029,"config":2030,"description":2032,"labels":2033,"items":2034},"Embedded views (powered by GLQL)",{"href":2031},"https://docs.gitlab.com/user/glql/#embedded-views","Allow developers access to live project data where they work. Embedded views turn wikis, issues, and epics into living dashboards that update automatically:",[945,771],[2035,2037,2039,2041],{"text":2036},"Insert live GLQL queries in issues, epics, and MRs.",{"text":2038},"Personalize with functions like `currentUser()` and `today()`.",{"text":2040},"Filter by 25+ fields including labels, milestones, and health.",{"text":2042},"Display as auto-refreshing tables or lists.",{"text":2044,"config":2045,"description":2047,"labels":2048,"items":2049},"Additional developer experience updates",{"href":2046},"/releases/2025/08/21/gitlab-18-3-released/#customize-instructions-for-gitlab-duo-code-review","More flexibility in how developers use AI models and manage projects with features that improve customization, security, and productivity:",[756,945,729,824,825,728],[2050,2052,2054,2056,2058,2060],{"text":2051},"Customize Duo Code Review instructions to define project-specific review standards in YAML.",{"text":2053},"Bring your own models (Self-Hosted) to run any compatible model with Duo.",{"text":2055},"Hybrid model selection (Self-Hosted) assigns models per feature to balance scale and security.",{"text":2057},"Surfacing compliance violations with enhanced reports directly map violations to framework controls.",{"text":2059},"Web IDE source control allows creating/deleting branches, amending commits, and force-pushing directly in the browser.",{"text":2061},"Migration by direct transfer reliably moves large groups/projects between GitLab instances.","shared/en-us/releases/whats-new/versions/18.3",{"config":2064,"content":2067,"stem":2264},{"template":8,"noContent":704,"version":2065,"releaseDate":2066},18.2,"Jul 17, 2025",{"title":2068,"components":2069},"GitLab 18.2",[2070,2085],{"componentName":710,"type":710,"componentContent":2071},{"title":2072,"description":2073,"video":2074,"config":2083},"What's new in GitLab 18.2","GitLab Duo Agent Platform public beta, custom workflow statuses, enhanced compliance dashboards, and expansive improvements to the core platform.",{"config":2075,"heading":2078,"description":2079,"button":2080},{"href":2076,"thumbnail":2077},"https://player.vimeo.com/video/1101993507?title=0&byline=0&portrait=0&badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758936135/554e557a-a7f1-4a68-a419-45d20a6ff049.png","Reimagining the future of software development","We're delivering critical enterprise capabilities from workflow customization to security governance that will establish the standards for modern software delivery at scale.",{"text":913,"config":2081},{"href":2082},"/blog/gitlab-duo-agent-platform-public-beta/",{"id":2084},"18.2",{"componentName":721,"type":721,"componentContent":2086},{"features":2087},[2088,2101,2116,2130,2145,2160,2175,2192,2207,2224,2235,2249],{"text":2089,"config":2090,"description":2092,"labels":2093,"items":2094},"Custom workflow statuses",{"href":2091},"https://docs.gitlab.com/user/work_items/status/","Developers can go beyond basic tracking of projects with configurable statuses that reflect actual workflows:",[945,729],[2095,2097,2099],{"text":2096},"Define workflows for accurate reporting and replace label workarounds with real visibility.",{"text":2098},"Update the status of multiple items with bulk operations across portfolios simultaneously.",{"text":2100},"Board automations can be configured with precise workflow transitions to improve accuracy in workflow stages.",{"text":2102,"config":2103,"labels":2105,"description":2106,"items":2107},"New merge request homepage: Intelligent prioritization at scale",{"href":2104},"https://docs.gitlab.com/user/project/merge_requests/homepage/",[945,756,771],"Improved layout makes it possible to juggle dozens of MRs across multiple projects for developers:",[2108,2110,2112,2114],{"text":2109},"Role-based views separate author vs. reviewer responsibilities so developers can focus on specific tasks.",{"text":2111},"Workflow view organizes group flows by the review state of MRs for clear next actions.",{"text":2113},"Expanded visibility combines authored and assigned MRs to ensure nothing is missed across projects.",{"text":2115},"The Active merge requests tab makes it easy to find what needs attention now.",{"text":2117,"config":2118,"labels":2119,"description":2120,"items":2121},"Immutable container tags (Beta): Supply chain security",{"href":2018},[770,824,825],"Protect production stability and maintain compliance with tags that cannot be modified after creation:",[2122,2124,2126,2128],{"text":2123},"Deployment integrity enforces production tags that remain unchanged in order to prevent accidental modifications.",{"text":2125},"Audit trails provide a complete view into container modifications for compliance reporting and security reviews.",{"text":2127},"Pattern-based rules support up to 5 RE2 regex patterns per project to help automatically protect semantic versions and critical tags.",{"text":2129},"Automated exclusions respect immutable tags in cleanup policies to prevent accidental deletion of critical images.",{"text":2131,"config":2132,"labels":2134,"description":2135,"items":2136},"Container Scanning Improvements",{"href":2133},"https://docs.gitlab.com/user/application_security/container_scanning/#available-cicd-variables",[770,771],"Major enhancements to vulnerability detection help development teams identify and fix security issues faster:",[2137,2139,2141,2143],{"text":2138},"Multi-architecture support provides native Linux Arm64 scanning to eliminate emulation and speeds up scans.",{"text":2140},"Enhanced archive scanning delivers better vulnerability attribution across images to understand where the issues exist.",{"text":2142},"JavaScript reachability analysis identifies actually-used vulnerable code to reduce false positives and focus remediation efforts.",{"text":2144},"Reachability filtering highlights the most critical vulnerabilities.",{"text":2146,"config":2147,"labels":2149,"description":2150,"items":2151},"AWS Secrets Manager integration",{"href":2148},"https://docs.gitlab.com/ci/secrets/aws_secrets_manager/",[824,825,770],"Native AWS integration with GitLab CI/CD streamlines enterprise secret management and strengthens security controls:",[2152,2154,2156,2158],{"text":2153},"Native AWS support enables direct Secrets Manager and Parameter Store access to eliminate the need for custom scripting.",{"text":2155},"Removes third-party tools to simplify architecture and reduce attack surface.",{"text":2157},"OIDC authentication provides keyless access so teams can manage secrets without storing credentials.",{"text":2159},"Centralized management consolidates secret handling to enable comprehensive security auditing.",{"text":2161,"config":2162,"labels":2164,"description":2165,"items":2166},"Centralized Security Policy Management (Beta)",{"href":2163},"https://docs.gitlab.com/user/application_security/policies/enforcement/compliance_and_security_policy_groups/",[729,770,825],"Single point of control for organization-wide security policies, eliminating fragmentation across projects:",[2167,2169,2171,2173],{"text":2168},"Define once in the CSP, apply everywhere with instance-wide policy enforcement.",{"text":2170},"Business unit flexibility allows teams to inherit and extend organizational policies from the CSP group.",{"text":2172},"Least privilege ensures centralized control with delegated execution.",{"text":2174},"Complete coverage supports all existing security policy types.",{"text":2176,"config":2177,"labels":2179,"description":2180,"items":2181},"Enhanced Audit & Reporting Capabilities",{"href":2178},"https://docs.gitlab.com/user/application_security/security_dashboard/#exporting",[771,770],"Comprehensive improvements to security visibility and reporting help developers quickly demonstrate compliance adherence:",[2182,2184,2186,2188,2190],{"text":2183},"PDF Security Reports enable dashboard export for board reporting.",{"text":2185},"Audit Stream controls allow updates to streaming without reconfiguration, preventing manual maintenance.",{"text":2187},"Enhanced filtering by event type, groups, or projects are now available.",{"text":2189},"Vulnerability GraphQL API tracks introduction and resolution pipelines.",{"text":2191},"Credentials Inventory now includes service accounts to show complete token visibility.",{"text":2193,"config":2194,"labels":2196,"description":2197,"items":2198},"Compliance overview dashboard: Expansive visibility",{"href":2195},"https://docs.gitlab.com/user/compliance/compliance_center/compliance_overview_dashboard/",[729,771],"The new aggregated compliance view gives stakeholders instant visibility into organizational compliance standards, along with dashboards for:",[2199,2201,2203,2205],{"text":2200},"Framework coverage, which shows the percentage of projects with compliance frameworks.",{"text":2202},"Requirement status, which tracks pass/fail rates across the organization.",{"text":2204},"Control effectiveness, which measures aggregate performance data to provide actionable compliance insights.",{"text":2206},"Risk prioritization, which identifies frameworks to focus on the highest-impact improvements.",{"text":2208,"config":2209,"labels":2211,"description":2212,"items":2213},"Work Item & Planning Enhancements",{"href":2210},"https://docs.gitlab.com/user/group/epics/manage_epics/#assignees",[945,729],"Comprehensive planning improvements give developers the ability to coordinate complex projects more effectively:",[2214,2216,2218,2220,2222],{"text":2215},"Epic assignments provide clear ownership for strategic initiatives.",{"text":2217},"Milestone-to-epic linking connects quarterly objectives to daily work.",{"text":2219},"Unified references introduce new [work_item:123] syntax across GitLab, making it easier to cross-reference items.",{"text":2221},"Display preferences offer customizable metadata visibility for teams to find relevant information.",{"text":2223},"Drawer/full-page toggle lets users choose how to view epic details for their specific needs and preferences.",{"text":2225,"config":2226,"labels":2228,"description":2229,"items":2230},"Platform Administration",{"href":2227},"https://docs.gitlab.com/administration/settings/import_and_export_settings/#skip-confirmation-when-reassigning-placeholder-users",[729,825],"Enterprise