GitLab 17.6 brings self-hosted Duo Chat, adherence checks for SAST/DAST, and much more

GitLab has announced version 17.6 of its AI-powered DevSecOps platform, introducing several new features and enhancements. Users with an Ultimate and Duo Enterprise subscription on GitLab self-managed can now host their own supported large language models (LLMs) to enable the self-hosted GitLab Duo Chat, currently in beta. The update also improves the assignment of reviewers by linking approval requirements with reviewers in the sidebar.

Release notes are now accessible under the related deployment details page, enhancing transparency. Administrators of self-managed and dedicated instances can enforce CI/CD job token allowlists on all projects, and an authentication log has been added to track access via CI/CD job tokens.

The update includes the ability to view vulnerabilities in groups, and the model registry is now generally available as a centralized hub for managing machine learning models within the GitLab workflow. This feature allows tracking model versions, storing artifacts and metadata, and maintaining documentation in the model card.

GitLab Dedicated tenant administrators can utilize Switchboard to set up outbound private links and private hosted zones, with the ability to monitor network connections through periodic snapshots. Additionally, the release introduces two new checks in the Compliance Centre's standard adherence report, verifying the enablement and execution of SAST and DAST security scanners in projects.