.svg)
GitLab 18.4 and 18.5: Revolutionary AI Features and Enhanced Developer Experience
GitLab has released two significant updates in autumn 2025 that fundamentally transform how development teams collaborate, secure their code, and leverage artificial intelligence in their workflows. The releases of GitLab 18.4 in September and GitLab 18.5 in October introduce groundbreaking features that address the evolving needs of modern software development teams, from enhanced AI capabilities through GitLab Duo to sophisticated security management tools and improved user experience across the platform.
These releases demonstrate GitLab's commitment to providing a comprehensive DevSecOps platform that seamlessly integrates artificial intelligence, security, and collaboration features. The introduction of the GitLab Knowledge Graph, multiple AI agent capabilities, and enhanced compliance frameworks positions GitLab as a leader in intelligent software development platforms that adapt to enterprise requirements whilst maintaining developer productivity and satisfaction.
Executive Summary of Key Features
The combined releases of GitLab 18.4 and 18.5 introduce over twenty major features that revolutionise how teams interact with their codebase, manage security vulnerabilities, and leverage AI assistance. GitLab 18.4 establishes the foundation with the GitLab Knowledge Graph for intelligent code navigation and introduces end-user model selection for AI features, whilst GitLab 18.5 builds upon this foundation with specialised AI agents for planning and security analysis. Both releases emphasise giving users more control over their development environment whilst maintaining enterprise-grade security and compliance requirements.
The strategic focus on AI integration through GitLab Duo represents a significant shift in how development teams can leverage artificial intelligence throughout their workflows. Rather than treating AI as a separate tool, these releases embed intelligent assistance directly into existing processes, from code understanding to vulnerability management and project planning.
Version Feature Comparison Overview
Understanding the distinct focus areas of each release helps organisations plan their upgrade strategy and identify which features will provide the most immediate value to their teams. The following comparison table highlights the primary features introduced in each version, demonstrating the progression from foundational AI capabilities to specialised agent implementations.
| Feature Category | GitLab 18.4 Features | GitLab 18.5 Features |
|---|---|---|
| AI and Machine Learning | GitLab Knowledge Graph for code intelligence and navigation, end-user model selection for GitLab Duo allowing personalised AI model preferences. | GitLab Duo Planner Agent for product management tasks, GitLab Security Analyst Agent for vulnerability management, OpenAI GPT-5 model availability. |
| Security and Compliance | GitLab Duo context exclusion for protecting sensitive information from AI processing. | Compliance and security policy groups for centralised management, DAST authentication scripts for automated security testing, merge request approval policy bypasses with audit trails. |
| CI/CD and Development | CI/CD job tokens can authenticate Git push requests, pipeline simulation against different branches in the editor. | New dependency scanning template v2, static reachability analysis for identifying used dependencies, diff-based SAST scans for merge requests. |
| User Experience | Expanded pipeline validation capabilities with branch selection. | New personal homepage for activity consolidation, Maven virtual registry web interface, improved group overview with richer project information. |
| Platform and Infrastructure | Expanded AWS region support for GitLab Dedicated across all AWS regions. | GitLab Runner 18.5 release, inactive content management improvements, enhanced admin area groups list. |
GitLab Knowledge Graph: Revolutionising Code Intelligence
The GitLab Knowledge Graph, introduced in version 18.4, represents a paradigm shift in how developers understand and navigate complex codebases. This beta feature creates a comprehensive map of relationships between files, definitions, and dependencies across your entire project, enabling developers to perform impact analysis, plan changes more effectively, and accelerate development tasks through enhanced contextual understanding. The Knowledge Graph serves as the foundation for improved AI agent accuracy, as it provides GitLab Duo agents with rich contextual information about code relationships and dependencies.