administration capabilities for managing GitLab at scale:",[2231,2233],{"text":2232},"Custom Admin Role (Beta) provides granular permissions for Admin Area.",{"text":2234},"Workspace Kubernetes Agents enable instance-wide agent mapping.",{"text":2236,"config":2237,"labels":2238,"description":2239,"items":2240},"Duo Agent Platform in the IDE (Beta)",{"href":1675},[756,728],"Bringing intelligent assistance directly into VS Code and JetBrains IDEs as an enhancement layer so developers can stay in flow:",[2241,2243,2245,2247],{"text":2242},"Natural workflow integration gives full context in the IDE to eliminate context switching.",{"text":2244},"Comprehensive access provides Issues, MRs, pipelines, and security data to enable better-informed code decisions.",{"text":2246},"MCP support connects to external tools and data sources to expand capabilities.",{"text":2248},"Pattern-based search enables advanced grep and file discovery to help developers find code quickly.",{"text":2250,"config":2251,"labels":2253,"description":2254,"items":2255},"Group & Project Controls for GitLab Duo",{"href":2252},"https://docs.gitlab.com/user/gitlab_duo/turn_on_off/",[729,728],"Fine-grained control over AI features helps organizations balance innovation with governance in GitLab Premium and Ultimate:",[2256,2258,2260,2262],{"text":2257},"Hierarchical controls cascade from instance to project to simplify policy management.",{"text":2259},"Feature-specific toggles separate Code Suggestions and Chat controls to enable a controlled rollout.",{"text":2261},"Compliance alignment meets diverse regulatory requirements to ensure responsible AI usage.",{"text":2263},"User flexibility balances innovation with control to support varying team needs.","shared/en-us/releases/whats-new/versions/18.2",{"config":2266,"content":2269,"stem":2356},{"template":8,"noContent":704,"version":2267,"releaseDate":2268},18.1,"Jun 24, 2025",{"title":2270,"components":2271},"GitLab 18.1",[2272,2287],{"componentName":710,"type":710,"componentContent":2273},{"title":2274,"description":2275,"video":2276,"config":2285},"What's new in GitLab 18.1","Maven virtual registry, SLSA compliance components, enhanced code review, compromised password detection, and foundational platform improvements.",{"config":2277,"heading":2280,"description":2281,"button":2282},{"href":2278,"thumbnail":2279},"https://player.vimeo.com/video/1095679084?badge=0&autopause=0&player_id=0&app_id=58479","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758936215/c8da9611-1472-4949-bd08-736b7d874bde.png","Building the foundation for AI-enhanced DevOps","With GitLab 18.1, we are setting the groundwork for modernized software development where dependency management, security, and compliance become intelligent, automated capabilities that scale with your organization.",{"text":913,"config":2283},{"href":2284},"/blog/gitlab-duo-agent-platform-what-is-next-for-intelligent-devsecops/",{"id":2286},"18.1",{"componentName":721,"type":721,"componentContent":2288},{"features":2289},[2290,2302,2315,2328,2343],{"text":2291,"config":2292,"labels":2293,"description":2294,"items":2295},"Maven Virtual Registry (Beta): Centralizing Enterprise Dependency Management",{"href":1703},[729,824,825],"The Maven registry combines multiple repositories into one endpoint, eliminates sequential queries, and reduces setup complexity so developers can focus on coding instead of managing repositories:",[2296,2298,2300],{"text":2297},"Intelligent caching accelerates build times to enable teams to iterate and ship faster.",{"text":2299},"Real-time security scanning across all dependencies provides continuous vulnerability detection without manual checks.",{"text":2301},"Enterprise scale supports 20 virtual registries with 20 upstreams each to accommodate for large organizations' complex needs.",{"text":2303,"config":2304,"labels":2306,"description":2307,"items":2308},"SLSA Level 1 Compliance: Automate supply chain security",{"href":2305},"https://docs.gitlab.com/ci/pipeline_security/slsa/",[770,824,771],"New pre-built CI/CD components deliver immediate SLSA compliance for software supply chain security without custom development:",[2309,2311,2313],{"text":2310},"Automatic provenance generation by GitLab Runner creates SLSA-compliant attestation which eliminates manual compliance steps.",{"text":2312},"Cryptographic signing and verification ensures artifact integrity to provide auditable proof of secure builds.",{"text":2314},"Verification Summary Attestations (VSA) for job artifacts enable compliance reporting with minimal maintenance.",{"text":2316,"config":2317,"labels":2319,"description":2320,"items":2321},"Compromised password detection: Proactive credential protection",{"href":2318},"https://docs.gitlab.com/security/compromised_password_detection/",[729,770],"Automatic credential checking against breaches help prevent account compromise:",[2322,2324,2326],{"text":2323},"Zero-configuration deployment provides immediate protection without setup.",{"text":2325},"Real-time threat detection checks credentials against known compromised password databases instantly to enable immediate response to emerging threats.",{"text":2327},"Instant security alerts notify users via banner and email when credentials are at risk with clear remediation steps when action is needed.",{"text":2329,"config":2330,"labels":2332,"description":2333,"items":2334},"Enhanced compliance controls: Streamlined governance",{"href":2331},"https://docs.gitlab.com/user/compliance/",[729,770,771],"Strengthened compliance capabilities help organizations manage regulatory standards at scale:",[2335,2337,2339,2341],{"text":2336},"Custom control naming enables clear identification to help compliance teams organize external controls effectively.",{"text":2338},"Pagination for framework UI compliance requirements expanded to 50 to improve navigation for large frameworks.",{"text":2340},"Granular status reporting shows individual control details to provide actionable compliance insights.",{"text":2342},"Variable precedence controls balance security with flexibility to enable customization within policy boundaries.",{"text":2344,"config":2345,"labels":2347,"description":2348,"items":2349},"Duo Code Review (GA): AI-powered code quality at scale",{"href":2346},"https://docs.gitlab.com/user/project/merge_requests/duo_in_merge_requests/#have-gitlab-duo-review-your-code",[756,771,728],"Production-ready automated code review addresses bottlenecks in software development workflows while maintaining quality standards:",[2350,2352,2354],{"text":2351},"Initial automated code review reduces review cycles from hours to minutes to help developers merge code faster.",{"text":2353},"Interactive refinement with @GitLabDuo mentions provides direct feedback to address specific code concerns.",{"text":2355},"Context-aware analysis leverages project understanding to deliver relevant, project-specific recommendations.","shared/en-us/releases/whats-new/versions/18.1",{"config":2358,"content":2361,"stem":2435},{"template":8,"noContent":704,"version":2359,"releaseDate":2360},"18.0","May 15, 2025",{"components":2362},[2363,2374],{"componentName":710,"type":710,"componentContent":2364},{"title":2365,"description":2366,"video":2367},"What's new in GitLab 18.0","AI integrated natively with Premium and Ultimate, while automated code reviews and proactive vulnerability protection strengthen enterprise DevSecOps.",{"config":2368,"heading":2369,"description":2370,"button":2371},{"href":2278},"CEO Corner: Intelligent DevSecOps Takes Center Stage","GitLab Duo Agent Platform, a DevSecOps orchestration platform for humans and AI agents, leverages agentic AI for collaboration across the software development lifecycle.",{"text":913,"config":2372},{"href":2373},"https://about.gitlab.com/blog/gitlab-duo-agent-platform-what-is-next-for-intelligent-devsecops/",{"componentName":721,"type":721,"componentContent":2375},{"features":2376},[2377,2380,2395,2410,2422],{"text":2378,"description":2379},"AI-native capabilities meet enterprise security","GitLab 18.0 integrates Duo natively with Premium and Ultimate tiers, enables automatic code reviews at scale, and introduces proactive vulnerability remediation for GitLab Dedicated customers. These advancements demonstrate GitLab's commitment to making AI assistance pervasive across the development lifecycle while strengthening enterprise security posture.",{"text":2381,"labels":2382,"description":2383,"config":2384,"items":2386},"GitLab Premium and Ultimate with Duo",[728],"GitLab Duo is now integrated natively with Premium and Ultimate subscriptions, making AI assistance available throughout your development workflow. Teams can:\n",{"href":2385},"https://docs.gitlab.com/user/gitlab_duo/",[2387,2389,2391,2393],{"text":2388},"Access Code Suggestions, Chat, and other Duo features without separate add-on purchases.",{"text":2390},"Enable AI assistance for all Premium and Ultimate users across your organization.",{"text":2392},"Leverage comprehensive AI capabilities from planning through deployment.",{"text":2394},"Scale AI adoption based on team needs and workflow requirements.",{"text":2396,"description":2397,"config":2398,"labels":2400,"items":2401},"Automatic reviews with Duo Code Review","Configure GitLab Duo Code Review to run automatically on all merge requests by updating project merge request settings. This automation ensures:",{"href":2399},"https://docs.gitlab.com/user/project/merge_requests/duo_in_merge_requests/",[728,756],[2402,2404,2406,2408],{"text":2403},"All code receives an initial review consistently across your codebase.",{"text":2405},"Code quality improvements happen without manual review requests.",{"text":2407},"Review standards apply uniformly to every contribution.",{"text":2409},"Senior engineers can focus on architectural decisions while initial reviews happen automatically.",{"text":2411,"description":2412,"config":2413,"labels":2414,"items":2415},"Improved Duo Code Review context","Get more context-aware feedback from GitLab Duo Code Review by analyzing additional signals from your codebase and development patterns. Developers receive:",{"href":2399},[728,756],[2416,2418,2420],{"text":2417},"Feedback aligned with their specific coding standards and team conventions.",{"text":2419},"Code review comments that understand project architecture for more relevant suggestions.",{"text":2421},"Actionable recommendations based on your established development patterns.",{"text":2423,"description":2424,"config":2425,"labels":2427,"items":2428},"Internal releases available for GitLab Dedicated","GitLab Dedicated instances are remedied for critical vulnerabilities before public disclosure through Internal Releases. This capability provides:\n",{"href":2426},"https://docs.gitlab.com/administration/dedicated/releases/",[729,770],[2429,2431,2433],{"text":2430},"Protection for development environments before vulnerabilities become publicly known.",{"text":2432},"Automatic remediation through emergency maintenance procedures with no customer action required.",{"text":2434},"Proactive security posture that meets regulated industry and enterprise compliance requirements.","shared/en-us/releases/whats-new/versions/18-0",{"config":2437,"content":2440,"stem":2523},{"template":8,"noContent":704,"version":2438,"releaseDate":2439},"17.11","Apr 17, 2025",{"components":2441},[2442,2446],{"componentName":710,"type":710,"componentContent":2443},{"title":2444,"description":2445},"What's new in GitLab 17.11","Compliance frameworks gain custom requirements and controls, while Eclipse IDE support and protected packages expand platform capabilities.