{"id":8989,"date":"2026-01-06T07:48:38","date_gmt":"2026-01-06T05:48:38","guid":{"rendered":"https:\/\/www.almtoolbox.com\/blog\/?p=8989"},"modified":"2026-03-29T08:07:09","modified_gmt":"2026-03-29T06:07:09","slug":"gitlab-2025-release-highlights-ai-cicd-devsecops","status":"publish","type":"post","link":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/","title":{"rendered":"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"269\" src=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg\" alt=\"gitlab 2025 highlights\" class=\"wp-image-9000\" style=\"width:834px;height:auto\" srcset=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/gitlab-2025-2026-700px.jpg 700w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/gitlab-2025-2026-700px-300x115.jpg 300w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/gitlab-2025-2026-700px-150x58.jpg 150w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">A recap of GitLab\u2019s 2025 releases (17.8 to 18.7): GitLab Duo shift to agentic AI, CI\/CD hardening, version control wins and 2026 outlook<\/h4>\n\n\n\n<div style=\"height:37px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>GitLab\u2019s 2025 monthly releases (from <strong>17.8 in January 2025<\/strong> to <strong>18.7 in December 2025<\/strong>) tell a clear story: the platform is moving from \u201cAI features sprinkled in\u201d to an <strong>AI-governed, agentic DevSecOps workflow<\/strong>, while simultaneously tightening software supply chain controls and polishing core developer experience on both <strong>SaaS<\/strong> (GitLab dot com)<strong> <\/strong>and <strong>self-managed<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2025 in one snapshot: the biggest product moves<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) GitLab Duo goes mainstream, then goes agentic<\/h3>\n\n\n\n<p>The inflection point was <strong>GitLab 18.0<\/strong>, where <strong>Premium and Ultimate \u201cwith Duo\u201d<\/strong> started including <strong>AI-native features (Duo Chat + Code Suggestions in the IDE)<\/strong>\u2014a major packaging shift that effectively made AI a default expectation for many customers (SaaS and self-managed). <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/05\/15\/gitlab-18-0-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<p>From there, releases pushed fast toward <strong>agentic workflows<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Duo Self-Hosted GA (17.9):<\/strong> enterprises could run selected LLMs in their own infrastructure for Duo Chat and Code Suggestions\u2014explicitly addressing data sovereignty. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/02\/20\/gitlab-17-9-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Duo Code Review:<\/strong> launched in <strong>beta (17.10)<\/strong>, gained automation in <strong>18.0<\/strong>, and continued maturing with production-ready positioning in 2025.<\/li>\n\n\n\n<li><strong>Duo Agent Platform (DAP):<\/strong> moved into IDEs in <strong>18.2 (beta)<\/strong>, expanded to <strong>Visual Studio in 18.3 (public beta)<\/strong>, and kept adding specialized agents (Planner, Security Analyst).<\/li>\n<\/ul>\n\n\n\n<p><strong>Trend:<\/strong> GitLab is building \u201cAI as a platform\u201d (agents + orchestration + governance), not just a coding assistant. That\u2019s reinforced by the official positioning of the Duo Agent Platform as an orchestration layer for multiple agents.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Governance and \u201centerprise controls\u201d become the AI differentiator<\/h3>\n\n\n\n<p>Once AI is everywhere, the differentiator becomes <strong>control<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Model Selection GA (18.4):<\/strong> admins can choose which model vendors power Duo workflows, across GitLab.com, self-managed and Dedicated. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/09\/18\/gitlab-18-4-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Context exclusion (18.4):<\/strong> teams can block sensitive files\/directories from being used as Duo context. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/09\/18\/gitlab-18-4-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Separate model selection for Chat vs agents (18.7):<\/strong> finer-grained governance as agentic features expand. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/12\/18\/gitlab-18-7-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Duo + SDLC trends dashboard (18.7):<\/strong> explicit instrumentation to measure AI adoption and impact. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/12\/18\/gitlab-18-7-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Trend:<\/strong> AI governance (model choice, context boundaries, usage analytics) is becoming as important as the AI features themselves.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) CI\/CD security tightens around identity, tokens, and supply chain integrity<\/h3>\n\n\n\n<p>Across 2025, GitLab shipped a consistent set of CI\/CD hardening building blocks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fine-grained CI\/CD job token permissions (18.3):<\/strong> implements least privilege for pipelines instead of inheriting broad user permissions.