GitLab 19.0 released

2026-05-20 · Source: GitLab · Field: Technology & Digital — Software Development & Engineering, Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, extended

Summary

GitLab 19.0, released on May 21, 2026, introduces significant enhancements across its platform, focusing on AI-powered development, security, and operational scalability. Key features include group-level custom review instructions for GitLab Duo and configurable work item types, allowing teams to tailor workflows. The GitLab Secrets Manager is now in open beta, enabling secure CI/CD secret management. GitLab Duo Developer gains new trigger methods, and its Agent Platform now supports Claude Opus 4.7, self-hosted Gemini, and expanded open-source models, alongside a new usage-based billing model for Duo Core. Security sees major updates with generally available SBOM-based dependency scanning for Maven, Gradle, and Python, auto-remediation for Ruby dependencies (experiment), and enhanced API security testing with remediation guidance. Operational changes include PostgreSQL 17 as a minimum requirement, removal of support for Ubuntu 20.04, Redis 6, and SUSE distributions, and the deprecation of NGINX Ingress in favor of Gateway API with Envoy Gateway in the Helm chart. CI/CD also benefits from improved array support for inputs, detailed component usage analytics, and configurable merge train limits.

Key takeaway

For MLOps Engineers evaluating AI integration, you should explore GitLab Duo Agent Platform's expanded LLM support, including Claude Opus 4.7 and self-hosted Gemini, to power agentic workflows. Consider utilizing the new group-level custom review instructions and automated merge conflict resolution to streamline development. Be aware of the shift to usage-based billing for Duo Core and plan your credit consumption accordingly.

Key insights

The release deepens AI integration and security automation while streamlining CI/CD and platform management.

Principles

• Centralize AI configuration for consistency.
• Automate security scanning and remediation.
• Standardize CI/CD component usage.

Method

GitLab Duo Agent Platform now supports multiple LLMs (Claude Opus 4.7, Gemini, open-source) and enables agentic workflows for code review, conflict resolution, and CI/CD, triggered by mentions or MR events.

In practice

• Configure group-level Duo review instructions.
• Store CI/CD secrets in GitLab Secrets Manager.
• Use SBOM scanning for transitive dependencies.

Topics

• GitLab Duo Agent Platform
• Application Security
• CI/CD Automation
• Software Supply Chain Security
• DevOps Platform
• Secrets Management

Code references

• groups/gitlab-org
• gitlab-org/gitlab
• gitlab-org/modelops
• gitlab-org/omnibus-gitlab
• gitlab-org/gl-security

Best for: CTO, AI Architect, VP of Engineering/Data, Software Engineer, AI Engineer, MLOps Engineer

Related on AIssential

• More AI models for GitLab Duo Agent Platform Self-Hosted — GitLab 19.0 expands open source AI model support for self-hosted platforms in secure, regulated environments.
• I Read Cursor's Security Agent Prompts, So You Don't Have To — Simple LLM prompts, when supported by robust orchestration, can effectively automate security reviews at scale.
• Codex and GitLab: From code fix to production — Integrating AI tools like Codex with platforms like GitLab streamlines the entire code fix to production workflow.
• GitLab, Google Cloud expand integration with Vertex AI for DevSecOps — Expanded Google Cloud and GitLab partnership integrates Vertex AI models into DevSecOps workflows with robust governance.
• Securing our codebase with autonomous agents — Autonomous agents can significantly scale codebase security by automating vulnerability identification and remediation.
• Google Finally Figured Out That Having the Best AI Means Nothing If Nobody Uses It — Integrated backend services are crucial for AI application development beyond initial prototyping.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by GitLab.