Claude Code and GitLab: Three workflows that ship

Developers love Claude Code because it feels like pairing with a senior engineer right in the terminal or IDE: it helps you understand unfamiliar code, propose fixes, and scaffold new features quickly.But here is a pattern worth watching. The better agentic coding tools get at writing code, the more the rest of the software lifecycle struggles to keep up. Bug backlogs grow. Pipeline failure rates climb. Security vulnerabilities accumulate faster than teams can triage them. Writing code and shipping software are not the same thing, and the gap between the two is real.GitLab comes in to accelerate everything in the remaining stages of the software lifecycle after Claude Code: CI/CD, security scanning, code review, and approvals, all in one place, with an auditable trail.This tutorial walks you through three scenarios with Claude Code moving fast in the codebase, and GitLab handling everything that turns that code into a certified, shipped change:Fix a C++ bug with Claude Code, then let GitLab CI/CD, security scanning, and Duo Code Review take it from there.Add GitLab MCP context so Claude works from the actual issue, not just local files.Use a Claude-powered external agent in Duo Agent Platform to address code review feedback directly in the MR.PrerequisitesClaude Code in the terminal, configured and running.A GitLab project with bug reports and feature proposal issues, for example, the Tanuki Iot Platform projectFor specific use cases: GitLab MCP server and GitLab Duo Agent Platform with external agents.For building code: CMake, Make, gcc/clang++ for C++, Maven for Java.Prepare the GitLab projectIf you want to follow along, you can repeat the entire steps here in your own developer environment. To do so:Import the Tanuki Iot Platform project into your GitLab environment, including all open issues.Clone the project into your local environment, and navigate into it.Open a terminal and run Claude Code with claude.git clone https://gitlab.example.com/examplegroup/tanuki-iot-platform.git cd tanuki-iot-platform claude Ask in the prompt to learn more about the project’s purpose.What is this project about? Get started with Claude Code and GitLabIn our first scenario, we need to fix a hardware sensor written in C++. The Arduino collector reads metrics from the USB-connected Arduino Uno R4 board, and crashes when the device /dev/ttyACM0 is not connected.After reading the bug report in Issue 4, inspect the code in the main.cpp file, for example, using vim:vim sensors/arduino-iot-collector/src/main.cpp Build and run the collector binary with CMake to reproduce the issue.cmake -S . -B build cmake --build build ./build/arduino_iot_collector Starting Arduino IoT Collector Application... libc++abi: terminating due to uncaught exception of type std::runtime_error: Failed to initialize Arduino temperature sensor: Arduino port not found: /dev/ttyACM0 [1] 85289 abort ./build/arduino_iot_collector Open Claude Code and prompt it for help:Please help me fix the Arduino IoT Collector sensor - it crashes. Claude Code searches the code base and identifies the problem in the main.cpp file, which throws an std::runtime_error() exception causing the application to immediately crash. The expected behavior is to log a user-friendly configuration error and continue running the application.After successful source code fix and build, we need to create a Git branch, commit, and merge request to trigger CI/CD pipelines, security scanning, and code review workflows.You can use different ways to work with Git in Claude Code:Use a prompt: Please help me create a Git branch and commit and push the changes.Execute the shell commands: Open the command prompt with !, followed by git checkout -b fix-arduino-sensor, git commit -avm “...” and git push commands. The git push output generates an MR creation URL. Click on it to open the browser and fill in the form.CI/CD pipelines are triggered on MR creation and verify that the build and tests are working. Security scanning ensures that no new vulnerabilities are introduced. The new MR automatically triggers the GitLab Duo Code Review Flow, which assesses the correctness of the fix, following the development style guides and custom review instructions.Here is a quick recording of Claude Code, GitLab CI/CD, and GitLab Duo Agent Platform in action: Fixing a C++ bug with GitLab MCP in Claude CodeThe previous scenario led Claude Code to search the local code repository, and it made assumptions on a potential fix based on available context. But it lacked the knowledge of a GitLab issue describing the bug, debugging discussions, and proposed ways to fix and address the problem long term. It also did not take into account any history of past code changes saved in merge requests and issues with similar reports as software development lifecycle (SDLC) context.In order to enable this rich GitLab SDLC context, we can bring the GitLab MCP Server into Claude Code.Configure the GitLab MCP ServerEnsure that the GitLab MCP Server is enabled on the instance or top-level group.Open a new terminal, and add the GitLab MCP Server to Claude Code using the http transport type.Modify gitlab.example.com to your GitLab instance, or use GitLab.com:claude mcp add --transport http GitLab https://gitlab.example.com/api/v4/mcp Run claude in a new terminal session, and type /mcp to authenticate with the GitLab MCP Server using OAuth in the opened browser page.claude /mcp To verify the connection, ask Claude:Which GitLab MCP tools are available to you? Show the GitLab MCP Server version When you authenticate Claude Code with the GitLab MCP server, it connects through OAuth and acts with your existing GitLab identity, not with elevated, separate permissions. In practice, that means Claude Code can only see projects, issues, merge requests, and other GitLab data that you already have access to through your account and project/group membership. That is an important guardrail: MCP expands context inside the AI tool, but it does not bypass GitLab visibility controls or invent broader access on its own.A second guardrail is user approval. In this flow, Claude Code identifies the MCP tool it wants to call and asks for approval before proceeding, so developers stay in the loop when external context is fetched. For security-sensitive environments, it is also worth being explicit that teams should stay mindful of what data is exposed in prompts and use MCP primarily with trusted GitLab content.Work on a bug report issueLet's fetch the issue context into Claude Code by referencing Issue 4 in the prompt. If you do not have an issue in your project, clone/copy Issue 4, and