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/sscs_authz_fine_grained_job_tokens.webp\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1003\" src=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/sscs_authz_fine_grained_job_tokens-1024x1003.webp\" alt=\"GitLab CI\/CD job token permissions\" class=\"wp-image-9022\" style=\"width:409px;height:auto\" srcset=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/sscs_authz_fine_grained_job_tokens-1024x1003.webp 1024w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/sscs_authz_fine_grained_job_tokens-300x294.webp 300w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/sscs_authz_fine_grained_job_tokens-150x147.webp 150w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/sscs_authz_fine_grained_job_tokens-768x752.webp 768w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/sscs_authz_fine_grained_job_tokens.webp 1454w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Job tokens can authenticate Git push (18.4):<\/strong> enables secure \u201cpipeline pushes\u201d without relying on long-lived credentials. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/09\/18\/gitlab-18-4-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>SLSA Level 1 with CI\/CD components (18.1):<\/strong> clearer supply chain posture when assembling pipelines from reusable components. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/06\/19\/gitlab-18-1-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Protected container repos (17.8) + immutable container tags (18.2):<\/strong> stronger controls around the container registry, image integrity, and change prevention.<\/li>\n\n\n\n<li><strong>Secret validity checks GA (18.7):<\/strong> prioritizes real risk by verifying whether leaked credentials are still active, plus expanded vendor integrations. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/12\/18\/gitlab-18-7-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Trend:<\/strong> GitLab is reducing reliance on long-lived secrets and broad tokens, pushing users toward <strong>ephemeral, scoped identity<\/strong> for automation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-background\" style=\"background-color:#fffdd3\">What shipped in 2025: key highlights by domain<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">AI &amp; GenAI (GitLab Duo and agentic workflows)<\/h3>\n\n\n\n<p>If you only track one theme from 2025, it\u2019s this one:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>17.9:<\/strong> Duo Self-Hosted becomes generally available (data sovereignty + private models). <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/02\/20\/gitlab-17-9-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>17.10 \u2192 18.1:<\/strong> Duo Code Review moves from beta toward broader adoption, with <strong>automatic reviews<\/strong> added in 18.0.<\/li>\n\n\n\n<li><strong>18.2 \u2192 18.3:<\/strong> Duo Agent Platform lands in IDEs (beta) and expands to Visual Studio (public beta).<\/li>\n\n\n\n<li><strong>18.4:<\/strong> Model selection GA + <strong>Knowledge Graph (beta)<\/strong> to boost code intelligence and improve agent accuracy through richer context. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/09\/18\/gitlab-18-4-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>18.5 \u2192 18.6:<\/strong> Planner Agent and Security Analyst Agent (beta), plus Security Analyst becomes a <strong>foundational agent<\/strong> (available by default) in Agentic Chat.<\/li>\n\n\n\n<li><strong>18.7:<\/strong> separate model selection for Chat vs agents + stronger analytics (Duo + SDLC trends) to quantify impact. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/12\/18\/gitlab-18-7-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Version control and code collaboration (the \u201cdeveloper surface area\u201d)<\/h3>\n\n\n\n<p>GitLab\u2019s 2025 work here is about <strong>navigation and discoverability<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Merge request homepage (18.2):<\/strong> workload-oriented review UX with workflow and role views (a real productivity win for teams with high MR volume).<\/li>\n<\/ul>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;6a25b79b83871&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"6a25b79b83871\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"252\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/create-action-focused-mr-homepage-1024x252.webp\" alt=\"\" class=\"wp-image-9015\" srcset=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/create-action-focused-mr-homepage-1024x252.webp 1024w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/create-action-focused-mr-homepage-300x74.webp 300w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/create-action-focused-mr-homepage-150x37.webp 150w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/create-action-focused-mr-homepage-768x189.webp 768w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2026\/01\/create-action-focused-mr-homepage.webp 1182w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Exact code search (18.6, limited availability):<\/strong> built on <strong>Zoekt<\/strong>, enabled by default on GitLab.com; self-managed requires installing and enabling Zoekt.