GitLab has launched GitLab 19.0, introducing new intelligent orchestration capabilities designed to automate workflows spanning code development, security, compliance, and deployment operations. The release reflects a broader shift in enterprise software engineering as organizations increasingly adopt AI-generated code while struggling to manage the operational complexity surrounding modern DevSecOps pipelines.
GitLab is expanding its push into agentic AI-powered software delivery with the release of GitLab 19.0, a major platform update aimed at helping enterprises automate more of the workflows that sit between writing code and deploying production applications.
The new release adds expanded secrets management, AI-assisted merge request orchestration, software supply chain visibility, and broader support for self-hosted open-source AI models. GitLab says the upgrades are intended to address what the company calls the “AI paradox” — the growing disconnect between rapid AI-driven code generation and the slower operational systems responsible for governance, security, compliance, and deployment.
The announcement comes as enterprise development teams accelerate adoption of generative AI coding assistants from companies including Microsoft, Google, Amazon, and GitHub. While AI coding tools have significantly increased developer productivity, many organizations continue facing operational bottlenecks tied to code review, infrastructure security, pipeline governance, and software supply chain management.
GitLab 19.0 attempts to close that gap by embedding AI orchestration directly into the DevSecOps lifecycle.
One of the most significant additions is GitLab Secrets Manager, now entering public beta. The feature allows engineering teams to manage CI/CD credentials and secrets directly inside GitLab while applying the same access controls used for source code governance. The company says the capability helps reduce exposure risks tied to fragmented secrets management systems.
The platform also extends GitLab’s Developer Flow orchestration capabilities across the full merge request lifecycle. According to the company, the updated workflow engine can now automate reviewer feedback handling, conflict resolution, oversized merge request splitting, and rebase-and-merge operations.
The automation layer is designed to operate using project-specific instructions stored in AGENTS.md files, allowing AI agents to align with organization-specific coding standards, workflows, and governance policies rather than relying on generalized AI behavior.
That capability reflects a growing enterprise focus on contextual AI systems that can operate within internal compliance and operational constraints.
GitLab is also expanding support for self-hosted AI infrastructure, a major priority for regulated industries and enterprises concerned about exposing proprietary code to external large language model providers.
GitLab Duo Agent Platform Self-Hosted now supports additional open-source models including Mistral Devstral 2 123B, GLM-5.1, Kimi-K2.6, and MiniMax-M2.7. The expansion allows enterprises operating in air-gapped or compliance-sensitive environments to deploy agentic AI workflows without sending source code to external APIs.
The move aligns with broader industry momentum toward sovereign AI and enterprise-controlled AI deployment models.
Across the software industry, organizations are increasingly balancing productivity gains from generative AI with rising concerns around security, governance, intellectual property exposure, and software supply chain integrity.
GitLab’s 2026 Global DevSecOps Report found that 34% of software code is now AI-generated, while teams continue struggling with toolchain fragmentation and inefficient workflows that reduce collaboration speed.
The company’s latest release also expands visibility into CI/CD infrastructure through Components Analytics, giving platform engineering teams centralized insight into which pipeline components and versions are deployed across their organizations.
Software supply chain security has become a critical priority following years of high-profile vulnerabilities and increasing regulatory scrutiny around open-source dependencies and third-party software risks.
GitLab 19.0 introduces enhanced dependency scanning and software bill of materials (SBOM) visibility designed to help organizations maintain auditable records of components entering production builds. The platform matches dependencies against GitLab security advisories to help identify known vulnerabilities earlier in the deployment process.
The DevSecOps market itself is evolving rapidly as enterprises attempt to consolidate fragmented engineering tools into unified AI-assisted development environments.
Industry analysts increasingly view orchestration platforms as a critical layer in enterprise AI software delivery because organizations need systems capable of coordinating coding, testing, security validation, compliance, infrastructure provisioning, and deployment automation simultaneously.
GitLab has increasingly positioned itself as an “intelligent orchestration platform” rather than a traditional source code management provider. That positioning places the company in direct competition with broader enterprise software delivery ecosystems spanning GitHub, Atlassian, Microsoft Azure DevOps, JetBrains, and emerging AI-native developer tooling platforms.
The rise of agentic AI is also reshaping expectations for enterprise software development workflows.
Rather than limiting AI to isolated coding assistants, vendors are increasingly embedding autonomous systems capable of orchestrating multi-step operational tasks across the software lifecycle. That trend includes AI-driven testing, infrastructure management, compliance monitoring, incident response, and deployment optimization.
GitLab’s strategy reflects this larger transition toward AI-native DevSecOps platforms.
The company says more than 50 million registered users and half of the Fortune 100 rely on GitLab to support enterprise software delivery workflows.
For enterprise engineering organizations, the latest release highlights a broader reality emerging across software development: generating code with AI is no longer the primary challenge.
The harder problem is operationalizing AI-generated software securely, compliantly, and at enterprise scale
