GitLab Inc. has updated its core continuous integration/continuous delivery (CI/CD) platform to natively provide more artificial intelligence (AI) capabilities, along with built-in software artifact management capabilities and more robust security tools.

Justin Farris, vice president of product management for GitLab, said GitLab 18 makes available AI capabilities, such as code suggestion and completion, to all customers rather than requiring a separate GitLab Duo subscription.

There are still GitLab Duo capabilities that are not available in the core platform, but as DevOps continues to evolve, it is becoming more apparent which capabilities are going to be required by most customers compared to others that only a subset of GitLab customers may require, he added.

Additionally, GitLab is also moving to make GitLab Duo itself more widely accessible by no longer requiring customers to upgrade to GitLab Ultimate, the highest level of service that GitLab makes available on its software-as-a-service (SaaS) platform. Instead, organizations that have a GitLab Premium subscription can now also license GitLab Duo.

GitLab is also making it simpler to adopt best DevSecOps practices by providing built-in artifact management tools such as immutable tags and a virtual registry for Maven, open source project management software from the Apache Software Foundation (ASF).

There is also now support for structured inputs and enhanced pipeline management tools to manage artifacts and detect any changes made to them. Those capabilities promise to make it simpler to both securely parent/child pipelines and optimize pipeline execution. GitLab Query Language also now enables users to find, filter and embed content from anywhere in the GitLab platform.

GitLab has also added impact assessment tools for changes made to security policies, additional vulnerability dashboards, a reachability analysis capability for dependencies, support for passkey as defined by the FIDO Alliance and an ability to customize the detection logic it makes available in its static application security testing (SAST) tool.

Finally, GitLab 18 added more controls for complying with additional security frameworks, including the ISO 27001 framework for implementing information security management systems and benchmarks defined by the Center for Internet Security (CIS).

Collectively, these additional AI, artifact management and security capabilities ultimately serve to further reduce the total cost of DevOps by reducing the need for third-party offerings, while at the same time streamlining workflows, noted Farris.

It’s not clear how aggressively DevOps teams are streamlining workflows, but as more of them adopt platform engineering as a methodology for managing pipelines at scale, many of them are at the very least evaluating their options. At the same time, the rise of AI is also driving organizations toward platforms that make it simpler to extend the accuracy of a model by, for example, exposing it to the telemetry data they collect.

Regardless of approach, the one certain thing is that DevOps will continue to become more automated. The challenge and the opportunity now is determining which manual tasks performed today by a DevOps engineer lend themselves better to being assigned to an AI agent that has been specifically trained to complete them.