Nov 14, 2024
Available now on GitLab

The latest features available on GitLab SaaS

New features are regularly released to GitLab SaaS (GitLab.com), with a packaged release available for GitLab Self-Managed every month. Read on to learn more about the new features available on GitLab.com. Note that it may take a few days for a feature to become fully available on GitLab.com, due to deployment schedule and potential feature flags.

Additional information on past releases is available; be sure to check out the release for other features we've launched recently. We also have information about upcoming releases if you're interested in seeing what we are doing next.

Preview Key improvements released in GitLab Preview

Use self-hosted model for GitLab Duo Chat

Use self-hosted model for GitLab Duo Chat

You can now host your own supported large language models (LLMs) and configure them to enable self-hosted GitLab Duo Chat. This feature is in beta and available with an Ultimate and Duo Enterprise subscription on GitLab self-managed.

With self-hosted models, you can use models hosted either on-premise or in a private cloud to enable GitLab Duo Chat or Code Suggestions (introduced as a beta feature in GitLab 17.5). We currently support open-source Mistral models on vLLM or AWS Bedrock, Claude 3.5 Sonnet on AWS Bedrock, and OpenAI models on Azure OpenAI. By enabling self-hosted models, you can leverage the power of generative AI while maintaining complete data sovereignty and privacy.

Please leave feedback in issue 501268.

Use self-hosted model for GitLab Duo Chat

Filter by Identifier on the Vulnerability Report

Filter by Identifier on the Vulnerability Report

On the project level Vulnerability Report you can now filter by vulnerability identifiers. This will allow you to find specific vulnerabilities that are in your project. For this iteration, filtering by identifier will be limited to the first 100 records. The identifier can be used in conjunction with other filters, i.e. severity, status, or tool.

Filter by Identifier on the Vulnerability Report

Admin setting to enforce CI/CD job token allowlist

Admin setting to enforce CI/CD job token allowlist

Previously, we announced that the default CI/CD job token (CI_JOB_TOKEN) behavior will change in GitLab 18.0, requiring you to explicitly add indvidual projects or groups to your project’s job token allowlist if you want them to continue to be able to access your project.

Now, we are giving self-managed and Dedicated instance administrators the ability to enforce this more secure setting on all projects on an instance. After you enable this setting, all projects will need to make use of their allowlist if they want to use CI/CD job tokens for authentication. Note: We recommend enabling this setting as part of a strong security policy.

Admin setting to enforce CI/CD job token allowlist

Vulnerability report grouping

Vulnerability report grouping

Users require the ability to view vulnerabilities in groups. This will help security analysts optimize their triage tasks by utilizing bulk actions. In addition users can see how many vulnerabilities match their group; i.e. how many OWASP Top 10 vulnerabilities are there?

Vulnerability report grouping

Preview Other improvements in GitLab Preview

Project events for group webhooks

Project events for group webhooks

In this release, we’ve added project events to group webhooks. Project events are triggered when:

  • A project is created in a group.
  • A project is deleted in a group.

These events are triggered for group webhooks only.

Easily remove closed items from your view

Easily remove closed items from your view

You can now hide closed items from the linked and child items lists by turning off the Show closed items toggle. With this addition, you have greater control over your view and can focus on active work while reducing visual clutter in complex projects.

Easily remove closed items from your view

macOS Sequoia 15 and Xcode 16 job image

macOS Sequoia 15 and Xcode 16 job image

You can now create, test, and deploy applications for the newest generations of Apple devices using macOS Sequoia 15 and Xcode 16.

GitLab’s hosted runners on macOS help your development teams build and deploy macOS applications faster in a secure, on-demand build environment integrated with GitLab CI/CD.

Try it out today by using the macos-15-xcode-16 image in your .gitlab-ci.yml file.

Select a GitLab agent for an environment in a CI/CD job

Select a GitLab agent for an environment in a CI/CD job

To use the dashboard for Kubernetes, you need to select an agent for Kubernetes connection from the environment settings. Until now, you could select the agent only from the UI or (from GitLab 17.5) the API, which made configuring a dashboard from CI/CD difficult. In GitLab 17.6, you can configure an agent connection with the environment.kubernetes.agent syntax. In addition, issue 500164 proposes to add support for selecting a namespace and Flux resource from your CI/CD configuration.

