GitLab 18.11 Released with Automated Remediation & New Foundational Agents

GitLab’s 18.11 release marks a decisive step toward AI‑augmented DevOps, with Agentic SAST automatically generating remediation merge requests for high‑severity flaws. By embedding code‑aware analysis directly into the CI pipeline, teams can close security gaps faster and free security engineers to focus on strategic threats. The newly GA Data Analyst Agent and beta CI Expert Agent extend conversational AI to data exploration and pipeline creation, turning routine tasks into interactive, context‑aware experiences that boost productivity across development and operations.

Security governance also receives a boost. Automated severity‑override policies let enterprises align vulnerability triage with business risk, while fine‑grained personal access tokens restrict API access to specific resources, dramatically reducing the blast radius of credential leaks. The addition of a top‑CWE chart on security dashboards provides actionable insight into recurring code weaknesses, enabling targeted training and remediation programs. Together, these tools tighten the feedback loop between detection and remediation, reinforcing a shift‑left security posture.

From a financial and operational perspective, GitLab expands cost‑management features with subscription‑level and per‑user credits caps, giving admins granular control over AI consumption and preventing unexpected spend. The extension of service accounts to the Free tier, along with subgroup scoping, democratizes automation for smaller teams while maintaining security hygiene. Coupled with broader model support—including Mistral AI for self‑hosted deployments—GitLab positions itself as a comprehensive, cost‑effective platform for enterprises seeking to scale AI‑driven development without sacrificing governance.