10 posts
Published on: March 4, 2026 10 min read How GitLab built a security control framework from scratch GitLab's Security Compliance team created a custom control framework to scale across multiple certifications and products — here's why and how you can, too. security tutorial GitLa…
Published on: March 4, 2026 7 min read 10 AI prompts to speed your team’s software delivery Eliminate review backlogs, security delays, and coordination overhead with ready-to-use AI prompts covering every stage of the software lifecycle. AI/ML DevOps platform AI-assisted coding…
The GitLab AI Catalog serves as a centralized repository designed to streamline the discovery, creation, and distribution of AI agents and automated flows across an organization. By providing a structured environment for managing foundational and custom AI assets, it fosters team collaboration and ensures consistency throughout the development lifecycle. Ultimately, the catalog enables developers to scale AI-driven automation from experimental private prototypes to production-ready, instance-wide solutions. ## Discovering and Enabling AI Assets * The catalog acts as a central hub for two distinct asset types: Agents, which handle on-demand or context-specific tasks, and Flows, which are multi-step automations that orchestrate multiple agents. * Users can browse assets via the Explore menu, inspecting titles, descriptions, and visibility statuses before implementation. * To utilize an asset, it must first be added to a top-level group via the "Enable in group" button and then activated within specific projects. * The duplication feature allows teams to copy existing agents or flows to serve as templates for further customization. ## Development and Configuration * Custom agents are built by defining specialized system prompts and configuring specific tool access, such as granting read-only permissions for code and merge requests. * Custom flows utilize a YAML-based structure to define complex behaviors, incorporating components like prompts, routers, and agent hierarchies. * New assets are typically assigned a unique display name (e.g., `ci-cd-optimizer`) and initially set to private visibility to allow for safe experimentation. * Effective creation requires thorough documentation of prerequisites, dependencies, and specific use cases to ensure the asset is maintainable by other team members. ## Managing Visibility and Sharing * Private visibility restricts access to project members with at least a Developer role or top-level group Owners, making it ideal for sensitive or team-specific workflows. * Public visibility allows anyone on the GitLab instance to view and enable the asset in their own projects. * Best practices for sharing include using descriptive, purpose-driven names like `security-code-review` rather than generic identifiers. * Organizations are encouraged to validate and test assets privately before moving them to public status to ensure they solve real problems and handle edge cases. ## Versioning and Lifecycle Management * GitLab employs automated semantic versioning (e.g., 1.1.0) where any change to a prompt or configuration triggers an immutable version update. * The platform uses "version pinning" to ensure stability; when an asset is enabled, projects remain on a fixed version rather than updating automatically. * Updates are strictly opt-in, requiring users to manually review changes and click an "Update" button to adopt the latest version. * Version history and current status can be monitored through the "About" section in the Automate menu for both agents and flows. To maximize the benefits of the AI Catalog, organizations should establish a clear transition path from private experimentation to public sharing. By leveraging version pinning and granular tool access, teams can safely integrate powerful AI automations into their development workflows while maintaining full control over environment stability and security.