Filter GitLab Duo users by assigned seat

Filter GitLab Duo users by assigned seat

In previous versions of GitLab, the user list displayed on the GitLab Duo seat assignment page could not be filtered, making it difficult to see which users had previously been assigned a GitLab Duo seat. Now, you can filter your user list by Assigned seat = Yes or Assigned seat = No to see to see which users are currently assigned or not assigned a GitLab Duo seat, allowing for ease in adjusting seat allocations.

Filter GitLab Duo users by assigned seat

New audit event when merge requests are merged

New audit event when merge requests are merged

With this release, when a merge request is merged, a new audit event type called merge_request_merged is triggered that contains key information about the merge request, including:

  • The title of the merge request
  • The description or summary of the merge request
  • How many approvals were required for merge
  • How many approvals were granted for merge
  • Which users approved the merge request
  • Whether committers approve the merge request
  • Whether authors approved the merge request
  • The date/time of the merge
  • The list of SHAs from Commit history

Service accounts badge

Service accounts badge

Service accounts now have a designated badge and can be easily identified in the users list. Previously, these accounts only had the bot badge, making it difficult to distinguish between them and group and project access tokens.

Service accounts badge

Deploy your Pages site with any CI/CD job

Deploy your Pages site with any CI/CD job

To give you more flexibility in designing your pipelines, you no longer need to name your Pages deploy job pages. You can now simply use the pages attribute in any CI/CD job to trigger a Pages deployment.

Deploy your Pages site with any CI/CD job

JaCoCo test coverage visualization now generally available

JaCoCo test coverage visualization now generally available

You can now see JaCoCo test coverage results directly in your merge request diff view. This visualization allows you to quickly identify which lines are covered by tests and which need additional coverage before merging.

Add support for values to the glab agent bootstrap command

Add support for values to the glab agent bootstrap command

In the last release, we introduced support for easy agent bootstrapping to the GitLab CLI tool. GitLab 17.6 further improves the glab cluster agent bootstrap command with support for custom Helm values. You can use the --helm-release-values and --helm-release-values-from flags to customize the generated HelmRelease resource.

Audit events for privileged actions

Audit events for privileged actions

There are now additional audit events for privileged settings-related administrator actions. A record of when these settings were changed can help improve security by providing an audit trail.

More information in sign in emails from new locations

More information in sign in emails from new locations

GitLab optionally sends an email when a sign-in from a new location is detected. Previously, this email only contained the IP address, which is difficult to correlate to a location. This email now contains city and country location information as well.

Thank you Henry Helm for your contribution!

Prevent modification of group protected branches

Prevent modification of group protected branches

When a merge request approval policy is configured to prevent group branch modification, policies now account for protected branches configured for a group. This setting ensures that branches protected at the group level cannot be unprotected. Protected branches restrict certain actions, such as deleting the branch and force pushing to the branch. You can override this behavior and declare exceptions for specific top-level groups with the new approval_settings.block_group_branch_modification property to allow group owners to temporarily modify protected branches when necessary.

This new project override setting ensures that group protected branch settings cannot be modified to circumvent security and compliance requirements, ensuring more stable enforcement of protected branches.

Prevent modification of group protected branches

Use API to get information about tokens

Use API to get information about tokens

Administrators can use the new token information API to get information about personal access tokens, deploy tokens, and feed tokens. Unlike other API endpoints that expose token information, this endpoint allows administrators to retrieve token information without knowing the type of the token.

Thank you Nicholas Wittstruck and the rest of the crew from Siemens for your contribution!

Deprecations Deprecations

The complete list of all features that are currently deprecated can be viewed in the GitLab documentation. To be notified of upcoming breaking changes, subscribe to our Breaking Changes RSS feed.

Removals and breaking changes Removals and breaking changes

The complete list of all removed features can be viewed in the GitLab documentation. To be notified of upcoming breaking changes, subscribe to our Breaking Changes RSS feed.

Changelog

Please check out the changelog to see all the named changes:

Installing

If you are setting up a new GitLab installation please see the download GitLab page.

Updating

Check out our update page.

GitLab Subscription Plans

See what your team could do with The DevSecOps Platform.

  • Free

    Free-forever features for individual users

  • Premium

    Enhance team productivity and coordination

  • Ultimate

    Organization wide security, compliance, and planning

Try all GitLab features - free for 30 days

Take GitLab for a spin

See what your team could do with The DevSecOps Platform.

Get free trial

Have a question? We're here to help.

Talk to an expert
Edit this page View source