GitLab Introduces Flat-Rate Code Reviews, Free-Tier AI Access, and Budget Controls

GitLab has released versions 18.10 and 18.11 of its DevSecOps platform, introducing substantial changes to how teams access and pay for AI-powered code analysis and review services. These updates address growing concerns about code review bottlenecks, AI accessibility, and cost predictability in development workflows.

The Challenge: Code Review Backlogs

GitLab reports that code review times have increased by 91% at companies using AI coding tools, with a typical engineer at a large company waiting 13 hours for a merge request to be merged. This creates a self-defeating loop where development teams ship code faster while reviews pile up, ultimately slowing down the entire development process.

"The motivation for these changes is clear," explains Manav Khurana, Chief Product and Marketing Officer at GitLab. "Development teams are shipping code faster than ever, and the AI automation that keeps code secure and ensures it gets safely deployed has to keep pace -- running across every project and every group, with the context of the entire platform."

Flat-Rate Code Reviews

The most significant pricing change in version 18.10 is a flat $0.25 per automated code review, regardless of the size or complexity of the merge request. This represents a dramatic shift from the token-based pricing models used by competing tools, which GitLab claims charge $15 to $25 per review.

This flat-rate model addresses a critical pain point in development workflows: when reviews are expensive, teams tend to ration them to their most important changes, creating backlogs and delays for smaller but still necessary updates. At $0.25 per review, the cost barrier is significantly lowered, making it practical to review every change rather than triaging based on perceived importance.

Free-Tier AI Access Through Credits Model

Version 18.10 also brings the Duo Agent Platform to GitLab.com's free tier users through a credits-based purchasing model. Previously, advanced AI features were locked behind premium subscription tiers. Now, free-tier users can access these capabilities by purchasing GitLab Credits, which are allocated at the group level rather than per seat.

This approach offers several advantages:

• Teams don't need to assign licenses to individuals
• Credits are sold in monthly blocks for predictable budgeting
• Group owners receive usage dashboards showing which agents and flows are consuming credits

The credits model represents a notable departure from traditional seat-based licensing, which charges a fixed amount per user regardless of actual usage. As Bryan Rothwell from GitLab notes, "seat-based vendors have been adding premium tiers and usage-based overages on top of their seat fees, reducing the predictability that seat licensing was supposed to offer."

Security Enhancements

Version 18.10 also introduces a security feature to general availability: SAST (Static Application Security Testing) false positive detection for Ultimate customers. After each static analysis scan, the Duo Agent Platform scores new critical and high-severity findings by how likely they are to be false positives, and surfaces that assessment in the Vulnerability Report.

This addresses a real-world problem where security teams flooded with irrelevant alerts tend to start ignoring them, potentially leaving actual vulnerabilities undetected. The scoring system is advisory, allowing security teams to make the final decisions about what to dismiss.

Budget Controls in Version 18.11

Building on the credits model, version 18.11 introduces additional controls to help organizations manage AI spending. These controls work in two ways:

1. Billing account managers can set a hard monthly limit for the entire subscription
2. Platform administrators can set per-user credit limits, either as a single cap across the whole organization or as individual allocations

These controls address two common scenarios:

• Without budget caps, a busy month could produce unexpected expenses
• Without per-user limits, a handful of power users could burn through the team's credits before the month is over

The hard credit caps are particularly significant because they're enforceable rather than merely advisory, providing genuine predictability in budgeting.

Vertex AI Integration

Version 18.11 also introduces a new integration with Google Cloud's Vertex AI. When customers choose Google Cloud as their inference environment, model calls are routed through Vertex AI via GitLab's AI Gateway. For organizations already using Google Cloud, this means AI development tool usage can be consolidated within existing cloud agreements rather than creating a separate spend category.

Community Reaction

The community reaction to these changes has been mixed. On Reddit's GitLab community, at least one user reported that a GitLab sales rep described Duo Pro and Duo Enterprise licenses as being phased out in favor of the credits model—a pay-as-you-go shift with both per-user and pool-based options. This raised concerns about how existing contracts would be handled.

However, GitLab Consulting UK welcomed the budget controls in version 18.11, particularly for large organizations using the Vertex AI integration, where consumption can scale quickly.

GitLab has not yet published adoption data for the flat-rate review model, so its effect on team behavior at scale remains an open question.

Conclusion

GitLab's latest releases represent a significant evolution in how AI-powered development tools are priced and accessed. By introducing flat-rate code reviews, free-tier AI access through a credits model, and robust budget controls, GitLab is attempting to address three critical challenges in modern development workflows: review bottlenecks, AI accessibility, and cost predictability.

The success of these changes will likely depend on how effectively they balance the needs of different organizations—from small teams with limited budgets to large enterprises with complex requirements. The credits model in particular represents a potentially significant shift away from traditional software licensing, and its long-term impact on the DevOps market will be worth watching.

The budget controls and flat-rate pricing model are available now for both GitLab.com and self-managed customers on versions 18.11 or later. The full release notes for both versions are available on GitLab's official documentation.

About the Author Matt Saunders is VP DevOps at Adaptavist, where he helps teams use DevOps, platform engineering, and cloud-native tools to deliver reliable software quickly and efficiently. He has worked with complex enterprises, small start-ups, and everything in between, and co-organizes the London DevOps meetup group with over 10,000 members.