GitLab Dependency Scanning Auto-Remediation (Beta)
When dependency scanning finds a vulnerable package, you get a merge request that updates it and fixes the build-breaking changes for you. Every change runs through your existing review and approval process, so your team clears security debt without diverting developers.
Fine-grained Personal Access Tokens (GA)
Shrink the blast radius of a compromised credential by scoping each token to specific projects, groups, and operations. Replace broad scopes like read_api and api with granular permissions, so your automation and integrations carry only the access they need.
Scheduled Pipeline Execution Policies (GA)
Keep security and compliance coverage running even when code isn't changing. Schedule compliance scripts, security scans, or custom CI on a daily, weekly, or monthly cadence, independent of commit activity, so scans never silently lapse on your inactive projects.
Generic secret detection (GA)
Detect unstructured secrets, JWTs (JSON Web Tokens), generic passwords, and API tokens that do not follow known provider patterns. You catch leaked credentials that the pattern-based ruleset alone would miss.
AI Audit Event Report (Beta)
Track AI-assisted actions across your organization with dedicated audit events. Your compliance and security teams get the visibility to include AI workflows in audit reporting, access reviews, and incident investigation.
Security Review Flow (Beta)
Catch the authorization gaps, business-logic errors, and race conditions that static scanners structurally can't see. Security Review Flow reasons about what your code is meant to do rather than matching known patterns, so your team closes a review gap no traditional scanner can.
Tune how auto-remediation behaves for your organization (Beta)
Set the severity levels and version targets that trigger automatic dependency bumps, choose grouped or individual merge requests, and keep high-severity fixes moving without diverting your developers.
Group-level custom instructions for Duo Code Review
Set which automated code review runs, and for whom, with group-level custom instructions that apply across projects. As an admin, you give teams adopting AI-assisted review consistent guardrails without configuring each project one by one.
Support Assistant (Beta)
Diagnose GitLab product problems faster with a foundational agent that classifies issues, surfaces relevant troubleshooting docs, checks for known issues, and prepares support tickets with the right diagnostic context when your team needs to escalate.
Fix CI/CD Pipeline Flow suggests targeted fixes
Unblock a stalled merge without leaving the merge request. Get fixes as inline code suggestions or a new merge request, whichever fits best. You see failures classified before you act, and the flow reads failures across your entire pipeline hierarchy, including child pipelines.
Disable built-in project templates
Now you can keep project creation aligned to approved standards by turning off built-in project templates. This hides them from the Create template page, so teams only start from the templates you have applied.