\n",{"componentName":721,"type":721,"componentContent":2447},{"features":2448},[2449,2452,2467,2480,2493,2508],{"text":2450,"description":2451},"Governance transformation and platform breadth","GitLab 17.11 transforms compliance frameworks from simple project labels into comprehensive governance systems with custom requirements and controls. The Eclipse IDE plugin launch, continued Self-Hosted feature expansion, and protected container tags demonstrate GitLab's investment across governance, AI accessibility, and supply chain security.\n",{"text":2453,"description":2454,"config":2455,"labels":2457,"items":2458},"Customize compliance frameworks with requirements and compliance controls","Define specific requirements and compliance controls within compliance frameworks, transforming them from simple project labels into actionable governance tools. Organizations can:",{"href":2456},"https://docs.gitlab.com/user/compliance/compliance_center/compliance_status_report/",[729,770],[2459,2461,2463,2465],{"text":2460},"Map requirements to regulatory standards like SOC 2, ISO 27001, HIPAA, or custom internal standards.",{"text":2462},"Track compliance status to monitor which projects meet specific control requirements.",{"text":2464},"Demonstrate audit readiness with structured, reportable compliance data.",{"text":2466},"Customize enforcement by applying different requirements based on project risk levels.",{"text":2468,"description":2469,"items":2470,"config":2477,"labels":2479},"GitLab Eclipse plugin (Beta)","Extend GitLab Duo features directly into Eclipse IDE with the new GitLab Eclipse plugin now available in the Eclipse Marketplace. This integration provides:\n",[2471,2473,2475],{"text":2472},"Seamless access to Duo Chat and AI-powered Code Suggestions in Eclipse",{"text":2474},"Unified AI assistance across VS Code, JetBrains, and Eclipse IDEs.",{"text":2476},"Expanded developer choice for AI-assisted workflows.",{"href":2478},"https://docs.gitlab.com/ee/editor_extensions/eclipse/",[728],{"text":2481,"description":2482,"config":2483,"labels":2485,"items":2486},"More GitLab Duo features now available via Self-Hosted Models","Expand AI capabilities in self-hosted environments with additional GitLab Duo features now available for organizations requiring complete data sovereignty. Teams can:\n",{"href":2484},"https://docs.gitlab.com/ee/administration/self_hosted_models/",[728],[2487,2489,2491],{"text":2488},"Access an expanded Duo feature set while maintaining on-premise or private cloud deployment.",{"text":2490},"Meet strict data residency and compliance requirements.",{"text":2492},"Achieve feature parity with cloud-hosted Duo offerings.",{"text":2494,"description":2495,"config":2496,"labels":2498,"items":2499},"Enhance security with protected container tags","Control who can push or delete specific container tags with fine-grained protection rules using RE2 regex patterns. This feature enables teams to:\n",{"href":2497},"https://docs.gitlab.com/user/packages/container_registry/container_repository_protection_rules/",[729,945],[2500,2502,2504,2506],{"text":2501},"Create up to five protection rules per project to protect tags like latest or semantic versions.",{"text":2503},"Restrict push and delete operations to Maintainer, Owner, or Administrator roles.",{"text":2505},"Prevent protected tags from being removed by cleanup policies.",{"text":2507},"Safeguard production-critical container images from accidental or unauthorized changes.",{"text":2509,"description":2510,"config":2511,"labels":2513,"items":2514},"CycloneDX export for the project dependency list","Generate your SBOM by exporting your dependency list in the widely-adopted CycloneDX format. Organizations can:\n",{"href":2512},"https://docs.gitlab.com/user/application_security/dependency_list/#download-the-dependency-list",[770,824],[2515,2517,2519,2521],{"text":2516},"Meet regulatory requirements for software bill of materials.",{"text":2518},"Enable compatibility with security scanning tools across their ecosystem.",{"text":2520},"Facilitate vulnerability tracking across the software supply chain.",{"text":2522},"Integrate with industry-standard SBOM processing workflows.","shared/en-us/releases/whats-new/versions/17-11",{"config":2525,"content":2528,"stem":2597},{"template":8,"noContent":704,"version":2526,"releaseDate":2527},"17.10","Mar 20, 2025",{"components":2529},[2530,2534],{"componentName":710,"type":710,"componentContent":2531},{"title":2532,"description":2533},"What's new in GitLab 17.10","AI-powered code reviews launch in beta, while GLQL Views and DORA metrics expand analytics capabilities for development teams.",{"componentName":721,"type":721,"componentContent":2535},{"features":2536},[2537,2540,2554,2569,2582],{"text":2538,"description":2539},"Code review automation and analytics innovation","GitLab 17.10 introduces Duo Code Review in beta to provide immediate AI-powered feedback on merge requests. GLQL Views beta, project-level DORA metrics visualization, and the “new issue” design reaching general availability demonstrate GitLab's continued investment in analytics sophistication and modern user experience.\n",{"text":2541,"description":2542,"labels":2543,"config":2544,"items":2545},"Duo Code Review (Beta)","Get immediate AI-powered feedback on merge requests by adding @GitLabDuo as a reviewer or mentioning @GitLabDuo in comments. This beta feature enables teams to:\n",[728,756,770],{"href":2346},[2546,2548,2550,2552],{"text":2547},"Catch issues earlier without waiting for human reviewers.",{"text":2549},"Get AI feedback on merge requests, reducing bottlenecks for authors and reviewers.",{"text":2551},"Maintain consistent review standards across all contributions.",{"text":2553},"Free up human reviewers to focus on architecture and mentorship.",{"text":2555,"description":2556,"config":2557,"labels":2559,"items":2560},"GitLab Query Language (GLQL) Views (Beta)","Create dynamic, real-time work tracking directly in existing workflows by embedding live data queries in Markdown code blocks. Teams can:\n",{"href":2558},"https://docs.gitlab.com/ee/user/gitlab_query_language/",[729,945],[2561,2563,2565,2567],{"text":2562},"Embed GLQL views throughout Wiki pages, epic descriptions, issue comments, and merge requests.",{"text":2564},"Filter using logical expressions and operators across assignee, author, label, and milestone fields.",{"text":2566},"Customize presentations as tables or lists with controlled field visibility and result limits.",{"text":2568},"Access information without leaving their current workflow.",{"text":2570,"description":2571,"config":2572,"labels":2574,"items":2575},"Projects by DORA metric panel","View all projects in your top-level group with breakdown into the four DORA metrics in the Value Streams Dashboard. This panel helps leaders:",{"href":2573},"https://docs.gitlab.com/ee/user/analytics/value_streams_dashboard.html",[771],[2576,2578,2580],{"text":2577},"Identify high, medium, and low-performing projects across your organization.",{"text":2579},"Make data-driven decisions to allocate resources effectively.",{"text":2581},"Focus initiatives on enhancing software delivery speed, stability, and reliability.",{"text":2583,"description":2584,"config":2585,"labels":2587,"items":2588},"“New issue” design update (now GA)","Issues now share a common framework with epics and tasks, featuring real-time updates and workflow improvements. Key improvements include:\n",{"href":2586},"https://docs.gitlab.com/ee/user/project/issues/",[945],[2589,2591,2593,2595],{"text":2590},"Drawer view to open items from lists or boards for quick viewing without the usual context switching.",{"text":2592},"The \"Change type\" action to convert types between epics, issues, and tasks",{"text":2594},"Consolidated development items (merge requests, branches, feature flags) in a single list.",{"text":2596},"Improved linking options with drag-and-drop to change link types.","shared/en-us/releases/whats-new/versions/17-10",{"config":2599,"content":2602,"stem":2673},{"template":8,"noContent":704,"version":2600,"releaseDate":2601},"17.9","Feb 20, 2025",{"components":2603},[2604,2608],{"componentName":710,"type":710,"componentContent":2605},{"title":2606,"description":2607},"What's new in GitLab 17.9","GitLab Duo Self-hosted is now generally available, with new parallel GitLab Pages sites and custom pipeline stage controls.\n",{"componentName":721,"type":721,"componentContent":2609},{"features":2610},[2611,2614,2628,2643,2658],{"text":2612,"description":2613},"AI data sovereignty meets pipeline flexibility","GitLab 17.9 brings support for GitLab Duo with self-hosted models to general availability, enabling organizations with strict data requirements to host AI models alongside their own private infrastructure requirements. Parallel deployments for GitLab Pages, custom pipeline stages, and SBOM-based Dependency Scanning transition demonstrate continued platform investment across AI sovereignty, developer productivity, and industry standard alignment.