AI capabilities are rapidly reshaping how teams build, secure, and deploy applications. As part of our ongoing commitment to helping you navigate the evolving marketplace, GitLab has introduced more than 440 improvements in the past three releases. We're excited to spotlight three standout features making an immediate impact on how teams approach AI-powered DevSecOps. In addition, we announced we are partnering with AWS to launch GitLab Duo with Amazon Q, combining our strengths to transform software development. We're creating an experience, together, that makes AI-powered development feel seamless and upholds the security, compliance, and reliability that enterprises require.
Learn how GitLab can deliver 483% ROI over the next three years, according to Forrester Consulting.
1. Vulnerability Resolution: Streamline security remediation
GitLab’s 2024 Global DevSecOps Report found that 66% of companies are releasing software twice as fast — or faster — than in previous years, as businesses strive to deliver more value to their customers than competitors. However, speed introduces risk. With security teams outnumbered by dev teams 80:1, threat actors are able to exploit applications at a record pace. Last year alone, 80% of the top data breaches stemmed from attacks at the application layer.
GitLab Duo Vulnerability Resolution addresses this challenge head-on. When vulnerabilities are detected in your code, you can now access detailed information right from the vulnerability report and invoke GitLab Duo to automatically create a merge request that updates your code and mitigates the risk. While developers must review these auto-generated merge requests before merging to verify the changes, this automation significantly streamlines the remediation process. Vulnerability Resolution pairs with Vulnerability Explanation, which also recently became generally available. Vulnerability Explanation gives developers a detailed description of the vulnerability infecting their code, real-world examples of how attackers can exploit the vulnerable code, and practical suggestions for remediation.
By expediting the vulnerability remediation process, your teams can focus on delivering software faster while maintaining strong security practices. With less time spent researching and remediating vulnerabilities, developers can concentrate on building features that drive business value.
GitLab Duo Vulnerability Resolution is available as a GitLab Duo Enterprise add-on.
2. Model Registry: Breaking down silos between Data Science and Development teams
For organizations building AI-powered applications, bridging the gap between data science and software development teams has been a persistent challenge. Data scientists and developers often work in disconnected tools and workflows, leading to friction, delays, and potential errors when deploying models to production.
GitLab Model Registry directly addresses this challenge by providing a centralized hub where data science and development teams can collaborate seamlessly within their existing GitLab workflow. Built with MLflow native integration, the registry allows data scientists to continue using their preferred tools while making models and artifacts instantly accessible to the broader development team. This unified approach transforms team collaboration. Data scientists can version models, store artifacts, and document model behavior through comprehensive model cards, while developers can easily integrate these models into their applications using GitLab CI/CD pipelines for automated testing and deployment.
Additionally, the Model Registry's semantic versioning and GitLab API integration enables teams to implement robust governance and automate production deployments, creating a streamlined environment where data scientists and developers can work together effectively to deliver AI-powered innovation.
Model Registry is available across all tiers for SaaS and self-managed customers. See the release blog for 17.6 and documentation for more.
3. Secret Push Protection: Shift security left with proactive secret detection
Teams often face a critical security challenge: Developers may hardcode sensitive information like API keys, tokens, and credentials as plain text in source code repositories, sometimes without even realizing it. This creates an easy target for threat actors and puts your organization at risk.
Secret Push Protection directly addresses this problem by blocking developers from pushing code that contains secrets, significantly reducing the likelihood of a breach. It works by leveraging customizable rules to identify high-confidence secrets before they ever reach your repository.
What makes this solution particularly powerful is its integration with our pipeline secret detection, creating a comprehensive defense strategy.
Secret Push Protection is now generally available for all GitLab Ultimate tier and GitLab Dedicated customers.
Put these features to work today
At GitLab, we’re committed to making it easier for teams to build software, faster. Capabilities like GitLab Duo Vulnerability Resolution, Model Registry, and Secret Push Protection are just a few of the recent innovations we’ve delivered to help developers and security teams level up their DevSecOps workflows. To learn more, check out our releases page.
Get started with these new features today with a free, 60-day trial of GitLab Ultimate.