The question isn’t whether GitLab Duo can write code. The question is whether it makes sense to pay for it when you’re already writing $29 or $99 per user monthly to GitLab for the platform.

That math changed in 2026. Starting with GitLab 18.0 (May 2025), GitLab bundled Duo Core — code suggestions and chat — into every Premium and Ultimate subscription at no extra cost. Then GitLab 19.0 (May 21, 2026) replaced the rule-based chat with Agentic Chat for Core users. And in April 2026, GitLab introduced flat-rate AI code reviews at $0.25 per merge request — a direct shot at the $15–$25 per-review token costs teams are paying with Copilot Enterprise.

None of that changes the fundamental constraint: GitLab Duo only works inside GitLab. If your team uses GitHub, Bitbucket, or a mixed host setup, this review doesn’t apply. For everyone already standardized on GitLab, read on — the calculus is more interesting than most Duo coverage suggests.

What you actually get at each tier

GitLab Duo isn’t a single product. It’s three add-on tiers stacked on top of your GitLab plan.

Duo Core ships free with every GitLab Premium ($29/user/month, annual) and Ultimate ($99/user/month, annual) subscription. As of May 21, 2026, Core includes:

• Code Suggestions: inline completion in VS Code, JetBrains, Cursor, Windsurf, and Visual Studio for Windows
• Agentic Chat (replaced non-agentic chat in GitLab 19.0): multi-step reasoning using full GitLab context — issues, MRs, pipelines, security findings
• A limited-time credits promotion: $12/user/month for Premium, $24/user/month for Ultimate, usable on Agent Platform features

The credits promotion matters. GitLab bills agentic features via its credit system ($1 = 1 credit). Code reviews run at $0.25 each (4 reviews per credit). A 10-person Premium team gets $120 in credits monthly under the promotion — that covers 480 automated code reviews before you pay a cent beyond the plan fee.

Duo Pro ($19/user/month, add-on) removes credit limits and unlocks higher-tier features including Code Review Flow — the agentic reviewer that analyzes cross-file dependencies, checks pipeline results, cross-references security scan output, and writes structured inline comments on merge requests. It also includes Suggested Reviewers, a machine-learning feature that recommends human reviewers based on Git history and file-level expertise.

Duo Enterprise (list pricing ~$39/user/month, Ultimate only, exact pricing via sales) adds the full security and compliance stack: Vulnerability Explanation, Security Analyst Agent (GA since GitLab 18.8), root cause analysis for CI/CD failures, air-gapped self-hosted deployment, custom agent creation, and workflow automation.

Combined costs at scale:

Setup	Per user/month	10-person team/yr
Premium only (Duo Core free)	$29	$3,480
Premium + Duo Pro	$48	$5,760
Ultimate only (Duo Core free)	$99	$11,880
Ultimate + Duo Enterprise	~$138 (sales)	~$16,560

For comparison: GitHub Copilot Business is $19/user/month standalone. Cursor Pro is $20/user/month. Those don’t include a DevOps platform — they’re pure AI layer costs.

The $0.25 code review is the most important number in this article

GitLab’s April 2026 pricing announcement focused on this: agentic code reviews cost a flat $0.25 per merge request, regardless of size. GitLab’s internal data shows that at companies using AI coding tools, code review times have increased by 91%, with engineers at large companies waiting an average of 13 hours for an MR to merge.

The argument: token-based pricing (what Copilot Enterprise uses) causes teams to ration AI reviews to high-stakes changes. Predictable flat-rate pricing removes that bottleneck — you review everything, even small fixes.

The Code Review Flow itself is more sophisticated than a diff reader. It explores cross-file context, checks what changed against pipeline results, compares against security scan findings, and generates actionable inline comments rather than generic suggestions. In GitLab 19.0, it also gained group-level custom review instructions — meaning your code style rules apply across all projects in a group without per-project configuration.

If your team does 200 MR reviews per month across 10 engineers, that’s $50/month versus several hundred dollars in token-based review costs. For teams already on Premium with the credit promotion active, those first 480 reviews per month cost nothing extra.

Developer workflow: what’s changed in GitLab 19.0

GitLab 19.0 shipped May 21, 2026 — the same day this review was written — and brought meaningful Duo updates beyond the Core/Agentic Chat swap.