\n",{"text":2615,"description":2616,"config":2617,"labels":2618,"items":2619},"GitLab Duo with self-hosted AI models (now GA)","Host selected large language models in your own infrastructure or on AWS Bedrock and configure them for GitLab Duo Code Suggestions and Chat. This capability enables teams to:\n",{"href":2484},[728],[2620,2622,2624,2626],{"text":2621},"Leverage AI assistance while maintaining complete data sovereignty and privacy.",{"text":2623},"Use models hosted on-premise or in private cloud environments.",{"text":2625},"Support Mistral, Claude 3.5 Sonnet, and OpenAI models on various platforms.",{"text":2627},"Meet strict data residency and compliance requirements for regulated industries.",{"text":2629,"description":2630,"labels":2631,"config":2632,"items":2634},"GitLab Pages parallel deployments","Create multiple versions of your GitLab Pages sites simultaneously with parallel deployments, each accessible via unique URLs based on configured prefixes. Teams can:",[824],{"href":2633},"https://docs.gitlab.com/ee/user/project/pages/",[2635,2637,2639,2641],{"text":2636},"Preview design changes or content updates before publishing to production.",{"text":2638},"Test site changes in development environments.",{"text":2640},"Review changes from merge requests with dedicated preview URLs.",{"text":2642},"Maintain multiple site versions for localized content or A/B testing.",{"text":2644,"description":2645,"labels":2646,"config":2647,"items":2649},"Enforce custom stages in pipeline execution policies","Define and inject custom stages at specific points in your pipeline while maintaining security and compliance requirements. This capability provides:",[729,945],{"href":2648},"https://docs.gitlab.com/user/application_security/policies/pipeline_execution_policies/#inject_policy",[2650,2652,2654,2656],{"text":2651},"Enhanced pipeline customization by defining stages at specific execution points for granular control.",{"text":2653},"Improved security and compliance by ensuring scans run at optimal times, such as after build but before deployment.",{"text":2655},"Flexible policy management that maintains centralized control while allowing development teams to customize within guardrails.",{"text":2657},"Seamless integration with existing project stages and other policy types.",{"text":2659,"config":2660,"description":2662,"labels":2663,"items":2664},"Enable Dependency Scanning using SBOM for Cargo, Conda, Cocoapods and Swift projects",{"href":2661},"https://docs.gitlab.com/ee/update/deprecations.html?removal_milestone=18.0#dependency-scanning-upgrades-to-the-gitlab-sbom-vulnerability-scanner","Transition to Dependency Scanning using SBOM with the new analyzer replacing Gemnasium (end of support in 18.0). This analyzer now supports:",[770,843],[2665,2667,2669,2671],{"text":2666},"C/C++/Fortran/Go/Python/R projects using Conda with conda-lock.yml files.",{"text":2668},"Objective-C projects using Cocoapods with podfile.lock files.",{"text":2670},"Rust projects using Cargo with cargo.lock files.",{"text":2672},"Swift projects using Swift with package.resolved files.","shared/en-us/releases/whats-new/versions/17-9",{"config":2675,"content":2678,"stem":2749},{"template":8,"noContent":704,"version":2676,"releaseDate":2677},"17.8","Jan 16, 2025",{"components":2679},[2680,2684],{"componentName":710,"type":710,"componentContent":2681},{"title":2682,"description":2683},"What's new in GitLab 17.8","Layered approval workflows, protected container repositories, and real-time SAST in VS Code strengthen enterprise security controls.\n",{"componentName":721,"type":721,"componentContent":2685},{"features":2686},[2687,2690,2705,2719,2734],{"text":2688,"description":2689},"Sophisticated governance and shift-left security","GitLab 17.8 enables more granular approval requirements in security policies and protected container repositories for enhanced supply chain security. Real-time SAST scanning in VS Code and ML model experiment tracking reaches general availability (GA),  demonstrating GitLab's focus on both shift-left security and MLOps workflow maturity.",{"text":2691,"description":2692,"config":2693,"labels":2695,"items":2696},"Support multiple distinct approval actions in merge request approval policies","Enforce layered security approvals from varied roles, individual approvers, or separate groups with up to five approval rules per policy. Organizations can configure:\n",{"href":2694},"https://docs.gitlab.com/user/application_security/policies/merge_request_approval_policies/",[729,945],[2697,2699,2701,2703],{"text":2698},"Distinct role approvals requiring one approval from a Developer role and another from a Maintainer role.",{"text":2700},"Role and group approvals requiring one approval from Developer or Maintainer and separate approval from Security Group members.",{"text":2702},"Distinct group approvals requiring approvals from different specialized groups like Python Experts and Security teams.",{"text":2704},"Complex compliance workflows to ensure the right people review every change.",{"text":2706,"description":2707,"config":2708,"labels":2709,"items":2710},"Enhance security with protected container repositories","Address security and control challenges in managing container images with protected container repositories. This solution provides:",{"href":2497},[729,945],[2711,2713,2715,2717],{"text":2712},"Enhanced security through strict access controls for sensitive container repositories.",{"text":2714},"Granular permissions for push, pull, and management operations.",{"text":2716},"Seamless integration with GitLab CI/CD pipelines so there’s no workflow disruption.",{"text":2718},"Protection from unauthorized access and accidental modifications to critical container assets.",{"text":2720,"description":2721,"config":2722,"labels":2724,"items":2725},"SAST scanning in VS Code","Scan project files directly in VS Code before committing or pushing them to find and fix security vulnerabilities faster. Developers can:",{"href":2723},"https://docs.gitlab.com/ee/editor_extensions/visual_studio_code/#perform-sast-scanning",[756,770],[2726,2728,2730,2732],{"text":2727},"Identify security issues immediately without waiting for pipeline results.",{"text":2729},"View scan results in a dedicated side panel that updates as code changes.",{"text":2731},"Hover over vulnerability results for detailed descriptions or open in a separate editor window.",{"text":2733},"Fix vulnerabilities before they enter the codebase.ML model experiment tracking (now GA)",{"text":2735,"description":2736,"config":2737,"labels":2739,"items":2740},"ML model experiment tracking (now GA)","Track machine learning experiments with parameters, metrics, and artifacts logged directly into GitLab. This GA release enables teams to:",{"href":2738},"https://docs.gitlab.com/ee/user/project/ml/experiment_tracking/",[945,843],[2741,2743,2745,2747],{"text":2742},"Log experimental metadata so data scientists can replicate experiments later.",{"text":2744},"Keep all experimental data within your GitLab environment for centralized management.",{"text":2746},"Access enhanced data displays, deeper GitLab integration, and improved permissions.",{"text":2748},"Collaborate on ML experiments alongside code and CI/CD workflows.","shared/en-us/releases/whats-new/versions/17-8",{"config":2751,"content":2754,"stem":2821},{"template":8,"noContent":704,"version":2752,"releaseDate":2753},"17.7","Dec 19, 2024",{"components":2755},[2756,2760],{"componentName":710,"type":710,"componentContent":2757},{"title":2758,"description":2759},"What's new in GitLab 17.7","Automated vulnerability resolution, security report grouping, and CI/CD component tracking enhance security workflows and platform observability.\n",{"componentName":721,"type":721,"componentContent":2761},{"features":2762},[2763,2766,2781,2794,2807],{"text":2764,"description":2765},"Security workflow intelligence and platform insights","GitLab 17.7 introduces automated vulnerability resolution when threats are no longer detected, vulnerability report grouping for efficient triage, and the new Planner role for more granular access control. CI/CD component usage tracking provides DevOps teams with platform adoption insights across their organization.",{"text":2767,"description":2768,"labels":2769,"items":2770,"config":2779},"Auto-resolve vulnerabilities when not found in subsequent scans","Configure vulnerability management policies to automatically mark vulnerabilities as Resolved when they're no longer detected by automated scanning. With this automation, teams can:",[770],[2771,2773,2775,2777],{"text":2772},"Reduce manual triage workload by automatically closing fixed vulnerabilities.",{"text":2774},"Configure policies to auto-resolve based on specific severity levels or security scanners.",{"text":2776},"Track resolution with activity notes, timestamps, and pipeline references in vulnerability records.",{"text":2778},"Focus security team time on active threats rather than administrative closure tasks.",{"href":2780},"https://docs.gitlab.com/user/application_security/policies/vulnerability_management_policy/",{"text":2782,"description":2783,"config":2784,"labels":2786,"items":2787},"Vulnerability report grouping","View vulnerabilities in groups to optimize triage tasks using bulk actions and quickly assess threat patterns. Security teams can:\n",{"href":2785},"https://docs.gitlab.com/ee/user/application_security/vulnerability_report/",[770],[2788,2790,2792],{"text":2789},"See how many vulnerabilities match specific groups like OWASP Top 10 classifications.",{"text":2791},"Apply bulk status changes to grouped vulnerabilities efficiently",{"text":2793},"Identify vulnerability trends and patterns across their applications.",{"text":2795,"labels":2796,"config":2797,"description":2799,"items":2800},"New Planner user role",[945,729],{"href":2798},"https://docs.gitlab.com/user/permissions/","Access Agile planning capabilities like epics, roadmaps, and Kanban boards with tailored permissions through the new Planner role. This role helps teams:\n",[2801,2803,2805],{"text":2802},"Collaborate effectively on planning without over-provisioning permissions.",{"text":2804},"Maintain workflows aligned with the principle of least privilege.",{"text":2806},"Keep planning activities secure while enabling team collaboration.",{"text":2808,"description":2809,"labels":2810,"items":2811,"config":2820},"Track CI/CD component usage across projects","View which projects use specific CI/CD components across your organization's pipelines through a new GraphQL query. DevOps teams can:",[843],[2812,2814,2816,2818],{"text":2813},"Identify outdated component usage for targeted updates.",{"text":2815},"Understand adoption