RSA revelations, agentic AI, and DevSecOps in full bloom!
Hey GitLab community!
May is here, and it’s bringing the momentum! From RSAC takeaways to our GitLab Duo with Amazon Q GA, GitLab 17.11, and an amazing story from Siemens, this month’s Monday Merge is stacked with innovation, insight, and inspiration.
Let’s dive in!
🗞️ Special report from RSA 2025
San Francisco was buzzing last week, and not just from the fog and coffee. RSA 2025 brought together the best minds in cybersecurity, and GitLab was right in the mix at Booth #4324. From agentic AI and embedded security to transparent DevSecOps practices, we heard a clear message: collaboration is the new security superpower.
Watch my RSA wrap-up video for all the highlights.
🤝 GitLab Duo + Amazon Q: Now GA + generally awesome
Say hello to your new AI tag-team. GitLab Duo with Amazon Q is officially generally available, and it’s redefining how teams develop on AWS. Whether you're writing code, reviewing MRs, or tackling legacy Java updates (we see you, refactoring warriors), agentic AI is here to do the heavy lifting.
With Amazon Q embedded into the GitLab platform, you can go from issue to implementation in minutes using intuitive prompts like /q dev or /q transform. Early adopters like Volkswagen Digital Solutions and Availity are already accelerating workflows and modernizing complex environments.
Ready to level up?
🚀 GitLab 17.11: Compliance, customization, and more AI magic
This month’s release is packed with more than 60 improvements that give teams more power to manage security, increase flexibility, and accelerate their workflows with even greater precision. Whether you're working in regulated environments, scaling custom processes, or experimenting with agentic AI, GitLab 17.11 delivers the controls, dashboards, and integrations you need to move faster and build better.
✨ Highlights include:
- Custom compliance frameworks: Define requirements, map 50+ out-of-the-box controls, and generate detailed adherence reports.
- New Duo Self-Hosted features: Root cause analysis, AI-generated summaries, vulnerability insights, and more—now available in beta.
- Eclipse plugin (beta): Duo comes to Eclipse for an even more integrated coding experience.
- Protected packages and tags: Lock down key assets and secure your registry like never before.
- Custom fields and updated issue experience: Add structured metadata, streamline task relationships, and boost issue management productivity.
- CI/CD pipeline inputs: Inject dynamic content safely and flexibly with new structured inputs.
🎉 A huge shoutout to our incredible GitLab community for their 284 contributions to this release! From community-driven features like protected Maven packages to improvements across Duo and CI/CD, these updates reflect the creativity, care, and commitment of contributors around the world. We couldn’t do it without you 🙌
☁️ Meet us IRL: AWS Summits incoming
We’re hitting the road! As a global sponsor of the AWS Summits, GitLab is bringing DevSecOps to a city near you. Stop by our booth for:
- Lightning talks and hands-on demos
- In-person chats with GitLab AI and security pros
- Tips on building faster and safer on AWS
🏗️ Customer spotlight: Siemens scales collaboration with GitLab
What happens when one of the world’s most respected engineering companies rethinks how its developers collaborate? You get Siemens’ incredible DevSecOps journey.
It all started in 2014 with a small, forward-thinking team looking for a better way to collaborate on embedded Linux development. Fast forward to today, and GitLab is now the central platform for more than 75,000 developers at Siemens, enabling over 200,000 builds every single day. Their rollout of GitLab wasn’t just a technical implementation—it was a cultural shift that brought teams together, fostered inner-source practices, and encouraged company-wide innovation.
And Siemens doesn’t just use GitLab—they help build it. With 300+ merge requests contributed and 12 MVP recognitions under their belt, the Siemens team continues to shape the platform, giving back to the community and strengthening their own DevOps capabilities along the way.
They’re already experimenting with agentic AI and hosting their own models, including the in-house “CodeAI” bot to enhance merge requests. As they prepare for the future, they see AI not as a replacement, but as an amplifier of human creativity and collaboration.
📚 What we’re reading: AI, risk, and real talk from GitLab leaders
Here’s what’s on our bookmarks bar this month:
Agentic AI: Unlocking developer potential at scale: Emilio Salvador breaks down why the future of software won’t be built alone. Specialized agents are the new teammates. 🔗 Read more
Embedding risk intelligence into your software supply chain: Lee Faus shows how to embed risk intelligence across your pipeline—not just patch it on at the end. 🔗 Read more
The pros and cons of making security practices public: Josh Lemos joins Tines to talk transparent security, AI threats, and why coffee chats still matter. 🔗 Read more
Three Ways To Operationalize AI For Engineering Teams: Sabrina Farmer shares a step-by-step guide to making AI work with your team, not against it. 🔗 Read more
Navigating the Go-To-Market Roadmap with Precision: Brian Robins on GitLab’s go-to-market strategy, why Ultimate is driving growth, and the human side of finance. 🔗 Read more
💬 As always, an inspiring closing thought...
"Security is the bridge that allows us to cross safely into new technological frontiers." - Magda Chelly
As we venture into these new frontiers together—whether with agentic AI, compliance controls, or collaborative workflows—remember that security isn't just a checkpoint but the foundation that enables innovation to flourish. Build your bridges thoughtfully, cross them confidently, and create something remarkable.
Until next time, stay secure, stay innovative, and happy merging!
Fatima Sarah Khalid | Developer Advocate, GitLab
P.S. Want to keep riding the DevSecOps wave? Hit subscribe and never miss a merge.