San Francisco — GitLab Inc., the clever orchestration platform for DevSecOps, at this time launched GitLab 18.11, increasing agentic AI throughout your entire software program lifecycle with safety remediation, pipeline configuration, and supply analytics.
AI-generated code strikes sooner than the programs round it might sustain with, creating the AI Paradox: sooner code era with out sooner supply, safety, or operations to match. As code quantity grows, so does the backlog of pipelines to configure, safety findings to remediate, and supply inquiries to reply. GitLab 18.11 helps handle these gaps with platform-native brokers which have entry to the code, pipelines, points, and safety findings already in GitLab.
Agentic SAST Vulnerability Decision Reaches Basic Availability
Agentic SAST Vulnerability Decision is now typically accessible for GitLab Final clients utilizing GitLab Duo Agent Platform. In line with GitLab’s 2025 DevSecOps Report, builders spend 11 hours per thirty days remediating vulnerabilities after launch, fixing points which are already exploitable in manufacturing. When a SAST scan completes, the agent analyzes confirmed true positives, generates a code repair designed to deal with the basis trigger, and opens a ready-to-merge request with a confidence rating enabling builders to behave with out context switching and shut vulnerabilities earlier than they attain manufacturing.
New Prebuilt Brokers for CI and Analytics
For a lot of groups, standing up a primary pipeline could be a vital adoption barrier. Groups that wish to know the way lengthy MRs sit in assessment or which pipelines are slowing them down must file a dashboard request or be taught a question language. GitLab 18.11 ships two new foundational brokers for GitLab Duo Agent Platform that assist handle each gaps.
The CI Skilled Agent, now in beta, inspects a repository, identifies its language and framework, and proposes a build-and-test pipeline in pure language, focusing on a working pipeline in minutes, with no YAML written manually.
The Knowledge Analyst Agent, now typically accessible, solutions natural-language questions with quick visible solutions concerning the dwell software program lifecycle knowledge, masking merge request cycle instances, pipeline well being, deployment frequency, and extra. It’s accessible to Free, Premium, and Final tier clients, with GitLab Duo Agent Platform enabled.
Each brokers can be found on GitLab.com, Self-Managed, and Devoted, and are a part of GitLab Duo Agent Platform.
Utilization Controls Give Organizations Predictable AI Spend
New subscription-level and per-user spending caps for GitLab Credit give organizations direct management over on-demand AI spend. Subscription-level caps let billing account managers configure a month-to-month restrict with enforcement controls, whereas per-user caps guarantee no single person exhausts the pool. Collectively, these controls allow enterprises to deploy GitLab Duo Agent Platform at scale with value predictability. The GitLab Credit dashboard and Prospects Portal give directors full visibility into utilization and cap standing.
Utilization controls can be found for each GitLab.com and Self-Managed clients working GitLab 18.11.
