How to Build CI/CD Observability at Scale
GitLab introduced a CI/CD Observability solution that converts raw pipeline data into actionable insights for self‑managed deployments. A leading financial services firm implemented the stack using the open‑source gitlab‑ci‑pipelines‑exporter together with Prometheus and Grafana on a Kubernetes cluster. The solution provides automated Grafana dashboards covering pipeline health, job performance, runner utilization, and deployment frequency. Prerequisites include GitLab 18.1+, a container orchestration platform, and a read‑api token.
Curl Removed From Omnibus-GitLab FIPS Packages in 19.0
GitLab’s Omnibus‑GitLab 19.0 release removes the internally built curl binary from all FIPS‑compliant packages, switching to the curl supplied by the underlying Linux distribution. The change is driven by curl 8.18.0 dropping support for OpenSSL 1.x, which broke GitLab’s previous bundling...
GitLab + Amazon: Platform Orchestration on a Trusted AI Foundation
GitLab has introduced the Duo Agent Platform, an agentic AI control plane that embeds AI workflows directly into GitLab’s software development lifecycle. The platform routes model calls through a GitLab AI Gateway to Amazon Bedrock, Amazon’s server‑less, compliant foundation model...
Prepare Your Pipeline for AI-Discovered Zero-Days
Anthropic's Mythos preview model uncovered thousands of zero‑day vulnerabilities, including a 27‑year‑old OpenBSD bug, and chained four flaws into a functional browser exploit. The company warns that comparable AI‑driven attack tools could appear in the hands of adversaries within six...
GitHub Copilot's New Policy for AI Training Is a Governance Wake-Up Call
GitHub announced that, beginning April 24, 2026, interaction data from Copilot Free, Pro and Pro+ users—including prompts, code snippets and context—will be used to train its AI models by default, unless users opt out. Business and Enterprise customers are exempt...
Claude Opus 4.7 Is Now Available in GitLab Duo Agent Platform
GitLab Duo Agent Platform now supports Anthropic's Claude Opus 4.7, the latest large‑language model. The new model delivers stronger long‑running reasoning, more precise instruction following, and self‑verification of outputs across agent‑driven workflows. Internal tests show Opus 4.7 outperforms both Sonnet...
GitLab 18.11: CI Expert and Data Analyst AI Agents Target Development Gaps
GitLab’s 18.11 release adds two AI‑driven agents to its Duo Agent Platform. The CI Expert Agent, now in beta, automatically inspects a repository and generates a runnable .gitlab-ci.yml, cutting weeks of manual setup to minutes. The Data Analyst Agent, generally...
GitLab 18.11 Release
GitLab 18.11 introduces a suite of AI‑driven and security enhancements, including Agentic SAST Vulnerability Resolution that auto‑generates merge requests for critical findings, and the Data Analyst Agent that answers natural‑language queries across the platform. The release also adds fine‑grained personal...
GitLab and Vertex AI on Google Cloud: Advancing Agentic Software Development
GitLab has made its Duo Agent Platform generally available and integrated it with Google Cloud’s Vertex AI, creating an AI‑driven orchestration layer that spans the entire software development lifecycle. The partnership lets developers invoke specialized agents for planning, coding, security...
GitLab Named a 2026 Omdia Universe Leader
GitLab has been named a Leader in the 2026 Omdia Universe for AI‑assisted software development, topping the IDE‑based tools category. The vendor earned best‑in‑class scores in Solution Breadth (100%), Strategy and Innovation (88%) and Core Features (82%), with strong marks...
GitLab Duo CLI: Agentic AI for the Development Lifecycle, Now in the Terminal
GitLab has launched the Duo CLI in public beta, extending its AI‑driven Duo Agent Platform to the terminal. The tool offers two operating modes—a chat‑based interactive mode and a headless mode for scripts and CI/CD pipelines. It integrates security guardrails...
Pipeline Security Lessons From March Supply Chain Incidents
Between March 19 and March 31, 2026, the TeamPCP threat group executed four supply‑chain attacks that compromised the open‑source scanner Trivy, the IaC scanner Checkmarx KICS, the AI model gateway LiteLLM, and the JavaScript client axios. Each breach leveraged malicious...
Changes to packages.gitlab.com: What You Need to Know
GitLab is completing a migration of its packages.gitlab.com infrastructure to a new hosting system, keeping the same domain but changing URL structures, GPG key locations, and network endpoints. The legacy PackageCloud UI will be retired on March 31, 2026, and...
