GitLab AutoGuard

The Inspiration: The $4.45M Bottleneck

Security vulnerabilities that slip through code review carry an average breach cost of $4.45M. Meanwhile, developers spend up to 30% of their time on non-feature work dealing with SAST tools that flag issues but do not actually fix them. Security is arguably the number one bottleneck in enterprise CI/CD. We realized that AI shouldn't just answer questions; it should act as a tireless security engineer on every Merge Request—with zero infrastructure, zero setup, and zero context-switching.

What It Does

GitLab AutoGuard is an end-to-end autonomous multi-agent flow powered by Anthropic's Claude. By simply mentioning @autoguard on any Merge Request, a specialized four-agent pipeline springs into action.

It autonomously reads the code diff, scans for 12 specific vulnerability classes (including SQLi, XSS, SSRF, and Prototype Pollution), and maps every finding to OWASP, CWE, and CVSS 3.1 frameworks. Finally, it posts a structured Markdown code review directly inside GitLab, complete with actionable fix snippets, and natively creates tracked vulnerability issues for critical findings.

How We Built It

AutoGuard runs entirely inside GitLab. There are no external servers, no Docker containers, and no credentials to manage. We built it by publishing four distinct agents to the GitLab AI Catalog and orchestrating them into a single DevSecOps Autopilot flow.

Each agent has a single responsibility and passes its output as strictly structured JSON to the next agent in the chain:

MR Context Builder — Collects the raw diffs, existing SAST findings, and CI errors into a JSON object. It does not analyze—it only gathers.
Security Scanner — Uses pure LLM reasoning to scan the newly added lines for vulnerabilities. It also evaluates any existing GitLab SAST findings to output a verdict of CONFIRMED, FALSE_POSITIVE, or NEEDS_INVESTIGATION.
Compliance Mapper — Uses chain-of-thought reasoning (Attack Vector → Auth Requirement → Impact) to enrich findings with CVSS 3.1 scores, assigning Priority levels (P0–P3) and issuing a final merge recommendation (BLOCK, REVIEW, or PASS).
Remediation Writer — Takes action using native GitLab Duo tools to post the review, open tracked issues, and confirm or dismiss findings.

Challenges We Ran Into & Resilience

Multi-agent flows are notoriously brittle when passing state. We overcame this by enforcing strict JSON output schemas in the system prompts for every agent hop.

Furthermore, we built the pipeline to be highly resilient. If a native GitLab tool endpoint fails or is restricted during execution, the Remediation Writer agent is prompted to dynamically adapt its strategy and fall back to alternative tools, ensuring the developer always receives the critical security data without the flow crashing.

What's Next for AutoGuard

v1.1 — Auto-trigger on MR Open: Registering AutoGuard to fire automatically on every new MR without requiring a manual @mention.
v1.2 — Multi-language Ruleset Expansion: Extending scanner prompts with language-specific vulnerability patterns for Go, Java, and Ruby.
v2.0 — Shift-Left Pre-commit Agent: A lightweight variant that runs on git push via GitLab CI to catch issues before the MR is even opened.

Built With

anthropic
claude
gitlab-ci
gitlab-duo
json
markdown
yaml

Updates

Aryan Rajput started this project — Mar 25, 2026 10:48 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.