GitLab has released version 18.0 of its self-hosted DevSecOps platform, introducing more AI features across the Premium and Ultimate tiers. The release includes AI-native development workflows, aligning GitLab with competitors like Microsoft’s GitHub Copilot and other AI-assisted coding platforms. These AI capabilities include code suggestions, intelligent chat within integrated development environments, and automated code analysis.
Industry observers have noted the practical implications of these changes. In a podcast by ALM Toolbox, a GitLab partner, the speakers emphasized that the AI integration is more than just incremental improvements. “It’s not just like little add-ons, it’s more fundamental for those tiers,” they noted, referring to the Premium and Ultimate plans. The discussion highlighted how the AI features address common development bottlenecks, particularly around code understanding and review processes.
The ALM Toolbox podcast also considered the contextual improvements in code reviews as particularly significant. They explained that the enhanced AI “examines all the diffs across all the files in the merge request at the same time” and “sees the full content of the files that were changed, not just the little snippets around the change itself.” This broader contextual understanding aims to reduce what the speakers called “weird or inaccurate suggestions” that have plagued earlier AI coding assistants.
The practical integration approach also drew attention, with the speakers noting that Duo works “right inside your IDE” rather than requiring developers to “switch context constantly,” and this reflects a broader trend where AI capabilities are embedded directly in existing workflows instead of in seperate tools that need context switching to use.
The new AI capabilities were previously only available as separate add-ons. Their integration into GitLab 18.0 has been well received, for example in a comment on GitLab CEO Sid Sijbrandij’s announcement on LinkedIn which also emphasised the practical integration:
What I love about this: it’s not just AI as a feature. It’s AI baked into the workflow where it actually matters.
– Eduardo Mussali
Other than the AI features, there are other noteworthy changes in GitLab 18.0. The Duo Code Review feature in GitLab 18.0 lets code reviews happen automatically on merge requests, so it doesn’t have to be manually triggered. The system intelligently skips draft requests and empty changes while providing analysis, including merge request context and cross-file relationships. This functionality mirrors that in tools like SonarQube and CodeClimate, which offer similar automated code quality assessments.
Repository X-Ray, GitLab’s code intelligence feature, is now available in self-hosted environments. This capability allows organisations to maintain AI-assisted development workflows while keeping code on-premises. It aims to address security concerns that some enterprises have with storing their code on cloud-based platforms. Performance improvements include prompt caching for code suggestions, which improves speed when using AI coding assistance. The cached data never reaches persistent storage, addressing privacy concerns that have made some organisations hesitant to adopt AI coding assistants.
Security and compliance capabilities have been updated with improved vulnerability tracking and expanded support for security scanning in merge request pipelines. Organisations can now configure Application Security Testing scanners to run in merge request workflows, providing earlier detection of security issues.
The platform has also introduced granular job token permissions, currently in beta, allowing more precise control over CI/CD pipeline access. Administrative improvements include enhanced user session management, support for SHA256 SAML certificates, and expanded deletion protection across all user tiers. The decision to make deletion protection available reflects GitLab’s consideration of data safety as a core feature rather than something users should pay for.
GitLab’s Kubernetes integration has also shared namespace support for workspaces and improved pod status visualisations.
The release includes breaking changes, for instance, in PostgreSQL version support and the bundled Prometheus chart update. The announcement recommends that teams planning an upgrade must ensure they’re running PostgreSQL 16 and review their monitoring configurations. Others on Reddit suggest waiting until the 18.1 point release, and some users have reported problems in upgrading their self-hosted versions on the forum, though none of these reports have been attributed to bugs.
There are many other new features in GitLab 18.0, all listed in the release announcement.
