GitLab Expands Agentic AI with Automated Security, Pipeline, Analytics
-
Agentic SAST Vulnerability Resolution is now generally available, automatically generating ready-to-merge code fixes and helping resolve vulnerabilities before they reach production.
-
Two new agents in GitLab Duo Agent Platform allow teams to stand up a running CI pipeline in minutes and get fast visual answers from live software lifecycle data, eliminating two of the most persistent bottlenecks in software delivery.
-
New subscription-level and per-user spending caps for GitLab Credits give organizations control over on-demand AI spend, enabling enterprise-wide rollout of GitLab Duo Agent Platform with predictable cost controls.
GitLab Inc., the intelligent orchestration platform for DevSecOps, released GitLab 18.11, expanding agentic AI across the entire software lifecycle with security remediation, pipeline configuration, and delivery analytics.
Recommended: RAG vs Fine-Tuning vs Agents: Choosing the Right AI Approach
AI-generated code moves faster than the systems around it can keep up with, creating the AI Paradox: faster code generation without faster delivery, security, or operations to match. As code volume grows, so does the backlog of pipelines to configure, security findings to remediate, and delivery questions to answer. GitLab 18.11 helps address those gaps with platform-native agents that have access to the code, pipelines, issues, and security findings already in GitLab.
Agentic SAST Vulnerability Resolution Reaches General Availability
Agentic SAST Vulnerability Resolution is now generally available for GitLab Ultimate customers using GitLab Duo Agent Platform. According to GitLab’s 2025 DevSecOps Report, developers spend 11 hours per month remediating vulnerabilities after release, fixing issues that are already exploitable in production. When a SAST scan completes, the agent analyzes confirmed true positives, generates a code fix designed to address the root cause, and opens a ready-to-merge request with a confidence score enabling developers to act without context switching and close vulnerabilities before they reach production.
New Prebuilt Agents for CI and Analytics
For many teams, standing up a first pipeline can be a significant adoption barrier. Teams that want to know how long MRs sit in review or which pipelines are slowing them down have to file a dashboard request or learn a query language. GitLab 18.11 ships two new foundational agents for GitLab Duo Agent Platform that help address both gaps.
The CI Expert Agent, now in beta, inspects a repository, identifies its language and framework, and proposes a build-and-test pipeline in natural language, targeting a running pipeline in minutes, with no YAML written manually.
The Data Analyst Agent, now generally available, answers natural-language questions with fast visual answers about the live software lifecycle data, covering merge request cycle times, pipeline health, deployment frequency, and more. It is available to Free, Premium, and Ultimate tier customers, with GitLab Duo Agent Platform enabled.
Recommended: AI-Powered DevOps: From CI/CD to Continuous Intelligence
Both agents are available on GitLab.com, Self-Managed, and Dedicated, and are part of GitLab Duo Agent Platform.
Usage Controls Give Organizations Predictable AI Spend
New subscription-level and per-user spending caps for GitLab Credits give organizations direct control over on-demand AI spend. Subscription-level caps let billing account managers configure a monthly limit with enforcement controls, while per-user caps ensure no single user exhausts the pool. Together, these controls enable enterprises to deploy GitLab Duo Agent Platform at scale with cost predictability. The GitLab Credits dashboard and Customers Portal give administrators full visibility into usage and cap status.
Write to us [wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.