Git 2.53.0 introduces significant performance and maintenance improvements, specifically targeting large repositories and complex history rewriting workflows. Key updates include compatibility between geometric repacking and partial clones, as well as more granular control over commit signatures during imports. These enhancements collectively move Git toward more efficient repository management and better data integrity for modern development environments. ## Geometric Repacking Support with Promisor Remotes * Git utilizes repacking to consolidate loose objects into packfiles, with the "geometric" strategy maintaining a size-based progression to minimize the computational overhead found in "all-into-one" repacks. * Previously, geometric repacking was incompatible with partial clones because it could not correctly identify or manage "promisor" packfiles, which contain the metadata for objects expected to be backfilled from a remote. * The 2.53.0 release enables geometric repacking to process promisor packfiles separately, preserving the promisor marker and preventing the tool from crashing when used within a partial clone repository. * This fix removes a major blocker for making the geometric strategy the default repacking method for all Git repositories. ## Preserving Valid Signatures in git-fast-import(1) * The `git-fast-import` tool, a backend for high-volume data ingestion and history rewriting, previously lacked the nuance to handle commit signatures during partial repository edits. * A new `strip-if-invalid` mode has been added to the `--signed-commits` option to solve the "all-or-nothing" problem where users had to choose between keeping broken signatures or stripping valid ones. * This feature allows Git to automatically detect which signatures remain valid after a rewrite and only strip those that no longer match their modified commits. * This provides a foundation for tools like `git-filter-repo` to preserve the chain of trust for unchanged commits during migration or cleaning operations. ## Expanded Data in git-repo-structure * The `structure` subcommand of `git-repo`, intended as a native alternative to the `git-sizer` utility, now provides deeper insights into repository scaling. * The command now reports the total inflated size and actual disk size of all reachable objects, categorized by type: commits, trees, blobs, and tags. * These metrics are essential for administrators managing massive repositories, as they help identify which object types are driving disk consumption and impacting performance. These updates reflect Git’s continued focus on scalability and developer experience, particularly for organizations managing massive codebases. Users of partial clones and repository migration tools should consider upgrading to 2.53.0 to leverage the improved repacking logic and more sophisticated signature handling.
GitLab has integrated Anthropic’s Claude Opus 4.6 into its Duo Agent Platform, providing developers with a high-intelligence frontier model designed for complex agentic workflows. By combining a 1-million-token context window with native access to DevSecOps data, the update enables more autonomous task execution and deeper reasoning within the software development lifecycle. This integration allows teams to delegate multi-step tasks to AI agents that can now process entire codebases and project histories in a single interaction. ## Advanced Agentic Capabilities and Reasoning * Claude Opus 4.6 features enhanced "agentic" behavior, meaning it can proactively take actions and drive tasks forward with minimal human intervention. * The model supports multi-agent orchestration, allowing it to spin up subagents and coordinate parallel workstreams to solve complex, multi-step problems. * Adaptive thinking capabilities allow the model to calibrate its reasoning depth based on the query, using extended thinking for difficult tasks while maintaining speed for simpler ones. * Deep reasoning via test-time compute helps the model navigate challenging development bottlenecks and architectural decisions. ## Full-Context DevSecOps Integration * The model boasts a 1-million-token context window—a fivefold increase over Opus 4.5—enabling the processing of massive codebases and extensive documentation. * Integration with the GitLab Duo Agent Platform provides the model with direct access to repositories, merge requests, pipelines, and security findings. * Enterprise-grade security features, including human-in-the-loop controls and group-based access, ensure that agentic actions remain transparent and governed. * Native integration ensures developers can utilize these frontier capabilities without leaving their established GitLab workflows. ## Availability and Resource Consumption * Opus 4.6 is currently available for GitLab.com users via the Duo Agent Platform and Agentic Chat, though it is not supported for GitLab Duo Classic features. * Support for the model within various Integrated Development Environments (IDEs) is expected to be released in the near future. * Usage is managed via GitLab credits, with multipliers determined by the size of the prompt. * Prompts containing 200k tokens or fewer are charged at 1.2 requests per credit, while larger prompts exceeding 200k tokens are charged at 0.7 requests per credit. Organizations aiming to automate complex development workstreams should migrate their specialized agents to Claude Opus 4.6 to take advantage of its superior orchestration and context handling. By leveraging the model's ability to coordinate parallel subagents, teams can significantly reduce the manual effort required for codebase-wide refactors and security remediation.
