GitLab has released version 18.5, introducing specialised AI agents, enhanced security insights, and a redesigned user interface to support software development teams.
GitLab's latest update addresses issues developers face in managing security findings, workflow interruptions, and manual tasks by integrating AI-powered assistance more deeply into its platform. The company states that the 18.5 release simplifies and prioritises the user experience for both individual developers and security teams, supporting efficient and informed decision-making.
User experience
The GitLab 18.5 release introduces a new panel-based user interface, which presents information side by side for better context. When users select an issue from a list, its details are displayed in an adjacent panel, streamlining navigation. The GitLab Duo Chat panel is now accessible as an on-demand assistant on the right side of the platform, allowing users to interact with AI agents throughout their workflow without changing screens.
"Software development teams are drowning in noise. Thousands of vulnerabilities flood security dashboards, but only a fraction pose real risk. Developers context-switch between planning backlogs, triaging security findings, reviewing code, and responding to CI/CD failures, losing hours to manual work. GitLab 18.5 calms this chaos," said Bill Staples, CEO at GitLab.
AI agent integration
The update expands GitLab Duo Agent Platform with new features. The Security Analyst Agent automates much of the manual work involved in vulnerability triage. It uses AI to analyse findings, orchestrate tools, apply policies, and automate workflows. Security teams can now access enriched data-including CVE details and code analysis-to triage and address issues through AI-powered conversational tools. Tasks such as dismissing false positives, adjusting severity, and opening remediation issues can be executed within the conversation interface.
Another addition is GitLab Duo Planner, which aims to streamline project planning by integrating deep awareness of issues, epics, and merge requests. This AI assistant helps with balancing workloads and aligning with strategic project goals, leveraging agile methodologies.
The platform's AI Agent Catalog now incorporates external tools such as Claude, OpenAI Codex, Google Gemini CLI, Amazon Q Developer, and OpenCode as native agents within GitLab. These can be configured and managed alongside built-in agents, providing consistency and automating foundational workflows across organisations.
Self-hosted workflows have moved from experimental to beta with this release. Organisations can now operate AI agents entirely within their own infrastructure, an option beneficial for those in regulated industries or with strict data sovereignty requirements.
Enhanced security and precision
GitLab 18.5 brings several updates intended to help development and security teams prioritise risks and keep workflows efficient. Key additions include Static Reachability Analysis, which determines whether vulnerable code is actively invoked in an application, and Secret Validity Checks that distinguish active credentials from expired ones. These features enable teams to focus on actionable security findings rather than potential noise.
The release adds custom rules to Advanced SAST (Static Application Security Testing), allowing teams to define detection logic tailored to their environment while still leveraging GitLab's existing rules. Advanced SAST is now extended to support C and C++ languages. Diff-based SAST scanning provides faster analysis by examining only the code changes in merge requests, minimising review time and focusing on the most relevant issues.
API configuration and workflow adaptability
GitLab also introduces a new web-based interface for managing Maven Virtual Registries, aiming to make API configurations more visual and easier to handle for administrators and engineers.
The company reiterates that the broader focus is on offering users choice and control in their workflows. The features in version 18.5 are initially available to GitLab Premium and Ultimate customers for both GitLab.com and self-managed setups, with support for GitLab Dedicated planned for the following month. The GitLab Duo Agent Platform, meanwhile, remains in beta, as the company invites organisations to evaluate how its AI functions could change software development processes.