adjust the number in the prompt.Please help me fix issue 4 Claude Code identifies the need to call the MCP tool get_issue and asks for approval. You can also approve future use automatically.Once Claude Code has fetched the necessary context from the issue, it starts analyzing the sensor’s C++ source code directly. After creating and verifying a fix, you can ask to create a new Git branch, commit, and MR if Claude Code is not actively doing this already.Please create a new Git branch, commit the changes, and create a new merge request Claude Code finds the MCP tool create_merge_request and handles the MR creation directly without context switching into the browser.In GitLab, the MR creation event triggers multiple parallel workflows automatically:CI/CD pipeline for automated builds and testssecurity scanning with Advanced SAST for C++a Code Review Flow by GitLab Duo Agent PlatformThese automated and agentic workflows within GitLab accelerate software delivery as much as Claude Code accelerates AI coding for issue resolution.You can either open the MR in the browser, or stay in the terminal and prompt Claude Code with:Is the Merge Request running OK? It will use the MCP tool get_merge_request_pipelines to fetch the MR pipeline status being green and ready to merge.Watch the recording to learn how Claude Code fixes the problem with the help from the GitLab MCP Server: Claude Code as external agent reviewerIn this last scenario, Claude Code helped implement a new feature based on the requirements in Issue 24 — a Spring Boot API server with a REST/Websocket backend. The CI/CD pipelines and security scans are OK, but there is code review feedback waiting in the MR.You can add Claude Code as collaboration partner in issues, epics, and MRs, and tackle tasks together. Follow the external agents documentation for the prerequisites.Enable the Claude Agent by GitLab in the project menu in AI > Agents. Note the service account name on how to mention or assign the agent later, it uses the pattern: @ai--.Next, open the MR with the code review feedback, and inspect the requested changes. The screenshot uses MR 78, and GitLab Duo Code Review follows custom review instructions for Java.Create a new comment mentioning the Claude Code Agent:@ai-claude-agent-by-gitlab- Can you help me address the review feedback? This mention spawns a new agent session in the background, setting up the Claude Code Agent, which starts to work on the review feedback. Once finished, it follows the instructions to create a Git commit and summary comment in the MR.Your next steps to ensure software development stays within your organizational guardrails would include:Address remaining review feedback.Review the warning in the CI/CD pipeline jobs.Review the potential security vulnerabilities, for example, using SAST Vulnerability Resolution.Get merge request approval from an eligible developer, configured as Code Owner.Watch this video to learn how Claude Code can help with reviews as an external agent in GitLab Duo Agent Platform: Tips for Claude Code and GitLabCustom instructionsYou can instruct agents to build and test code before commits, keep changes minimal, or understand the project architecture better, using an entry in AGENTS.md. The Tanuki IoT Platform uses the following production example:## Working with sensors ### Before editing 1. Identify the sensor directory you're working with 2. Check for an `AGENTS.md` file in that directory 3. Read sensor-specific instructions before making changes 4. Follow language-specific style guides ### Making changes - Keep changes minimal and focused on the user request - Do not refactor existing code unless specifically instructed - Preserve original code formatting - Only modify code necessary to solve the specific request ### Creating MRs - Always run local builds and tests first - Create a new branch for changes - Automatically create a merge request after successful commits - Reference relevant issues or tasks in the MR description These custom instructions are also processed by agents and flows on the GitLab Duo Agent Platform.Claude Code prefers CLAUDE.md, which can be pointed to AGENTS.md, too.@AGENTS.md SummaryAI coding tools make developers faster at writing code. But writing code and shipping software are not the same thing. The gap between the two grows precisely because the tools are so good at the first part: more code gets written, bug backlogs grow, pipeline failure rates climb, and security vulnerabilities pile up.Claude Code keeps you productive where the code lives and understands unfamiliar codebases, proposes fixes, and scaffolds features fast. GitLab Duo Agent Platform is what turns that speed for many developers in software teams across enterprise organizations into secure software you can actually ship and certify across many release milestones and many projects. With GitLab, the rest of the software lifecycle – CI/CD pipeline fixes, security scanning, automated remediation, code review, and more with human in the loop workflows – with every agentic action can be traced back and configured to run within your organization's guardrails and security policies.In this tutorial, you saw three ways to bring Claude Code and GitLab Duo Agent Platform together:Fix a bug with Claude Code and let GitLab CI/CD, security scanning, and Duo Code Review do the rest.Add GitLab MCP context so Claude works from the actual context saved within the GitLab issue, and not just local files.Use a Claude-powered external agent in GitLab Duo Agent Platform to address review feedback directly in the MR.The principle stays the same across all three: Claude moves fast, GitLab certifies the work.If you are not using GitLab Duo Agent Platform today, you can start with a free trial.If you are already using GitLab in the free tier, you can sign up for GitLab Duo Agent Platform by following a few simple steps.And if you are an existing subscriber to GitLab Premium or Ultimate, you can get started simply by turning on Duo Agent Platform and start using the GitLab Credits that are included with your subscription.html pre.shiki code .s7eDp, html code.shiki .s7eDp{--shiki-default:#6F42C1}html pre.shiki code .sYBdl, html code.shiki .sYBdl{--shiki-default:#032F62}html pre.shiki code .sYu0t, html code.shiki .sYu0t{--shiki-default:#005CC5}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .sgsFI, html code.shiki .sgsFI{--shiki-default:#24292E}html pre.shiki code .shJU0, html code.shiki .shJU0{--shiki-default:#22863A}html pre.shiki code .surfw, html code.shiki .surfw{--shiki-default:#005CC5;--shiki-default-font-weight:bold}html pre.shiki code .sqxcx, html code.shiki .sqxcx{--shiki-default:#E36209}