What does GitLab 18.10 add for security?

AI false positive detection for SAST (GA) and secrets (beta), plus beta auto-MR fixes for verified vulns. Ultimate only.

Will GitLab Duo fix my vulnerabilities automatically?

No—generates MRs you review and merge. Not fully autonomous.

Beta/GA features give scores and explanations, but audit everything. Early days for production code.

🔒 Security & Privacy

Your SAST scan just dumped 47 alerts. Forty are junk. GitLab 18.10's AI says it'll sort the mess—and even patch it for you. Really?

Open Source Beat Apr 07, 2026 4 min read

GitLab 18.10 uses AI to flag SAST and secret false positives, saving dev time on noise. 𝕏
Agentic resolution auto-generates MRs for fixes—but human review is non-negotiable. 𝕏
Skeptical verdict: Helpful increment, not a security revolution. Hype meets reality. 𝕏

Published by

Community-driven. Code-first.

#AI security #AI triage #GitLab #GitLab 18.10 #SAST #SAST false positives #vulnerability remediation #vulnerability triage

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by GitLab Blog