The GitLab Duo Agent Platform has reached general availability, marking a shift from basic AI code assistance to comprehensive agentic automation across the entire software development lifecycle. By orchestrating intelligent agents to handle complex tasks like security analysis and planning, the platform aims to resolve the "AI paradox" where faster code generation often creates downstream bottlenecks in review and deployment. ### Usage-Based Economy via GitLab Credits * GitLab is introducing "GitLab Credits," a virtual currency used to power the platform’s usage-based AI features. * Premium and Ultimate subscribers receive monthly credits ($12 and $24 respectively) at no additional cost to facilitate immediate adoption. * Organizations can manage a shared pool of credits or opt for on-demand monthly billing, with existing Duo Enterprise contracts eligible for conversion into credits. ### Agentic Chat and Contextual Orchestration * The Duo Agentic Chat provides a unified experience across the GitLab Web UI and various IDEs, including VS Code, JetBrains, Cursor, and Windsurf. * The chat utilizes multi-step reasoning to perform actions autonomously, drawing from the context of issues, merge requests, pipelines, and security findings. * Capabilities extend beyond code generation to include infrastructure-as-code (IaC) creation, pipeline troubleshooting, and explaining vulnerability reachability. ### Specialized Foundational and Custom Agents * **Foundational Agents:** Pre-built specialists designed for specific roles, such as the Planner Agent for breaking down work and the Security Analyst Agent for triaging vulnerabilities. * **Custom Agents:** Developed through a central AI Catalog, these allow teams to build and share agents that adhere to organization-specific engineering standards and guardrails. * **External Agents:** Native integration of third-party AI tools, such as Anthropic’s Claude Code and OpenAI’s Codex CLI, provides access to external LLM capabilities within the governed GitLab environment. ### Automated End-to-End Flows * The platform introduces "Flows," which are multi-step agentic sequences designed to automate repeatable transitions in the development cycle. * The "Issue to Merge Request" flow builds structured code changes directly from defined requirements to jumpstart development. * Specialized CI/CD flows help teams modernize pipeline configurations and automatically analyze and suggest fixes for failed pipeline runs. * The Code Review flow streamlines the feedback loop by providing AI-native analysis of merge request comments and code changes. To maximize the impact of agentic AI, organizations should move beyond basic chat interactions and begin integrating these specialized agents into their broader orchestration workflows to eliminate manual handoffs between planning, coding, and security.
The GitLab Duo Agent Platform provides a multi-layered framework for customizing AI behavior to align with specific team workflows and coding standards. By leveraging configuration files at the user, workspace, and project levels, teams can ensure that AI-driven assistance remains context-aware and adheres to internal development policies. This extensibility allows organizations to move from generic AI interactions to highly specialized automation that respects unique architectural patterns and security requirements. ### Levels of Customization GitLab offers a hierarchical approach to tailoring agent behavior, ensuring the right balance between global consistency and project-specific flexibility: * **User-level:** Personal preferences and rules applied across all projects, typically stored in the user’s home directory (e.g., `~/.gitlab/duo/`). * **Workspace-level:** Project-specific configurations located in the repository root that override user-level settings for that specific codebase. * **Project-level:** The creation of entirely custom agents and workflows managed within a specific project to handle complex, specialized tasks. ### Custom Rule Configuration Custom rules provide a mechanism to enforce specific coding styles and instructional sets without repeating prompts in every interaction. * **File implementation:** Rules are defined in `chat-rules.md` files located either in the user's home directory for global application or within the `.gitlab/duo/` directory for project-specific application. * **Functional scope:** They are best used for granular instructions such as forcing the use of the Vue 3 Composition API, requiring JSDoc comments for public functions, or mandating single quotes for strings. * **Governance:** Teams are encouraged to use GitLab Code Owners to manage who can approve changes to these rules, ensuring that AI behavior remains aligned with official team standards. ### Architectural Control with AGENTS.md The platform supports `AGENTS.md`, an industry-standard configuration file used to define broader agent personality, tone, and deep repository context. * **Versatility:** Unlike basic rules, `AGENTS.md` is consumed by both foundational and custom flows and can be understood by external agents like Claude Code. * **Contextual Depth:** These files can be placed in subdirectories to provide specific instructions for different parts of a monorepo, helping the agent understand complex folder structures and internal dependencies. * **Key Parameters:** It typically controls high-level preferences such as security protocols (e.g., "never suggest hardcoding secrets"), documentation requirements, and preferred tool usage. ### Technical Requirements and Deployment Implementing these customizations requires specific environment versions to ensure compatibility across the GitLab ecosystem. * **GitLab Version:** Requires GitLab 18.8 or later. * **IDE Support:** For VS Code users, the GitLab Workflow extension must be version 6.60 or later. * **Update Cycle:** Changes to `AGENTS.md` or custom rules generally require starting a new chat session or triggering a new flow to take effect. To achieve the best results, teams should adopt a "standardize-then-specialize" approach: establish global security and documentation rules at the user level, while using workspace-level `AGENTS.md` files to define the unique architectural patterns and tech stacks of individual projects.
