GitLab 19.0 Embeds Agentic AI in Secrets, Merge Requests, and Supply Chain Security
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
GitLab 19.0 with agentic AI in CI/CD and security is directly relevant to platform engineering and SDLC.
GitLab 19.0 shifts agentic AI from code generation to security and workflow governance, introducing a public beta of GitLab Secrets Manager that stores credentials within the existing platform hierarchy and integrates with HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and GCP Secret Manager. The Developer Flow agent now handles reviewer feedback, splits oversized merge requests, and resolves conflicts by reading team context from an AGENTS.md file, while a new Resolve with Duo button commits proposed fixes and leaves summary comments. On the supply chain side, the SBOM-based dependency scanner reaches GA for Maven, npm, NuGet, PyPI, Go, and Cargo, with automatic lockfile generation for Maven, Gradle, and Python, and GitLab Duo Core moves to usage-based billing via GitLab Credits, with self-hosted environments gaining support for open-source models like Mistral Devstral 2 123B and Claude Opus 4.7.