Manage Vulnerability Noise at Scale with Auto-Dismiss Policies
GitLab has launched auto‑dismiss vulnerability policies that let security teams codify triage rules and apply them automatically on every default‑branch pipeline. By matching on file paths, directories or vulnerability identifiers (CVE/CWE), the system can dismiss up to 1,000 findings per...
Agentic Code Reviews for $0.25 Each
GitLab Duo Agent Platform’s Code Review Flow introduces an agentic AI reviewer priced at a flat $0.25 per merge request, tackling the growing code‑review bottleneck that has surged 91% on AI‑assisted teams. Engineers now wait a median 13 hours for PR...
GitLab 18.10: Agentic AI Now Open to Even More Teams on GitLab
GitLab 18.10 introduces a usage‑based credit model that lets free GitLab.com teams purchase monthly GitLab Credits to unlock the Duo Agent Platform without upgrading their subscription. The shared credit pool grants all members access to AI agents for planning, code...
GitLab 18.10 Brings AI-Native Triage and Remediation
GitLab 18.10 adds AI‑driven security features that cut vulnerability triage time and automate remediation. The release ships generally available SAST false‑positive detection, beta agentic SAST vulnerability resolution, and beta secret false‑positive detection, all powered by the GitLab Duo Agent Platform....
Code Review without the Bottlenecks or the Bill
GitLab introduced Code Review Flow, an AI‑driven automated code review feature within its Duo Agent Platform. The service scans merge requests, incorporates repository context, security findings and compliance rules, and delivers structured inline feedback. It can run hundreds of reviews...
How to Use GitLab Container Virtual Registry with Docker Hardened Images
GitLab’s Container Virtual Registry acts as a pull‑through cache for Docker Hub, Docker Hardened Images (dhi.io), Microsoft Container Registry, Quay and internal registries. It consolidates authentication to GitLab, caches images on the first pull and serves subsequent pulls locally, cutting...
Secure and Fast Deployments to Google Agent Engine with GitLab
The tutorial shows how to deploy a Google Agent Development Kit (ADK) AI agent to Google Cloud's Agent Engine using GitLab’s native Google Cloud integration and CI/CD pipelines. It walks through configuring IAM with Workload Identity Federation, creating a .gitlab-ci.yml...
New GitLab Metrics and Registry Features Help Reduce CI/CD Bottlenecks
GitLab announced two beta features aimed at easing CI/CD bottlenecks: job‑level performance metrics and a Container Virtual Registry. The job metrics panel, available to Premium and Ultimate customers, displays median and 95th‑percentile durations, failure rates, and sortable tables directly in...
Agentic SDLC: GitLab and TCS Deliver Intelligent Orchestration Across the Enterprise
GitLab and Tata Consultancy Services (TCS) have teamed up to deliver an Intelligent Orchestration layer that embeds AI agents into the full software development lifecycle. The partnership leverages GitLab’s Duo Agent Platform and a TCS Center of Excellence to standardize...
GitLab Extends Omnibus Package Signing Key Expiration to 2028
GitLab announced that the GPG key used to sign its Omnibus packages will now expire on February 16, 2028, extending the previous 2026 deadline. The key, which authenticates package integrity across CI pipelines, remains separate from repository metadata signing keys...
Track Vulnerability Remediation with the Updated GitLab Security Dashboard
GitLab’s updated Security Dashboard, now in the 18.9 release, adds advanced filters and visualizations that let teams track vulnerability trends, remediation velocity, and risk scores across projects and groups. The dashboard calculates risk using vulnerability age, EPSS, and KEV data,...
Agentic AI, Enterprise Control: Self-Hosted Duo Agent Platform and BYOM
GitLab 18.9 launches a self‑hosted Duo Agent Platform for online cloud license customers, enabling AI‑driven automation while keeping models on‑premise or in approved clouds. The new offering uses a usage‑based billing model powered by GitLab Credits, delivering transparent per‑request metering...
GitLab Backs 99.9% Availability with Service Credits for Ultimate Customers
GitLab announced a 99.9% availability service‑level agreement for Ultimate customers on GitLab.com and GitLab Dedicated, backed by service credits when monthly uptime falls short. The SLA covers core DevSecOps experiences such as issues, merge requests, Git operations, Container and Package...
Claude Opus 4.6 Now Available in GitLab Duo Agent Platform
GitLab has added Anthropic’s Claude Opus 4.6 to its Duo Agent Platform, giving users a model with a 1 million‑token context window and heightened agency. The model can ingest entire codebases, documentation, and pipeline data in a single interaction, enabling more comprehensive...