TheNote
GitLab Note
GooglePlay AppStore

GitLab

The GitLab blog is a platform for sharing news, insights, and perspectives on software development and DevOps practices. It features articles from GitLab team members, customers, and industry experts on topics such as CI/CD, GitOps, cloud-native development, and more. The blog serves as a valuable resource for developers, operations professionals, and technology leaders looking to stay informed about the latest trends and best practices in software development. With a focus on innovation, collaboration, and community, the GitLab blog fosters knowledge sharing and encourages discussion among its readers. Whether you are new to GitLab or a seasoned user, the blog provides valuable information and insights to help you improve your software development workflow. From technical deep dives to thought leadership pieces, the GitLab blog offers something for everyone interested in the future of software development. Stay up-to-date with the latest news, trends, and best practices by subscribing to the GitLab blog.
GitLab about.gitlab.com
RSS about.gitlab.com
RSS Hunter RSS Hunter Aug 19, 2024

Thread Of Notes

AI Catalog updates for governance and operations

Enterprise AI adoption is often hindered by a lack of visibility into what AI tools are running and who deployed them. GitLab 19.1 introduces event-driven triggers for Duo Flows, enabling continuous and automated AI workflows. Previously, all triggers required manual human action, limiting programmatic integration and scheduled execution. These new triggers allow flows to run automatically when defined conditions are met, such as a merge request conflict detection or when marked ready for review. Additional triggers include merge request approval and work item creation, streamlining processes like compliance checks and incident creation. Pipeline events can now be filtered by specific states like failure or success, preventing unnecessary alerts. Two new settings empower administrators to disable custom agents and restrict the AI catalog to their group hierarchy, preventing unauthorized AI content. Flow misconfigurations are now caught upstream with validation against the Duo Workflow Service before flows are saved. A public beta feature allows admins to create an allowlist of approved AI models, providing greater control over AI usage. These updates enable AI flows to operate continuously and reliably, with enhanced governance and developer feedback mechanisms.
https://about.gitlab.com/blog/ai-catalog-updates-for-governance-and-operations/ about.gitlab.com
RSS Hunter RSS Hunter Jun 18

One vulnerability view: From scanner coverage to AI governance

Enterprises often struggle with inconsistent security scanner coverage across projects, leading to undetected blind spots. GitLab 19.1 addresses this by enabling the integration and enforcement of existing third-party security scanners at scale. This new functionality provides a unified view of scanner coverage, ensuring all projects are scanned according to defined policies. Vulnerabilities detected by these integrated scanners flow directly into GitLab's central vulnerability view for consistent management. Furthermore, these third-party findings can now be automatically remediated using GitLab Duo Agent Platform workflows.The release also enhances secret detection by scanning every commit on a new branch, preventing secrets committed earlier from being missed. Secret False Positive Detection is now generally available, providing confidence scores and explanations to reduce developer noise. On the AI governance front, AI audit event streaming, currently in beta, records every action taken by AI agents. This allows organizations to monitor and prove agent behavior. Agent tool approval guardrails, also in beta, empower administrators to define agent actions, requiring human approval for sensitive operations. This combination of comprehensive scanner coverage, automated remediation, and robust AI agent governance offers improved security and accountability.
https://about.gitlab.com/blog/one-vulnerability-view/ about.gitlab.com
RSS Hunter RSS Hunter Jun 18

GitLab and Capgemini accelerate DevSecOps transformation

GitLab and Capgemini have established a global alliance partnership. Capgemini will act as a GitLab Select Partner, utilizing GitLab's comprehensive platform. This includes the GitLab Duo Agent Platform for AI orchestration throughout the software development lifecycle. They will also offer specialized implementation services to clients worldwide. This collaboration aims to accelerate customer time-to-value by providing expert guidance on tools, processes, and methodologies. It merges GitLab's DevSecOps orchestration capabilities with Capgemini's digital transformation expertise. The partnership focuses on modernizing software delivery, securing supply chains, and integrating AI into development. Key areas of focus include cloud-native development, application modernization, and sovereign solution design. Value stream modernization to streamline the software delivery lifecycle is also a priority. Furthermore, the integration of generative and agentic AI through GitLab Duo will enhance development workflows.
https://about.gitlab.com/blog/gitlab-and-capgemini-global-alliance-partnership/ about.gitlab.com
RSS Hunter RSS Hunter Jun 17

Introducing the 2026 EMEA GitLab Partner Award winners

The GitLab Partner Program actively fosters a DevSecOps ecosystem to help customers modernize their software development. Recently, GitLab celebrated its EMEA partners for their expertise and commitment to customer success. During this event, GitLab announced the winners of the 2026 GitLab Partner Awards for the EMEA region. cc cloud GmbH was named Regional Partner of the Year for Central Europe, Eficode for Northern Europe, and Kiratech for Southern Europe. Bynet received recognition for Emerging Markets, specifically Eastern Europe and Israel. Capgemini | Sogeti won the Best Technical Solution/Project award for their innovative work. Devoteam was honored as the Most Certified and Enabled Partner with the highest number of certified professionals. ITDOTCOM earned the Rookie of the Year award for significant early impact. Linux Polska was celebrated as the First Order Master for their success in acquiring new business. Finally, Conoa a PROACT Company received the Co-marketing Partner of The Year award for their exceptional joint marketing efforts.
https://about.gitlab.com/blog/2026-emea-gitlab-partner-awards/ about.gitlab.com
RSS Hunter RSS Hunter Jun 17

GitLab named a Leader in the 2026 Gartner® Magic Quadrant™ for DevSecOps Platforms

Gartner has recognized GitLab as a Leader in the DevSecOps Platforms Magic Quadrant for four consecutive years. The company asserts that software development has evolved beyond just coding, emphasizing the underlying platform's importance for speed and efficiency. While AI coding assistants have accelerated code creation, this has created downstream bottlenecks in pipelines, security, and deployments. GitLab believes the true challenge is transforming agent-produced code into reliable software through "speed with control."The current enterprise struggle involves balancing rapid delivery with governance, especially as AI agents multiply without robust management policies. GitLab positions itself as the integrated platform for planning, building, securing, and shipping software, acting as a control layer for the agentic era. It stress-tests changes against existing code and policies before they reach production.Established companies like Ericsson and Southwest rely on GitLab for scalable and reliable software delivery. GitLab offers consistent platform capabilities across SaaS and self-managed deployments, even in air-gapped environments, without compromising control. Gartner highlighted this parity and comprehensive AI functionality as strengths. The platform is also extensible, allowing integration with existing tools while maintaining a unified governance boundary.GitLab's commitment to enterprise-grade uptime is underscored by strengthened SLAs, including a 99.9% monthly availability guarantee for Ultimate customers. Recent innovations focus on machine-scale source code management, a context graph called GitLab Orbit to enhance AI model performance, and agents for security and governance. New agentic triggers automate task coordination, and flexible agreements allow for tailored spending. Ultimately, GitLab provides a single platform, context graph, and governance boundary for collaborative software development by both humans and agents.
https://about.gitlab.com/blog/gitlab-leader-2026-gartner-mq-devsecops-platforms/ about.gitlab.com
RSS Hunter RSS Hunter Jun 17