GitLab Duo Agentic Chat marks a shift from traditional Q&A chatbots to autonomous AI collaboration partners integrated directly into the software development lifecycle. By leveraging specialized agents and context-aware large language models, the platform enables developers to automate complex tasks like code refactoring, security remediation, and issue triaging. This system serves as a centralized interface across both the GitLab Web UI and IDEs to streamline workflows from initial planning to production deployment. ## Capabilities of Agentic AI * **Autonomous Actions:** The system can move beyond simple chat by creating files, modifying existing code, and opening merge requests on behalf of the user. * **Deep Context Integration:** Agents have access to the full GitLab ecosystem, including issues, epics, Git commits, CI/CD pipelines, and security scans. * **Extensibility:** Through the Model Context Protocol (MCP), the chat can integrate with external services to expand its functional scope. * **Information Retrieval:** Users can query project architecture or use GitLab Query Language (GLQL) to pull specific project analytics and insights. ## Model and Agent Customization * **Flexible Model Selection:** Users and administrators can choose from different LLMs based on task requirements, with configuration available at both the group and individual user levels. * **Specialized Agents:** The platform features dedicated agents for specific roles, such as the **Planner Agent** for product management and the **Security Analyst Agent** for vulnerability management. * **Contextual Switching:** In IDEs, users can switch between agents via a dropdown menu, while the Web UI allows for agent selection when starting new chat sessions. ## Specialized Workflow Use Cases * **Project Planning:** The Planner Agent can break down epics into smaller tasks, list high-priority bugs, and generate technical requirements for new features. * **Security Remediation:** Security-focused agents can explain vulnerabilities in simple terms, identify false positives in scans, and suggest specific code fixes for SQL injection or XSS risks. * **Troubleshooting and Debugging:** The system can analyze CI/CD pipeline logs to identify why a build failed and suggest optimizations for job performance. * **Legacy Modernization:** Specific prompts can guide the AI to refactor code to follow SOLID principles or create migration plans for modernizing legacy languages like COBOL to Java or Python. ## Access and Integration * **Interface Options:** The chat is accessible via a collapsible sidebar in the Web UI and through dedicated plugins in popular IDEs. * **Future Development:** While currently limited to UI and IDE interfaces, a GitLab Duo CLI is in development to bring agentic capabilities to the terminal. To get the most out of GitLab Duo Agentic Chat, it is recommended to transition between specialized agents as you move through different project phases. Using the Security Analyst for code reviews and the Planner for backlog grooming ensures that the underlying models are optimized for the specific metadata and constraints of those tasks.
The GitLab Threat Intelligence Team has detailed its efforts to disrupt North Korean (DPRK) cyber campaigns, specifically focusing on "Contagious Interview" malware distribution and fraudulent IT worker schemes. By analyzing internal platform data, GitLab identified that these state-sponsored actors leverage legitimate tools and fake recruitment scenarios to compromise software developers and generate illicit revenue for the regime. The report concludes that while these operations are sophisticated and persistent, proactive monitoring and cross-industry intelligence sharing are essential to mitigating these evolving threats. ### Contagious Interview Mechanics * Threat actors pose as recruiters to trick software developers into executing malicious JavaScript projects under the guise of technical interviews. * The primary goal is to deploy malware families such as BeaverTail and Ottercookie, which facilitate credential theft and provide remote control of the victim's device. * A notable evolution in tradecraft includes the use of "ClickFix," a compiled BeaverTail variant identified in late 2025. * Malicious repositories often use a specific execution pattern where base64-encoded URLs and secret headers are hidden within `.env` files, masquerading as benign configuration variables. * To execute the payload, actors utilize `Function.constructor` to load strings as executable code, often triggered by custom error handlers designed to source remote content. ### 2025 Campaign Trends and Infrastructure * GitLab banned 131 unique accounts linked to these campaigns in 2025, with activity peaking in September and averaging 11 bans per month. * Nearly 90% of malicious accounts were created using Gmail addresses, and actors typically accessed the platform through consumer VPNs or dedicated VPS infrastructure. * In more than 