Developer Flow extends across the full MR lifecycle. A single AI agent now handles reviewer feedback (addresses comments automatically), resolves merge conflicts on long-running branches, researches unfamiliar codebases to give reviewers context, and splits oversized MRs that grew too large for efficient review.

Resolve with Duo is a new button in the MR conflict interface. You click it, the agent reads both branches, picks a resolution, commits the fix, and posts a summary comment explaining what it chose and why.

Developer Flow trigger methods expanded: you can @mention Duo Developer in any issue or MR discussion thread to turn a comment into a follow-up commit, a new MR, or a research summary. Previously it required explicit assignment.

For self-hosted teams, 19.0 adds support for Devstral 2 123B and GLM-5.1-FP8 as open-source model options in the Agent Platform — relevant for air-gapped deployments that can’t send code to cloud LLMs.

IDE experience and MCP integration

Duo works inside VS Code (GitLab extension 6.35.6+), JetBrains IDEs (plugin 3.14.0+), Cursor, Windsurf, and Visual Studio for Windows. It does not have a dedicated IDE like Cursor or Zed — it’s a plugin that layers onto your existing editor.

The MCP Client (GA since January 2026) is genuinely useful for teams using the Atlassian stack. Agentic Chat can pull context from Jira, Confluence, and Slack directly inside your IDE, which means when you ask Duo about a bug, it can surface the related Jira ticket, the Confluence design doc, and the Slack thread where the decision was made — without you opening three browser tabs. That’s context depth that standalone tools like Cursor can’t match unless you wire up the same integrations yourself.

The catch: code suggestion quality from standalone completions is not at Cursor or Copilot level for most benchmarks. GitLab cited 64.5% accuracy on a 48-example SWE-bench subset in its own testing — but that’s a 48-example subset, not the full benchmark. Other tools report on the complete SWE-bench Verified dataset; comparing these numbers directly is misleading. What GitLab Duo offers at the code suggestion level is “good enough for standard CRUD and refactoring” — not state-of-the-art for complex architectural work.

Security integration: where Duo pulls ahead

The DevSecOps integration is the strongest differentiation argument for Duo Enterprise. When GitLab’s native SAST/DAST scanner finds a vulnerability, Duo doesn’t just flag it — it provides exploitation scenarios, impact analysis, and a suggested mitigation with context tied to the specific line of code, all inside the same MR interface where the code lives.

The Security Analyst Agent (GA in GitLab 18.8) automates vulnerability triaging at the pipeline level: it prioritizes findings by exploitability and context, and filters false positives, reducing alert fatigue for security teams. This feature has no direct equivalent in Copilot Business or Copilot Enterprise — those tools generate code but don’t have native SAST integration.

For organizations in regulated industries (finance, defense, healthcare) that run GitLab self-managed, Duo Enterprise supports fully air-gapped deployment using vLLM with local open-source models. Code, prompts, and AI responses never leave your infrastructure. Tabnine offers comparable air-gapped support but costs $59/user/month at the Agentic tier — more expensive than Duo Enterprise’s ~$39/user/month list price for organizations already on Ultimate.

Where GitLab Duo falls short

Platform lock-in is absolute. GitLab Duo does not work on GitHub repositories, Bitbucket, or any non-GitLab host. If your team is 70% on GitHub and 30% on GitLab, Duo helps exactly nobody who isn’t in the GitLab portion. This isn’t a minor caveat — it’s the reason Copilot Business at $19/user/month remains relevant even for teams that have some GitLab projects.

Annual billing only. Premium and Ultimate require annual commitment. There’s no monthly billing option, which makes it harder to pilot Duo Pro or Enterprise without a full-year contract.

The minimum cost is $29/user/month before any AI add-on. A 5-person startup evaluating AI coding tools cannot just buy Duo Core for $10/month. They must be GitLab Premium or Ultimate customers. Copilot Business or Cursor Pro at $19–$20/user/month with no platform fee is a lower barrier to entry.

Agentic code review is Credits-based. The $0.25/review pricing is compelling, but it feeds a credit consumption model. Once the limited-time free credits promotion expires (no end date has been announced as of May 2026), teams on Core will need to purchase credits or buy Duo Pro to avoid throttling.

