Code quality & testing

GitLab Duo Security Review Flow goes after the logic bugs SAST leaves on the floor

GitLab Duo Security Review Flow goes after the logic bugs SAST leaves on the floor

I keep a small mental tally of merge requests where the static scanner shrugged and a human caught the actual bug. Not the SQL string concatenation. Not the hardcoded token. The one where the code was clean, well-typed, and quietly doing the wrong thing for the business, like updating a record the current user was never allowed to touch. That tally is longer than I would like.

That family of bugs is what GitLab says its new Security Review Flow is aimed at. The company moved the feature into public beta this week and positions it as a "foundational flow" on the GitLab Duo Agent Platform.

What actually landed

Security Review Flow is an AI review you request on a merge request. GitLab's framing is that you add Duo Security Review "the same way you would from a person": drop it in as a reviewer when your MR is ready and let it walk the diff.

The split GitLab draws against static scanners is fairly precise. Pattern-based tools are strong on the vulnerabilities they already know how to spot: unsanitized query inputs, hardcoded secrets, unsafe deserialization. What those tools struggle with is your application's logic, where perfectly valid code does the wrong thing for a given domain. GitLab says the new flow "traces intent rather than matching signatures," which is the usual AI-review pitch but tied here to a concrete list of targets.

That target list, per the announcement, includes broken object level authorization, function level authorization, missing authorization on state-changing operations, information disclosure through overly broad serialization, mass assignment, business logic errors, and race conditions. Anyone who has read the OWASP API Top 10 will recognise several of those as the "no scanner will ever find this for you" tier.

How it shows up in review

The shape of the interaction matters as much as the detection. Each finding comes with a vulnerability type plus a CWE reference, a severity level, a tier classification, a plain-language explanation, and, when the tool is confident enough, a suggested fix.

That is a friendlier surface than the usual "here is a JSON blob, please triage" security-tool experience. If it works, you get an authorization comment sitting in the same review thread, in the same UX, as the "did you mean to shadow this variable" note from a colleague. For a developer waiting on the pipeline, that is the difference between "I will look at findings when I have time" and "I fix this before I merge, because it is right there."

Where SAST still earns its keep

Nothing about this removes the case for pattern-based scanning. The SAST comfort zone (string handling, secrets, unsafe deserialization) is exactly where a fast, deterministic tool wins. You want that gate on every push, cheap and quiet, with a false-positive rate you can reason about.

What an intent-tracing review adds is a second pass that can catch a permission check missing from a state-changing endpoint. That is a different question and a different cost model. GitLab is asking for it in Duo Agent Platform credits per review, not per file per push, and the sensible read is that most teams will run both rather than pick one.

Open questions before I trust it on a merge button

A public beta review agent should earn its way in. A few honest things I want to know before I let it near a protected branch:

  • Noise floor. Every LLM reviewer I have tried goes through a phase where every third comment is a plausible-sounding false positive on a code path that is fine. How does this one behave on a real, messy codebase?
  • Repeatability. Ask the same review twice, do you get the same findings? A reviewer that drifts run to run is a bad gate.
  • Scope of context. Does it read only the diff, or the surrounding files the diff depends on? Broken authorization checks live in call graphs, not single hunks.

The blog post does not close any of those, and public beta is where the answers will show up.

How to try it

Security Review Flow is in public beta for GitLab Ultimate customers on GitLab.com, Self-Managed and Dedicated. You reach it through a free trial of the Duo Agent Platform, or by enabling it on an existing Ultimate subscription that already has credits.

What I am watching next

Whether real teams start requesting Duo Security Review by default on merge requests, or whether it becomes another optional gate that quietly gets skipped when the pipeline is red and the standup is in ten minutes. That is the honest test of any review agent. I want to keep this one on for a sprint on a spare repo, count the findings that led to a fix, and report back. If you try it first, tell me what your false-positive rate looked like on day one, because that is the number that decides whether this stays on the reviewer list.

Source: GitLab (about.gitlab.com)

Related
Platform engineering

Cursor unveils Origin, an agent-first Git host; GitLab and Zed take other paths

Graphite co-founder Tomas Reimers unveiled Origin, a Git-compatible code host built from the ground up for AI agents, at an invite-only Cursor conference. GitLab and Zed are pursuing different rebuilds of the same model.

June 22, 2026
Supply chain security

GitLab tries to auto-fix the transitive-dep problem it keeps quantifying

GitLab has moved Dependency Scanning Auto-Remediation into beta, aimed squarely at the transitive supply-chain risk it just spent a research cycle measuring. The interesting question is not whether the fix ships, but whether anyone downstream trusts the bot enough to merge it.

July 17, 2026
Platform engineering

GitLab packages Duo Agent Flows so multi-step runs share the platform's controls

GitLab is naming a shape for multi-step agent work, Duo Agent Flows, that inherits the same access controls, triggers and review gates as any other pipeline object. The pitch is a middle ground between chat that only answers and homegrown scripts that go stale the moment the platform changes.

July 17, 2026

Turn this into your pipeline. Build it on Buddy.

Start free