Agentic DevSecOps Release Assistant

Release in minutes. GCP + Gen AI + GitLab.

Comment

Inspiration

Release decisions in GitLab often depend on scattered signals spread across merge requests, CI/CD pipelines, logs, approvals, and security reports. Teams lose time manually interpreting those signals, especially when they need to answer two urgent questions quickly: “Is this change risky?” and “Why did the pipeline fail?” We built Agentic DevSecOps Release Assistant to turn that fragmented release workflow into a fast, explainable AI-assisted decision flow.

What it does

Agentic DevSecOps Release Assistant analyzes GitLab merge requests and pipeline failures, then summarizes risk and likely root causes in plain language. It produces MR risk briefs, pipeline failure hypotheses, and a deterministic go/no-go check based on release conditions. The result is a release copilot that helps engineers understand blockers faster and make more confident decisions.

How we built it

We built the backend as a Cloud Run service with FastAPI endpoints for MR analysis and pipeline analysis. Gemini on Google Cloud handles semantic reasoning and summarization, while GitLab data is fetched through MCP/API-based integrations. We also created a Google Cloud Agent Builder agent, connected tools to the live Cloud Run endpoints, and used Secret Manager for credentials. The project is documented with architecture and implementation plans in the GitLab repository.

Challenges we ran into

One challenge was balancing ambitious agentic capabilities with hackathon time constraints. Another was deciding how to expose GitLab context cleanly enough for Gemini to reason over without making the workflow too complex. We also had to keep the demo reliable and simple enough to present clearly, while still showing meaningful agent behavior.

Accomplishments that we're proud of

We are proud that we turned a DevSecOps pain point into a working AI-assisted workflow with real release value. We also successfully deployed a live service on Cloud Run and connected it to agent tooling for practical MR and pipeline analysis. In addition, we created a clear architecture, implementation plan, and submission-ready documentation to make the project easy to understand and extend.

What we learned

We learned that good agent design is less about flashy output and more about structured reasoning over the right context. We also learned how important it is to separate deterministic release checks from generative analysis so the final recommendation stays trustworthy. Finally, we gained experience with building and deploying a hackathon-ready system using Google Cloud and GitLab integration patterns.

What's next for Agentic DevSecOps Release Assistant

Next, we would expand the agent to support richer GitLab context such as approvals, security findings, and multi-job pipeline grouping. We would also add better release policy templates, more detailed audit trails, and optional Slack or email notifications. Longer term, we would evolve it into a broader release intelligence assistant that supports multiple repositories, environments, and teams.

Built With

  • docker
  • fastapi
  • gitlab-api
  • gitlab-mcp
  • google-cloud-agent-builder
  • google-cloud-run
  • google-secret-manager
  • html/css/javascript
  • python
  • rest-apis
  • vertex-ai-(gemini)
Share this project:

Updates