Introducing GitLab Orbit: Full code and lifecycle context, in one query

AI agents struggle with understanding the system surrounding code, leading to wasted effort and failed tasks. This gap arises because agents often lack context beyond the immediate code they are analyzing. GitLab Orbit aims to bridge this gap by creating a live, queryable graph of all software development lifecycle data. This graph connects code, merge requests, pipelines, deployments, vulnerabilities, and ownership. By using this first-party data, agents can make more informed decisions and provide more accurate results.GitLab Orbit has demonstrated significant improvements in AI code review accuracy compared to traditional methods like RAG. It enables coding agents to be up to eleven times faster and significantly reduce token usage. Furthermore, Orbit allows for previously impossible queries, such as tracing pipeline failures to their root cause or mapping the blast radius of vulnerabilities. This facilitates faster incident response and more efficient planning for tasks like migrations.The system works by ingesting and parsing data from various sources, maintaining an up-to-date graph of relationships. Query traffic is separated from the main GitLab instance, and authorization mirrors existing GitLab permissions. Orbit builds on data GitLab already captures, eliminating the need for new instrumentation. Engineers can also query this graph directly through the Data Explorer for manual investigations. GitLab Orbit is currently in public beta for Premium and Ultimate customers.
https://about.gitlab.com/blog/introducing-gitlab-orbit/ about.gitlab.com
RSS Hunter RSS Hunter Jun 10

GitLab on Google Cloud: Fully managed, compliant, and AI-ready

GitLab is now available as a fully managed platform on Google Cloud, delivered by certified MSPs like Beyond and Digital Future. This collaboration integrates the latest Google AI models, including Gemini and Gemma, directly into the GitLab platform. Teams can maintain full control over their code, pipelines, and security data while leveraging a scalable and reliable DevSecOps architecture. This offering builds upon a previous collaboration allowing GitLab Duo Agent Platform to utilize Google models and apply usage towards existing Google Cloud commitments.The managed service addresses the tension between needing access to strong AI models and maintaining control over sensitive data, providing both modern AI capabilities and robust governance. Organizations can run GitLab fully managed on Google Cloud, ensuring data residency and compliance with regulated requirements. MSP partners handle the operational burden, providing high service-level agreements, while built-in audit and policy controls maintain visibility for compliance teams. The latest Gemini models, including Gemini 3.5 Flash, are available now in GitLab Duo Agent Platform, with new models continuously integrated. For self-hosted and regulated teams, Gemma 4 offers an open-weight option for GitLab Duo Self-Hosted, allowing full control over AI Gateway and data within their environment.Purchasing GitLab and Duo Agent Platform through Google Cloud Marketplace enables usage against existing Google Cloud commitments, streamlining budgeting and billing. This integrated approach consolidates platform, inference, and infrastructure spend into a single Google Cloud bill. GitLab also provides cost controls with usage dashboards, policy management for model usage, and a Credits model for predictable consumption. The unification of strong AI models with GitLab Duo Agent Platform’s software-delivery context prevents fragmentation across disparate tools, ensuring aligned deployment, model choice, governance, and spend. This collaboration with Google Cloud offers the right deployment options, models, and cost controls for running DevSecOps at scale on controlled infrastructure with auditable governance. Free trials and simple sign-up options are available for new and existing GitLab users to start utilizing Duo Agent Platform.
https://about.gitlab.com/blog/gitlab-expands-google-model-support/ about.gitlab.com
RSS Hunter RSS Hunter Jun 10

GitLab Flex: Commit once, reshape your seats and AI spend

The agentic era has made software needs unpredictable, especially regarding seat count, AI consumption, and desired capabilities. Traditional contracts, however, fix all these elements upfront, leading to overpayment or stalled progress when needs change. GitLab Flex addresses this by offering a single annual commitment that can be reshaped monthly across seats, AI usage, and new capabilities without re-procurement. This avoids the pitfalls of guessing too high or too low with fixed contracts.With Flex, annual budgets adapt monthly. Customers can adjust seat reservations, reallocating them as teams change, or direct them towards AI usage. AI consumption scales predictably, drawing from the annual commitment at published rates, and usage above the commitment bills on-demand. New eligible capabilities released after signing can be added without new procurement, drawing from the existing commitment. Unlike most consumption models, Flex allows budget movement between seats and usage within the same commitment.A single Flex agreement can combine platform seats (Premium and Ultimate), GitLab Credits for AI and other capabilities, and any deployment type (GitLab.com, Self-Managed, Dedicated, air-gapped). This flexibility allows organizations to shift their mix over the term. Larger annual commitments unlock better unit pricing and reserved capacity costs less than unplanned usage. Spend controls like subscription-level and per-user caps help manage budgets.Unreserved seats draw at the effective pre-negotiated price, and usage above the full Flex commitment bills at on-demand rates. Cloud-connected customers are billed automatically, while air-gapped customers are invoiced twice yearly. Existing customers can maintain their current plans through renewal, but Flex is recommended for new agreements. The tier capabilities of Premium and Ultimate remain unchanged with Flex.GitLab Flex provides an operating model for managing both platform and AI spend, adapting to the dynamic needs of the agentic era. Customers can request orders with GitLab Flex now.
https://about.gitlab.com/blog/introducing-gitlab-flex/ about.gitlab.com
RSS Hunter RSS Hunter Jun 10

GitLab: Built for the agentic engineering era

GitLab Transcend showcased major innovations driving agentic software development. Next-generation Source Code Management, a Git engine optimized for agent-scale concurrency, is in private beta. GitLab Orbit, a comprehensive context graph for the entire software lifecycle, is now in public beta, significantly improving agent efficiency and accuracy. Agents for security and governance for agents, focusing on identity, policy, and audit trails for agent actions, are in private beta.The GitLab Duo Agent Platform, a generally available orchestration system, facilitates agent workflows across the full development cycle. GitLab Flex is a new buying model allowing flexible allocation of annual commitments across seats, AI usage, and capabilities. Research shows 91% of organizations use two or more AI coding tools, but unmanaged speed creates chaos. Fragmentation in the software lifecycle leads to inefficiencies and risks with current AI coding tools.GitLab addresses these challenges with its agentic infrastructure, which includes a motor system for execution, a nervous system for context, an immune system for governance, and an orchestration system. The next-generation SCM aims to eliminate "clone tax" and concurrency collapses under agent load, showing promising internal results. GitLab Orbit provides agents with critical context, reducing hallucinations and improving response times.New agents for security and governance ensure compliance and traceability for every agent action. The Duo Agent Platform already sees 10x growth in weekly active users, streamlining development by reducing context-switching. GitLab Flex offers unprecedented flexibility in software procurement. These innovations aim to transform agentic coding into controlled, efficient software delivery.
https://about.gitlab.com/blog/gitlab-transcend-announcements/ about.gitlab.com
RSS Hunter RSS Hunter Jun 10

