GitLab Ultimate,
now with
agentic AI
Enterprise-grade agentic AI capabilities for your software lifecycle to help you move faster while maintaining security and IP protection.
Available in both SaaS and self-managed deployment options, GitLab Ultimate adds:
- Agentic Chat
- Advanced security capabilities
- Security risk mitigation
- Compliance
- Customer Success Manager for eligible customers
- Priority support
- Live upgrade assistance
- Portfolio management
- Value stream management
GitLab Ultimate helps you
Increase operational efficiencies
GitLab Ultimate provides a single, scalable interface for organization-wide DevSecOps, reducing handoffs across tools and teams and improving efficiencies.
Deliver better products faster
With end to end Value Stream Management and Portfolio Management, GitLab Ultimate allows for greater visibility and transparency across projects, helping to eliminate bottlenecks and deliver products faster.
Reduce security and compliance risk
GitLab Ultimate introduces built-in security testing, compliance, and preventive security for cloud native applications to help you manage security risk and achieve regulatory compliance.

CARFAX improves security, cuts pipeline management and costs with GitLab
Read case study
Lockheed Martin saves time, money, and tech muscle with GitLab
Read case study
Deutsche Telekom drives DevSecOps transformation with GitLab Ultimate
Read case study
Iron Mountain drives DevOps evolution with GitLab Ultimate
Read case study
Dunelm “shifts left”: U.K. homewares leader moves security to front of cycle, boosts cloud migration
Read case study
HackerOne achieves 5x faster deployments with GitLab's integrated security
Read case studyBuild secure software, faster
with GitLab Ultimate
* Available on GitLab.com plans only
** Available on Self-Managed plans only
Amount of time that projects can use to run jobs on instance runners on GitLab.com
compute minutes
Storage usage limits include Git repository and Large File Storage (LFS).
Automate code building, testing, and deployment with customizable pipelines and integrated security.
Identify vulnerabilities in container images early in development, providing remediation paths before security risks reach production environments.
Publish static websites for free with GitLab Pages
Publish from your repository using any site generator, with automatic CI/CD deployment, custom domains, SSL support, and access controls.
Jira Development Panel Integration
Reference Jira issues in GitLab with automatic two-way linking.
Customizable pre-receive Git hooks that enforce commit content standards, message formats, branch naming rules, and file requirements.
Customize approval workflows with rules defining who must review code before merging, including options to prevent self-approvals and require authentication.
Identify maintainability issues during code review, displaying findings directly in merge requests.
Safeguard testing and production environments by restricting deployment access to authorized users only.
Code without local setup using Web IDE and Workspaces to access fully-featured development environments on remote servers.
Multiple approvers in code review
Define how many approvals a merge request must receive before it's merged, and which users should approve.
Remote repository pull mirroring
Automatically sync branches, tags, and commits from external repositories every 30 minutes, with safeguards to prevent data loss.
Measure the impact of GitLab Duo on software development lifecycle (SDLC) performance.
Create test cases from within GitLab
Document and track test scenarios directly in GitLab to improve collaboration, while maintaining visibility controls and integration with your existing workflows.
AI Chat in the IDE (Duo Classic)
Chat directly in your IDE to get context-aware answers, generate code, and fix issues without leaving your workflow.
AI Code Suggestions in the IDE (Duo Classic)
Automatically generates lines of code, including full functions, from comments; automatically proposes new lines of code from a few typed characters.
Granular access controls and usage tracking to support audit requirements.
A GitLab Credit is our universal currency for usage-based products across GitLab.
Delegate work by @ mentioning OpenAI Codex, Claude Code, and others directly in issues or merge requests.
Understand unfamiliar code, improve and modernize existing code, and generate tests for functions and methods.
Pre-built AI agents and workflows that automate common development tasks like planning, security analysis, and code review right in GitLab.
Customize and extend the capability of agentic AI to accomplish specific tasks.
Automate complex, multi-step tasks across your GitLab projects.
A central library where teams can create, share, and collaborate with agents and flows.
Gives you direct control over which large language models (LLMs) power GitLab Duo Agent Platform.
Model Context Protocol Integrations
MCP support enhances AI-powered development workflows, connecting GitLab Duo Agent Platform as an MCP client and serving as an MCP server for external AI assistants.
Track and manage hours spent on issues, merge requests, epics, and tasks with estimates, detailed reports, and standardized time units.
