|
Getting your Trinity Audio player ready...
|
A recap of GitLab’s 2025 releases (17.8 to 18.7): GitLab Duo shift to agentic AI, CI/CD hardening, version control wins and 2026 outlook
GitLab’s 2025 monthly releases (from 17.8 in January 2025 to 18.7 in December 2025) tell a clear story: the platform is moving from “AI features sprinkled in” to an AI-governed, agentic DevSecOps workflow, while simultaneously tightening software supply chain controls and polishing core developer experience on both SaaS (GitLab dot com) and self-managed.
2025 in one snapshot: the biggest product moves
1) GitLab Duo goes mainstream, then goes agentic
The inflection point was GitLab 18.0, where Premium and Ultimate “with Duo” started including AI-native features (Duo Chat + Code Suggestions in the IDE)—a major packaging shift that effectively made AI a default expectation for many customers (SaaS and self-managed).
From there, releases pushed fast toward agentic workflows:
- Duo Self-Hosted GA (17.9): enterprises could run selected LLMs in their own infrastructure for Duo Chat and Code Suggestions—explicitly addressing data sovereignty.
- Duo Code Review: launched in beta (17.10), gained automation in 18.0, and continued maturing with production-ready positioning in 2025.
- Duo Agent Platform (DAP): moved into IDEs in 18.2 (beta), expanded to Visual Studio in 18.3 (public beta), and kept adding specialized agents (Planner, Security Analyst).
Trend: GitLab is building “AI as a platform” (agents + orchestration + governance), not just a coding assistant. That’s reinforced by the official positioning of the Duo Agent Platform as an orchestration layer for multiple agents.
2) Governance and “enterprise controls” become the AI differentiator
Once AI is everywhere, the differentiator becomes control:
- Model Selection GA (18.4): admins can choose which model vendors power Duo workflows, across GitLab.com, self-managed and Dedicated.
- Context exclusion (18.4): teams can block sensitive files/directories from being used as Duo context.
- Separate model selection for Chat vs agents (18.7): finer-grained governance as agentic features expand.
- Duo + SDLC trends dashboard (18.7): explicit instrumentation to measure AI adoption and impact.
Trend: AI governance (model choice, context boundaries, usage analytics) is becoming as important as the AI features themselves.
3) CI/CD security tightens around identity, tokens, and supply chain integrity
Across 2025, GitLab shipped a consistent set of CI/CD hardening building blocks:
- Fine-grained CI/CD job token permissions (18.3): implements least privilege for pipelines instead of inheriting broad user permissions.
- Job tokens can authenticate Git push (18.4): enables secure “pipeline pushes” without relying on long-lived credentials.
- SLSA Level 1 with CI/CD components (18.1): clearer supply chain posture when assembling pipelines from reusable components.
- Protected container repos (17.8) + immutable container tags (18.2): stronger controls around the container registry, image integrity, and change prevention.
- Secret validity checks GA (18.7): prioritizes real risk by verifying whether leaked credentials are still active, plus expanded vendor integrations.
Trend: GitLab is reducing reliance on long-lived secrets and broad tokens, pushing users toward ephemeral, scoped identity for automation.
What shipped in 2025: key highlights by domain
AI & GenAI (GitLab Duo and agentic workflows)
If you only track one theme from 2025, it’s this one:
- 17.9: Duo Self-Hosted becomes generally available (data sovereignty + private models).
- 17.10 → 18.1: Duo Code Review moves from beta toward broader adoption, with automatic reviews added in 18.0.
- 18.2 → 18.3: Duo Agent Platform lands in IDEs (beta) and expands to Visual Studio (public beta).
- 18.4: Model selection GA + Knowledge Graph (beta) to boost code intelligence and improve agent accuracy through richer context.
- 18.5 → 18.6: Planner Agent and Security Analyst Agent (beta), plus Security Analyst becomes a foundational agent (available by default) in Agentic Chat.