Mythos-class Claude Fable 5 arrives on GitLab Duo Agent Platform

Claude Fable 5, a new Mythos-class model from Anthropic, is now integrated into the GitLab Duo Agent Platform. This is a significant upgrade, enabling completion of complex, multi-step tasks that previous AIs struggled with, while reducing iteration cycles. Claude Fable 5 enhances features like Duo Agentic Chat and foundational agents with its improved capabilities. It is accessible across all GitLab tiers and deployment models via the AI Gateway. A key advantage is a measurable increase in first-shot accuracy for complex problems, significantly shortening development time. Claude Fable 5 also demonstrates superior interpretation of technical images and screenshots. The model offers long-horizon autonomy, sustaining productive output over extended periods and millions of tokens. This allows agent workflows to run to completion without manual intervention, as Claude Fable 5 can self-correct and manage parallel sub-agents. Engineering leaders will appreciate reduced human oversight costs and the ability to assign more challenging problems. Bug detection and incident resolution are also improved, with deeper code reasoning and more actionable review comments. Users are encouraged to leverage Claude Fable 5 on their most difficult unsolved problems. Claude Fable 5 becomes available on the GitLab Duo Agent Platform starting June 9, 2026.
https://about.gitlab.com/blog/mythos-class-claude-fable-5-on-gitlab/ about.gitlab.com
RSS Hunter RSS Hunter Jun 9

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

GitLab's Vulnerability Research team discovered a coordinated supply chain attack on PyPI utilizing a Shai-Hulud malware variant. Five malicious packages were found: four were typosquats of popular libraries like Flask, Requests, and NumPy, while the fifth was a weaponized legitimate project called mflux-streamlit. These packages execute code upon installation without requiring imports, employing a self-propagating credential stealer. The malware targets CI/CD environments across major cloud providers, attempting to steal credentials from GitHub, AWS, Azure, GCP, and more. It also targets databases, Vaults, and even attempts to escalate privileges on CI runners. The attack leverages Python's .pth file mechanism for initial execution, downloading and running a Bun JavaScript runtime to execute an obfuscated payload. This payload contains the Shai-Hulud worm, capable of harvesting sensitive information. The worm also exhibits self-propagation, committing malicious files to repositories and publishing additional poisoned packages. GitLab confirmed its own systems were unaffected and is sharing findings to aid the broader security community. All malicious packages originated from a single PyPI account, elitexp, which had previously published a legitimate project. Users are advised to remove affected packages, rotate credentials, and audit their systems for suspicious activity. GitLab Ultimate users can leverage Dependency Scanning to detect these vulnerabilities.
https://about.gitlab.com/blog/shai-hulud-copycat-campaign-targets-python-developers/ about.gitlab.com
RSS Hunter RSS Hunter Jun 9

Agentic coding is only as good as its context

Demos often showcase coding agents generating pull requests quickly, but fail to address post-commit issues like CI/CD failures. These failures often stem from lack of platform context, leading to rework instead of accelerating delivery. Integrating coding agents with platforms like GitLab, which provides issue, pipeline, and security policy context, helps avoid failures. GitLab tutorials demonstrate how increasing an agent's context improves code quality, security, and review cycles. Agents benefit from repository, issue, and merge request context to align with team standards and plan.When agents work inside merge requests, review cycles shorten and time to merge improves. Platform teams define agent access and verification processes, making the platform, not the agent, the key to safe code delivery. As agents produce more code, security becomes more crucial, shifting the bottleneck from vulnerability discovery to fix approval. Agents with context can prioritize vulnerabilities by real exposure. Custom instructions in AGENTS.md files improve agent output quality by standardizing project structure and expectations. The structured and relevant context delivered by platforms like GitLab outperforms raw data dumps due to context window limitations. Agents accelerate revision by addressing review feedback in merge requests while maintaining existing controls. To start with agentic coding, fix a real bug, document with AGENTS.md, and focus on efficient context delivery.
https://about.gitlab.com/blog/agentic-coding-only-as-good-as-context/ about.gitlab.com
RSS Hunter RSS Hunter May 28

Claude Opus 4.8 on GitLab: Complex agentic work, less disruption

Anthropic's newest model, Claude Opus 4.8, is now integrated into GitLab Duo Agent Platform, aiming to improve agent performance on intricate tasks. This model excels in executing complex, multi-step agent sequences autonomously over extended periods. Opus 4.8 offers superior reasoning and planning capabilities, resulting in cleaner outcomes with reduced intervention. It enhances instruction interpretation, leading to more efficient and accurate results in established agent workflows. Beyond coding, the model also excels at document drafting, data analysis, and structured knowledge tasks. A key feature is support for mid-conversation system prompts, allowing for dynamic instruction updates. This prevents the need to restart the prompt cache, proving efficient for evolving conditions. Opus 4.8 is accessible now within the GitLab Duo Agent Platform and uses GitLab Credits. Users can start a free trial or subscribe through GitLab's tiers to access the agent platform. Existing premium or ultimate subscribers can use the included GitLab Credits.
https://about.gitlab.com/blog/claude-opus-4-8-on-gitlab/ about.gitlab.com
RSS Hunter RSS Hunter May 28

Full security scanner coverage of your codebase in minutes

CI/CD platforms face scalability issues in securing code pipelines at scale as organizations grow. Manually configuring scanners across projects becomes unmanageable with increasing code velocity driven by AI. GitLab 19.0 introduces security configuration profiles to tackle this challenge. These profiles are centralized settings that define how and when security scanners run. This simplifies security by eliminating the need to set up scanners in each project's files. The profiles enable SAST, dependency scanning, and secret detection across projects from day one. These profiles automate scans on merge request and branch pipelines for SAST and dependency scanning. Secret detection also includes push protection to catch secrets in real-time. Benefits include standardized coverage, catching vulnerabilities before release, and preventing compromised dependencies. Security configuration profiles are easily implemented through GitLab's Security Inventory. They require GitLab Ultimate and can be applied to individual projects or entire groups. Both profile-based and legacy configurations can coexist during migration.
https://about.gitlab.com/blog/security-configuration-profiles/ about.gitlab.com
RSS Hunter RSS Hunter May 26

