Embracing the Future: GitLab 17.0 Prepares Us for Next-Gen DevSecOps

Embracing the Future: How GitLab 17.0 Prepares Us for Next-Gen DevSecOps

On May 16th, GitLab released GitLab 17. Our lead engineer and GitLab Champion Craig Gardener reviewed the release and highlighted some of the capabilities we can expect in the coming year.

The release sets the stage for exciting developments. AI is a prominent feature, alongside major changes to the Verify stage and runner registration processes—changes that may require timely action.

Below is a summary of the key investment areas and runner changes.

AI/ML Efficiencies Across DevSecOps

GitLab is advancing AI in development with GitLab Duo, ModelOps, and AI agents—designed to integrate seamlessly into workflows. Notably, GitLab aims to bring AI to self-managed instances, distinguishing it from competitors like GitHub.

Key deliverables for FY25:

• General Availability (GA) of All Existing AI Features
• GitLab Duo for Offline/Air-Gapped Environments
• Expansion Across the SDLC

Drive Use Case Adoption to Fully Realise Value

Most people only use a small percentage of GitLab’s capabilities. GitLab recognises that customers who don't fully leverage the platform won’t realise its full value. They're working to ensure Premium tier users adopt SCM and CI/CD, and Ultimate tier users include Security and Governance.

With declining popularity of HashiCorp Vault, GitLab’s native secrets management will be one to watch.

• CI/CD Catalog and Components GA: A centralised hub to share and discover reusable CI/CD components. Self-managed customers must build their catalogues from scratch, while GitLab.com users access the public catalogue.
• CI Pipeline Components Blueprint
• CI/CD Catalog Announcement
• Enhanced Usability and Documentation
• Native Secrets Management and Vulnerability Prioritisation

Differentiating the DevSecOps Platform

As toolchain consolidation grows, GitLab is enhancing its DevSecOps platform with expanded planning and Value Stream capabilities—bringing it closer to Jira’s functionality.

• Work Items and Product Analytics
• Extended Vendor-Specific Application (VSA) Integrations

Strengthening GitLab.com Performance

With increased SaaS adoption, GitLab is enhancing platform performance:

• Cells 1.0 Rollout and Hosted Runners GA
• Enhanced RPO/RTO in GitLab Dedicated

Breaking Changes: Runner Registration Changes

An essential update in Version 17 is the revamped runner registration workflow. Older runners will eventually stop working unless updated.

The updated runner token architecture improves security, traceability, and manageability.

What is being changed?

Elimination of Registration Token: Simplifies the process and removes security risks.

Runner Creation via UI: Adds control and tracking through authentication tokens.

System ID Implementation: Each runner gets a unique ID for traceability.

Database Modifications: Supports the new runner system with new tables and fields.

Why are these changes necessary?

Security Risks: Shared tokens created vulnerabilities.

Lack of Traceability: Difficult to audit runner origins or token leaks.

Management Inefficiencies: Manual token management was error-prone.

What are the benefits?

Enhanced Security: Runners are tied to user actions.

Improved Traceability: System IDs and UI-based creation offer better oversight.

Operational Efficiency: Simplified runner management.

Better Resource Management: Improved database structure supports better tracking.

Other Technical Changes

Postgres 13 Deprecation: Upgrade to Postgres 14 is required to avoid breakage.

Unified Approval Rules Removal: Replaced with multiple approval rules. Post-upgrade checks are advised.

Conclusion

GitLab 17 lays the foundation for impactful features throughout the year. AI is a central theme, touching all areas from planning to deployment. Runner registration changes bring long-term benefits but will require action by technical teams.