rates of shared CI/CD components.",{"text":2817},"Support component lifecycles by knowing where they're deployed.",{"text":2819},"Make informed decisions about component deprecation or enhancement.",{"href":1369},"shared/en-us/releases/whats-new/versions/17-7",{"features":2823},[2824,2906],{"categoryName":2825,"subcategories":2826},"Agentic Core",[2827],{"name":2828,"features":2829},"From intelligent coding assistants to orchestrated AI across the entire software lifecycle",[2830,2849,2868,2887],{"text":2831,"labels":2832,"description":2833,"items":2834,"links":2843},"BYOK Iteration 1: Token authentication with GitLab AI Gateway",[728,729],"Enterprises want to use their own model subscriptions to power Duo Agent Platform features, for cost control, data residency, or existing contract leverage. BYOK Iteration 1 connects customer-owned providers through token-based authentication via GitLab AI Gateway. We’re working to add:",[2835,2837,2839,2841],{"text":2836},"Connections to existing provider relationships through the AI Gateway using token authentication.",{"text":2838},"Support for providers exposed through the AI Gateway.",{"text":2840},"Preservation of existing contract leverage while gaining GitLab's agentic workflow layer.",{"text":2842},"More features to Self-Hosted Duo Agent Platform and model choice introduced in earlier releases.",[2844],{"text":2845,"config":2846},"Epic #20823",{"href":2847,"dataGaName":2845,"dataGaLocation":2848},"https://gitlab.com/groups/gitlab-org/-/work_items/20823","byok-iteration-1-token-authentication-with-gitlab-ai-gateway",{"text":2850,"labels":2851,"description":2852,"items":2853,"links":2862},"AI-powered false positive detection for secret scanning",[770,728],"Security teams spend significant time triaging secret detection findings that turn out to be test credentials or dummy values. AI-powered false positive detection analyzes findings before developers see them, identifying test credentials, example values, and placeholder secrets with clear explanations and confidence scores. This detection is separate from SAST false positive detection. This capability is being built to:",[2854,2856,2858,2860],{"text":2855},"Proactively identify false positives before they reach developer workflows",{"text":2857},"Provide clear explanations and confidence scoring for each determination",{"text":2859},"Support bulk dismiss for validated false positives",{"text":2861},"Track precision and recall metrics to continuously improve detection accuracy",[2863],{"text":2864,"config":2865},"Epic #20152",{"href":2866,"dataGaName":2864,"dataGaLocation":2867},"https://gitlab.com/groups/gitlab-org/-/work_items/20152","ai-powered-false-positive-detection-for-secret-scanning",{"text":2869,"labels":2870,"description":2871,"items":2872,"links":2881},"Web and upload in GitLab Duo Chat (Agentic)",[728],"GitLab Duo Chat (Agentic) will support file uploads and web content as first-class context, so agents can reason over documentation, logs, specs, and other artifacts alongside repository data. This expansion is intended to:",[2873,2875,2877,2879],{"text":2874},"Move DAP from repo-only reasoning to cross-source troubleshooting, planning, and analysis.",{"text":2876},"Let teams share logs, specs, and documentation directly into agent conversations.",{"text":2878},"Support richer context for agentic workflows like root-cause analysis and incident triage.",{"text":2880},"Reduce context-switching between external documents and GitLab.",[2882],{"text":2883,"config":2884},"Issue #521752",{"href":2885,"dataGaName":2883,"dataGaLocation":2886},"https://gitlab.com/gitlab-org/gitlab/-/work_items/521752","web-and-upload-in-gitlab-duo-chat-agentic",{"text":2888,"labels":2889,"description":2890,"items":2891,"links":2900},"Agentic bulk vulnerability resolution",[770,728],"When the same vulnerability pattern appears across a codebase, creating individual merge requests for each instance creates review fatigue and slows remediation. Building on the per-vulnerability SAST resolution flow, this extension will intelligently group related findings by shared root causes and generate consolidated merge requests. We’re planning to include:",[2892,2894,2896,2898],{"text":2893},"Pattern recognition to identify similar vulnerabilities across codebases.",{"text":2895},"Intelligent grouping of findings by root cause or remediation strategy.",{"text":2897},"Single consolidated MRs that address multiple related findings.",{"text":2899},"Visual clustering in the merge request interface for clear review context.",[2901],{"text":2902,"config":2903},"Epic #20154",{"href":2904,"dataGaName":2902,"dataGaLocation":2905},"https://gitlab.com/groups/gitlab-org/-/work_items/20154","agentic-bulk-vulnerability-resolution",{"categoryName":2907,"subcategories":2908},"Unified DevOps & Security",[2909],{"name":2910,"features":2911},"From bolt-on security and fragmented toolchains to integrated, context-aware DevSecOps",[2912,2931,2950,2969,2986,3005,3024,3043,3062,3081,3098,3115,3134,3153,3172,3191,3210,3227,3246,3265,3282,3301,3320,3339,3358,3377,3396,3415,3434,3451],{"text":2913,"labels":2914,"description":2915,"items":2916,"links":2925},"Vulnerability management across contexts (non-default branch tracking)",[770,771],"Today, GitLab only tracks vulnerabilities on the default branch, meaning organizations releasing from long-lived branches have zero visibility into security posture for code running in production. Non-default branch tracking is a top Security Insights request and a documented adoption blocker. Here’s what we are working on:",[2917,2919,2921,2923],{"text":2918},"Configuration of which branches are tracked for vulnerability management beyond the default branch.",{"text":2920},"Local scoping of vulnerability state changes to each branch with an option for global changes.",{"text":2922},"Branch-aware filtering on the vulnerability report for release-specific security posture views.",{"text":2924},"Vulnerability management activity on tracked non-default branches as on default.",[2926],{"text":2927,"config":2928},"Epic #18653",{"href":2929,"dataGaName":2927,"dataGaLocation":2930},"https://gitlab.com/groups/gitlab-org/-/work_items/18653","vulnerability-management-across-contexts-non-default-branch-tracking",{"text":2932,"labels":2933,"description":2934,"items":2935,"links":2944},"Security dashboard attribute filters",[770,771],"The business-context security attributes introduced earlier need to be filterable on the Security Dashboard itself. Security managers will be able to filter dashboards by business impact, application, business unit, and more. We are planning to:",[2936,2938,2940,2942],{"text":2937},"Add security attribute filters on the Security Dashboard building on context filtering.",{"text":2939},"Integrate with existing Report Type and Project filters for combined views.",{"text":2941},"Let compliance teams pull scoped reports and engineering leads focus on their domain.",{"text":2943},"Add a foundation for vulnerability report attribute filtering in subsequent iterations.",[2945],{"text":2946,"config":2947},"Epic #18201",{"href":2948,"dataGaName":2946,"dataGaLocation":2949},"https://gitlab.com/groups/gitlab-org/-/work_items/18201","security-dashboard-attribute-filters",{"text":2951,"labels":2952,"description":2953,"items":2954,"links":2963},"Job inputs for manual pipeline jobs",[843],"CI/CD inputs exist today for pipeline-level configuration, but developers still cannot set parameters for individual manual jobs within pipelines, forcing expensive full pipeline re-runs for simple parameter changes. Job-level inputs will bring dynamic parameter setting to manual jobs when parameters change during execution. This capability is being built to:",[2955,2957,2959,2961],{"text":2956},"Allow individual job parameter configuration without full pipeline re-runs.",{"text":2958},"Support dynamic inputs based on earlier job outputs or external conditions.",{"text":2960},"Reduce deployment errors from parameter mismatches.",{"text":2962},"Provide an easy migration from other tools without needing Jenkins for enterprise CI/CD consolidation.",[2964],{"text":2965,"config":2966},"Epic #18551",{"href":2967,"dataGaName":2965,"dataGaLocation":2968},"https://gitlab.com/groups/gitlab-org/-/work_items/18551","job-inputs-for-manual-pipeline-jobs",{"text":2970,"labels":2971,"description":2972,"items":2973,"links":2980},"Security Dashboard and SBOM across contexts",[770,771],"Extending non-default branch tracking to the Security Dashboard and SBOM means vulnerability trends, dependency lists, and SBOM exports all become branch-aware. This extension is intended for:",[2974,2976,2978],{"text":2975},"Making vulnerability trends and SBOM exports branch-aware for organizations with long-lived release branches.",{"text":2977},"Supporting CycloneDX, JSON, and SPDX export formats scoped to specific branches.",{"text":2979},"Tracking local vs. global vulnerability state changes with branch-scoped detection timestamps.",[2981],{"text":2982,"config":2983},"Epic #20476",{"href":2984,"dataGaName":2982,"dataGaLocation":2985},"https://gitlab.com/groups/gitlab-org/-/work_items/20476","security-dashboard-and-sbom-across-contexts",{"text":2987,"labels":2988,"description":2989,"items":2990,"links":2999},"KEV/EPSS filter in MR approval policies",[770],"CVSS severity alone does not tell you whether a vulnerability is actively exploited or likely to be. Adding Known Exploited Vulnerabilities (KEV) and Exploit Prediction Scoring System (EPSS) as filter criteria in MR approval policies shifts enforcement from theoretical severity to real-world exploitability. This filter is being created to:",[2991,2993,2995,2997],{"text":2992},"Add KEV and EPSS as filter options in MR approval policies.",{"text":2994},"Support policies like \"block merge if any dependency has a known exploit.",{"text":2996},"Integrate with Dependency and Container scanning results.",{"text":2998},"Focus on enforcement of findings that pose actual risk rather than theoretical severity.",[3000],{"text":3001,"config":3002},"Epic #16311",{"href":3003,"dataGaName":3001,"dataGaLocation":3004},"https://gitlab.com/groups/gitlab-org/-/work_items/16311","kev-epss-filter-in-mr-approval-policies",{"text":3006,"labels":3007,"description":3008,"items":3009,"links":3018},"Project-level Epics",[945],"One of GitLab's most requested features and a documented blocker for organizations migrating. Epics are currently group-level