Reduce supply chain risk with SBOM-based dependency scanning

Third-party code dependence introduces significant security risks, amplified by AI-generated code vulnerabilities. Traditional dependency scanners are insufficient for modern application security needs. GitLab 19.0 introduces SBOM-based dependency scanning to address these challenges effectively. This feature inventories project dependencies, identifying vulnerable packages your application actually uses. The scanning process traces transitive dependencies to their origin, providing critical context. It also prioritizes vulnerabilities based on code reachability, improving focus. The system continuously scans for new vulnerabilities, ensuring ongoing protection. GitLab's SBOM scanner supports numerous package ecosystems. It now simplifies the addition of new languages and file formats. Security configuration profiles streamline deployment and enforcement across projects. Teams can configure dependency scanning once and apply it widely using policies. The new dependency scanning feature is available for GitLab Ultimate users, with a migration guide. Detailed instructions and documentation facilitate easy set-up and usage.
https://about.gitlab.com/blog/sbom-based-dependency-scanning/ about.gitlab.com
RSS Hunter RSS Hunter May 26

Track CI component usage across your organization

GitLab's CI/CD Catalog allows teams to publish and share reusable pipeline components. Once these components are deployed, it is difficult to track usage and versioning. GitLab 19.0 introduces Components Analytics within the CI/CD Catalog to solve this lack of visibility. This feature offers adoption data and usage counts for all CI/CD components. The high-level view (available in all tiers, including Free) shows the latest version and the number of projects using each component. GitLab Ultimate users gain access to a drill-down view, which reveals which projects use specific component versions. This helps identify outdated components and potential security risks. Components Analytics provides a clear understanding of the components in use and their versions. It allows teams to prioritize maintenance, plan deprecations, and improve security response times. Native visibility offered by Components Analytics surpasses the capabilities of other platforms like GitHub Actions, CircleCI, and Jenkins. This ensures that CI standards are running and that platform investments yield a return. As AI generates more pipelines, the CI/CD Catalog and Components Analytics work together to scale automated workflows. Self-Managed and Dedicated customers also benefit from component mirroring capabilities.
https://about.gitlab.com/blog/track-ci-component-usage/ about.gitlab.com
RSS Hunter RSS Hunter May 21

GitLab 19.0: Transform MRs from manual tasks to an automated workflow

AI has accelerated code generation, but the manual processes surrounding merge requests have persisted, creating a bottleneck. GitLab 19.0 introduces Developer Flow, an AI agent designed to automate the entire merge request lifecycle. This agent handles tasks like addressing feedback, resolving conflicts, researching codebases, and splitting large merge requests. Developer Flow allows developers to delegate tasks and focus on reviewing and steering the process. It is built to read project configurations, including documentation, to improve the agent's performance. The new version also includes one-click rebase and merge to streamline the final stage of merging. GitLab 19.0 also introduces the ability to resolve merge conflicts with Duo's help, reducing a time-consuming manual task. The agent's actions are documented, maintaining an audit trail for transparency. All these features aim to reduce the manual effort required between creating a merge request and merging it. This includes automation for judgment-heavy work and mechanics. GitLab customers on Premium and Ultimate can try the new capabilities.
https://about.gitlab.com/blog/transform-mrs-to-automated-workflow/ about.gitlab.com
RSS Hunter RSS Hunter May 21

More AI models for GitLab Duo Agent Platform Self-Hosted

GitLab 19.0 expands self-hosted open source model support for its Duo Agent Platform, aiming to bridge the AI capability gap for regulated and isolated environments. This update caters to customers facing data residency, network isolation, and compliance challenges. These constraints often limit access to advanced AI models due to data security concerns. The new feature allows teams to deploy suitable models, even on their own GPUs, within isolated or air-gapped networks. GitLab's selection of open-source models addresses these challenges, enabling local inference and data privacy. The supported open source models include Mistral Devstral 2 123B, GLM-5.1, Kimi-K2.6, and MiniMax-M2.7. Customers can utilize on-premises hardware with vLLM or GPU-enabled virtual machines for self-managed inference. For air-gapped environments, on-premises open-source models are the primary solution. Hybrid deployments are also supported, enabling a mix of self-hosted and GitLab-managed models. Deployment choices depend on the specific environmental needs, such as network access restrictions. The update is accessible to both offline and online license holders, with options for combining self-hosted and GitLab-managed models. Contact GitLab sales for specific deployment needs and further details. This enhancement underscores GitLab's commitment to providing AI capabilities across diverse environments.
https://about.gitlab.com/blog/more-ai-models-for-duo-agent-platform-self-hosted/ about.gitlab.com
RSS Hunter RSS Hunter May 21

Manage CI/CD credentials with GitLab Secrets Manager

Credential leaks often start with developers improvising secret storage, leading to vulnerabilities. GitLab Secrets Manager, now in public beta, aims to solve this by providing a secure and integrated solution. This manager keeps secrets within the GitLab platform, accessible to jobs needing them. Developers can define secrets in .gitlab-ci.yml, using the secrets: keyword. The access control uses the established group and project structure. This approach eliminates the need for separate systems, simplifying access management. The secret's scope can be defined using job attributes, minimizing the impact of a breach. Audit logs within GitLab track secret usage, enabling efficient investigation. This feature is in public beta for Premium and Ultimate users on GitLab.com and self-managed deployments. It's designed to streamline secret management and reduce the risk associated with compromised credentials. The Secrets Manager will be a paid feature post-beta. Feedback is encouraged to help shape its final form.
https://about.gitlab.com/blog/secrets-manager-in-public-beta/ about.gitlab.com
RSS Hunter RSS Hunter May 21

Beyond BYOK: Why governance matters for AI agents

GitHub's Copilot CLI now allows users to bring their own AI model or run models locally. However, relying solely on model selection is insufficient for enterprise-level automation where governance is crucial. GitLab Duo CLI, built on the Duo Agent Platform, offers a different approach, focusing on enterprise-grade control across the software delivery pipeline. Duo CLI supports both interactive development and automated workflows in CI/CD pipelines, including headless mode. This platform-level control ensures consistent governance, auditing, and security, unlike Copilot's per-developer configurations. Duo CLI offers prompt injection detection, composite identity scopes and custom instruction files (AGENTS.md and SKILL.md) to manage agent permissions. This allows teams to debug pipelines and automate complex development tasks securely. When considering AI tooling for the platform, the need for enterprise-level control and robust security in the absence of human oversight becomes critical. GitLab Duo facilitates model flexibility by supporting self-hosted and GitLab-hosted models, allowing for data sovereignty. Teams can start a free trial or sign up with their existing GitLab subscriptions to experience the benefits of GitLab Duo CLI.
https://about.gitlab.com/blog/gitlab-duo-cli-governance/ about.gitlab.com
RSS Hunter RSS Hunter May 18

