惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
J
Java Code Geeks
H
Help Net Security
B
Blog RSS Feed
G
Google Developers Blog
博客园 - 司徒正美
MongoDB | Blog
MongoDB | Blog
量子位
博客园 - 三生石上(FineUI控件)
The Cloudflare Blog
P
Proofpoint News Feed
小众软件
小众软件
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
V
V2EX
月光博客
月光博客
C
Check Point Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
A
Arctic Wolf
Help Net Security
Help Net Security
Schneier on Security
Schneier on Security
D
DataBreaches.Net
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Palo Alto Networks Blog
T
Tenable Blog
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
F
Fortinet All Blogs
Recent Announcements
Recent Announcements
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
大猫的无限游戏
大猫的无限游戏
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Y
Y Combinator Blog
WordPress大学
WordPress大学
Stack Overflow Blog
Stack Overflow Blog
V
Visual Studio Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Engineering at Meta
Engineering at Meta
NISL@THU
NISL@THU
GbyAI
GbyAI
博客园 - Franky
S
Secure Thoughts
有赞技术团队
有赞技术团队
PCI Perspectives
PCI Perspectives
U
Unit 42

GitLab

Turn multi-step software delivery into agentic flows you can trust GitLab Duo Security Review spots logic flaws scanners miss Bring GitLab Duo Agent Platform to your terminal Forrester Consulting: GitLab Duo Agent Platform delivers 400% ROI GitLab 19.2 release notes | GitLab Docs When a version bump breaks your build, GitLab fixes it Green DevOps: Why carbon measurement belongs in your CI/CD pipeline GitLab Patch Release: 19.1.2, 19.0.4, 18.11.7 How we used AI agents to migrate GitLab rate limiting Keep your GitLab seats in check with restricted access GitLab Patch Release: 18.8.11 | GitLab Docs Claude Sonnet 5 on GitLab: More reliable, more efficient What Google Antigravity agents get full context with GitLab Orbit GitLab Patch Release: 19.1.1, 19.0.3, 18.11.6 GitLab 19.1 release notes | GitLab Docs AI Catalog updates for governance and operations One vulnerability view: From scanner coverage to AI governance GitLab named a Leader in the 2026 Gartner® Magic Quadrant™ for DevSecOps Platforms GitLab and Capgemini accelerate DevSecOps transformation Introducing the 2026 EMEA GitLab Partner Award winners GitLab Patch Release: 19.0.2, 18.11.5, 18.10.8 Introducing GitLab Orbit GitLab Flex: Commit once, reshape your seats and AI spend GitLab on Google Cloud: Fully managed, compliant, and AI-ready Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting Mythos-class Claude Fable 5 arrives on GitLab Duo Agent Platform GitLab Patch Release: 19.0.1, 18.11.4, 18.10.7 Claude Opus 4.8 on GitLab: Complex agentic work, less disruption Agentic coding is only as good as its context GitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7 Full security scanner coverage of your codebase in minutes Reduce supply chain risk with SBOM-based dependency scanning Transform MRs from manual tasks to an automated workflow Track CI component usage across your organization Manage CI/CD credentials with GitLab Secrets Manager More AI models for GitLab Duo Agent Platform Self-Hosted GitLab 19.0 | GitLab Docs GitLab Dedicated for Government now GovRAMP-authorized Beyond BYOK: Why governance matters for AI agents Fix bugs with Codex and GitLab 5 ways to fix misleading vulnerability severities with policy Harden your pipeline perimeter for the era of AI-assisted coding GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7 GitLab Act 2 Consolidate your GitLab stack with Gitaly on Kubernetes Limit token exposure with fine-grained PATs Automate deployment processes with GitLab Duo Agent Platform Claude Code and GitLab: Three workflows that ship 8 Agentic AI patterns reshaping team collaboration How to detect and prevent Contagious Interview IDE attacks Atlassian will train on your data: Opt out with GitLab Automate detection testing with GitLab CI/CD and Duo
GitLab: Built for the agentic engineering era
Manav Khurana · 2026-06-10 · via GitLab

GitLab Transcend, our customer event showcasing our roadmap, success stories, and industry research just wrapped. Here's what we announced and demonstrated:

  • Next-generation source code management, a Git engine rebuilt for agent-scale concurrency, now in private beta
  • GitLab Orbit, our context graph for the full software lifecycle, now in public beta
  • Agents for security and governance for agents, identity, policy, audit, and approval around every agent action, now in private beta
  • GitLab Duo Agent Platform, our orchestration system where agents pick up issues, review code, and fix pipelines without pulling developers out of flow, generally available since January
  • GitLab Flex, a buying model that bends to how AI adoption actually happens, now accepting orders

It's never been easier or faster to write code with agents, our research across more than 1,500 developers and tech leaders showed that 91% of organizations now run two or more AI coding tools, and 54% run three or more. Some of our customers' codebases are growing up to five times in a single year. But unmanaged, that speed creates chaos.

