GitLab 19.0 Adds AI Workflows, Secrets Management, and Self-Hosted Model Support

The AI paradox—rapid code generation paired with lagging governance—has become a top concern for engineering teams. GitLab 19.0 tackles this gap by weaving AI capabilities directly into its DevOps platform. The new Developer Flow reads project‑specific standards from an AGENTS.md file, allowing AI‑generated suggestions to respect existing guardrails. Features like the "Resolve with Duo" button and one‑click rebase‑and‑merge reduce manual handoffs, letting reviewers focus on higher‑value decisions while maintaining speed.

Security gains a central foothold with the public‑beta Secrets Manager, which stores credentials alongside code and pipelines under GitLab's native permission model. Auditable trails link every secret use to its originating job, eliminating the need for disparate vault solutions. For organizations bound by data‑sovereignty rules, the expanded Duo Agent platform now runs four open‑source LLMs—including Mistral Devstral 2 and MiniMax M2.7—on‑premise or in private clouds, delivering AI power without exposing source code to external APIs. This self‑hosted option broadens GitLab's appeal in regulated sectors such as finance and healthcare.

Beyond AI, GitLab strengthens supply‑chain transparency through SBOM‑driven dependency scanning and policy‑based security profiles that can be rolled out across projects with a single configuration change. Components Analytics fills a visibility void by surfacing usage data for CI/CD catalog components, helping platform engineers optimize version adoption. Collectively, these upgrades reinforce GitLab's market positioning against rivals like GitHub and Azure DevOps, offering a unified, secure environment for modern software delivery at scale.