Codex and GitLab: From code fix to production

This tutorial explores using Codex, a coding agent, with GitLab for software development. It starts with fixing a WebSocket bug locally using Codex, then integrates GitLab MCP to incorporate issue requirements. Codex is used to fix the WebSocket bug, updating logic, adding tests, and creating a branch. It then leverages GitLab's CI/CD pipeline and code review. The second use case has Codex leverage GitLab MCP, integrating issue details directly before code changes. This enabled it to create a merge request and close the associated issue via MCP. The focus shifts to fixing a REST API validation bug, where Codex, as an external agent, addresses review feedback within a merge request. Codex adds documentation, tests, and commits fixes, all within the merge request context. This increases efficiency with code reviews and revision updates. Specific tips are provided for effective use of Codex and GitLab together, like a file named "AGENTS.md."
https://about.gitlab.com/blog/fix-bugs-with-codex-and-gitlab/ about.gitlab.com
RSS Hunter RSS Hunter May 18

GitLab Dedicated for Government now GovRAMP-authorized

GitLab Dedicated for Government has achieved GovRAMP authorization, simplifying the process for state and local agencies to adopt secure DevSecOps. It offers a single-tenant solution with enhanced data residency, isolation, and private networking to meet stringent compliance requirements. The platform integrates tools, offering toolchain consolidation and addressing budget constraints, and consolidates the development process into a single platform. GitLab Dedicated for Government is built on GovRAMP-authorized infrastructure with data encryption and offers managed hosting, simplifying infrastructure management for agencies. The platform provides comprehensive native security and compliance capabilities, including security scanning and policy enforcement. GitLab Duo is available, bringing AI-assisted capabilities within the compliance boundary, with future plans for advanced AI features. This secure SaaS platform supports government modernization efforts, meeting data sovereignty needs and offering a path for faster software delivery. Agencies can benefit from shorter cycle times, strengthened security, increased developer productivity, and streamlined compliance. GitLab offers comprehensive support, including migration assistance, to help agencies get started.
https://about.gitlab.com/blog/govramp-gitlab-dedicated-for-government/ about.gitlab.com
RSS Hunter RSS Hunter May 18

Harden your pipeline perimeter for the era of AI-assisted coding

AI-assisted development accelerates code creation, leading to security vulnerabilities that often go unnoticed. Traditional security tools often operate separately from the development workflow, making enforcement challenging. GitLab Ultimate integrates security directly into its platform – developers see, enforce, and fix vulnerabilities within the same tools. The "See" dimension provides a comprehensive view across projects, including dashboards and security inventories, surfacing hidden risks. Credential management is improved with token inventories and real-time monitoring through audit event streaming. "Enforce" utilizes automated policies within the platform to manage every pipeline and merge request, ensuring security compliance. Scan and Pipeline Execution Policies create guardrails for security checks that apply to every project. This approach drastically minimizes the manual burden often associated with security protocols. "Fix" closes the vulnerability loop by prioritizing issues and providing developers with clear context within their workflows. GitLab's features allow developers to address vulnerabilities efficiently, using AI-driven tools to triage and suggest fixes directly in the merge request. The platform also includes AI-powered analysis to identify false positives, helping teams focus on actual threats. The ultimate goal of GitLab is to enable secure development practices in a fast-paced AI-driven environment.
https://about.gitlab.com/blog/harden-pipeline-perimeter-for-ai-assisted-coding/ about.gitlab.com
RSS Hunter RSS Hunter May 13

5 ways to fix misleading vulnerability severities with policy

GitLab's vulnerability reports often present numerous findings with generic CVSS scores that don't reflect environments' specifics. This results in inefficient manual triage, as the initial severity doesn't indicate real risk. GitLab introduces severity override policies to automate severity adjustments based on defined criteria. These policies use rules to modify severity levels (set, increase, or decrease) based on factors like CVEs, file paths, and CWEs. Examples include downgrading vulnerabilities in internal services and upgrading injection vulnerabilities in production code. Other use cases include normalizing severity across scanners and aligning with threat intelligence like CISA's KEV. These policies can be applied at the group level to maintain consistent risk models across many projects. Applying these policies ensures that the vulnerability report reflects more accurate environmental risks. Manual overrides always supersede policy actions, and all changes are logged for auditing purposes. Users are encouraged to implement these policies to refine their vulnerability management process.
https://about.gitlab.com/blog/severity-override-vulnerability-management-policy/ about.gitlab.com
RSS Hunter RSS Hunter May 13

GitLab Act 2

GitLab is undergoing significant changes, initiating a restructuring process described in a letter to the team. This restructuring involves workforce reductions, with a focus on transparency and a voluntary separation window. They are reevaluating their global footprint, flattening the organization, reorganizing R&D, and implementing AI agents in internal processes. The company is reaffirming its financial guidance. Their strategy focuses on the "agentic era" of software development, where AI agents will play a key role. GitLab is making architectural bets on machine-scale infrastructure, orchestration, context, and governance. They aim to deliver these advancements through a flexible business model and a culture of excellence. For customers, existing support and commitments remain unchanged, while innovation is expected to accelerate. This strategic shift aims to position GitLab as a leading platform for software creation in the AI era. The company plans to reinvest savings from the restructuring to accelerate growth. They are committed to transparency and employee involvement in the change.
https://about.gitlab.com/blog/gitlab-act-2/ about.gitlab.com
RSS Hunter RSS Hunter May 11

Limit credential exposure with fine-grained personal access tokens

GitLab's personal access tokens (PATs) authenticate automation, often with broad permissions like "api" or "read_api". These broad permissions can expose multiple projects to security risks if a token is compromised. Fine-grained PATs, now in beta, allow users to restrict token access to specific tasks and resources. This approach limits the "blast radius" of a potential breach by scoping permissions more narrowly. Users can define these tokens based on reach (personal projects, all projects, or selected projects) and the actions allowed (create, read, update, delete). Previously, a single token granted access to all resources; fine-grained PATs issue tokens per job with precise permissions. Token tables have been updated to display scopes and permissions, improving auditability and identifying over-privileged tokens. Currently, fine-grained PATs cover around 75% of REST API endpoints, with plans to expand coverage. Users can create both traditional and fine-grained PATs during the beta period. To create these tokens, users navigate to their settings and select "Fine-grained token." Feedback is encouraged to help refine this feature and promote least-privilege security practices.
https://about.gitlab.com/blog/fine-grained-pats/ about.gitlab.com
RSS Hunter RSS Hunter May 7

