This set builds vocabulary for GitLab's integrated AI assistant across code review and security workflows.
0 / 5 completed
1 / 5
At standup, a dev mentions GitLab's built-in AI assistant that can suggest code, summarize merge requests, and answer questions directly inside the DevSecOps platform. Which tool fits?
GitLab Duo is GitLab's integrated AI assistant, offering capabilities like code suggestions, merge request summarization, and vulnerability explanation directly within the platform that already hosts the code, issues, and pipelines. Being native to GitLab lets it draw on project context like CI results and existing merge request discussion. This differentiates it from a general assistant with no visibility into that platform-specific context.
2 / 5
During a design review, the team wants an AI-generated summary of a lengthy merge request's discussion thread before approving it. Which capability supports this?
Duo's merge request summarization condenses a long discussion thread into a concise overview, helping a reviewer catch up quickly on key decisions and outstanding concerns without reading every comment individually. This saves time on merge requests with extensive back-and-forth. It reflects a broader pattern of AI summarization applied to collaborative development artifacts.
3 / 5
In a code review, a dev uses Duo to get a plain-language explanation of a flagged security vulnerability from a pipeline scan. Which capability does this represent?
Duo can generate a vulnerability explanation grounded in the actual findings from GitLab's security scanning pipeline, translating a terse scanner output into a clearer description of the risk and potential fix. This helps developers who aren't security specialists act on scan results faster. It leverages Duo's integration with GitLab's existing DevSecOps tooling rather than working from a generic prompt.
4 / 5
An incident report shows a Duo-suggested code fix for a vulnerability was merged without verifying it actually resolved the underlying issue. What practice would have caught this?
A suggested fix for a flagged vulnerability should be verified by re-running the relevant scan or test, since an AI suggestion might not fully address the underlying issue or could introduce a new one. Assuming a fix worked without confirmation defeats the purpose of having automated scanning in the first place. This verification step applies to any automated remediation suggestion, not just Duo's.
5 / 5
During a PR review, a teammate asks how GitLab Duo differs from a general-purpose AI coding assistant with no platform integration. What is the key distinction?
A general-purpose assistant lacks direct access to a specific platform's internal state, while GitLab Duo is built with visibility into the merge requests, pipeline results, and security scans already present in GitLab. This context grounding lets it produce more relevant, actionable suggestions for teams already using GitLab. The tradeoff is being scoped specifically to that platform's ecosystem.