GitLab 19.0 Expands DevSecOps With Secrets Manager, Agentic AI Workflows, and Supply‑Chain Security
GitLab 19.0 expands DevSecOps by introducing a public‑beta Secrets Manager, AI‑driven merge request automation, support for self‑hosted AI models in regulated environments, and stronger supply‑chain security features—... The release integrates secrets management, CI/CD analytics, SBOM‑based dependency scanning, and...
How does GitLab 19.0 expand DevSecOps capabilities with its new Secrets Manager (public beta), AI-powered merge request automation and agentGitLab 19.0 focuses on integrating AI automation, secrets management, and supply‑chain security into a unified DevSecOps platform.
AI Prompt
Create a landscape editorial hero image for this Studio Global article: How does GitLab 19.0 expand DevSecOps capabilities with its new Secrets Manager (public beta), AI-powered merge request automation and agent. Article summary: GitLab 19.0 expands DevSecOps mainly by moving more of the security, review, and delivery workflow into GitLab’s own platform: it brings GitLab Secrets Manager to public beta, extends AI-driven “Developer Flow” across th. Topic tags: general, government, documentation, general web, news. Reference image context from search candidates: Reference image 1: visual subject "GitLab Duo Agent PlatformCode Suggestions (AI)CI/CDGitLab on AWSGitLab on Google CloudWhy GitLab? ## What's new in GitLab. Monthly releases, developer resources, and the latest fro" source context "What's New - GitLab" Reference image 2: visual subject "# GitLab 19.0 Extends Intelligent Orchestra
openai.com
Software development teams are generating more code than ever thanks to AI coding tools—but shipping that code safely has become harder. GitLab 19.0 focuses on closing that gap with new DevSecOps capabilities that integrate security, automation, and AI across the entire software delivery lifecycle.
The release introduces a public‑beta GitLab Secrets Manager, expands AI‑powered merge request automation, adds support for self‑hosted AI models in regulated environments, and strengthens software supply‑chain visibility through new analytics and dependency‑scanning capabilities. Together, these features aim to solve what GitLab calls the “AI Paradox”: faster code generation paired with growing bottlenecks in security, compliance, and delivery workflows.
GitLab Secrets Manager Moves CI/CD Credentials Into the Platform
One of the most visible additions in GitLab 19.0 is the GitLab Secrets Manager, now available in public beta for Premium and Ultimate tiers.
Previously, many organizations relied on external tools such as HashiCorp Vault or cloud‑provider secrets services to store CI/CD credentials. GitLab’s new feature lets teams manage those secrets directly within the platform.
Key capabilities include:
Storing and retrieving CI/CD credentials inside GitLab projects or groups
Studio Global AI
Search, cite, and publish your own answer
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
What is the short answer to "GitLab 19.0 Expands DevSecOps With Secrets Manager, Agentic AI Workflows, and Supply‑Chain Security"?
GitLab 19.0 expands DevSecOps by introducing a public‑beta Secrets Manager, AI‑driven merge request automation, support for self‑hosted AI models in regulated environments, and stronger supply‑chain security features—...
What are the key points to validate first?
GitLab 19.0 expands DevSecOps by introducing a public‑beta Secrets Manager, AI‑driven merge request automation, support for self‑hosted AI models in regulated environments, and stronger supply‑chain security features—... The release integrates secrets management, CI/CD analytics, SBOM‑based dependency scanning, and AI agents directly into the GitLab platform to reduce tool sprawl and automate more of the software delivery lifecycle.[6...
What should I do next in practice?
Support for self‑hosted open‑source models through GitLab’s Duo Agent Platform enables organizations with strict compliance or data‑sovereignty requirements to run AI workflows inside controlled infrastructure.[3][6]
GitLab 19.0 Expands DevSecOps With Secrets Manager, Agentic AI Workflows, and Supply‑Chain Security | Answer | Studio Global
Scoping secrets to specific jobs or environments
Governing access using the same permission controls already applied to source code
By tying secrets management directly to pipelines and project permissions, GitLab aims to reduce credential sprawl and enforce least‑privilege access across CI/CD workflows.
AI‑Powered Merge Request Automation and Agentic Workflows
GitLab 19.0 also expands AI across the merge request (MR) lifecycle, extending the company’s “Developer Flow” automation.
Instead of using AI only for code suggestions, GitLab’s AI agents can now assist with tasks throughout the review process, including:
Handling reviewer feedback
Resolving merge conflicts
Automating rebases
Triggering one‑click rebase‑and‑merge operations
These capabilities are part of the GitLab Duo Agent Platform, which introduces agent‑driven workflows designed to move changes through planning, review, security checks, and deployment more efficiently.
The broader goal is to automate the manual work surrounding code changes, which often slows down delivery even when coding itself becomes faster.
Self‑Hosted AI Models for Regulated and Air‑Gapped Environments
Many organizations—especially in finance, healthcare, or government—cannot send proprietary code to hosted AI services. GitLab 19.0 addresses this by allowing teams to connect self‑hosted open‑source AI models through external agents in the Duo Agent Platform.
This approach enables organizations to:
Run AI models on their own infrastructure
Keep prompts and code inside controlled environments
Integrate those models into GitLab’s automation workflows
Support for self‑hosted models makes AI‑assisted development possible even in air‑gapped or compliance‑sensitive environments where cloud AI services may not be allowed.
New Supply‑Chain Visibility and Security Controls
The release also strengthens GitLab’s software supply‑chain security capabilities, an area that has become critical as modern applications rely heavily on third‑party components.
Two major additions include:
Components Analytics for CI/CD
This feature provides platform engineering teams with visibility into which shared CI/CD catalog components and versions are being used across projects. The goal is to help organizations track pipeline standards, detect outdated components, and manage reuse across large engineering organizations.
SBOM‑Based Dependency Scanning
GitLab 19.0 also introduces enhanced dependency scanning powered by software bills of materials (SBOMs), improving visibility into open‑source dependencies and their vulnerabilities earlier in the development lifecycle.
Together, these tools help teams detect and manage supply‑chain risks before software reaches production.
The “AI Paradox” Driving GitLab’s Strategy
GitLab frames many of these changes as a response to the AI Paradox—a phenomenon where AI dramatically speeds up code creation but exposes bottlenecks in the rest of the software lifecycle.
Research and industry surveys cited by GitLab show that while AI tools accelerate coding, downstream processes like security reviews, testing, and compliance remain fragmented across many tools. As a result, organizations may generate more code without improving overall delivery speed.
GitLab’s response in version 19.0 is what the company calls “intelligent orchestration.” The idea is to bring development, security, compliance, and AI automation into a single DevSecOps platform so workflows can be coordinated rather than stitched together from separate tools.
Why the Release Matters for DevSecOps Teams
GitLab 19.0 reflects a broader shift in DevSecOps tooling toward platform consolidation and AI‑assisted operations. Instead of adding standalone AI coding tools, the release focuses on automating the surrounding workflows—credentials management, security scanning, CI/CD governance, and merge review.
For engineering teams managing large codebases and strict compliance requirements, the combination of integrated secrets management, AI‑assisted merge workflows, self‑hosted AI models, and supply‑chain analytics represents an attempt to keep security and governance moving at the same pace as AI‑accelerated development.
Whether that approach fully solves the “AI Paradox” remains to be seen, but GitLab 19.0 clearly signals a push toward end‑to‑end AI‑enabled DevSecOps platforms rather than isolated developer tools.
Comments
0 comments