Blog GitLab Duo
10 June 2025 · Hugo Mendiguchia, GitLab Engineer & Trainer at OTTRA

GitLab Duo: Your AI across the entire software delivery lifecycle

GitLab Duo brings AI-assisted workflows to every stage of DevSecOps — from planning to deployment. Here’s what it means for your engineering team.

More than code completion

Most people hear “AI for developers” and think of autocomplete on steroids. A fancy tab key. That’s not what GitLab Duo is.

GitLab Duo is a suite of AI capabilities built into every stage of the software delivery lifecycle. Planning. Coding. Testing. Security. Deployment. It’s not a bolt-on. It’s not a separate product you wire up alongside your existing tools. It lives inside the platform your team already uses, and it works across the entire workflow — not just the bit where you’re writing code.

That distinction matters more than it sounds.

The problems engineers actually have

Talk to any engineering team honestly and the same frustrations come up again and again.

Security scanners flag vulnerabilities that developers didn’t introduce and don’t fully understand. The finding lands in a ticket. The developer stares at it. They context-switch out of what they were doing, dig into a CVE report, and try to work out whether this is a real risk or noise. That cycle repeats dozens of times a week across any team of meaningful size.

Compliance and security standards slow delivery down — not because the standards are wrong, but because implementing them manually is tedious and error-prone. Teams end up choosing between speed and rigour. That’s a false choice, but it feels real when you’re staring at a deadline.

Planning is siloed. The people writing the code don’t have full visibility of the broader context. Issues sit in one view. Epics sit in another. The connection between a line of code and the business outcome it serves is often invisible.

Testing gets squeezed. Everyone agrees coverage should be higher. Nobody has time to write the tests. So they don’t get written, and the team carries the risk.

And underneath all of it: context switching. Moving between tools. Jumping from IDE to browser to ticketing system to CI dashboard and back. Research consistently shows developers spend only about 25% of their time actually writing code. The other 75% is everything else — reviews, meetings, debugging pipelines, chasing down context.

Why a unified platform matters for AI

Here’s the thing about point solutions. You can bolt an AI code completion tool into your IDE. You can add an AI-powered security scanner. You can wire up a chatbot that answers questions about your codebase. Each of those might work in isolation. But they don’t talk to each other. They don’t share context. And they create inconsistency — different models, different trust boundaries, different data handling policies.

GitLab Duo takes a different approach. Because GitLab is a single platform with a single data store, the AI has access to the full picture. When Duo helps you write code, it knows what issue you’re working on. When it explains a vulnerability, it can see the merge request where the vulnerability was introduced. When it troubleshoots a failing pipeline, it has the pipeline configuration, the job logs, and the commit history all in one place.

That 25% stat — developers spending a quarter of their time writing code — is the key insight. An AI tool that only helps with code generation is optimising 25% of the problem. Duo works across the other 75% too. Planning. Reviews. Security remediation. CI/CD debugging. Root cause analysis. That’s where the real time goes, and that’s where unified AI makes the biggest difference.

Privacy and transparency

If you’re evaluating AI tooling for an engineering team of any size, data privacy isn’t a nice-to-have. It’s a gate.

GitLab takes a privacy-first approach. Your code is not used to train models. Full stop. The models and their usage are documented publicly. You can see exactly which AI features use which models, and what data flows where. For self-managed GitLab instances, the AI Gateway keeps everything within your infrastructure — prompts, responses, code context. Nothing leaves.

For enterprise buyers navigating procurement, compliance, and legal review, this clarity is the difference between a three-week evaluation and a six-month one. GitLab has made these decisions transparent by default, not buried in footnotes.

What this means in practice

Duo isn’t theoretical. It’s shipping today in GitLab, and engineering teams are already using it across the lifecycle:

  • Code Suggestions — context-aware completions in your IDE, trained on the patterns in your own project.
  • Chat — ask questions about your codebase, get explanations of merge requests, or debug CI failures without leaving GitLab.
  • Vulnerability explanation and resolution — Duo explains what a security finding means in plain language and suggests a fix.
  • Merge request summaries — automatically generated descriptions that save reviewers time and improve review quality.
  • Root cause analysis — when a pipeline fails, Duo analyses the logs and points you to the likely cause.
  • Test generation — generate unit tests for existing code, integrated directly with your CI pipeline.

Each of these on its own is useful. Together, inside a single platform, they compound. Less context switching. Fewer tool boundaries. More time on the work that actually matters.

Getting started

The hardest part of adopting any AI tooling isn’t the technology. It’s getting engineers to actually use it in their daily workflow — consistently, confidently, and in a way that sticks.

Find out how OTTRA helps organisations get the most from GitLab Duo.