<\/li>\n\n\n\n<li><strong>Embedded views powered by GLQL (18.3 GA):<\/strong> \u201cliving dashboards\u201d you can embed in wikis, issues, epics, and merge requests\u2014great for DevOps reporting and project visibility. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/08\/21\/gitlab-18-3-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Release + deployment visibility (17.8):<\/strong> deployments related to a release are visible directly on the release page. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/01\/16\/gitlab-17-8-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CI\/CD and platform engineering<\/h3>\n\n\n\n<p>The 2025 arc: <strong>reusable pipelines + better inputs + safer automation<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Pipeline inputs (17.11):<\/strong> structured inputs for safer pipeline triggering and templated workflows. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/04\/17\/gitlab-17-11-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Dynamic input options (18.7):<\/strong> cascading dropdowns in the UI for more guided pipeline launches. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/12\/18\/gitlab-18-7-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<iframe loading=\"lazy\" width=\"660\" height=\"380\" src=\"https:\/\/www.youtube.com\/embed\/vkHDGa65XcY?si=gMrmJ35NtykQkuoB\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CI\/CD components maturity:<\/strong> SLSA level alignment and better component metadata handling (18.1, 18.6).<\/li>\n\n\n\n<li><strong>Hosted runners for GitLab Dedicated (17.8, limited availability):<\/strong> reduces operational burden for enterprises that want managed runner capacity. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/01\/16\/gitlab-17-8-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security, compliance, and governance<\/h3>\n\n\n\n<p>GitLab\u2019s 2025 security improvements cluster around <strong>prevent, detect, validate, govern<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Custom compliance frameworks + requirements (17.11):<\/strong> deeper compliance monitoring embedded into workflows (beyond labels).<\/li>\n\n\n\n<li><strong>Secret validity checks GA (18.7):<\/strong> actionability upgrades for secret scanning by verifying whether leaks still work. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/12\/18\/gitlab-18-7-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>AI-assisted security triage:<\/strong> Security Analyst Agent and AI-powered SAST false-positive detection (beta) point to \u201cagentic AppSec.\u201d<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">GitLab.com vs self-managed: what mattered in 2025<\/h2>\n\n\n\n<p>GitLab kept shipping features across offerings, but several important ones differ operationally:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Exact code search:<\/strong> GitLab.com defaults on; self-managed requires Zoekt install + enablement.<\/li>\n\n\n\n<li><strong>Direct transfer migrations (18.3):<\/strong> enabled by default on GitLab.com; self-managed needs admin enablement. <a href=\"https:\/\/about.gitlab.com\/releases\/2025\/08\/21\/gitlab-18-3-released\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>AI control plane:<\/strong> model selection and agent features increasingly come with admin-level governance, which matters more for self-managed environments.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-background\" style=\"background-color:#e4fdf3\">What\u2019s coming in 2026: the most likely themes to plan for<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) GitLab 19.0 is the next major release (May 2026)<\/h3>\n\n\n\n<p>GitLab\u2019s maintenance policy states the next major release is <strong>GitLab 19.0<\/strong>, scheduled for <strong>May 21, 2026<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Kubernetes integration: the certificate-based path is ending<\/h3>\n\n\n\n<p>GitLab has been sunsetting the legacy certificate-based Kubernetes integration; GitLab has stated it <strong>will sunset on GitLab.com in May 2026<\/strong> and stop working, and related guidance continues to push users toward the GitLab agent for Kubernetes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Duo Agent Platform marching toward GA<\/h3>\n\n\n\n<p>GitLab\u2019s own messaging around the <strong>Duo Agent Platform<\/strong> emphasizes rapid monthly delivery and an orchestration direction. GitLab 18.7 messaging explicitly frames recent releases as \u201cbuilding blocks\u201d for upcoming GA and mentions continuing improvements in 18.8 and beyond.