only, forcing teams to create unnecessary subgroups or misuse milestones. Project-level Epics are being enhanced to:",[3010,3012,3014,3016],{"text":3011},"Make Epics available at the project level for Premium tier.",{"text":3013},"Support roadmap, board, and view availability within project context.",{"text":3015},"Remove the need for subgroup workarounds to group issues within a project.",{"text":3017},"Address the needs of customers wanting to migrate, by providing project-scoped planning.",[3019],{"text":3020,"config":3021},"Epic #14501",{"href":3022,"dataGaName":3020,"dataGaLocation":3023},"https://gitlab.com/groups/gitlab-org/-/work_items/14501","project-level-epics",{"text":3025,"labels":3026,"description":3027,"items":3028,"links":3037},"Native CODEOWNERS reviewer auto-assignment",[756],"GitLab wants to bring automated CODEOWNERS assignments to address manual steps for each MR by reducing bottlenecks for developers and lowering risk with review selection. This feature is being made to:",[3029,3031,3033,3035],{"text":3030},"Automatically assign reviewers based on CODEOWNERS patterns matched against MR changed files.",{"text":3032},"Support both group and individual user assignments.",{"text":3034},"Preserve manual override with audit trail for automatic vs. manual assignments.",{"text":3036},"Lay the foundation for DAP-powered intelligent reviewer selection that considers expertise and availability.",[3038],{"text":3039,"config":3040},"Epic #20711",{"href":3041,"dataGaName":3039,"dataGaLocation":3042},"https://gitlab.com/groups/gitlab-org/-/work_items/20711","native-codeowners-reviewer-auto-assignment",{"text":3044,"labels":3045,"description":3046,"items":3047,"links":3056},"Work Items REST API",[945],"Many teams hesitate to adopt work item features (custom statuses, custom fields, work item types) that are only available through GraphQL. The REST API removes this adoption blocker for integrations, automation scripts, and tools that rely on REST. This API is being created to:",[3048,3050,3052,3054],{"text":3049},"Wrap existing work item Finders and Services with GraphQL-exposed operations.",{"text":3051},"Unblock adoption of custom statuses, fields, and types for REST-dependent teams.",{"text":3053},"Provide a consistent interface for automation and third-party integrations.",{"text":3055},"Remove a blocker for teams evaluating GitLab for project management.",[3057],{"text":3058,"config":3059},"Epic #9673",{"href":3060,"dataGaName":3058,"dataGaLocation":3061},"https://gitlab.com/groups/gitlab-org/-/work_items/9673","work-items-rest-api",{"text":3063,"labels":3064,"description":3065,"items":3066,"links":3075},"Wiki contextual discussions",[945,729],"Wiki discussions happen away from relevant content, reducing effectiveness and increasing context switching. Inline contextual commenting will tie threaded discussions directly to highlighted text, keeping conversations connected to the content they reference. We're working on:",[3067,3069,3071,3073],{"text":3068},"Inline commenting on highlighted wiki content.",{"text":3070},"Threaded discussions tied to specific text selections.",{"text":3072},"Discussion visibility indicators on wiki pages.",{"text":3074},"Existing wiki permission model integration.",[3076],{"text":3077,"config":3078},"Epic #16474",{"href":3079,"dataGaName":3077,"dataGaLocation":3080},"https://gitlab.com/groups/gitlab-org/-/work_items/16474","wiki-contextual-discussions",{"text":3082,"labels":3083,"description":3084,"items":3085,"links":3092},"Maven Virtual Registry GA and npm Virtual Registry",[824,825],"Maven graduates to GA while npm enters beta, covering the two highest-volume enterprise artifact ecosystems. Docker Virtual Registry also targets GA in this timeframe. By mid-year, GitLab will have virtual registries at GA for Maven, Docker, and npm. These registries are being made to:",[3086,3088,3090],{"text":3087},"Bring Maven to production readiness with allow/deny filtering, lifecycle policies, Geo support, and analytics.",{"text":3089},"Extend the virtual registry architecture to npm for JavaScript/Node.js teams, targeting GA after beta.",{"text":3091},"Move Docker Virtual Registry from experiment to GA, completing the container image solution.",[3093],{"text":3094,"config":3095},"Epic #15091",{"href":3096,"dataGaName":3094,"dataGaLocation":3097},"https://gitlab.com/groups/gitlab-org/-/work_items/15091","maven-virtual-registry-ga-and-npm-virtual-registry",{"text":3099,"labels":3100,"description":3101,"items":3102,"links":3109},"DORA 4 Metrics API",[771],"DORA metrics (deployment frequency, lead time for changes, change failure rate, time to restore service) are the industry standard for measuring software delivery performance. Complete maturity for the API means full feature parity for programmatic consumption. This milestone is meant to include:",[3103,3105,3107],{"text":3104},"API coverage for all four DORA metrics.",{"text":3106},"Support for dashboards, executive reporting, and automated alerting without relying on the GitLab UI.",{"text":3108},"Enhanced CI/CD job metrics and analytics improvements from earlier releases.",[3110],{"text":3111,"config":3112},"Epic #8334",{"href":3113,"dataGaName":3111,"dataGaLocation":3114},"https://gitlab.com/groups/gitlab-org/-/work_items/8334","dora-4-metrics-api",{"text":3116,"labels":3117,"description":3118,"items":3119,"links":3128},"Security attribute filtering on vulnerability reports",[770,771],"The security attributes story that started on the Security Dashboard reaches the vulnerability report. Teams will be able to filter vulnerabilities by application, business unit, or team directly on the report, bookmark filtered URLs, and share filtered views. This filter is being developed for:",[3120,3122,3124,3126],{"text":3121},"Adding business context filtering on the group-level vulnerability report.",{"text":3123},"Supporting URL bookmarking for filtered views.",{"text":3125},"Completing the business-context filtering loop from dashboard to report.",{"text":3127},"Building on security attributes and dashboard attribute filters.",[3129],{"text":3130,"config":3131},"Epic #17784",{"href":3132,"dataGaName":3130,"dataGaLocation":3133},"https://gitlab.com/groups/gitlab-org/-/work_items/17784","security-attribute-filtering-on-vulnerability-reports",{"text":3135,"labels":3136,"description":3137,"items":3138,"links":3147},"Auto-remediation with automatic dependency bumping",[770],"Expanding from lower severity vulnerabilities, auto-remediation will support configurable severity levels and version targets. We are working on:",[3139,3141,3143,3145],{"text":3140},"Targets for configurable severity levels from LOW through CRITICAL.",{"text":3142},"Supporting version target selection (MAJOR, MINOR, PATCH).",{"text":3144},"Offering grouped or individual MR options for dependency bumps.",{"text":3146},"Including UI indicators highlighting auto-remediated vulnerabilities.",[3148],{"text":3149,"config":3150},"Epic #18236",{"href":3151,"dataGaName":3149,"dataGaLocation":3152},"https://gitlab.com/groups/gitlab-org/-/work_items/18236","auto-remediation-with-automatic-dependency-bumping",{"text":3154,"labels":3155,"description":3156,"items":3157,"links":3166},"Enablement-only SAST profile",[770,729],"SAST remains foundational to application security, but CI/CD configuration requirements create adoption barriers. The SAST scan profile will let security managers deploy static analysis across projects through Security Inventory, with automatic language detection and Advanced SAST for supported languages on Ultimate. This profile is designed to:",[3158,3160,3162,3164],{"text":3159},"Auto-detect project languages and appropriate analyzers.",{"text":3161},"Automatically apply Advanced SAST for supported languages.",{"text":3163},"Support group-level management through Security Configuration and Inventory.",{"text":3165},"Follow the same interaction patterns established by secret push protection profiles.",[3167],{"text":3168,"config":3169},"Epic #19951",{"href":3170,"dataGaName":3168,"dataGaLocation":3171},"https://gitlab.com/groups/gitlab-org/-/work_items/19951","enablement-only-sast-profile",{"text":3173,"labels":3174,"description":3175,"items":3176,"links":3185},"Enablement-only secret push protection profile",[770,729],"Security managers need to deploy secret push protection at scale without manual project-by-project configuration. Scan configuration profiles will introduce bulk enablement through Security Inventory, protecting projects without requiring YAML changes or developer intervention. This profile is being created to:",[3177,3179,3181,3183],{"text":3178},"Provide bulk protection across projects through the Security Inventory interface.",{"text":3180},"Have a zero-YAML, profile-based approach that is consistent with other scan profiles.",{"text":3182},"Provide project-level control for teams experiencing edge cases.",{"text":3184},"Establish a foundation pattern for additional scan profile types.",[3186],{"text":3187,"config":3188},"Epic #19802",{"href":3189,"dataGaName":3187,"dataGaLocation":3190},"https://gitlab.com/groups/gitlab-org/-/work_items/19802","enablement-only-secret-push-protection-profile",{"text":3192,"labels":3193,"description":3194,"items":3195,"links":3204},"Enablement-only secret detection pipeline profile",[770,729],"While secret push protection blocks commits in real-time, pipeline scanning provides complementary coverage by detecting secrets in repository history and pipeline artifacts. This profile will let security managers apply broad secret detection using the same profile-based approach, creating defense-in-depth without configuration overhead. We are building this profile to:",[3196,3198,3200,3202],{"text":3197},"Scan historical repositories for previously committed secrets.",{"text":3199},"Cover pipeline artifacts for exposed credentials.",{"text":3201},"Provide complementary coverage alongside secret push protection.",{"text":3203},"Support staggered rollout to help prevent infrastructure overload.",[3205],{"text":3206,"config":3207},"Epic #19903",{"href":3208,"dataGaName":3206,"dataGaLocation":3209},"https://gitlab.com/groups/gitlab-org/-/work_items/19903","enablement-only-secret-detection-pipeline-profile",{"text":3211,"labels":3212,"description":3213,"items":3214,"links":3221},"Enablement-only dependency scanning profile",[770,729],"Completing the scan configuration profiles family, the dependency scanning profile will let security teams