Catch up on all the action from Transcend with our on-demand webcast.

Agentic coding — speed with chaos

For most organizations, the answer to increasing the pace of innovation has been AI coding. But coding agents built on a fragmented software lifecycle isn't agentic engineering, it's a shortcut to inefficiency and risk.

We see it across our customers in recurring forms. Infrastructure built for human pace buckles under machine-scale concurrency in source code management. Agents have context around the code but not the full software development lifecycle (SDLC), so they stall out in large monorepos and give up across repos as the context window fills. Code, dependencies, and deployments change faster than teams can govern them. And fixed contracts force teams to guess at seats and credits a year ahead, in the era hardest to forecast.

The same research shows the strain: 73% worry about maintaining the code, and only 21% see productivity gains across the full SDLC.

None of this is a reason to slow down. It's a reason to build the agentic infrastructure that turns the speed of agentic coding into strong ROI.

Agentic coding + GitLab agentic infrastructure, delivering speed with control

GitLab is already the platform where enterprises build and ship software. Source code management (SCM), CI/CD, governance, deployment, and more all live in one place, and our platform currently serves more than 50 million users and 100,000 organizations. We sit in the path of every software team and the agents that touch their code, pipelines, or production.

Think of the platform as a living system, with four parts that work together the same way whether a human or an agent is doing the work. The motor system handles execution at agent scale, the source control, pipelines, and deployments that get software built and shipped. The nervous system gives every agent and human the context to make good decisions. The immune system puts proactive governance and security around every action.

And the orchestration system coordinates the other three, letting teams and their agents plan and carry out work across the full lifecycle. Whether the brain doing the work is human or agentic, it draws on all four.

GitLab agentic infrastructure pie chart

At Transcend, we announced these innovations and a new buying program, and demonstrated how they come together with intelligent orchestration enabled by GitLab Duo Agent Platform.

Motor system: Next-gen SCM rebuilt for concurrency

SCM is the part of the platform worth focusing on here, because the Git backend buckles under agent load.

Git was built for a distributed workforce. We clone entire repositories to work on them, with branching and code merges scalable enough for hundreds of people around the globe to work in parallel. That model breaks when each team member runs hundreds of agents, resulting in:

  • Clone tax. Clone repo to read one file, for every agent and every retry.
  • Concurrency collapse. Thousands of sessions hit a human-scale backend at once, producing bottlenecks and unpredictable availability.
  • No isolation. Agents share accounts and one branch space, so they pollute the repo, leave no clean way to discard work, and no record of which agent did what.

That's why we previewed the next-generation SCM, in private beta. It runs on the Git protocol for backward compatibility, with a redesigned backend and interfaces built for agents. So you can run agents on any repo, fan them out by the thousands, and let them experiment safely.

Our team has been working to validate the architectural direction: same Git compatibility and auditability, with a different motor underneath, designed for agentic access from the start.

Stats on next-gen SCM

Early internal results are promising: up to 2x fewer tokens, up to 50x faster wall clock time, and up to 1,000x less network traffic.

Nervous system: GitLab Orbit to answer the toughest questions from agents

Agents are adept at writing code and far less deft at navigating the system around it. They can see the code they're touching but not the full lifecycle, and that gap shows up as wasted work.

In a large monorepo, agents can burn too many iterations and too many tokens, and they take too long to get an answer. Across repos, they may fail outright as the context window fills and the agent gives up. The result is work that looks correct but gets reverted, and teams spending more time fixing agent output than the agent saved.

GitLab Orbit, now in public beta, is the context graph for the entire software lifecycle. It continuously maps code, work items, pipelines, deployments, and production signals into a single live graph, so agents reason from first-party context instead of fragmented signals. Engineers query the same graph through the Data Explorer to trace changes and investigate incidents, which means every decision draws from one source of truth.

GitLab Orbit stats

In our early internal tests, agents grounded with Orbit had up to 11 times faster response, were up to 4.5 times more cost effective, and had up to 45 times fewer hallucinations.

