8 posts
Published on: March 5, 2026 11 min read A complete guide to GitLab Container Scanning Explore GitLab's various container scanning methods and learn how to secure containers at every lifecycle stage. security tutorial Container vulnerabilities don't wait for your next deployment.…
Published on: February 25, 2026 5 min read New GitLab metrics and registry features help reduce CI/CD bottlenecks See how CI/CD Job Performance Metrics and Container Virtual Registry, currently in beta, help platform teams quickly spot slow jobs and simplify multi-registry conta…
The GitLab Duo Agent Platform has reached general availability, marking a shift from basic AI code assistance to comprehensive agentic automation across the entire software development lifecycle. By orchestrating intelligent agents to handle complex tasks like security analysis and planning, the platform aims to resolve the "AI paradox" where faster code generation often creates downstream bottlenecks in review and deployment. ### Usage-Based Economy via GitLab Credits * GitLab is introducing "GitLab Credits," a virtual currency used to power the platform’s usage-based AI features. * Premium and Ultimate subscribers receive monthly credits ($12 and $24 respectively) at no additional cost to facilitate immediate adoption. * Organizations can manage a shared pool of credits or opt for on-demand monthly billing, with existing Duo Enterprise contracts eligible for conversion into credits. ### Agentic Chat and Contextual Orchestration * The Duo Agentic Chat provides a unified experience across the GitLab Web UI and various IDEs, including VS Code, JetBrains, Cursor, and Windsurf. * The chat utilizes multi-step reasoning to perform actions autonomously, drawing from the context of issues, merge requests, pipelines, and security findings. * Capabilities extend beyond code generation to include infrastructure-as-code (IaC) creation, pipeline troubleshooting, and explaining vulnerability reachability. ### Specialized Foundational and Custom Agents * **Foundational Agents:** Pre-built specialists designed for specific roles, such as the Planner Agent for breaking down work and the Security Analyst Agent for triaging vulnerabilities. * **Custom Agents:** Developed through a central AI Catalog, these allow teams to build and share agents that adhere to organization-specific engineering standards and guardrails. * **External Agents:** Native integration of third-party AI tools, such as Anthropic’s Claude Code and OpenAI’s Codex CLI, provides access to external LLM capabilities within the governed GitLab environment. ### Automated End-to-End Flows * The platform introduces "Flows," which are multi-step agentic sequences designed to automate repeatable transitions in the development cycle. * The "Issue to Merge Request" flow builds structured code changes directly from defined requirements to jumpstart development. * Specialized CI/CD flows help teams modernize pipeline configurations and automatically analyze and suggest fixes for failed pipeline runs. * The Code Review flow streamlines the feedback loop by providing AI-native analysis of merge request comments and code changes. To maximize the impact of agentic AI, organizations should move beyond basic chat interactions and begin integrating these specialized agents into their broader orchestration workflows to eliminate manual handoffs between planning, coding, and security.
Published on: February 26, 2026 5 min read GitLab Duo Agent Platform with Claude accelerates development Learn how to leverage external AI models like Anthropic's Claude to automate everything from code generation to pipeline creation directly within GitLab. product AI/ML featur…
Published on: February 26, 2026 6 min read Secure and fast deployments to Google Agent Engine with GitLab Follow this step-by-step guide to build an AI agent with Google's Agent Development Kit and deploy to Agent Engine using GitLab. AI/ML google CI/CD DevSecOps In this tutoria…
GitLab Duo Agentic Chat marks a shift from traditional Q&A chatbots to autonomous AI collaboration partners integrated directly into the software development lifecycle. By leveraging specialized agents and context-aware large language models, the platform enables developers to automate complex tasks like code refactoring, security remediation, and issue triaging. This system serves as a centralized interface across both the GitLab Web UI and IDEs to streamline workflows from initial planning to production deployment. ## Capabilities of Agentic AI * **Autonomous Actions:** The system can move beyond simple chat by creating files, modifying existing code, and opening merge requests on behalf of the user. * **Deep Context Integration:** Agents have access to the full GitLab ecosystem, including issues, epics, Git commits, CI/CD pipelines, and security scans. * **Extensibility:** Through the Model Context Protocol (MCP), the chat can integrate with external services to expand its functional scope. * **Information Retrieval:** Users can query project architecture or use GitLab Query Language (GLQL) to pull specific project analytics and insights. ## Model and Agent Customization * **Flexible Model Selection:** Users and administrators can choose from different LLMs based on task requirements, with configuration available at both the group and individual user levels. * **Specialized Agents:** The platform features dedicated agents for specific roles, such as the **Planner Agent** for product management and the **Security Analyst Agent** for vulnerability management. * **Contextual Switching:** In IDEs, users can switch between agents via a dropdown menu, while the Web UI allows for agent selection when starting new chat sessions. ## Specialized Workflow Use Cases * **Project Planning:** The Planner Agent can break down epics into smaller tasks, list high-priority bugs, and generate technical requirements for new features. * **Security Remediation:** Security-focused agents can explain vulnerabilities in simple terms, identify false positives in scans, and suggest specific code fixes for SQL injection or XSS risks. * **Troubleshooting and Debugging:** The system can analyze CI/CD pipeline logs to identify why a build failed and suggest optimizations for job performance. * **Legacy Modernization:** Specific prompts can guide the AI to refactor code to follow SOLID principles or create migration plans for modernizing legacy languages like COBOL to Java or Python. ## Access and Integration * **Interface Options:** The chat is accessible via a collapsible sidebar in the Web UI and through dedicated plugins in popular IDEs. * **Future Development:** While currently limited to UI and IDE interfaces, a GitLab Duo CLI is in development to bring agentic capabilities to the terminal. To get the most out of GitLab Duo Agentic Chat, it is recommended to transition between specialized agents as you move through different project phases. Using the Security Analyst for code reviews and the Planner for backlog grooming ensures that the underlying models are optimized for the specific metadata and constraints of those tasks.