Automate deployment processes using a custom agent in GitLab Duo Agent Platform

Manual microservice onboarding in GitOps is complex, time-consuming and prone to errors. GitLab Duo Agent Platform addresses this with custom AI agents. The tutorial demonstrates building an agent to onboard a TanukiBank microservice. The process involves defining the application's GitOps workflow. First, a system prompt is generated using GitLab Duo to understand the existing setup. Then, a custom agent is created within GitLab, incorporating the system prompt and tools. A new microservice is built using the Developer flow. The custom agent is then instructed to onboard the new service. The Agent updates manifests, pipelines and creates merge requests with approval. Deployments are verified, confirming the microservice is live. The benefits include time savings, knowledge capture, and controlled access. This results in consistent and auditable changes, offering the speed of automation with enterprise control.
https://about.gitlab.com/blog/automate-deployment-with-duo-agent-platform/ about.gitlab.com
RSS Hunter RSS Hunter May 7

Consolidate your GitLab stack with Gitaly on Kubernetes

Gitaly on Kubernetes is now generally available in GitLab 18.11, simplifying deployments for teams. Previously, running Gitaly on VMs alongside Kubernetes components created operational challenges. This new release offers a fully supported solution, enabling consolidation within a Kubernetes environment. Gitaly's resource-intensive nature required specific Kubernetes configurations, like cgroup usage to prevent OOM errors. Mounting /sys/fs/cgroup via an init container was crucial for containing Git processes. Pod restarts presented a challenge, prompting the implementation of configurable client retries. Benchmarks comparing VM-based and Kubernetes-based Gitaly showed minimal performance differences, with mostly successful operations even during upgrades. These results demonstrate Kubernetes' resilience despite the abrupt restart processes. Gitaly on Kubernetes benefits existing users by eliminating hybrid infrastructure and streamlines new deployments for Kubernetes users. Deployment is recommended through the GitLab Helm chart, with documentation provided for both comprehensive and external Gitaly setups.
https://about.gitlab.com/blog/gitaly-on-kubernetes-generally-available/ about.gitlab.com
RSS Hunter RSS Hunter May 7

Claude Code and GitLab: Three workflows that ship

Developers love Claude Code for its ability to quickly write and understand code. However, faster code creation can outpace other software development stages, leading to issues. GitLab addresses this gap by integrating CI/CD, security scanning, and code review. The guide demonstrates fixing a C++ bug using Claude Code, then leveraging GitLab's automated processes. The tutorial shows how GitLab MCP enhances Claude Code's context, pulling in information from issues. Finally, GitLab Duo Agent Platform allows Claude Code to act as an external reviewer, streamlining code review. Custom instructions further guide the agents for specific project needs. Ultimately, Claude Code speeds up coding, while GitLab ensures secure and efficient software delivery.
https://about.gitlab.com/blog/claude-code-and-gitlab/ about.gitlab.com
RSS Hunter RSS Hunter May 6

8 Agentic AI patterns reshaping team collaboration

Artificial intelligence is evolving to enhance team collaboration, moving beyond individual task efficiency. User experience research analyzed 17 agentic platforms, identifying key features for optimized teamwork. The study revealed eight capability patterns leading to three key outcomes: faster progress, smarter work, and maintained control. These patterns encompass status updates, work routing, team communication, and role-specific agents within existing communication tools. Conversational context awareness and role-based access control are also vital, alongside governed environments and collaborative agent creation. Key observations included AI integration within chat platforms, the growing importance of governance, and team-based agent development. The most successful platforms focus on designing a unified team experience rather than isolated agent capabilities. GitLab's DevSecOps lifecycle presents a significant advantage due to its integrated, single-platform workflow. GitLab Duo Agent Platform leverages this advantage, enabling seamless agent execution throughout the entire software development lifecycle. This allows teams to orchestrate tasks effectively while agents handle execution, promoting efficiency and control.
https://about.gitlab.com/blog/8-agentic-ai-patterns-reshaping-team-collaboration/ about.gitlab.com
RSS Hunter RSS Hunter May 5

How to detect and prevent Contagious Interview IDE attacks

GitLab's Security Operations team, including Threat Intelligence and SIRT, collaborates closely to combat evolving threats. They recently published an article detailing North Korean tradecraft, specifically targeting malicious use of VS Code tasks. The Contagious Interview campaign leverages fake interview processes to trick individuals into running malicious code via tasks. Attackers use a tasks.json file within a compromised repository to execute commands when the repository opens in VS Code. This allows attackers to install malware, steal credentials, and establish persistence on compromised systems. GitLab developed preventative measures by analyzing the node-pty.spawn() library used by VS Code and other IDEs. They created detections based on spawn-helper, which is called for background tasks, to identify suspicious activity. This approach minimizes false positives by focusing on non-interactive processes, such as the curl | bash command execution often used. GitLab also recommends disabling task runs globally or educating users about the risks. This comprehensive approach helps protect GitLab and its customers from IDE-based attacks. GitLab aims to inspire others to combat Advanced Persistent Threats.
https://about.gitlab.com/blog/how-to-detect-and-prevent-contagious-interview-ide-attacks/ about.gitlab.com
RSS Hunter RSS Hunter May 4

Atlassian will train on your data: Opt out with GitLab

Atlassian will begin using customer data from its cloud products, including Jira and Confluence, for AI training starting August 17, 2026. This data collection, enabled by default, affects nearly all cloud customers, with only Enterprise tier customers having an opt-out option. This policy change will involve collecting both metadata and in-app content from users. Atlassian claims to de-identify data before training, with some exclusions such as government cloud customers. The current shift reverses a previous commitment that customer data wouldn't be used for AI. This "opt-out-by-default" approach raises data governance concerns regarding user data. Organizations using Atlassian products for sensitive data might face regulatory implications. Compliance obligations require a reassessment of data practices impacted by the change. GitLab, a competitor, takes a different approach by not collecting customer data for its own AI training. GitLab emphasizes transparency, auditability, and separation of customer data from AI training. GitLab offers self-managed options for AI processing to keep data within customer infrastructure. The shift in data practices calls for organizations to evaluate how their data is being used.
https://about.gitlab.com/blog/atlassian-will-train-on-your-data-opt-out-with-gitlab/ about.gitlab.com
RSS Hunter RSS Hunter May 4