80% of cases, malware payloads were not stored on GitLab. Instead, actors used concealed loaders to fetch content from legitimate hosting services, most commonly Vercel. * Recent tactics include the creation of malicious NPM dependencies immediately before use and the exploitation of VS Code tasks to pipe remote content into native shells. ### IT Worker Campaigns and Sanctions Evasion * Beyond malware distribution, DPRK actors use GitLab to support "IT worker" cells that generate revenue and evade international sanctions. * One identified pipeline involved the creation of at least 135 synthetic identities, automated to generate professional connections and contact leads at scale. * Threat actors have been observed adding their own images to stolen U.S. identity documents to bypass employment verification processes. * Forensic analysis revealed financial records from cell managers detailing revenue proceeds from 2022 through 2025, often earned while operating from locations like Moscow, Russia. Organizations should remain vigilant against recruitment-themed social engineering and scrutinize unexpected requests to run external code. GitLab recommends that the security community use the provided indicators of compromise to update defensive posture, as these actors continue to refine their ability to hide malicious intent within legitimate development workflows.
The GitLab Duo Agent Platform provides a tiered framework for integrating AI into the software development lifecycle through foundational, custom, and external agents. By combining built-in expertise with the ability to define bespoke behaviors or connect to specialized external models, the platform enables teams to automate complex tasks ranging from product planning to runtime debugging. This structured approach ensures that AI assistance is deeply integrated into GitLab’s ecosystem while remaining flexible enough to meet specific organizational standards. ## Foundational Agents These are pre-configured, GitLab-maintained agents available immediately in the IDE or Web UI for general and specialized SDLC tasks. * **GitLab Duo:** The primary general-purpose partner for code modification, merge request management, and issue triaging within the full platform context. * **Planner Agent:** Specifically designed to assist with product management by breaking down epics into structured issues and generating acceptance criteria. * **Security Analyst Agent:** Focuses on triaging vulnerabilities, identifying false positives from scans, and prioritizing risks based on actual impact. * **Data Analyst Agent:** Leverages GitLab Query Language (GLQL) to visualize platform data, such as merge request trends, team workloads, and issue resolution times. ## Custom Agents Organizations can create specialized agents tailored to internal workflows by defining unique system prompts and visibility settings. * **Configuration and Control:** Custom agents are defined by a system prompt that dictates their persona and expertise—such as a DevOps agent that correlates static code data with CI/CD logs. * **Visibility Tiers:** Agents can be set to "Private" for use within a specific project or "Public" to be listed in the AI Catalog for broader organizational discovery. * **Operational Use Cases:** Common implementations include onboarding assistants for company-specific practices, compliance monitors for regulatory requirements, and localized support agents for non-English languages. * **Deployment Best Practices:** It is recommended to start with read-only permissions and highly specific constraints before granting agents write access to the repository or platform. ## External Agents External agents operate asynchronously and are triggered by mentions or assignments within issues and merge requests, rather than through interactive chat. * **Asynchronous Automation:** These agents, such as Anthropic Claude or OpenAI Codex, execute tasks in the background when triggered by commands like `@ai-codex`. * **Managed Credentials:** GitLab handles API key management and rotation for these integrations, simplifying the security overhead for teams using third-party models. * **Specialized Performance:** External agents allow teams to leverage provider-specific strengths, such as Claude’s code analysis or Codex’s task delegation, while maintaining compliance with specific data residency requirements. * **Integrated Review:** A typical workflow involves assigning an external agent as a reviewer on a merge request, where it automatically analyzes code quality and posts improvement suggestions directly as comments. To maximize the value of the platform, teams should begin by leveraging foundational agents for immediate productivity gains before developing custom agents that encode specific organizational knowledge. External agents should be reserved for specialized automation tasks or when specific third-party large language models (LLMs) are required for compliance or advanced code generation.