Code suggestion quality for complex work. Developer feedback on Gartner Peer Insights consistently flags that suggestions in large, complex codebases can be shallow or require manual correction. For greenfield CRUD apps or standard web dev work, Core suggestions are adequate. For highly domain-specific logic, intricate dependency chains, or performance-critical code, Cursor or Claude Code handle agentic generation better.

GitLab Duo vs. GitHub Copilot: the only comparison that matters

If you’re on GitLab and evaluating whether to add Duo, the relevant competitor is GitHub Copilot — because that’s the alternative for a GitHub-connected alternative, or the tool a developer might bring in themselves despite your GitLab setup.

Feature	GitLab Duo Core (free w/ Premium)	GitHub Copilot Business ($19/user/mo)	GitLab Duo Pro ($48 total/user/mo)	Copilot Enterprise ($39/user/mo)
Code completion	✓ (adequate)	✓ (strong)	✓	✓ (strong)
Chat in IDE	✓ (agentic)	✓	✓ (agentic)	✓
AI code review	credits-based	✗	✓ ($0.25/review)	✓ (token-based)
CI/CD root cause	✓ (Enterprise)	✗	✗	✗
SAST/DAST + AI	✓ (Enterprise)	✗	✗	✗
Self-managed/air-gap	✓ (Enterprise)	✗	✗	✗ (GitHub.com only)
MCP client	✓ (Jira, Confluence, Slack)	✗ (native)	✓	✗ (native)
Platform requirement	GitLab only	Any (GitHub, GitLab, local)	GitLab only	GitHub only

The takeaway: Copilot Business beats Duo Core on code completion quality. Duo Pro’s code review model beats Copilot Enterprise on pricing for high-volume MR workflows. Duo Enterprise has no direct Copilot equivalent for DevSecOps integration.

Honest take

GitLab Premium and Ultimate customers: turn on Duo Core today. Code suggestions and agentic chat are included in what you’re already paying. Even if Cursor writes better code, Duo’s CI troubleshooting and MR-context chat are genuinely useful for day-to-day work at no additional cost. There’s no reason not to enable it.

Evaluate Duo Pro ($19/user/month add-on) if: Your team does more than 60 MR reviews per month per 10 engineers after the credit promo expires, or you want agentic code review with cross-file context and structured inline comments. The $0.25/review flat rate math typically beats Copilot Enterprise’s token model for active teams.

Buy Duo Enterprise ($39/user/month, Ultimate only) if: You’re in a regulated industry, need air-gapped AI, or your security team actively uses GitLab’s SAST/DAST findings and wants AI-assisted vulnerability triage. The Security Analyst Agent and air-gapped vLLM support are legitimately unique.

Skip Duo entirely if: You’re not a GitLab shop. Cursor Pro at $20/user/month is a better pure coding experience, GitHub Copilot Business at $19/user/month is more portable, and buying GitLab Ultimate at $99/user/month to access Duo Enterprise makes no sense unless you’d be on Ultimate anyway for the DevSecOps features.

GitLab Duo isn’t a Cursor killer or a Copilot replacement. It’s what you already paid for, finally worth using — and for teams doing serious DevSecOps on GitLab, it’s the only AI tool that speaks native to your pipeline, security scanner, and merge request workflow without requiring you to wire anything up.

Sources

• GitLab Duo add-ons — Official GitLab Docs
• GitLab Duo Agent Platform GA announcement — GitLab IR (January 2026)
• Agentic code reviews for $0.25 each — GitLab Blog (April 2026)
• GitLab Enables Broader and Affordable Access to Agentic AI — GitLab IR (March 2026)
• GitLab Adds Flat-Rate Code Reviews, Free-Tier AI Access, and Spending Caps — InfoQ (April 2026)
• GitLab 19.0 adds secrets manager and AI workflow tools — SecurityBrief (May 2026)
• GitLab 18.0 makes essential Duo AI features free for Premium and Ultimate users — AlternativeTo (May 2025)
• GitLab Duo Self-Hosted: Enterprise AI built for data privacy — GitLab Blog
• GitLab Duo Agent Platform: MCP Clients — GitLab Docs
• GitHub Copilot vs. GitLab Duo: Code quality gates and CI tie-ins — Augment Code
• GitLab Duo Reviews and Ratings — Gartner Peer Insights

Last updated May 22, 2026. GitLab pricing and Duo feature availability change frequently; verify current state at about.gitlab.com/pricing before purchasing.