The integration of the Knowledge Graph with the GitLab Duo Agent Platform demonstrates its practical value beyond simple code navigation. By mapping the intricate connections within a codebase, the Knowledge Graph enables AI agents to understand not just individual files but the broader context of how components interact, leading to more accurate and relevant AI-generated responses to complex development questions. This contextual awareness transforms GitLab Duo from a simple code assistant into an intelligent partner that understands your project's architecture and can provide insights based on comprehensive code analysis.
Development teams working with large, complex codebases will find the Knowledge Graph particularly valuable for understanding the ripple effects of proposed changes. The ability to visualise and analyse code relationships helps prevent unexpected breaking changes and accelerates onboarding for new team members who need to understand existing system architecture quickly.
AI Model Selection and Customisation
GitLab 18.4 and 18.5 significantly expand user control over AI capabilities through comprehensive model selection features. Version 18.4 introduces end-user model selection as a public beta on GitLab.com, allowing developers to choose their preferred AI model for GitLab Duo Agentic Chat directly within the user interface. This personalisation capability extends in version 18.5 to include IDE integrations, with model selection now available in VS Code and JetBrains IDEs, ensuring consistency across development environments.
The addition of OpenAI GPT-5 support in GitLab 18.5 further expands the available model options, giving organisations and developers access to cutting-edge AI capabilities. Namespace owners maintain control over which models are available to their teams, ensuring compliance with organisational policies whilst still providing flexibility for individual developer preferences. This balance between governance and flexibility represents a mature approach to enterprise AI adoption.
| AI Model Feature | GitLab 18.4 Implementation | GitLab 18.5 Enhancement | User Benefits |
|---|---|---|---|
| Model Selection Interface | Available in GitLab UI for Duo Agentic Chat with dropdown selection. | Extended to VS Code and JetBrains IDEs with consistent dropdown interface. | Seamless model switching across all development environments without disrupting workflow. |
| Available Models | Claude and GPT models based on namespace settings. | Added OpenAI GPT-5 to available model options. | Access to latest AI technology for improved code suggestions and analysis. |
| Administrative Control | Namespace owners control model availability and can set organisation-wide preferences. | Enhanced controls for Self-Managed and Dedicated instances with AWS Bedrock and Azure OpenAI support. | Organisations maintain governance whilst providing developer flexibility. |
| Session Management | Model preferences remembered for future sessions with fresh conversation on model change. | Consistent preference management across all interfaces. | Reduced friction in daily workflows with persistent personalisation. |
GitLab Duo Agent Platform: Specialised AI Agents
GitLab 18.5 introduces two groundbreaking AI agents that transform specific aspects of the development lifecycle through intelligent automation and analysis. The GitLab Duo Planner Agent, currently in beta, revolutionises product management workflows by providing AI-powered assistance for backlog analysis, framework application, and prioritisation decisions. Rather than manually tracking updates and synthesising planning data, product managers can leverage the Planner Agent to apply frameworks like RICE or MoSCoW, surface critical items requiring attention, and make data-driven decisions more efficiently.
The GitLab Security Analyst Agent, also released as a beta feature in version 18.5, addresses the growing complexity of vulnerability management in modern software development. This specialised agent can list vulnerabilities, provide detailed CVE data and EPSS scores, manage vulnerability statuses, and create or link issues for remediation tracking. The agent transforms security workflows from reactive manual triage into intelligent, automated processes that allow security professionals to focus on genuine threats whilst the AI handles repetitive assessment and documentation tasks.
The extensibility of the GitLab Duo Agent Platform enables organisations to create custom agents tailored to their specific workflows and requirements. Through the AI Catalog, teams can discover and enable agents that address their unique challenges, from code review automation to merge request creation, creating a customisable AI-powered development environment that adapts to organisational needs.
Enhanced Security and Vulnerability Management
Security enhancements across both releases demonstrate GitLab's commitment to integrating security practices throughout the development lifecycle. GitLab 18.4 introduces GitLab Duo context exclusion, enabling organisations to protect sensitive information such as password files and configuration files from AI processing. This granular control allows teams to leverage AI assistance whilst maintaining strict security boundaries around critical data.