Build an automated detection testing framework with GitLab CI/CD and Duo

A healthy security operations center alerting system requires more than just fine-tuning false positives; it also needs to ensure critical but infrequent detections are functional. GitLab's Signals Engineering team developed a framework called WATCH (Weekly Attack Testing for Continuous Health) to address this gap. WATCH automates the validation of security detections by simulating real malicious behavior on their infrastructure. This process verifies the end-to-end alerting pipeline, from log source to SIEM and security orchestration.WATCH works by scheduling scripted attack simulations in a staging environment, followed by verification that expected alerts propagate through the monitoring stack. Before a test runs, WATCH notifies the SOAR system with expected detections, creating trackable records. The simulated malicious behavior is then executed, and the SIEM processes logs to fire detection rules. Alerts arriving in the SOAR are correlated with registered tests to prevent false escalations.A verification stage checks if all expected detections fired, updates detection status metadata, and deploys results to a GitLab Pages dashboard. Failures trigger immediate notifications to the team. WATCH is orchestrated using GitLab CI/CD across three stages: scheduling, test execution, and verification/reporting. The framework is designed for ease of use, allowing team members to create new tests by subclassing a base class and defining setup, execution, and cleanup procedures.The configuration of expected detections, mapping SIEM rule names to expected alert arrival times, is a key aspect. WATCH tests can be readily scaffolded with GitLab Duo, an AI assistant, by providing prompts for specific malicious behaviors. This significantly lowers the barrier to entry for creating new tests. Duo Agent Skills further enhance consistency by providing detailed outlines of good test practices and helper functions.WATCH also provides two interactive dashboards deployed via GitLab Pages, offering real-time visibility into detection health. One dashboard, the Detection Status Dashboard, summarizes the current test status of all detection rules. The other, the Detection Test Results Dashboard, offers a deep dive into individual test outcomes. This comprehensive approach ensures the reliability and effectiveness of the security alerting system.
https://about.gitlab.com/blog/automated-detection-testing-framework/ about.gitlab.com
RSS Hunter RSS Hunter Apr 30

Teaching software development the easy way using GitLab

Software development instructors face challenges in distributing assignments and providing effective feedback. The GitLab for Education program provides free access to GitLab Ultimate for institutions. Stephen Dame from the University of Washington, Bothell, utilizes GitLab to manage course materials and student feedback efficiently. He leverages GitLab’s Groups and Subgroups to create an organized hierarchy. This structure models the university, course, and roles with specific permissions applied. Instructors control access to materials with student and grader subgroups. Students use SSH keys to access and manage their code within private repositories. GitLab's REST API automates large-scale student management via subgroup creation and membership using a Python script example. Students submit assignments via merge requests, facilitating inline code comments and contextual feedback. This workflow mirrors professional software development environments, benefiting the students. GitLab for Education offers valuable features like unlimited reviewers and extra storage. Instructors are encouraged to start simple and gradually expand their usage.
https://about.gitlab.com/blog/teaching-software-development-the-easy-way-using-gitlab/ about.gitlab.com
RSS Hunter RSS Hunter Apr 29

How to build CI/CD observability at scale

Optimizing CI/CD performance begins with gaining visibility into pipeline metrics. A successful enterprise DevOps platform requires understanding pipeline performance, job execution patterns, and operational insights. GitLab developed the CI/CD Observability solution to transform raw metrics into actionable insights. A financial services organization partnered with GitLab to implement a containerized observability solution. This solution combined gitlab-ci-pipelines-exporter with Prometheus and Grafana infrastructure. The implementation addressed challenges faced by the organization in managing pipelines at scale. The solution provides Grafana dashboards for real-time and historical CI/CD platform visibility. Key dashboards include Pipeline Overview, Job Performance, Runner & Infrastructure, and Deployment Frequency. The solution requires two exporters: Pipeline Exporter for CI/CD metrics and Node Exporter for host-level metrics. For enterprise deployments, a Kubernetes cluster is recommended, with components deployed as separate deployments for integration. The article details the step-by-step Kubernetes deployment process for these components, including network policies for security. It also provides configuration references for the exporters, Prometheus, and Grafana, along with key metrics collected. Enterprise considerations include token security, network segmentation, and authentication integration. GitLab's API-first design facilitates custom observability solutions that integrate with existing infrastructure.
https://about.gitlab.com/blog/how-to-build-ci-cd-observability-at-scale/ about.gitlab.com
RSS Hunter RSS Hunter Apr 28

GitLab and Anthropic: Governed AI for enterprise development

Enterprise and public sector leaders face a dilemma: accelerating AI adoption while maintaining stringent security and regulatory compliance. GitLab addresses this by deepening its integration with Anthropic Claude models directly into its intelligent orchestration platform. This integration ensures that governance, compliance, and auditability are inherent in every AI interaction within GitLab Duo Agent Platform. Claude now powers various GitLab Duo capabilities, from code generation and review to agentic chat and vulnerability resolution. The key differentiator for GitLab is its built-in governance controls and auditing throughout the software development lifecycle. Any AI-suggested code change, for example, undergoes the same merge request, approval rules, security scanning, and audit trail as human-made changes. This architectural decision becomes increasingly crucial as GitLab moves towards agentic software development, where AI autonomously handles well-defined tasks. Furthermore, enterprise deployment flexibility is enhanced as Claude models are accessible within GitLab through Google Cloud's Vertex AI and AWS Bedrock, leveraging existing cloud governance frameworks. GitLab is also available in the Claude Marketplace, simplifying procurement for customers with existing Anthropic commitments. This strategy aligns with GitLab's vision for agentic software development, requiring robust AI models and a platform for fully governed autonomous actions. Ultimately, GitLab customers gain access to advanced AI assistance within their established governance framework, eliminating the need to choose between AI capabilities and enterprise control.
https://about.gitlab.com/blog/gitlab-and-anthropic-governed-ai-for-enterprise-development/ about.gitlab.com
RSS Hunter RSS Hunter Apr 28

Give your AI agent direct, structured GitLab access with glab CLI

GitLab CLI (glab) enhances AI assistant integration for developers, providing a direct interface to GitLab projects. This enables AI tools to read issues, review merge requests, and manage pipelines more effectively. The Model Context Protocol (MCP) allows AI agents to directly access GitLab through glab. Using glab with MCP eliminates the need for manual data copying and pasting, streamlining workflows. Developers can leverage glab's structured JSON output for precise information extraction and targeted actions by AI. Commands like "glab mr view" and "glab issue list" provide structured data for AI agents to process. Furthermore, glab gives agents access to the full GitLab REST and GraphQL APIs via "glab api," extending functionality. The article highlights ongoing improvements, including agent-aware help text and better machine-readable error messages. Developers are encouraged to provide feedback, contributing to the development of better AI integration. The goal is to make glab the optimal connection between AI tools and GitLab projects.
https://about.gitlab.com/blog/give-your-ai-agent-direct-structured-gitlab-access-with-glab-cli/ about.gitlab.com
RSS Hunter RSS Hunter Apr 27