<br>There are also public roadmap signals pointing to <strong>GA workstreams extending into early 2026<\/strong>. <a href=\"https:\/\/gitlab.com\/groups\/gitlab-org\/-\/roadmap?epic_iid=19125&amp;layout=MONTHS&amp;timeframe_range_type=CURRENT_YEAR&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Knowledge Graph and code intelligence will likely get \u201cmore integrated\u201d <\/h3>\n\n\n\n<p>GitLab\u2019s 18.4 release describes the Knowledge Graph (beta) as a foundation for a <strong>future, fully integrated Knowledge Graph Service<\/strong> in GitLab.com and self-managed. That strongly suggests deeper RAG + code intelligence integration in 2026.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-background\" style=\"background-color:#e4cdf9\"><em>Written by Tamir Gefen, CEO of ALM Toolbox.<\/em><br><em>ALM Toolbox has assisted hundreds of clients in supporting GitLab, selecting the appropriate GitLab edition &amp; license and in planning the product\u2019s implementation and deployment.<br>We have been official partners of GitLab since 2016 and hold titles awarded by GitLab company:\u00a0<strong>Selected Partner, GitLab Hero<\/strong>\u00a0and\u00a0<strong>\u201cGitLab Champion\u201d<\/strong>\u00a0as well as official professional GitLab certifications after passing qualification exams.<br>Recently, we were also selected by the research firm STKI as the\u00a0<strong>\u201cGitLab Selected Partner\u201d<\/strong>\u00a0for 2025.<br>You can contact us by email at\u00a0<strong class=\"\"><a href=\"mailto:gitlab@almtoolbox.com\" target=\"_blank\" rel=\"noreferrer noopener\">gitlab@almtoolbox.com<\/a><\/strong>\u00a0or call us:<\/em><br><em>866-503-1471 (USA \/ Canada) or +31 85 064 4633 (International)<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Relevant Links:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Our&nbsp;<a href=\"https:\/\/almtoolbox.com\/gitlab\" target=\"_blank\" rel=\"noreferrer noopener\">GitLab webpage<\/a><\/li>\n\n\n\n<li>Our&nbsp;<a href=\"https:\/\/www.almtoolbox.com\/blog\/gitlab-customer-support-2\/\" target=\"_blank\" rel=\"noreferrer noopener\">GitLab support and consulting<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.almtoolbox.com\/blog\/whats-new-in-gitlab-18\/\" target=\"_blank\" rel=\"noreferrer noopener\">What\u2019s New in GitLab 18?<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.almtoolbox.com\/blog\/gitlab-duo-agent-platform-ai-devsecops\/\" target=\"_blank\" rel=\"noreferrer noopener\">GitLab Duo Agent Platform: AI Agents Transforming DevSecOps<\/a><\/li>\n\n\n\n<li><a href=\"http:\/\/docs.gitlab.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">GitLab\u2019s tech<\/a><a href=\"http:\/\/docs.gitlab.com\/\">&nbsp;doc<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook<\/p>\n","protected":false},"author":10,"featured_media":9000,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[166,515,172],"tags":[720,718,666,719,721],"class_list":["post-8989","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gitlab","category-gitlab-ai","category-gitlab-ci","tag-agentic-a","tag-devsecops-platform","tag-duo-agent-platform","tag-gitlab-2025-releases","tag-slsa-components"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026 - ALMtoolbox News<\/title>\n<meta name=\"description\" content=\"Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Recap of GitLab\u2019s 2025 releases\" \/>\n<meta property=\"og:description\" content=\"Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\" \/>\n<meta property=\"og:site_name\" content=\"ALMtoolbox News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/almtoolbox.israel\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-06T05:48:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-29T06:07:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2026.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"396\" \/>\n\t<meta property=\"og:image:height\" content=\"358\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tamir Gefen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Dikla\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tamir Gefen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\"},\"author\":{\"name\":\"Tamir Gefen\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\"},\"headline\":\"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026\",\"datePublished\":\"2026-01-06T05:48:38+00:00\",\"dateModified\":\"2026-03-29T06:07:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\"},\"wordCount\":1163,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg\",\"keywords\":[\"agentic A\",\"DevSecOps platform\",\"Duo Agent Platform\",\"GitLab 2025 releases\",\"SLSA components\"],\"articleSection\":[\"GitLab\",\"GitLab AI\",\"GitLab CI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\",\"name\":\"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026 - ALMtoolbox News\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg\",\"datePublished\":\"2026-01-06T05:48:38+00:00\",\"dateModified\":\"2026-03-29T06:07:09+00:00\",\"description\":\"Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook\",\"breadcrumb\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg\",\"width\":700,\"height\":269,\"caption\":\"gitlab highlights 2025\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.almtoolbox.