The GitLab Duo Agent Platform provides a tiered framework for integrating AI into the software development lifecycle through foundational, custom, and external agents. By combining built-in expertise with the ability to define bespoke behaviors or connect to specialized external models, the platform enables teams to automate complex tasks ranging from product planning to runtime debugging. This structured approach ensures that AI assistance is deeply integrated into GitLab’s ecosystem while remaining flexible enough to meet specific organizational standards. ## Foundational Agents These are pre-configured, GitLab-maintained agents available immediately in the IDE or Web UI for general and specialized SDLC tasks. * **GitLab Duo:** The primary general-purpose partner for code modification, merge request management, and issue triaging within the full platform context. * **Planner Agent:** Specifically designed to assist with product management by breaking down epics into structured issues and generating acceptance criteria. * **Security Analyst Agent:** Focuses on triaging vulnerabilities, identifying false positives from scans, and prioritizing risks based on actual impact. * **Data Analyst Agent:** Leverages GitLab Query Language (GLQL) to visualize platform data, such as merge request trends, team workloads, and issue resolution times. ## Custom Agents Organizations can create specialized agents tailored to internal workflows by defining unique system prompts and visibility settings. * **Configuration and Control:** Custom agents are defined by a system prompt that dictates their persona and expertise—such as a DevOps agent that correlates static code data with CI/CD logs. * **Visibility Tiers:** Agents can be set to "Private" for use within a specific project or "Public" to be listed in the AI Catalog for broader organizational discovery. * **Operational Use Cases:** Common implementations include onboarding assistants for company-specific practices, compliance monitors for regulatory requirements, and localized support agents for non-English languages. * **Deployment Best Practices:** It is recommended to start with read-only permissions and highly specific constraints before granting agents write access to the repository or platform. ## External Agents External agents operate asynchronously and are triggered by mentions or assignments within issues and merge requests, rather than through interactive chat. * **Asynchronous Automation:** These agents, such as Anthropic Claude or OpenAI Codex, execute tasks in the background when triggered by commands like `@ai-codex`. * **Managed Credentials:** GitLab handles API key management and rotation for these integrations, simplifying the security overhead for teams using third-party models. * **Specialized Performance:** External agents allow teams to leverage provider-specific strengths, such as Claude’s code analysis or Codex’s task delegation, while maintaining compliance with specific data residency requirements. * **Integrated Review:** A typical workflow involves assigning an external agent as a reviewer on a merge request, where it automatically analyzes code quality and posts improvement suggestions directly as comments. To maximize the value of the platform, teams should begin by leveraging foundational agents for immediate productivity gains before developing custom agents that encode specific organizational knowledge. External agents should be reserved for specialized automation tasks or when specific third-party large language models (LLMs) are required for compliance or advanced code generation.
The GitLab Duo Agent Platform represents a shift in AI-assisted development by moving from individual chat-based interactions to a collaborative multi-agent orchestration layer. By integrating specialized AI agents throughout the software development lifecycle, the platform transforms linear DevSecOps workflows into parallel processes that leverage full project context for tasks like security scanning and code refactoring. This architecture allows development teams to delegate routine technical burdens to autonomous agents, focusing human efforts on high-level innovation and complex problem-solving. ### Orchestrating the DevSecOps Lifecycle The platform functions as a central intelligence layer that connects AI agents to the broader GitLab ecosystem. * Agents access comprehensive project context, including source code management, CI/CD pipelines, issue tracking, and security scan results. * Specialized agents can be assigned to specific technical domains such as research, refactoring, and automated testing. * The system enables asynchronous collaboration, allowing multiple agents to work on different stages of a project simultaneously. ### Evolution from Duo Enterprise to Agentic AI The Duo Agent Platform is a superset of previous GitLab AI offerings, moving beyond simple 1:1 user-to-AI interactions. * GitLab Duo Pro focused on individual IDE productivity through code suggestions and basic chat. * GitLab Duo Enterprise expanded AI to the wider software lifecycle but remained primarily a 1:1 Q&A experience. * The Agent Platform introduces a many-to-many collaboration model where teams and multiple specialized agents interact autonomously to handle production-ready workflows. ### Advanced Integration and Customization To support enterprise-grade automation, the platform provides a roadmap for scaling AI from basic interactions to production environments. * Integration with the Model Context Protocol (MCP) allows for expanded data access and agent capabilities. * The platform supports a progression from initial agent interactions to full workflow customization and production-ready automation. * Developers can leverage the eight-part guide series to move from foundational concepts to advanced technical implementations. To maximize the benefits of agentic AI, organizations should transition from viewing AI as a simple Q&A tool to treating it as an orchestration layer. Teams are encouraged to explore the complete introductory series to begin delegating routine maintenance and security tasks to specialized agents, thereby accelerating overall delivery speed.