GitLab 18.1 declares Duo Code Review ready for production

GitLab 18.1 is available with over 100 new features. Among other things, the software development platform now offers a virtual Maven registry, makes the AI service Duo Code Review generally available and recognizes compromised passwords.

GitLab.com warns against leaked passwords

To increase security, the current version of GitLab.com applies a security check to account login data when users log in. If the password used is contained in a known leak, GitLab displays a banner to the person concerned and sends them an e-mail notification. The banner and email contain instructions on how to update the credentials.

This feature is only available in the SaaS version GitLab.com, not in self-managed editions. Also, it only applies to native GitLab usernames and passwords; SSO credentials are not checked.

Duo Code Review: AI service is ready for production

Duo Code Review is now generally available to all paying GitLab users after a beta phase and is ready for use in production. The AI-powered feature provides feedback on merge requests and is designed to help identify potential bugs, security vulnerabilities and code quality issues – even before human reviewers get to the code.

Duo Code Review uses the large language model Anthropic Claude 3.7 Sonnet. According to the documentation, the following data is sent to this model:

• Contents of the changed files
• file names
• Title of the merge requests
• Description of the merge requests

Other updates in GitLab 18.1 include the Maven Virtual Registry. This is in beta status and is available for Premium and Ultimate customers in both SaaS and self-managed GitLab instances. It is intended to simplify dependency management for the Maven build tool, which is used for Java projects.

Further information on the highlights of GitLab 18.1 can be found on the GitLab blog.

(mai)