Our customer, Compare the Market, A/B tested GitLab Orbit against a RAG-based approach and a no-context baseline using identical prompts and models, and found: Graph-grounded agents placed inline review comments in the correct location 70% of the time (0.696 accuracy), vs. 58% (0.577) for RAG. Compare the Market validated the approach on 79 real merge requests, where graph-based context outperformed conventional retrieval on comment placement accuracy.

Read more: Introducing GitLab Orbit: Full code and lifecycle context, in one query

Build on Orbit at the Transcend hackathon

Want to put Orbit to work yourself? From June 10-24, 2026, the Transcend hackathon invites the community to build with the lifecycle context graph. Contribute directly to the Orbit codebase, or build agents, flows, and skills on top of it and publish them to the AI Catalog.

Everyone is welcome, from experienced contributors to first-timers, and cash prizes are on the table. Learn more

Immune system: Agents for security and governance for agents

In the agentic era, the security and compliance exposure every team manages keeps multiplying. The faster agents ship code, the faster they ship the vulnerabilities that come with it. The cycle compounds: the more code agents generate, the more coverage gaps you uncover; the more you scan, the more findings you have to triage and fix; and the more agents you run, the more you need to prove each one did the right thing, under the right policy, to stand behind your risk posture.

That cycle is why, building on GitLab Ultimate, we've added agents for security and introduced governance for agents.

The agents for security work the exposure side: scanning, triaging, and resolving vulnerabilities as fast as agents create them, so the volume agents generate doesn't bury the teams responsible for securing it.

Governance for agents, in private beta, works the trust side. When agents push code, touch dependencies, and trigger deployments at scale, the question shifts from "did we scan?" to "which agent did what, under which policy, and can we prove it?"

Governance for agents puts identity, policy, audit, and approval around every agent action, with real-time visibility into inputs, reasoning, tool calls, and high-risk or anomalous activity across the organization. When something unexpected happens, the full execution context and audit trail are already there: what changed, which policy allowed it, and who signed off.

Orchestration system: GitLab Duo Agent Platform

These capabilities above are infrastructure. GitLab Duo Agent Platform is the orchestration system that brings them together in the work developers do every day, and adoption has taken off: weekly active users have grown 10 times since we announced general availability in January.

The friction in software delivery was never the work itself, developers know how to write code, review it, and fix a pipeline. It's the context-switching, the waiting, and the handoffs between each of those steps, where time leaks out and focus breaks.

On GitLab Duo Agent Platform, agents work across that full loop: picking up a well-scoped issue and opening a merge request, reviewing it against the team's own rules rather than generic best practices, and resolving the review feedback that comes back.

The quality holds up against independent scrutiny. GitLab Duo Code Review placed in the top five of AI code review tools scored on the Martian Offline Benchmark. And because these flows can run automatically on event triggers, a failing pipeline can be diagnosed and fixed without pulling multiple engineers out of flow, with the platform distinguishing a break that needs a code change from one that just needs a rerun.

GitLab Flex: Commit once, reshape your seats and AI spend

The agentic era made your needs harder to predict, and the way you buy software hasn't caught up. Six months out, you don't know how many seats you'll need, how much AI your teams will consume, or which new capabilities you'll want to turn on, yet a traditional contract fixes all three up front and won't budge until renewal. Guess high and you pay for idle seats; guess low and adopting anything new means re-opening procurement.

GitLab Flex chart

That's what GitLab Flex, available now, solves. It's one annual commitment you reshape month to month across seats, AI usage, and new capabilities, all drawing from the same agreement, with no amendment and no new procurement cycle. When a team rolls off a project, you reallocate next month's reservations toward another team or toward AI. When a capability ships after you sign, you turn it on from the commitment you already have. Seats and usage live under one commitment, so you can move budget between them as adoption shifts. (For background on the usage-based foundation Flex builds on, see this introduction to GitLab Credits.)

Read more: GitLab Flex: Commit once, reshape your seats and AI spend

The difference between coding and shipping

Agentic coding only gets you part of the way. The coding agent generates the change; GitLab's agentic infrastructure checks it against your full context, workflows, and guardrails and makes it safe to ship, at the speed agents work and the scale enterprises run.

Get started today

GitLab Orbit is available now in public beta: join the beta program. Next-generation SCM and governance for agents capabilities are in private beta, and you can request early access here. Agents for security are available now in GitLab Ultimate. Duo Agent Platform is generally available. Finally, GitLab Flex is accepting requests for orders now: To learn more, get in touch.

Our mission is to unlock every team to ship trusted software at the speed of imagination, and we cannot wait to see what you build.