GitLab 18.5 significantly expands security capabilities with multiple features designed to streamline vulnerability management and compliance workflows. The introduction of DAST authentication scripts enables automated security testing of applications with complex authentication flows, including support for time-based one-time passwords and multi-factor authentication. This automation ensures comprehensive security assessments without sacrificing the authentication controls necessary for production environments.
| Security Feature | Capability | Implementation Details | Enterprise Value |
|---|---|---|---|
| Context Exclusion (18.4) | Prevents sensitive files from being included in AI context. | Configure exclusions for individual files, directories, or file types through project settings. | Maintains data confidentiality whilst enabling AI assistance for non-sensitive code. |
| DAST Authentication Scripts (18.5) | Automates complex authentication flows for security scanning. | Add custom scripts to CI/CD configurations supporting OTP and MFA authentication. | Enables thorough security testing of production-grade applications without manual intervention. |
| Dependency Scanning v2 (18.5) | Generates comprehensive vulnerability reports for all components. | Import Jobs/Dependency-Scanning.v2.gitlab-ci.yml template with SEP and PEP support. | Provides complete visibility into supply chain security risks across the entire dependency tree. |
| Static Reachability (18.5) | Identifies which open source dependencies are actually in use. | Enhanced JS/TS coverage with experimental Java support for accurate vulnerability prioritisation. | Reduces alert fatigue by focusing on vulnerabilities in actively used dependencies. |
| Approval Policy Bypass (18.5) | Enables emergency changes with full audit trail. | Configure bypass permissions through YAML or UI with mandatory justification and audit logging. | Maintains compliance whilst providing flexibility for critical incident response. |
CI/CD Pipeline Enhancements
Both releases include significant improvements to CI/CD capabilities that enhance developer productivity and pipeline flexibility. GitLab 18.4 introduces the ability for CI/CD job tokens to authenticate Git push requests, enabling more sophisticated automation workflows where pipeline jobs can make authenticated changes to repositories. This feature, configurable through project settings or API endpoints, opens new possibilities for automated code generation, dependency updates, and other repository modifications as part of the CI/CD process.
The pipeline editor receives a substantial upgrade in version 18.4 with the ability to simulate pipelines against any branch, not just the default branch. This enhancement provides developers with greater confidence when making pipeline changes, as they can validate their modifications against stable branches, feature branches, or any other branch configuration before committing changes. The improved validation capability reduces pipeline failures and accelerates the development of complex CI/CD workflows.
GitLab 18.5 continues the CI/CD evolution with the introduction of the new dependency scanning template v2, which generates comprehensive vulnerability reports for all component dependencies. The template integration with Scan Execution Policy and Pipeline Execution Policy ensures consistent security scanning across all projects whilst maintaining flexibility for project-specific requirements.
Compliance and Governance Improvements
GitLab 18.5 introduces groundbreaking compliance and governance features designed for enterprise-scale deployments. The new compliance and security policy groups enable centralised management of security policies and compliance frameworks across entire GitLab Self-Managed and Dedicated instances. Organisations can now create, configure, and enforce compliance frameworks like ISO 27001 from a single source of truth, applying them consistently across all projects whilst still allowing individual groups to maintain specific policies for unique requirements.
The enhancement to external controls in compliance frameworks provides organisations with greater flexibility in managing third-party compliance validations. The ability to disable the automatic twelve-hour ping for external control status updates gives teams complete control over when and how compliance validations occur, preventing unnecessary status resets and enabling more sophisticated integration patterns with external compliance systems.
The introduction of time windows in merge request approval policies addresses a common pain point in busy development environments where baseline security scans may be delayed or stuck. By configuring a time window parameter, teams can allow merge requests to proceed using recent security reports within a specified timeframe, balancing security requirements with development velocity whilst maintaining appropriate controls.
