GitLab continues to push its platforms toward an AI-powered, secure, and collaborative DevSecOps experience. The release of 18.5 builds upon major innovations from 18.2 through 18.4. It is extending agentic workflows, expanding security automation, improving user productivity, and strengthening governance for enterprise environments. Whether you are a developer, platform engineer, product manager, or security leader, here is what you need to know.
GitLab 18.2 -18.4
Understanding the previous releases helps show how 18.5 completes the next stage of GitLab’s AI strategy. 18.2 introduced specialized AI agents and the Software Development Flow. This enabled end-to-end orchestration of planning, implementation, and testing using multiple AI agents. 18.3 expanded integrations with Claude Code, Codex CLI, Amazon Q CLI, and Gemini CLI. It also added deeper context awareness across the SDLC and released Issue to MR and Convert CI File flows. 18.4 enhanced agent collaboration through Agentic Chat, introduced the Knowledge Graph, shipped Fix Failed Pipeline Flow, and expanded custom agent creation and governance. Together, these releases built the foundation for scalable human-AI collaboration. GitLab 18.5 includes powerful improvements across planning, security, compliance, and platform automation.
New Features for All GitLab Users
These new features are available to every GitLab customer, including Free tier users.
New personal homepage
All users now have a unified personal dashboard that shows to-do items, assigned issues, merge requests, review requests, and recently viewed items.
Markdown table formatting in the plain text editor
This feature introduces a single-click tool to reformat markdown tables for improved readability and maintenance.
View child task completion in issues
Issue pages now show at-a-glance progress based on child tasks to help teams detect bottlenecks earlier.
Variable expansion for environment deployment tiers
Teams can now use CI/CD variables in the environment:deployment_tier field for dynamic deployments.
Increased rule coverage for secret push protection
GitLab has increased its accuracy, becoming even more proactive in protecting against accidental secret exposure.
Improved inactive item management
This feature provides a unified Inactive tab for archived projects, pending deletions, or inactive groups across GitLab.
Updated navigation experience for groups
All GitLab tiers now have richer group and project details, streamlined actions, and more consistent navigation across the platform.
New Features for GitLab Ultimate (SaaS and Self-Managed)
These features are available for both SaaS Ultimate and Self-Managed Ultimate.
GitLab Security Analyst Agent
While currently in beta, this new improvement provides a specialized security agent that can list vulnerabilities, surface CVE and EPSS data, update statuses, and automatically create issues.
Advanced SAST improvements
- Diff based scans for faster MR scanning
- C and C++ support
- Custom detection rules for organization-specific patterns
Dependency scanning improvements (limited availability)
GitLab has provided new templates for more complete dependency scanning results.
Static reachability (limited availability)
Improved JS and TS support and experimental Java support help teams understand which dependencies are actually in use.
Vulnerability management in Agentic Chat
AI can now list, update, confirm, dismiss, and escalate vulnerabilities through natural language commands.
Secret validity checks
This feature, currently in beta, automatically verifies whether detected secrets are active.
Exceptions to bypass MR approval policies
This feature allows designated users to merge critical fixes immediately while preserving audit trails.
Time windows for security report comparisons
Policy checks can now utilize recent baseline reports, which avoids pipeline delays.
Refreshed security findings in pipeline security tabs
There are now real-time updates to severity and status information in pipeline security tabs.
Control requests for external control statuses
This gives teams control over when external systems update compliance-related statuses.
Show only active vulnerabilities in dependency lists
Dismissed vulnerabilities are hidden, which leads to a cleaner triage experience.
New Features for GitLab Premium and Ultimate (SaaS and Self-Managed)
GitLab Duo Planner
While still in beta, the GitLab Duo Planner is a specialized planning agent that supports PM workflows, applies frameworks like RICE and MoSCoW, and helps prioritize backlogs.
GPT-5 model support for GitLab Duo Agentic Chat
End users can now select GPT-5 as their preferred model for GitLab Duo Agentic Chat.
Configure status lifecycles for issues and tasks
This update allows teams to configure issues and tasks with different status workflows without having to use bulk edits.
Additional triggers for CLI agents
Users can trigger agents automatically when issues or MRs are assigned or when reviewers are added.
New Features for All GitLab Self-Managed Customers
Enhanced Admin area groups list
Every self-managed user now has safer deletion workflows, faster filtering, and a more consistent experience across all group lists.
New Features for GitLab Premium and Ultimate (Self-Managed)
Maven Virtual Registry Interface
Currently in beta, this feature introduces a new web interface that replaces manual API workflows for registry administration, dependency visibility, cache cleanup, and performance tuning.
GitLab Duo Agent Platform for Self-Hosted
Self-managed customers can now use agentic workflows with Anthropic, GPT, and compatible models; however, this is still in beta.
GPT OSS model support for Duo Agent Platform
Self-managed customers can now run open-source models for AI agents.
New Features for GitLab Ultimate (Self-Managed)
Instance-wide compliance and security policy management
Administrators can now define and enforce compliance frameworks and security policies across every top-level group in an instance.
DAST authentication scripts
This feature supports OTP MFA and other real authentication flows, providing richer and more accurate security testing.
GitLab 18.5: Advancing The Platform
The newest GitLab update advances the platform’s vision of an AI-powered DevSecOps ecosystem that unifies development, security, planning, and platform operations. With new capabilities across all tiers, GitLab continues to help teams automate routine work, scale securely, and collaborate more effectively. If you want expert guidance on upgrading, integrating, or operationalizing GitLab across your organization, SPK and Associates is here to help. Our consultants support GitLab SaaS and Self-Managed customers with architecture, migrations, AI integration, automation, security alignment, and end-to-end DevSecOps transformation. Contact us to begin your optimization journey.
