Secure
Integrate third-party scanner results with GitLab (GA)
Any scanner that outputs SARIF now runs under your GitLab policies across every project, so the security tools you already use give you coverage you can prove.
Monthly releases, developer resources, and the latest from the GitLab team.

SARIF scanner results now flow into GitLab vulnerability management alongside native findings, with auto-remediation through GitLab Duo Agent Platform. Admins control which AI models run, which tools agents can call, and where audit events stream.
Now you can bring SARIF scanner results into every security view, cut false positive noise with AI-powered secret detection analysis, and close the governance gap with AI audit event streaming.
New event-driven triggers, admin controls, flow config validation, and model selection make it easier to control what runs in your environment and trust automation without supervision.
We are excited to recognize Pishel65, a Level 3 contributor with 19 merged MRs and 9 more open since joining in October 2025.
Secure
Any scanner that outputs SARIF now runs under your GitLab policies across every project, so the security tools you already use give you coverage you can prove.
AI
Secure
Spend less time triaging secrets that turn out to be false positives. GitLab Duo Agent Platform analyzes critical and high severity findings, scores confidence, and flags false positives so security teams remediate only genuine exposures.
Secure
Manage
Stand up compliance frameworks faster with 19 pre-built templates covering ISO 27001:2022, SOC 2, FedRAMP, NIST, CIS, TISAX, and more.
Secure
Find missing coverage easily by running the wizard to identify projects that require your attention. You can configure profiles that define which scanner to run. Bulk-apply profiles to projects and sub-groups to cut down on manual checks.
AI
Manage
Automate more of the merge request lifecycle without manual handoffs. Four new triggers let flows and external agents respond when a merge request moves from draft to ready, hits a code conflict, receives approval, or a work item is created. Plus, we've shipped new configuration capabilities to the existing Pipeline Events trigger.
AI
Manage
Control which AI agents and flows are available in your environment. Administrators and top-level group owners can prevent users from creating custom agents or flows and restrict agents from outside the group hierarchy.
AI
Manage
Catch configuration errors before they reach production. The AI Catalog validates custom flow YAML at save time, surfacing syntax errors and misconfigured parameters in the UI rather than at runtime.
AI
Manage
Give teams model choice within guardrails. Configure an allowlist of approved AI models and set an organization-wide default for Agentic Chat so users pick from approved options that fit your team’s requirements.
AI
Manage
Control what your AI agents can do, tool by tool. Configure approval policies with three modes (Allow, Ask, or Deny) across Agentic Chat, IDE, and flows, with audit events for every approval decision.
Code
Get the right reviewers on every merge request without manual assignment. When a merge request is created ready or marked ready from draft, GitLab assigns every Code Owner that matches the changed files.
Code
Navigate dependent merge requests without losing context. GitLab detects stacked merge requests automatically and shows them in the header, with a stack control to jump between any merge request in the stack.
AI
Approve a tool once and skip repeated prompts for the rest of the session. Choose "Approve all uses of this tool for session" to approve invocations whenever arguments match the approved pattern. Available in GitLab UI, Duo CLI, VS Code, and JetBrains IDEs.
AI
Code
Choose from more models for automated code review. Code Review Flow now supports GPT-5.2 and GPT-5.3 Codex alongside Anthropic Claude, with review quality comparable to the default Claude Sonnet 4.6 Vertex model.
Code
Understand who changed what without leaving the file view. Toggle inline blame to see the last author per line, with hover popovers for commit details, prior-change blame, and revision ignore options.
Secure
Manage
Give security teams the access they need without over-provisioning. The Security Manager role provides vulnerability management, dashboards, policy configuration, and compliance tools without requiring Developer or Maintainer roles.
Secure
Manage
Keep security coverage consistent even when code isn't changing. Enforce custom CI/CD jobs on a daily, weekly, or monthly cadence across projects, independent of commit activity.
Secure
Close a gap where secrets in earlier feature branch commits could go undetected. Secret detection now scans every commit from the branch's divergence point with the default branch to the latest commit.
Secure
Manage
Get real-time visibility into AI activity in your existing security toolchain. Stream AI audit events to external destinations through GitLab's audit event streaming infrastructure.
Manage
Tighten token lifetimes for security-sensitive integrations. Set a custom lifetime (300 to 7,200 seconds) for new OAuth access tokens, including tokens issued to MCP clients.
Secure
Manage
Close a blind spot in Git audit coverage. Audit logging for clone, pull, fetch, and push operations now extends to all actor types, including runners using deploy tokens and SSH certificate users.
Planned features across upcoming releases. Plans subject to change.
Duo Agent Platform Memory
AI
Manage
AI Pipeline Builder
AI
Verify
Create Stage Trigger Expansion
AI
Code
Native CODEOWNERS reviewer auto-assignment
Code
Project-level Epics
Plan
Organization sign-in
Manage
Virtual Registry ecosystem expansion (PyPI and NuGet)
Package
Deploy
Vulnerability management across contexts (non-default branch tracking)
Secure
Analyze
Security policy integration with security attributes
Secure
Manage
Custom rules for secret detection
Secure
Organization-level security dashboards
Secure
Be the first to know when new features ship
Forrester Consulting: GitLab Duo Agent Platform delivers 400% ROI
Claude Sonnet 5 on GitLab: More reliable, more efficient
GitLab Flex: Commit once, reshape your seats and AI spend
Ericsson Cuts Deployment Time 50% With GitLab to Deliver Faster Value to its OSS/BSS Customers
Multinational banking giant Barclays 'supercharges' innovation with GitLab
Join the list and be the first to know what's new with GitLab: the latest product updates, episodes of The Developer Show, and GitLab events.
All fields required