Many development teams grapple with the dual challenges of efficient agile planning and keeping pace with evolving security threats. It’s far too common for teams to spend valuable time manually sifting through tasks across disparate systems or drowning in a deluge of false positive security alerts, which inevitably drags down the development cycle. These issues, whether in a 20-person startup or a large regulated financial institution, lead to frustration, wasted resources, and missed deadlines.
GitLab 18.10 addresses these pressing concerns with a suite of new capabilities. Rather than simply listing features, let’s explore what these updates practically mean for organisations striving to deliver value faster and more securely.
Problem: Small to medium-sized teams often struggle to effectively manage and visualise all types of work – from features and bugs to technical debt – within a single, cohesive view. Disconnected tools or complex manual filtering of tasks in extensive lists result in an incomplete project picture and hinder effective prioritisation.
Solution in GitLab 18.10: The new work items list and saved views transform agile planning. Teams can now see all work item types in one place and create custom, pre-configured views. For smaller teams, this saves significant time previously spent on repeatedly setting up filters. For larger, regulated organisations, such as banking or healthcare providers, it allows for standardisation in how teams review and assess work, ensuring consistency in adhering to internal processes and compliance regulations. This includes critical mandates like those from the FCA or PRA. This reduces the risk of overlooking critical items and simplifies reporting. Imagine a project manager or a compliance auditor being able to instantly pull up all security-related tasks across projects with a single click, without manually applying a complex set of filters.
Practical tip: If you are using GitLab for agile management, experiment with the new saved views for sprint planning, backlog refinement, or incident response. Consider standardising views for different roles within your team to improve communication and reduce friction.
Problem: Security scanning (SAST, DAST) is essential but often generates vast amounts of data, frequently including numerous false positives. Developers then spend hours investigating and triaging these outputs, which diminishes their productivity and can lead to alert fatigue, causing genuine threats to be missed.
Solution in GitLab 18.10: The integration of AI into vulnerability management is a breakthrough in this release. SAST false positive detection (now generally available) and automated remediation using large language models (LLMs) dramatically reduce triage time. AI can identify and automatically dismiss false positives or even suggest and implement fixes directly within the codebase. For teams migrating from Jenkins to GitLab or those establishing their DevSecOps practices, this significantly shortens the time to resolve vulnerabilities. Developers can focus on core tasks without needing to become security experts. For FTSE 100 companies or those operating under stringent UK regulatory frameworks, this capability profoundly strengthens their ability to respond swiftly to security threats and efficiently document these processes for audit trails.
Practical tip: Review your SAST settings to ensure false positive detection is enabled. Discuss within your team how automated remediation could enhance your Mean Time To Resolution (MTTR) for security findings.
Problem: Agentic AI offers immense potential for development efficiency, but its adoption has often been tied to full platform subscriptions, making it inaccessible for many small to mid-sized firms. Consequently, many teams lag in adopting modern, AI-driven tools.
Solution in GitLab 18.10: Significantly, even teams on the GitLab.com Free tier can now purchase a monthly commitment of GitLab Credits to start using the GitLab Duo Agent Platform immediately. This is a crucial step toward democratising AI in DevSecOps. For startups in London or established consultancies across the UK, this means they can experiment with and integrate AI into their workflows without substantial upfront investment or complex licensing models. It opens the door to automating repetitive tasks, accelerating code generation, and intelligent recommendations.
Practical tip: If your team operates on a tighter budget, assess where the GitLab Duo Agent Platform could provide the most benefit. Start with small experiments, such as automated test generation or code completion, and gradually expand its usage.
GitLab 18.10 is not merely about new features; it’s about practically addressing the challenges that hinder teams in their daily work. From simplifying agile planning and intelligent vulnerability management to democratising AI, all these updates aim to achieve one goal: empowering teams to deliver quality software faster and with less risk. These changes are particularly relevant for our clients seeking to optimise their DevSecOps processes and ensure compliance within regulated industries, such as financial services or public sector organisations. At https://gitlab.consulting/en-gb/, we can help you understand the implications of these changes for your specific architecture and processes.
If you would like to discuss how to implement these new capabilities within your team, or if you have specific questions about licensing models and migration strategies, please do not hesitate to contact us. We are here to help you unlock the full potential of GitLab. Reach out to us via our contact form: Contact us.