- 18.7: separate model selection for Chat vs agents + stronger analytics (Duo + SDLC trends) to quantify impact.
Version control and code collaboration (the “developer surface area”)
GitLab’s 2025 work here is about navigation and discoverability:
- Merge request homepage (18.2): workload-oriented review UX with workflow and role views (a real productivity win for teams with high MR volume).
- Exact code search (18.6, limited availability): built on Zoekt, enabled by default on GitLab.com; self-managed requires installing and enabling Zoekt.
- Embedded views powered by GLQL (18.3 GA): “living dashboards” you can embed in wikis, issues, epics, and merge requests—great for DevOps reporting and project visibility.
- Release + deployment visibility (17.8): deployments related to a release are visible directly on the release page.
CI/CD and platform engineering
The 2025 arc: reusable pipelines + better inputs + safer automation.
- Pipeline inputs (17.11): structured inputs for safer pipeline triggering and templated workflows.
- Dynamic input options (18.7): cascading dropdowns in the UI for more guided pipeline launches.
- CI/CD components maturity: SLSA level alignment and better component metadata handling (18.1, 18.6).
- Hosted runners for GitLab Dedicated (17.8, limited availability): reduces operational burden for enterprises that want managed runner capacity.
Security, compliance, and governance
GitLab’s 2025 security improvements cluster around prevent, detect, validate, govern:
- Custom compliance frameworks + requirements (17.11): deeper compliance monitoring embedded into workflows (beyond labels).
- Secret validity checks GA (18.7): actionability upgrades for secret scanning by verifying whether leaks still work.
- AI-assisted security triage: Security Analyst Agent and AI-powered SAST false-positive detection (beta) point to “agentic AppSec.”
GitLab.com vs self-managed: what mattered in 2025
GitLab kept shipping features across offerings, but several important ones differ operationally:
- Exact code search: GitLab.com defaults on; self-managed requires Zoekt install + enablement.
- Direct transfer migrations (18.3): enabled by default on GitLab.com; self-managed needs admin enablement.
- AI control plane: model selection and agent features increasingly come with admin-level governance, which matters more for self-managed environments.
What’s coming in 2026: the most likely themes to plan for
1) GitLab 19.0 is the next major release (May 2026)
GitLab’s maintenance policy states the next major release is GitLab 19.0, scheduled for May 21, 2026.
2) Kubernetes integration: the certificate-based path is ending
GitLab has been sunsetting the legacy certificate-based Kubernetes integration; GitLab has stated it will sunset on GitLab.com in May 2026 and stop working, and related guidance continues to push users toward the GitLab agent for Kubernetes.
3) Duo Agent Platform marching toward GA
GitLab’s own messaging around the Duo Agent Platform emphasizes rapid monthly delivery and an orchestration direction. GitLab 18.7 messaging explicitly frames recent releases as “building blocks” for upcoming GA and mentions continuing improvements in 18.8 and beyond.
There are also public roadmap signals pointing to GA workstreams extending into early 2026.
4) Knowledge Graph and code intelligence will likely get “more integrated”
GitLab’s 18.4 release describes the Knowledge Graph (beta) as a foundation for a future, fully integrated Knowledge Graph Service in GitLab.com and self-managed. That strongly suggests deeper RAG + code intelligence integration in 2026.
Written by Tamir Gefen, CEO of ALM Toolbox.
ALM Toolbox has assisted hundreds of clients in selecting the appropriate GitLab edition, license and in planning the product’s implementation, GitLab support deployment.
We have been official partners of GitLab since 2016 and hold titles awarded by GitLab company: Selected Partner, GitLab Hero and “GitLab Champion” as well as official professional GitLab certifications after passing qualification exams.
Recently, we were also selected by the research firm STKI as the “GitLab Selected Partner” for 2025.
You can contact us by email at gitlab@almtoolbox.com or call us:
866-503-1471 (USA / Canada) or +31 85 064 4633 (International)
