GitLab 18.3 graduates fine-grained permissions for job tokens to General Availability, addressing a critical security risk. Previously, job tokens inherited overprivileged permissions from user accounts, creating vulnerabilities if compromised. This new feature allows maintainers to apply granular permissions, controlling job token access to specific API resources. Following the principle of least privilege, job tokens initially have no API access until explicitly granted.This release includes fine-grained permissions for repositories, deployments, environments, jobs, packages, pipelines, releases, secure files, and Terraform state. Future releases will expand this to additional API endpoints, enhancing software supply chain security. This move reduces the attack surface by limiting access to only necessary resources. It also eliminates the dependency on long-lived tokens, offering a more secure alternative to personal access tokens.This capability prepares for machine-based identity by laying groundwork for decoupling job tokens from user identities entirely. It enables secure automation at scale for complex CI/CD workflows without compromising security. Security teams and DevOps engineers are encouraged to evaluate this opt-in feature for automated deployments and infrastructure management. Gradual migration is recommended by identifying critical pipelines, auditing permission needs, enabling the feature, and configuring minimal access.