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"name\":\"ALMtoolbox News\",\"description\":\"All the news of ALMtoolbox\",\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\",\"name\":\"ALMtoolbox\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"width\":410,\"height\":190,\"caption\":\"ALMtoolbox\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/almtoolbox.israel\/\",\"https:\/\/www.linkedin.com\/company\/almtoolbox\/\",\"https:\/\/www.youtube.com\/user\/GoMidjets\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\",\"name\":\"Tamir Gefen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"caption\":\"Tamir Gefen\"},\"sameAs\":[\"https:\/\/x.com\/Dikla\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026 - ALMtoolbox News","description":"Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/","og_locale":"en_US","og_type":"article","og_title":"Recap of GitLab\u2019s 2025 releases","og_description":"Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook","og_url":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/","og_site_name":"ALMtoolbox News","article_publisher":"https:\/\/www.facebook.com\/almtoolbox.israel\/","article_published_time":"2026-01-06T05:48:38+00:00","article_modified_time":"2026-03-29T06:07:09+00:00","og_image":[{"width":396,"height":358,"url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2026.jpg","type":"image\/jpeg"}],"author":"Tamir Gefen","twitter_card":"summary_large_image","twitter_creator":"@Dikla","twitter_misc":{"Written by":"Tamir Gefen","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#article","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/"},"author":{"name":"Tamir Gefen","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63"},"headline":"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026","datePublished":"2026-01-06T05:48:38+00:00","dateModified":"2026-03-29T06:07:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/"},"wordCount":1163,"commentCount":0,"publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg","keywords":["agentic A","DevSecOps platform","Duo Agent Platform","GitLab 2025 releases","SLSA components"],"articleSection":["GitLab","GitLab AI","GitLab CI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/","url":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/","name":"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026 - ALMtoolbox News","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg","datePublished":"2026-01-06T05:48:38+00:00","dateModified":"2026-03-29T06:07:09+00:00","description":"Recap of GitLab\u2019s 2025 releases: GitLab Duo agentic AI, CI\/CD hardening, version control wins and 2026 outlook","breadcrumb":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#primaryimage","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2026\/01\/gitlab-2025-2026-700px.jpg","width":700,"height":269,"caption":"gitlab highlights 2025"},{"@type":"BreadcrumbList","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-2025-release-highlights-ai-cicd-devsecops\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.almtoolbox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"GitLab 2025 Release Highlights: AI-First DevSecOps, Better CI\/CD, and What\u2019s Next in 2026"}]},{"@type":"WebSite","@id":"https:\/\/www.almtoolbox.com\/blog\/#website","url":"https:\/\/www.almtoolbox.com\/blog\/","name":"ALMtoolbox News","description":"All the news of ALMtoolbox","publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.almtoolbox.com\/blog\/#organization","name":"ALMtoolbox","url":"https:\/\/www.almtoolbox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","width":410,"height":190,"caption":"ALMtoolbox"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/almtoolbox.israel\/","https:\/\/www.linkedin.com\/company\/almtoolbox\/","https:\/\/www.youtube.com\/user\/GoMidjets"]},{"@type":"Person","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63","name":"Tamir Gefen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","caption":"Tamir Gefen"},"sameAs":["https:\/\/x.com\/Dikla"]}]}},"_links":{"self":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/8989","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/comments?post=8989"}],"version-history":[{"count":22,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/8989\/revisions"}],"predecessor-version":[{"id":9226,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/8989\/revisions\/9226"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/media\/9000"}],"wp:attachment":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/media?parent=8989"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/categories?post=8989"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/tags?post=8989"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}