curl removed from Omnibus-GitLab FIPS packages in 19.0

GitLab is changing how FIPS packages handle the curl dependency starting with Omnibus-GitLab version 19.0. Previously, FIPS packages included a GitLab-built version of curl. However, newer curl versions deprecate compilation against older OpenSSL versions, necessitating this shift. Consequently, FIPS packages will now utilize the curl version provided by the customer's Linux distribution. This mirrors the existing practice of using the distribution's OpenSSL for FIPS packages. This change affects all FIPS customers, regardless of their OpenSSL version. For GitLab Self-Managed users, this transition will occur with the 19.0 release on May 21, 2026. No immediate action is required from customers; their GitLab instance will continue to function. The implication is that GitLab will no longer provide security updates specifically for curl within FIPS packages. Customers are now responsible for ensuring their operating system's curl package is updated. Scanner findings related to curl will now reflect the host OS package. For any problems, customers should open an issue in the omnibus-gitlab issue tracker.
https://about.gitlab.com/blog/curl-removed-from-omnibus-gitlab-fips-packages-in-19-0/ about.gitlab.com
RSS Hunter RSS Hunter Apr 24

GitLab AI Hackathon 2026: Meet the winners

AI's capability to write code is now commonplace, but gaps remain in planning, security, compliance, and deployment. To address this, GitLab launched the Duo Agent Platform, inviting developers to build AI agents that assist teams in shipping secure software faster rather than merely answering questions. A hackathon, co-sponsored by Google Cloud and Anthropic, ran from February to March 2026, attracting nearly 7,000 developers who created over 600 agents and flows. The competition focused on technical work, design, potential impact, and idea quality, with judges dedicating significant time to reviewing submissions.The Grand Prize was awarded to LORE, a system designed to combat knowledge loss when senior engineers depart, utilizing eight agents to manage organizational records and a visual dashboard. Google Cloud's Grand Prize went to Gitdefender, an agent that automatically identifies and fixes security issues within code reviews. Anthropic's Grand Prize winner, GraphDev, maps code relationships and visualizes system changes over time, providing insights into the impact of modifications.Other notable projects included Time-Traveler for technically impressive database migrations, RedAgent for verifying AI-generated security reports, and Launch Control for its ease of use and polished user experience. The hackathon also emphasized sustainability, with several projects receiving awards for measuring and reducing the carbon footprint of software development. Honorable mentions were given to projects like SecurityMonkey for vulnerability testing and stregent for mobile-first CI/CD management. The success of the hackathon highlights the community's drive to solve real-world problems with AI agents, setting the stage for future developments with richer local context. Developers are encouraged to build their own agents and explore the existing AI Catalog.
https://about.gitlab.com/blog/gitlab-ai-hackathon-2026-meet-the-winners/ about.gitlab.com
RSS Hunter RSS Hunter Apr 22

GitLab + Amazon: Platform orchestration on a trusted AI foundation

GitLab and Amazon Bedrock offer a solution for teams seeking to integrate AI into their software development lifecycle. GitLab Duo Agent Platform orchestrates AI-powered workflows for planning, security, and remediation within GitLab. The GitLab AI Gateway routes model calls to Amazon Bedrock, ensuring secure and compliant AI inference within the user's AWS environment. This integration addresses fragmented AI usage, data security concerns, and underutilized Bedrock investments. Deployment options include GitLab managing Bedrock models or self-hosting them within AWS. Key benefits include standardized AI governance, streamlined workflows, and alignment with existing AWS commitments. Security workflows benefit from automated security findings and fix proposals. This approach avoids shadow AI and separate AI tech stacks, promoting consistent governance and efficient cloud spend. GitLab Duo Agent Platform and Amazon Bedrock enable scalable AI adoption without fragmenting tooling or data flows. Organizations gain control over AI usage, data paths, and compliance within their existing AWS environment. Platform teams can standardize models and enforce guardrails, while development teams benefit from AI-powered workflows within GitLab.
https://about.gitlab.com/blog/gitlab-amazon-platform-orchestration-on-a-trusted-ai-foundation/ about.gitlab.com
RSS Hunter RSS Hunter Apr 21

What’s new in Git 2.54.0?

Git 2.54.0 introduces pluggable object databases, a significant architectural change allowing for alternative storage formats beyond the current hardcoded ones. This effort, spanning nearly two years and hundreds of commits, aims to improve efficiency for handling large binary files and enable custom optimizations for platforms like GitLab. Another key highlight is the new git-history command, designed to simplify editing commit history. Inspired by tools like Jujutsu, it offers intuitive subcommands like reword and split, with plans to add more editing capabilities. Importantly, this command automatically rebases dependent branches, enhancing support for stacked diffs. Git 2.54.0 also expands the git repo structure command, building on previous versions to provide a comprehensive overview of repository metrics. This new functionality now includes displaying the largest objects by type, offering a native replacement for external tools like git-sizer. This enhancement allows users to better understand and manage repository performance. The release also continues the migration to a new task-based repository maintenance system with git-maintenance(1). This modern architecture offers greater flexibility and control over housekeeping tasks compared to the older monolithic git-gc(1) tool. The goal is to achieve feature parity with git-gc(1) while enabling more granular user configuration. These updates collectively represent substantial advancements in Git's extensibility, usability, and maintainability.
https://about.gitlab.com/blog/whats-new-in-git-2-54-0/ about.gitlab.com
RSS Hunter RSS Hunter Apr 20

Prepare your pipeline for AI-discovered zero-days

Anthropic's Mythos Preview model has uncovered thousands of zero-day vulnerabilities, including a 27-year-old OpenBSD bug, demonstrating advanced exploit chaining capabilities. This rapid discovery pace highlights a critical imbalance, as defenders struggle to keep up; exploited vulnerabilities often show activity before disclosure. AI further compresses this exploitation window, accelerating attackers and overwhelming security teams with disclosures faster than they can triage. Current remediation efforts are insufficient, with developers spending significant time on post-release fixes and organizations facing year-long backlogs for critical vulnerabilities. AI-generated code exacerbates this issue, introducing a deluge of new security findings and increasing vulnerabilities due to its inherent flaws. To counter this, defenders must integrate frontier AI models directly into their development pipelines, enforcing security policies at every merge request. This involves catching simple issues early in the IDE, automating triage of complex findings, and governing AI-generated fixes through established processes. A robust security pipeline ensures that questions about exposure can be answered in minutes, and remediation campaigns can be executed efficiently with automated patch generation and policy enforcement. Such a system provides a clear audit trail for compliance, demonstrating how policies are applied and risks are mitigated. With advanced AI threats imminent, organizations must proactively address pipeline gaps to strengthen their software supply chain.
https://about.gitlab.com/blog/prepare-your-pipeline-for-ai-discovered-zero-days/ about.gitlab.com
RSS Hunter RSS Hunter Apr 20