GitLab has launched GitLab 18, the latest version of its comprehensive DevSecOps platform, introducing AI-native capabilities alongside key enhancements in core development workflows, security, and compliance. Available from 16 May, the release offers real-time AI assistance to developers and improves software delivery pipelines through a unified and secure experience. GitLab Premium customers can now access advanced AI tools without the need to upgrade to the Ultimate tier.
AI tools enhance development speed and efficiency
At the heart of GitLab 18 is deeper integration of GitLab Duo, bringing AI-powered Code Suggestions and Chat to Premium and Ultimate users at no extra cost. These features enable developers to generate code, receive real-time completion suggestions, refactor scripts, write tests, and fix bugs—all from within their preferred source code editor or IDE.
According to Felix Kortmann, chief technology officer at Ignite by FORVIA HELLA, these tools are already delivering impact. “For us, as GitLab users, Duo’s intelligent code suggestions have become a daily asset for our developers. Combined with the chat feature, it allows for immediate feedback and iteration, resulting in faster development cycles and a more secure codebase. It’s a seamless and powerful addition to our workflows.”
This AI-native approach builds on GitLab Premium’s existing capabilities in source code management and continuous integration, removing the need for separate tools or additional licensing. Additionally, GitLab Duo Enterprise—offering more advanced, context-aware AI across the development lifecycle—is now available for purchase by Premium customers, without requiring an upgrade to the Ultimate plan.
DevSecOps enhancements drive performance and collaboration
GitLab 18 brings major improvements to its core platform, designed to streamline DevSecOps workflows and reduce dependency on external tools. The update introduces built-in artifact management for storing packages, containers, and other build components. This includes support for a new virtual Maven registry and immutable tag management, which simplifies tooling on a single platform.
To further accelerate delivery, GitLab has refined its CI/CD pipelines with structured inputs and modular configurations. The enhancements allow for easier management of parent/child pipelines and better change detection, enabling faster and more secure deployments.
New capabilities such as GitLab Query Language (GQL) make it easier for teams to search, filter, and embed content across the platform. This supports improved collaboration and reporting for cross-functional teams working on complex projects.
For Andrei Nita, chief technology officer at McKenzie Intelligence Services, the impact of GitLab’s unified toolset is clear. “GitLab has already been instrumental in eliminating our reliance on a fragmented toolchain, which cut costs from disconnected solutions, and streamlined our workflow. Enhancing GitLab Premium with Duo will give us even greater efficiency and cost savings as our developers spend less time on routine coding tasks and more time tackling complex challenges that drive real business value.”
Security and compliance capabilities expanded
The latest version also strengthens GitLab’s built-in security features to support organisations with stricter compliance and risk management requirements. Custom compliance frameworks now include out-of-the-box controls aligned with SOC 2, ISO 27001, and CIS benchmarks, with options to define and enforce additional policies specific to each organisation.
Security updates include reachability analysis for dependencies, which helps reduce false positives by focusing only on exploitable vulnerabilities. Static Application Security Testing (SAST) has also been improved, allowing organisations to adjust detection logic according to their tech stack, reducing false alerts.
New vulnerability dashboards offer both organisation-level and application-specific views with strong filtering and reporting functions to highlight critical issues. GitLab 18 also introduces support for FIDO passkeys, enabling secure logins using biometrics, device PINs, or hardware tokens like YubiKeys.
Another significant feature is the security policy impact assessment tool, which adds context when making changes to policies. A “warn mode” provides guidance to developers without blocking their workflow, promoting better adherence to policies while maintaining efficiency.
David DeSanto, chief product officer at GitLab, said the aim of these updates is to eliminate unnecessary complexity: “Today’s fragmented landscape of AI point solutions creates unnecessary complexity for development teams. By natively integrating the essential capabilities of GitLab Duo Code Suggestions and Chat directly within the GitLab DevSecOps platform, we’re eliminating the need for separate tools, licenses, and governance structures. This unified approach enables teams to accelerate their workflows and improve productivity while maintaining security and compliance standards.”