User Experience and Interface Improvements
GitLab 18.5 delivers substantial user experience enhancements that make daily interactions with the platform more efficient and intuitive. The new personal homepage consolidates all important activities into a single view, including to-do items, assigned issues, merge requests, review requests, and recently viewed content. This centralised dashboard helps developers quickly understand their priorities and pick up where they left off, reducing the cognitive load of navigating GitLab's extensive feature set.
The Maven virtual registry receives a comprehensive web-based interface in version 18.5, replacing the previous API-only configuration approach. Platform engineers can now manage virtual registries through an intuitive point-and-click interface, performing common tasks like clearing cache entries, reordering upstreams, and testing connectivity without specialised API knowledge. This enhancement significantly reduces operational overhead and makes Maven registry management accessible to a broader range of team members.
| UI Enhancement | Previous Experience | New Experience | Productivity Impact |
|---|---|---|---|
| Personal Homepage | Activities scattered across multiple pages requiring navigation to different sections. | Unified dashboard with all activities, assignments, and recent items in one place. | Reduces time spent navigating and helps maintain focus on priority tasks. |
| Maven Registry Management | API-only configuration requiring technical knowledge and command-line tools. | Web-based interface with intuitive controls for all management tasks. | Democratises registry management and reduces time for routine maintenance tasks. |
| Group Overview | Limited project information visible requiring clicks to see details. | Rich information display including stars, forks, issues, and merge requests at a glance. | Enables faster decision-making with comprehensive information immediately available. |
| Inactive Content Management | Archived and deleted items mixed with active content in lists. | Dedicated Inactive tab consolidating all inactive items with clear status indicators. | Prevents accidental interactions with inactive content and simplifies recovery processes. |
Platform Infrastructure and Deployment Options
GitLab 18.4 significantly expands deployment flexibility with support for all AWS regions in GitLab Dedicated. This expansion, enabled by AWS's rollout of io2 disks meeting GitLab's high availability and disaster recovery standards, allows organisations to deploy GitLab Dedicated instances in their preferred regions for optimal performance, compliance, and data residency requirements. The expanded regional support ensures that organisations can maintain their GitLab infrastructure close to their development teams and comply with regional data protection regulations.
The concurrent release of GitLab Runner 18.5 brings performance improvements and enhanced scalability for CI/CD workloads. As the highly-scalable build agent that executes CI/CD jobs, GitLab Runner 18.5 ensures that the new features introduced in the main GitLab releases can be fully leveraged without infrastructure bottlenecks. The runner improvements are particularly important for organisations adopting the new security scanning features and AI-powered development workflows that may increase computational demands.
GitLab Duo Agent Platform extends to Self-Managed deployments in version 18.5, marking a significant milestone for organisations requiring on-premises AI capabilities. Self-Managed instance administrators can now configure Anthropic Claude or OpenAI GPT models through AWS Bedrock or Azure OpenAI, bringing the full power of AI-assisted development to environments with strict data residency or compliance requirements.
Implementation Considerations and Migration Path
Organisations planning to adopt GitLab 18.4 and 18.5 should carefully consider their implementation strategy to maximise the value of new features whilst minimising disruption to existing workflows. The beta status of several key features, including the GitLab Knowledge Graph, Duo Planner Agent, and Security Analyst Agent, indicates that these capabilities are still evolving and may require adjustments as they mature. Teams should establish pilot programmes to evaluate these features in non-critical environments before widespread deployment.
The introduction of new security scanning templates and dependency analysis tools requires updates to existing CI/CD configurations. Organisations should plan a phased migration approach, starting with non-production pipelines to validate the new scanning capabilities and understand their impact on build times and resource consumption. The availability of both old and new templates provides flexibility during the transition period, allowing teams to migrate at their own pace.
