GitLab 19.0 targets the gap between writing code and shipping it

GitLab 19.0 targets the gap between writing code and shipping it

Briefly

"GitLab 19.0 extends the GitLab Duo Agent Platform, which reached general availability in January 2026. Duo agents now work across the full software lifecycle, from planning to security remediation, running tasks in parallel rather than waiting for human handoffs at each stage. The pitch is that AI coding assistants have made writing code faster, but reviews, pipelines, security scans, and deployments remain manual bottlenecks. GitLab wants to close that gap by orchestrating these steps with agents."

"The most significant new capability is the SBOM-based dependency scanner, now generally available. It gives Maven, Gradle, and Python projects full visibility into vulnerabilities across their entire dependency tree, including transitive dependencies that are not declared directly. That matters because roughly 70 per cent of critical security debt comes from third-party code, according to Veracode's 2025 State of Software Security report. The scanner targets the security debt created by indirect dependencies."

"GitLab Duo Developer, the platform's AI coding assistant, gets more flexible trigger methods. Developers can now assign it to an issue, select "Generate MR," or mention it in any issue or merge request discussion thread. The goal is to let the agent pick up work autonomously rather than requiring developers to context-switch into a separate tool. This makes it easier to start agent-driven tasks from normal GitLab workflows."

"On the model front, GitLab 19.0 adds support for Claude Opus 4.7, Google's Gemini models, and open-source options including Devstral 2 and GLM-5.1 for self-hosted deployments. The Gemini integration supports code review, vulnerability resolution, and CI/CD pipeline repair flows. Mistral AI is also available as a "