GitLab 19 adds group review instructions, Secrets Manager, and Duo Developer enhancements

GitLab 19 has been released, bringing several workflow and security improvements for teams. The update enables group-level and subgroup-level custom review instructions, which can now be shared across projects. This addition streamlines code review workflows and minimizes duplicate configuration, benefiting both Code Review Flow and GitLab Duo Code Review users.

At the project management level, teams can now define custom work item types beyond the standard issue or task. Projects may add or rename item types such as user story, bug, or maintenance. These types support custom fields, status lifecycles, unique icons, and can be configured per project for tailored workflow tracking.

Building on platform security, the GitLab Secrets Manager enters open beta for Premium and Ultimate users on GitLab.com and self-managed installations. With this feature, project and group owners may securely store, retrieve, and reference continuous integration and continuous deployment (CI/CD) secrets. Secrets are scoped to a project or group, and accessible only by specified pipeline jobs.

Following these substantive core changes, GitLab Duo Developer increases automation flexibility by accepting multiple trigger methods. Developers can assign it to issues, invoke it to generate merge requests, or @mention it in discussions to automate responses and code changes. The SBOM-based dependency scanner also becomes generally available, allowing Maven, Gradle, and Python projects to identify vulnerabilities across their entire dependency tree, including all transitive packages.