San Francisco — GitLab Inc., the clever orchestration platform for DevSecOps, at the moment launched GitLab 18.11, increasing agentic AI throughout your entire software program lifecycle with safety remediation, pipeline configuration, and supply analytics.
AI-generated code strikes sooner than the techniques round it might sustain with, creating the AI Paradox: sooner code technology with out sooner supply, safety, or operations to match. As code quantity grows, so does the backlog of pipelines to configure, safety findings to remediate, and supply inquiries to reply. GitLab 18.11 helps handle these gaps with platform-native brokers which have entry to the code, pipelines, points, and safety findings already in GitLab.
Agentic SAST Vulnerability Decision Reaches Common Availability
Agentic SAST Vulnerability Decision is now typically out there for GitLab Final prospects utilizing GitLab Duo Agent Platform. In accordance with GitLab’s 2025 DevSecOps Report, builders spend 11 hours per thirty days remediating vulnerabilities after launch, fixing points which might be already exploitable in manufacturing. When a SAST scan completes, the agent analyzes confirmed true positives, generates a code repair designed to handle the basis trigger, and opens a ready-to-merge request with a confidence rating enabling builders to behave with out context switching and shut vulnerabilities earlier than they attain manufacturing.
New Prebuilt Brokers for CI and Analytics
For a lot of groups, standing up a primary pipeline generally is a important adoption barrier. Groups that wish to understand how lengthy MRs sit in evaluation or which pipelines are slowing them down need to file a dashboard request or be taught a question language. GitLab 18.11 ships two new foundational brokers for GitLab Duo Agent Platform that assist handle each gaps.
The CI Professional Agent, now in beta, inspects a repository, identifies its language and framework, and proposes a build-and-test pipeline in pure language, focusing on a working pipeline in minutes, with no YAML written manually.
The Knowledge Analyst Agent, now typically out there, solutions natural-language questions with quick visible solutions in regards to the stay software program lifecycle knowledge, protecting merge request cycle occasions, pipeline well being, deployment frequency, and extra. It’s out there to Free, Premium, and Final tier prospects, with GitLab Duo Agent Platform enabled.
Each brokers can be found on GitLab.com, Self-Managed, and Devoted, and are a part of GitLab Duo Agent Platform.
Utilization Controls Give Organizations Predictable AI Spend
New subscription-level and per-user spending caps for GitLab Credit give organizations direct management over on-demand AI spend. Subscription-level caps let billing account managers configure a month-to-month restrict with enforcement controls, whereas per-user caps guarantee no single person exhausts the pool. Collectively, these controls allow enterprises to deploy GitLab Duo Agent Platform at scale with value predictability. The GitLab Credit dashboard and Clients Portal give directors full visibility into utilization and cap standing.
Utilization controls can be found for each GitLab.com and Self-Managed prospects working GitLab 18.11.
