InfoQ

GitLab 19.0 Embeds Agentic AI in Secrets, Merge Requests, and Supply Chain Security

GitLab 19.0 extends agentic AI beyond code generation into securing credentials, reviewing and merging changes, and scanning ...
techzine

GitLab releases version 19.0 with broader use of AI agents

GitLab has released version 19.0 of its DevSecOps platform. The new release focuses primarily on further integrating AI agents throughout the entire software development process. With this, the ...
The Next Web

GitLab 19.0 bets that the real bottleneck in software delivery is everything after writing the code

GitLab 19.0 extends agentic AI across the full software lifecycle with its Duo Agent Platform, adds SBOM-based dependency scanning, and supports Claude Opus 4.7 and Gemini models. The release targets ...
InfoWorld

GitLab CEO sees developer tool bill increasing 100-fold

GitLab CEO Bill Staples says enterprises’ monthly bill for developer platform services has risen from tens of dollars per seat to hundreds over the last year, and is headed toward the thousands, ...
GitHub

mshegolev/gitlab-ci-mcp

MCP server for GitLab CI/CD. Lets an LLM agent (Claude Code, Cursor, OpenCode, DevX Agent, etc.) work with pipelines, jobs, schedules, branches, tags, merge requests and repository files. Python, ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...
LinkedIn

GitLab CI/CD: Anchors vs Extends vs !reference — What to Use When

If you’ve worked with GitLab CI/CD, chances are you’ve come across anchors, extends, and !reference — and at some point wondered: aren’t they all doing the same thing? They’re actually quite different ...
theregister

Swiss government says give M365, and all SaaS, a miss as it lacks end-to-end encryption

INFOSEC IN BRIEF Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and SaaS services due to ...
Bleeping Computer

Public GitLab repositories exposed more than 17,000 secrets

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. Luke Marshall used the TruffleHog ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
TheServerSide

Top 10 Jenkins alternatives

You're looking for a Jenkins alternative? That's a big ask. Jenkins is one of the most popular continuous integration and continuous delivery tools on the market today, and while nobody would assert ...
Dark Reading

GitHub Developers Hit in Complex Supply Chain Cyberattack

An unidentified group of threat actors orchestrated a sophisticated supply chain cyberattack on members of the Top.gg GitHub organization as well as individual developers in order to inject malicious ...