For enterprises leveraging GitLab's compliance features, the new compliance and security policy groups in version 18.5 represent a fundamental shift in how policies are managed across the organisation. Security and compliance teams should audit existing frameworks and policies to identify opportunities for centralisation whilst documenting cases where group-specific policies remain necessary. The ability to maintain both centralised and group-specific policies provides a migration path that doesn't require immediate standardisation across all teams.
Choose GitLab 18.4 If Your Organisation Prioritises
Organisations should consider deploying GitLab 18.4 if their immediate priorities include establishing foundational AI capabilities and improving code intelligence across their development teams. The GitLab Knowledge Graph provides immediate value for teams working with complex codebases who need better visibility into code relationships and dependencies. The ability for developers to select their preferred AI models ensures rapid adoption by allowing individuals to work with familiar tools whilst the organisation evaluates different AI providers.
Teams requiring enhanced CI/CD automation capabilities will benefit from the job token authentication feature, particularly those with sophisticated pipeline requirements involving automated repository updates or cross-project dependencies. The improved pipeline validation against multiple branches reduces the risk of pipeline failures and accelerates the development of complex CI/CD workflows, making it valuable for organisations with multiple active development branches or complex branching strategies.
Organisations with strict data security requirements should prioritise GitLab 18.4's context exclusion features to establish AI boundaries before broader AI adoption. The ability to prevent sensitive information from being processed by AI models provides the confidence needed to begin leveraging AI assistance whilst maintaining compliance with data protection regulations and internal security policies.
Choose GitLab 18.5 If Your Organisation Requires
GitLab 18.5 becomes essential for organisations requiring advanced AI agents for specialised workflows, particularly in product management and security operations. The Duo Planner Agent and Security Analyst Agent provide immediate productivity gains for teams overwhelmed by manual planning and vulnerability management tasks. These specialised agents transform time-consuming manual processes into efficient, AI-assisted workflows that maintain human oversight whilst eliminating repetitive tasks.
Enterprises with complex compliance requirements across multiple divisions or subsidiaries should prioritise GitLab 18.5 for its compliance and security policy groups feature. The ability to centrally manage frameworks and policies whilst allowing group-specific customisations provides the flexibility needed for large, diverse organisations. The enhanced external controls management and approval policy bypass capabilities ensure that compliance requirements don't become blockers for critical business operations.
Development teams working with modern authentication systems and requiring comprehensive security testing should adopt GitLab 18.5 for its DAST authentication scripts and enhanced scanning capabilities. The ability to automate security testing of applications with complex authentication flows, combined with static reachability analysis and diff-based SAST scans, provides comprehensive security coverage without sacrificing development velocity.
Conclusion and Strategic Recommendations
The releases of GitLab 18.4 and 18.5 represent a significant evolution in the GitLab platform, with artificial intelligence integration moving from experimental features to production-ready capabilities that fundamentally enhance developer productivity. Organisations should view these releases not as incremental updates but as strategic enablers for AI-augmented development practices that will become industry standard in the coming years. The combination of intelligent code understanding through the Knowledge Graph, specialised AI agents for specific workflows, and enhanced security automation creates a comprehensive platform for modern software development.
The emphasis on user control and customisation throughout both releases reflects GitLab's understanding that one-size-fits-all solutions don't work in enterprise environments. From AI model selection to compliance framework flexibility, these releases provide the tools needed for organisations to adapt GitLab to their specific requirements whilst maintaining the standardisation benefits of a unified platform. This balance between flexibility and consistency positions GitLab as a sustainable choice for organisations seeking to modernise their development practices without sacrificing governance or security.
Recommended Action: Organisations currently on earlier versions of GitLab should develop a comprehensive upgrade plan that prioritises features based on immediate team needs whilst establishing a roadmap for adopting beta features as they mature. Beginning with GitLab 18.4 to establish foundational capabilities before moving to 18.5 for specialised features provides a measured approach that minimises risk whilst accelerating time to value. Establish pilot programmes for AI features with enthusiastic early adopters to build internal expertise and identify use cases before broader rollout.