Wiki based project documentation
Create version-controlled documentation in Markdown, RDoc, AsciiDoc, or Org formats within GitLab, with customizable navigation, PDF export options, and Git-based collaboration.
Add weighting to issues to indicate time, value, or complexity, allowing for prioritization and more effective resource planning during development.
Code and Productivity Analytics
Measure development velocity by tracking merge request completion times, which helps to identify bottlenecks by showing which authors, labels, or milestones affect delivery speed.
Coordinate and track large initiatives by organizing work items into a work hierarchy, making complex projects manageable.
Promote important issues into epics within the parent group, preserving all metadata like comments, votes, participants, and labels
A time-boxed workflow that groups issues to be worked on during a specific period of time, usually lasting 1-3 weeks.
Use scoped labels to annotate issues, merge requests, and epics with mutually exclusive labels.
Create and deploy a static website to communicate efficiently to users during an incident.
Monitor your activity to help prevent secrets from being leaked and help you respond if there is a leak.
Track critical security actions like permission changes and user modifications with comprehensive, permanent audit logs, providing detailed reports for compliance, incident response, and access reviews.
Label projects with specific compliance requirements, with optional enforcement of compliance pipeline configurations and security policies in the Ultimate tier for enhanced regulatory oversight.
Static Application Security Testing
Automatic scans to discover vulnerabilities with each commit, giving you immediate feedback without disrupting your workflow.
Identify, prioritize, and track security weaknesses in your applications, helping security teams efficiently determine which vulnerabilities to address first to protect your software assets effectively.
View comprehensive vulnerability metrics, ratings, and trends across your projects, with 30-90 day visibility.
Track project compliance against GitLab standards with automatic adherence scans that update whenever project settings change.
Enforce organization-wide controls for security scans, merge request approvals, and pipeline execution, ensuring consistent security practices across projects.
Automatically detect vulnerabilities in application dependencies, including transitive ones, during development through SBOM analysis.
Runs in your CI/CD pipeline, checking your infrastructure definition files for known vulnerabilities so you can proactively address the risk to your application.
Automatically test your application with randomized inputs to uncover hidden bugs and security issues that standard QA might miss.
Dynamic Application Security Testing
Simulates real-world hacker attacks against your running web applications and APIs, detecting vulnerabilities like XSS and SQL injection that other tools may miss.
Track customer service agreements with an automatic countdown on incidents.
Assign response workflows to incidents, automatically triggering notifications to on-call responders based on configurable policies.
Create rotation schedules for team members to share incident response responsibilities, ensuring immediate notification when issues occur and maintaining continuous service availability during disruptions.
A free, unlimited license type on Ultimate. Ideal for external collaborators who need basic visibility to project information, with sensitive data protected by their guest-level permissions.
Enterprise Agile Planning Seats
For project managers, program managers, and non-technical collaborators who only need planning functionality. At $15 per user, this is a lightweight alternative to the full Ultimate seat cost.
Visualize individual contributions across your group by tracking team member activity over weekly, monthly, or quarterly periods.
Visualize planned work as a timeline of epics and milestones, helping to identify dependencies and communicate progress to stakeholders.
Interactive charts and custom reports for project metrics like issue creation trends, merge request completion times, and triage efficiency.
Track key DevOps performance indicators for velocity (deployment frequency, lead time) and stability (failure rate, recovery time).
Create tailored access levels based on existing roles with specific permissions for your organization's needs, applied consistently across groups and projects.
Create customizable value streams and insight reports leveraging DORA-4 metrics to use as the single source of truth.
Dependency Proxy for Container Registry**
Local pull-through cache for container images that stores frequently-accessed upstream images.
Globally distributed cloning with GitLab Geo**
Local GitLab instances that cache repositories geographically closer to users, reducing clone/fetch times from minutes to seconds.
Offload CI/CD to Secondary Site Runners
Offload load from the primary instance by registering a gitlab-runner with a secondary site.
Replicate your database, your Git repositories, and other assets.
Find code patterns, security vulnerabilities, deprecated functions, buried discussions, and existing solutions across all projects, repositories, issues, merge requests, and wikis.
Scalable Reference Architecture
Validated, production-ready environment designs for deploying GitLab at scale, with detailed specifications you can implement or adapt based on your organization's specific requirements.
Advanced LDAP/SAML Configuration
Automatically synchronize GitLab users with LDAP groups, configuring administrator access, external user status, and SSH keys through customizable directory attributes.
Start building faster today
Start building faster today
See what your team can do with the intelligent orchestration platform for DevSecOps.