apply dependency scanning across projects without requiring developers to edit CI configs. We are working to create this profile for:",[3215,3217,3219],{"text":3216},"Dependency scanning across projects through Security Inventory.",{"text":3218},"Keeping the same zero-YAML, profile-based enablement approach as secret detection and SAST profiles.",{"text":3220},"Reducing configuration overhead for teams adopting comprehensive security scanning.",[3222],{"text":3223,"config":3224},"Epic #19952",{"href":3225,"dataGaName":3223,"dataGaLocation":3226},"https://gitlab.com/groups/gitlab-org/-/work_items/19952","enablement-only-dependency-scanning-profile",{"text":3228,"labels":3229,"description":3230,"items":3231,"links":3240},"Custom rules for secret detection",[770],"Organizations with proprietary credential formats need the ability to define their own secret patterns beyond GitLab's built-in rules. Custom rules will let security teams add organization-specific patterns that are automatically enforced during secret detection. This capability is being designed to:",[3232,3234,3236,3238],{"text":3233},"Allow organizations to define custom secret patterns for proprietary credential formats.",{"text":3235},"Enforce custom rules alongside built-in detection rules automatically.",{"text":3237},"Catch organization-specific leaks that generic pattern-based rules miss.",{"text":3239},"Extend secret detection coverage to match organizational security requirements.",[3241],{"text":3242,"config":3243},"Epic #18327",{"href":3244,"dataGaName":3242,"dataGaLocation":3245},"https://gitlab.com/groups/gitlab-org/-/work_items/18327","custom-rules-for-secret-detection",{"text":3247,"labels":3248,"description":3249,"items":3250,"links":3259},"Automated vulnerability severity customization policy",[770,729],"Default vulnerability severities don't always reflect organizational risk priorities. Security teams will be able to automate severity overrides based on rules including KEV/EPSS, CVSS, reachability, CVE, CWE, and scan type, mapping risk to business needs while automating triage processes that previously required manual intervention. This policy is meant to:",[3251,3253,3255,3257],{"text":3252},"Automate severity adjustments using KEV, EPSS, CVSS, and reachability signals.",{"text":3254},"Quickly process new vulnerabilities matching policy conditions.",{"text":3256},"Reduce critical/high vulnerability noise through intelligent prioritization.",{"text":3258},"Provide an audit trail of policy-driven severity changes for compliance visibility.",[3260],{"text":3261,"config":3262},"Epic #18378",{"href":3263,"dataGaName":3261,"dataGaLocation":3264},"https://gitlab.com/groups/gitlab-org/-/work_items/18378","automated-vulnerability-severity-customization-policy",{"text":3266,"labels":3267,"description":3268,"items":3269,"links":3276},"Security Manager role",[770,729],"Security teams currently need Developer or Maintainer access to use vulnerability management features, granting far more permissions than necessary. The Security Manager role inherits from Reporter and adds security-specific permissions. This role is being made to help:",[3270,3272,3274],{"text":3271},"Provide vulnerability management, dashboards, policies, and compliance feature access without over-privileging.",{"text":3273},"Introduce a non-hierarchical role that breaks the linear Guest-to-Owner inheritance model.",{"text":3275},"Support promotion on the invite members page for easy assignment.",[3277],{"text":3278,"config":3279},"Epic #20123",{"href":3280,"dataGaName":3278,"dataGaLocation":3281},"https://gitlab.com/groups/gitlab-org/-/work_items/20123","security-manager-role",{"text":3283,"labels":3284,"description":3285,"items":3286,"links":3295},"License scanning for Dart/Flutter projects",[770,771],"Dart and Flutter license information currently displays as UNKNOWN, forcing teams to use external tools for license compliance. License scanning support for the pub package manager fills this gap for the growing Flutter ecosystem. We’re working on:",[3287,3289,3291,3293],{"text":3288},"Creating an ingestion of license data for the pub package manager.",{"text":3290},"Removing UNKNOWN license status with accurate visibility.",{"text":3292},"Supporting policy enforcement for Dart/Flutter license compliance.",{"text":3294},"Reducing reliance on external license data sources.",[3296],{"text":3297,"config":3298},"Epic #18351",{"href":3299,"dataGaName":3297,"dataGaLocation":3300},"https://gitlab.com/groups/gitlab-org/-/work_items/18351","license-scanning-for-dart-flutter-projects",{"text":3302,"labels":3303,"description":3304,"items":3305,"links":3314},"Generic password detection with contextual indicators",[770],"Pattern-based secret detection misses generic passwords like admin_password=Password123! that lack recognizable formats. Context-aware detection identifies generic passwords by analyzing surrounding code patterns and variable naming conventions, extending current secret detection coverage. Currently in the pipeline is:",[3306,3308,3310,3312],{"text":3307},"Context-aware filtering to reduce false negatives for generic passwords.",{"text":3309},"Detection of passwords assigned to common credential variable patterns.",{"text":3311},"Extended coverage beyond format-specific secret types.",{"text":3313},"Reduced exposure risk from inadvertently committed credentials.",[3315],{"text":3316,"config":3317},"Epic #18504",{"href":3318,"dataGaName":3316,"dataGaLocation":3319},"https://gitlab.com/groups/gitlab-org/-/work_items/18504","generic-password-detection-with-contextual-indicators",{"text":3321,"labels":3322,"description":3323,"items":3324,"links":3333},"Malicious package detection in dependency scanning",[770,771],"Supply chain attacks through malicious packages pose immediate risk: unlike CVEs that may exist dormant for months, a malicious package causes harm the moment it is ingested. GitLab is exploring surfacing malicious packages directly in dependency scanning results to help teams identify and respond to active threats. We're exploring:",[3325,3327,3329,3331],{"text":3326},"Critical severity flagging for malicious packages with clear \"MAL-\" identifiers for immediate recognition.",{"text":3328},"Detection of credential theft, data exfiltration, botnet, and database corruption attack vectors.",{"text":3330},"Integration with vulnerability reports and dependency lists for unified security visibility.",{"text":3332},"Policy support for automatic blocking of malicious packages in merge requests.",[3334],{"text":3335,"config":3336},"Epic #17976",{"href":3337,"dataGaName":3335,"dataGaLocation":3338},"https://gitlab.com/groups/gitlab-org/-/work_items/17976","malicious-package-detection-in-dependency-scanning",{"text":3340,"labels":3341,"description":3342,"items":3343,"links":3352},"Incremental scanning for Advanced SAST",[770],"Advanced SAST analysis in large repositories can exceed pipeline job time limits. Incremental scanning will cache results from previous scans and only analyze changed code, significantly reducing scan time while producing accurate results. This is a separate performance initiative from Advanced SAST's backwards slicing work. This optimization is meant to:",[3344,3346,3348,3350],{"text":3345},"Cache results from computationally expensive analysis tasks.",{"text":3347},"Reduce scan time for repositories with incremental changes.",{"text":3349},"Produce accurate results equivalent to non-incremental scans.",{"text":3351},"Support large repository adoption of Advanced SAST.",[3353],{"text":3354,"config":3355},"Epic #15545",{"href":3356,"dataGaName":3354,"dataGaLocation":3357},"https://gitlab.com/groups/gitlab-org/-/work_items/15545","incremental-scanning-for-advanced-sast",{"text":3359,"labels":3360,"description":3361,"items":3362,"links":3371},"PDF export for security dashboard",[770,771],"Security dashboards need exportable formats for stakeholder communication and compliance documentation. PDF export will replicate dashboard panels with applied filters and group-by configurations for offline sharing and archival. This export is being created to:",[3363,3365,3367,3369],{"text":3364},"Cover vulnerability counts, trends, risk scores, and age metrics.",{"text":3366},"Honor applied filters and group-by configurations at export time.",{"text":3368},"Include table of contents and explanatory content for each module.",{"text":3370},"Produce an email-ready format for stakeholder distribution.",[3372],{"text":3373,"config":3374},"Epic #18203",{"href":3375,"dataGaName":3373,"dataGaLocation":3376},"https://gitlab.com/groups/gitlab-org/-/work_items/18203","pdf-export-for-security-dashboard",{"text":3378,"labels":3379,"description":3380,"items":3381,"links":3390},"SLSA verification and container image signing",[770,843],"Organizations need to prove the provenance and integrity of their artifacts across the supply chain. Attestation APIs, UI integration, and GitLab CLI (glab) commands for verification will validate artifacts, while container image signing and verification extends this to the container ecosystem. We are working to:",[3382,3384,3386,3388],{"text":3383},"Provide attestations API for consumer lookup and verification.",{"text":3385},"Integrate UI linking attestations to builds with project-level views.",{"text":3387},"Support container image signing and verification for supply chain integrity.",{"text":3389},"Offer GitLab CLI (glab) attestation verification for command-line workflows.",[3391],{"text":3392,"config":3393},"Epic #19697",{"href":3394,"dataGaName":3392,"dataGaLocation":3395},"https://gitlab.com/groups/gitlab-org/-/work_items/19697","slsa-verification-and-container-image-signing",{"text":3397,"labels":3398,"description":3399,"items":3400,"links":3409},"Granular permissions for Personal Access Tokens",[729,770],"Broad PAT scopes like read_api and api create excessive blast radius if tokens are compromised. Fine-grained permissions will scope tokens to specific resources and operations, restricted to specific projects and groups. We are working on:",[3401,3403,3405,3407],{"text":3402},"Replacing broad scope categories with resource-specific permissions.",{"text":3404},"Restricting token boundaries to specific projects and groups.",{"text":3406},"Enforcement across REST and GraphQL APIs with documented permission requirements.",{"text":3408},"Providing credential inventory visibility for applied permissions.",[3410],{"text":3411,"config":3412},"Epic #18554",{"href":3413,"dataGaName":3411,"dataGaLocation":3414},"https://gitlab.com/groups/gitlab-org/-/work_items/18554","granular-permissions-for-personal-access-tokens",{"text":3416,"labels":3417,"description":3418,"items":3419,"links":3428},"GitLab Secrets Manager",[770,843],"Teams using CI variables for secrets lack proper lifecycle management, rotation reminders, and granular access control. GitLab Secrets Manager will provide purpose-built secrets storage with expiration management, environment/branch scoping, and role-based permissions. This manager is being expanded to:",[3420,3422,3424,3426],{"text":3421},"Support secret creation with expiration and environment/branch scoping.",{"text":3423},"Provide rotation reminders for proactive credential management.",{"text":3425},"Offer granular CRUD permissions at project and group level.",{"text":3427},"Reduce reliance on third-party secrets managers for CI workflows.",[3429],{"text":3430,"config":3431},"Epic #10723",{"href":3432,"dataGaName":3430,"dataGaLocation":3433},"https://gitlab.com/groups/gitlab-org/-/work_items/10723","gitlab-secrets-manager",{"text":3435,"labels":3436,"description":3437,"items":3438,"links":3445},"Security policy integration with security attributes",[770,729],"The security attributes introduced for tagging and filtering will extend into the policy engine. Security teams will be able to write policies that reference custom security attributes for fine-grained governance rules. Here’s what we are working on:",[3439,3441,3443],{"text":3440},"Connecting security policies to business-context attributes like business impact, application, and business unit.",{"text":3442},"Supporting targeted policy enforcement scoped to specific asset classifications.",{"text":3444},"Validating policy-attribute combinations through initial testing.",[3446],{"text":3447,"config":3448},"Epic #18312",{"href":3449,"dataGaName":3447,"dataGaLocation":3450},"https://gitlab.com/groups/gitlab-org/-/work_items/18312","security-policy-integration-with-security-attributes",{"text":3452,"labels":3453,"description":3454,"items":3455,"links":3464},"Scheduled Pipeline Execution Policies",[770,729],"Security teams will be able to enforce scheduled scans (nightly DAST, weekly dependency scanning) via policy, ensuring continuous compliance without developer action. This policy is intended to:",[3456,3458,3460,3462],{"text":3457},"Enforce scheduled security scans via policy without requiring developer pipeline configuration.",{"text":3459},"Provide continuous compliance coverage for security-critical scan types.",{"text":3461},"Ensure organizations maintain scanning cadence regardless of development activity.",{"text":3463},"Build on test-run validation capabilities for confidence before production rollout.",[3465],{"text":3466,"config":3467},"Epic #17875",{"href":3468,"dataGaName":3466,"dataGaLocation":3469},"https://gitlab.com/groups/gitlab-org/-/work_items/17875","scheduled-pipeline-execution-policies",{"navigationLinks":3471,"allComponents":3542,"whatsComingFeatures":2823},[3472,3478,3483,3488,3492,3496,3500,3504,3508,3512,3517,3522,3527,3532,3537],{"text":705,"releaseDate":706,"hasNoContent":704,"config":3473},{"id":3474,"href":3475,"withDate":43,"dataGaName":3476,"dataGaLocation":3477},"18-9","#18-9","18.9-nav","side-navigation",{"text":903,"releaseDate":904,"hasNoContent":704,"config":3479},{"id":3480,"href":3481,"withDate":43,"dataGaName":3482,"dataGaLocation":3477},"18-8","#18-8","18.8-nav",{"text":1216,"releaseDate":1215,"hasNoContent":704,"config":3484},{"id":3485,"href":3486,"withDate":43,"dataGaName":3487,"dataGaLocation":3477},"18-7","#18-7","18.7-nav",{"text":1446,"releaseDate":1430,"hasNoContent":704,"config":3489},{"id":1446,"href":3490,"withDate":43,"dataGaName":3491,"dataGaLocation":3477},"#18.6","18.6-nav",{"text":1606,"releaseDate":1588,"hasNoContent":704,"config":3493},{"id":1606,"href":3494,"withDate":43,"dataGaName":3495,"dataGaLocation":3477},"#18.5","18.5-nav",{"text":1726,"releaseDate":1708,"hasNoContent":704,"config":3497},{"id":1726,"href":3498,"withDate":43,"dataGaName":3499,"dataGaLocation":3477},"#18.4","18.4-nav",{"text":1903,"releaseDate":1885,"hasNoContent":704,"config":3501},{"id":1903,"href":3502,"withDate":43,"dataGaName":3503,"dataGaLocation":3477},"#18.3","18.3-nav",{"text":2084,"releaseDate":2066,"hasNoContent":704,"config":3505},{"id":2084,"href":3506,"withDate":43,"dataGaName":3507,"dataGaLocation":3477},"#18.2","18.2-nav",{"text":2286,"releaseDate":2268,"hasNoContent":704,"config":3509},{"id":2286,"href":3510,"withDate":43,"dataGaName":3511,"dataGaLocation":3477},"#18.1","18.1-nav",{"text":2359,"releaseDate":2360,"hasNoContent":704,"config":3513},{"id":3514,"href":3515,"withDate":43,"dataGaName":3516,"dataGaLocation":3477},"18-0","#18-0","18.0-nav",{"text":2438,"releaseDate":2439,"hasNoContent":704,"config":3518},{"id":3519,"href":3520,"withDate":43,"dataGaName":3521,"dataGaLocation":3477},"17-11","#17-11","17.11-nav",{"text":2526,"releaseDate":2527,"hasNoContent":704,"config":3523},{"id":3524,"href":3525,"withDate":43,"dataGaName":3526,"dataGaLocation":3477},"17-10","#17-10","17.10-nav",{"text":2600,"releaseDate":2601,"hasNoContent":704,"config":3528},{"id":3529,"href":3530,"withDate":43,"dataGaName":3531,"dataGaLocation":3477},"17-9","#17-9","17.9-nav",{"text":2676,"releaseDate":2677,"hasNoContent":704,"config":3533},{"id":3534,"href":3535,"withDate":43,"dataGaName":3536,"dataGaLocation":3477},"17-8","#17-8","17.8-nav",{"text":2752,"releaseDate":2753,"hasNoContent":704,"config":3538},{"id":3539,"href":3540,"withDate":43,"dataGaName":3541,"dataGaLocation":3477},"17-7","#17-7","17.7-nav",[3543,3546,3549,3552,3555,3558,3561,3564,3567,3570,3573,3576,3579,3582,3585,3588,3591,3594,3597,3600,3603,3606,3609,3612,3615,3618,3621,3624,3627,3630],{"componentName":710,"componentContent":3544},{"title":712,"description":713,"heading":714,"button":715,"config":3545},{"newestRelease":43,"id":3474,"version":705,"releaseDate":706},{"componentName":721,"componentContent":3547},{"features":723,"config":3548},{"newestRelease":43,"id":3474,"version":705,"releaseDate":706},{"componentName":710,"componentContent":3550},{"title":909,"description":910,"video":911,"config":3551},{"newestRelease":704,"id":3480,"version":903,"releaseDate":904},{"componentName":721,"componentContent":3553},{"features":923,"config":3554},{"newestRelease":704,"id":3480,"version":903,"releaseDate":904},{"componentName":710,"componentContent":3556},{"title":1221,"description":1222,"video":1223,"config":3557},{"newestRelease":704,"id":3485,"version":1216,"releaseDate":1215},{"componentName":721,"componentContent":3559},{"features":1234,"config":3560},{"newestRelease":704,"id":3485,"version":1216,"releaseDate":1215},{"componentName":710,"componentContent":3562},{"title":1435,"description":1436,"video":1437,"config":3563},{"newestRelease":704,"id":1446,"version":1429,"releaseDate":1430},{"componentName":721,"componentContent":3565},{"features":1449,"config":3566},{"newestRelease":704,"id":1446,"version":1429,"releaseDate":1430},{"componentName":710,"componentContent":3568},{"title":1594,"description":1595,"video":1596,"config":3569},{"newestRelease":704,"id":1606,"version":1587,"releaseDate":1588},{"componentName":721,"componentContent":3571},{"features":1609,"config":3572},{"newestRelease":704,"id":1606,"version":1587,"releaseDate":1588},{"componentName":710,"componentContent":3574},{"title":1714,"description":1715,"video":1716,"config":3575},{"newestRelease":704,"id":1726,"version":1707,"releaseDate":1708},{"componentName":721,"componentContent":3577},{"features":1729,"config":3578},{"newestRelease":704,"id":1726,"version":1707,"releaseDate":1708},{"componentName":710,"componentContent":3580},{"title":1891,"description":1892,"video":1893,"config":3581},{"newestRelease":704,"id":1903,"version":1884,"releaseDate":1885},{"componentName":721,"componentContent":3583},{"features":1906,"config":3584},{"newestRelease":704,"id":1903,"version":1884,"releaseDate":1885},{"componentName":710,"componentContent":3586},{"title":2072,"description":2073,"video":2074,"config":3587},{"newestRelease":704,"id":2084,"version":2065,"releaseDate":2066},{"componentName":721,"componentContent":3589},{"features":2087,"config":3590},{"newestRelease":704,"id":2084,"version":2065,"releaseDate":2066},{"componentName":710,"componentContent":3592},{"title":2274,"description":2275,"video":2276,"config":3593},{"newestRelease":704,"id":2286,"version":2267,"releaseDate":2268},{"componentName":721,"componentContent":3595},{"features":2289,"config":3596},{"newestRelease":704,"id":2286,"version":2267,"releaseDate":2268},{"componentName":710,"componentContent":3598},{"title":2365,"description":2366,"video":2367,"config":3599},{"newestRelease":704,"id":3514,"version":2359,"releaseDate":2360},{"componentName":721,"componentContent":3601},{"features":2376,"config":3602},{"newestRelease":704,"id":3514,"version":2359,"releaseDate":2360},{"componentName":710,"componentContent":3604},{"title":2444,"description":2445,"config":3605},{"newestRelease":704,"id":3519,"version":2438,"releaseDate":2439},{"componentName":721,"componentContent":3607},{"features":2448,"config":3608},{"newestRelease":704,"id":3519,"version":2438,"releaseDate":2439},{"componentName":710,"componentContent":3610},{"title":2532,"description":2533,"config":3611},{"newestRelease":704,"id":3524,"version":2526,"releaseDate":2527},{"componentName":721,"componentContent":3613},{"features":2536,"config":3614},{"newestRelease":704,"id":3524,"version":2526,"releaseDate":2527},{"componentName":710,"componentContent":3616},{"title":2606,"description":2607,"config":3617},{"newestRelease":704,"id":3529,"version":2600,"releaseDate":2601},{"componentName":721,"componentContent":3619},{"features":2610,"config":3620},{"newestRelease":704,"id":3529,"version":2600,"releaseDate":2601},{"componentName":710,"componentContent":3622},{"title":2682,"description":2683,"config":3623},{"newestRelease":704,"id":3534,"version":2676,"releaseDate":2677},{"componentName":721,"componentContent":3625},{"features":2686,"config":3626},{"newestRelease":704,"id":3534,"version":2676,"releaseDate":2677},{"componentName":710,"componentContent":3628},{"title":2758,"description":2759,"config":3629},{"newestRelease":704,"id":3539,"version":2752,"releaseDate":2753},{"componentName":721,"componentContent":3631},{"features":2762,"config":3632},{"newestRelease":704,"id":3539,"version":2752,"releaseDate":2753},1772652089110]