GitLab 19.2 Adds Agentic Automation for Security and Dependencies
New release introduces auto-remediation for vulnerable dependencies and AI-powered security review flows, both now in public beta.

GitLab targets security backlog with AI agents
GitLab has released version 19.2 of its DevSecOps platform, introducing agentic automation capabilities designed to address the growing volume of code, dependencies, and security vulnerabilities that outpace manual developer workflows.
The release centers on four capabilities: automated dependency remediation, security review workflows that catch logic flaws, command-line agent access, and custom agentic automations. According to a Forrester Consulting study commissioned by GitLab, organizations using the GitLab Duo Agent Platform can achieve 400% return on investment with payback in under six months.
Automated fixes for vulnerable dependencies
Dependency Scanning Auto-Remediation, now in public beta, addresses a specific pain point in application security. Research on the Maven ecosystem found vulnerabilities reaching approximately 63% of latest releases through transitive dependencies—packages teams never directly selected. Roughly one in eight dependency updates introduces breaking changes, complicating remediation efforts as compliance deadlines under PCI DSS and FedRAMP approach.
The new feature allows security teams to clear vulnerable dependencies without requiring developer intervention. When a scan identifies a vulnerable package, GitLab automatically opens a merge request with a suggested fix. If an upgrade breaks the build, agents iterate to resolve the issue within the same merge request. Developers can configure severity thresholds and version scope parameters to control which vulnerabilities trigger remediation. All changes flow through existing approval gates and maintain full audit trails.
Security Review Flow for logic vulnerabilities
Security Review Flow, also in public beta, targets vulnerabilities that pattern-based scanners cannot detect. The feature is designed to catch business-logic errors and race conditions—flaws that require contextual understanding rather than signature matching.
CLI and custom workflow capabilities reach general availability
GitLab Duo CLI has moved to general availability, giving developers access to agents and multi-step agentic flows directly from their command-line environment. Custom Flows, also now generally available, enable teams to replace manual multi-step workflows with agentic automations triggered by GitLab events throughout the software development lifecycle.
Why it matters
As AI-generated code becomes more prevalent, the volume of dependencies and potential vulnerabilities is growing faster than security teams can manually address. Automated remediation that respects existing governance controls offers a path to reduce security backlogs without expanding headcount or diverting developers from feature work. The ability to fix breaking changes automatically—rather than simply flagging them—represents a meaningful step beyond traditional vulnerability scanning.
Details of the GitLab 19.2 release were first reported by Business Wire.
This is an original analysis by the Omega editorial team. Source reporting: Automation Watch.
Want systems like this working for your business?
Book a Call
