DEVOPSdigest

GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.

Additionally, GitLab Premium customers can now purchase Duo Enterprise without requiring an upgrade to GitLab Ultimate.

GitLab 18 transforms developer workflows by further integrating AI throughout the platform. GitLab Premium and Ultimate customers can leverage AI-powered Code Suggestions for real-time code completion and code generation as well as Chat for instant access to code explanations, code refactoring, test generation, and code fixes, directly within their preferred source code editor or integrated development environment (IDE), now at no additional cost.

These AI-native capabilities enhance GitLab Premium’s powerful foundation to help scaling organizations deliver secure source code management, advanced CI/CD, and an improved developer experience without requiring separate tooling, licensing, or governance.

Additionally, in response to customer demand, GitLab Premium customers can now purchase Duo Enterprise, GitLab’s comprehensive suite of AI offerings, without requiring an upgrade to GitLab Ultimate. This includes advanced team collaboration and context-aware AI capabilities across the full development lifecycle.

GitLab is also introducing significant enhancements to its platform capabilities, extending core DevSecOps workflows by centralizing artifact management, optimizing CI/CD pipelines for speed and security, and empowering cross-functional teams with a unified platform.

- Built-in artifact management provides a native GitLab solution for maintaining artifacts, packages, containers, and more, including a new virtual registry for Maven and immutable tag management for greater tool consolidation on a single platform.

- Enhanced CI/CD offers structured inputs and enhanced, modular pipeline management with streamlined artifact handling and change detection, delivering a more secure way to configure parent/child pipelines and optimize pipeline execution.

- GitLab Query Language enables users to find, filter, and embed content from anywhere in the GitLab platform, enhancing collaboration, reporting, and project management across teams.

Further enhancements to GitLab 18 include strengthening its built-in security and compliance capabilities to help customers achieve comprehensive visibility and control over security risk.

- Custom compliance frameworks offer out-of-the-box controls for SOC 2, ISO 27001, and CIS benchmarks, along with the ability to define, implement, and enforce custom compliance controls.

- Reachability analysis for dependencies to help further improve detection accuracy, reduce false positive noise, and focus on code that threat actors can exploit.

- Custom logic for advanced Static Application Security Testing (SAST) adjusts SAST detection logic to an organization’s libraries, tech stack, or security requirements by providing additional context to help address false positives and negatives.

- Vulnerability dashboards provide insights into an organization’s security posture and track trends with organization-level and application-specific views, robust filtering, and reporting features to pinpoint critical findings.

- FIDO passkey support offers a more secure and user-friendly login experience with support for biometric authentication, device PINs, and YubiKeys.

- Security policy impact assessment provides context for informed decision-making about security policy changes, including a “warn mode” to help developers understand requirements without blocking merge requests.