San Francisco — GitLab Inc., the clever orchestration platform for DevSecOps, at this time launched GitLab 18.11, increasing agentic AI throughout the whole software program lifecycle with safety remediation, pipeline configuration, and supply analytics.
AI-generated code strikes sooner than the methods round it may sustain with, creating the AI Paradox: sooner code era with out sooner supply, safety, or operations to match. As code quantity grows, so does the backlog of pipelines to configure, safety findings to remediate, and supply inquiries to reply. GitLab 18.11 helps deal with these gaps with platform-native brokers which have entry to the code, pipelines, points, and safety findings already in GitLab.
Agentic SAST Vulnerability Decision Reaches Basic Availability
Agentic SAST Vulnerability Decision is now usually obtainable for GitLab Final prospects utilizing GitLab Duo Agent Platform. Based on GitLab’s 2025 DevSecOps Report, builders spend 11 hours per 30 days remediating vulnerabilities after launch, fixing points which are already exploitable in manufacturing. When a SAST scan completes, the agent analyzes confirmed true positives, generates a code repair designed to handle the foundation trigger, and opens a ready-to-merge request with a confidence rating enabling builders to behave with out context switching and shut vulnerabilities earlier than they attain manufacturing.
New Prebuilt Brokers for CI and Analytics
For a lot of groups, standing up a primary pipeline is usually a vital adoption barrier. Groups that need to understand how lengthy MRs sit in evaluation or which pipelines are slowing them down should file a dashboard request or study a question language. GitLab 18.11 ships two new foundational brokers for GitLab Duo Agent Platform that assist deal with each gaps.
The CI Skilled Agent, now in beta, inspects a repository, identifies its language and framework, and proposes a build-and-test pipeline in pure language, concentrating on a working pipeline in minutes, with no YAML written manually.
The Knowledge Analyst Agent, now usually obtainable, solutions natural-language questions with quick visible solutions in regards to the stay software program lifecycle knowledge, protecting merge request cycle instances, pipeline well being, deployment frequency, and extra. It’s obtainable to Free, Premium, and Final tier prospects, with GitLab Duo Agent Platform enabled.
Each brokers can be found on GitLab.com, Self-Managed, and Devoted, and are a part of GitLab Duo Agent Platform.
Utilization Controls Give Organizations Predictable AI Spend
New subscription-level and per-user spending caps for GitLab Credit give organizations direct management over on-demand AI spend. Subscription-level caps let billing account managers configure a month-to-month restrict with enforcement controls, whereas per-user caps guarantee no single person exhausts the pool. Collectively, these controls allow enterprises to deploy GitLab Duo Agent Platform at scale with value predictability. The GitLab Credit dashboard and Prospects Portal give directors full visibility into utilization and cap standing.
Utilization controls can be found for each GitLab.com and Self-Managed prospects working GitLab 18.11.
