GitLab 18.1 released with Maven virtual registry in beta, Duo Code Review, and more

GitLab 18.1 has been released, delivering several new features and enhancements for developers working with this leading GitHub alternative. The release introduces the Maven virtual registry in beta, simplifying Maven dependency management for Premium and Ultimate customers on GitLab.com and self-managed instances. While the registry is in beta now, the upcoming general availability release will bring further flexibility, including a web-based user interface, shareable upstream registries, new cache lifecycle management tools, and enhanced analytics.

Following these registry enhancements, Duo Code Review is now generally available and ready for production use. This AI-powered assistant provides automated feedback on merge requests, helping developers identify potential bugs, security vulnerabilities, and code quality issues more quickly.

On the security front, GitLab now checks user credentials for known password leaks at sign-in. If a compromised password is detected, users receive a banner alert on the site and an email notification. Additionally, GitLab 18.1 also introduces new continuous integration and continuous deployment (CI/CD) components for achieving Supply-chain Levels for Software Artifacts (SLSA) Level 1 compliance, enabling artifact signing and verification via provenance metadata generated by GitLab Runner.