GitLab 18.11 ships a new SAST false-positive detection flow that runs automatically on critical and high-severity vulnerability findings. Each finding receives a confidence score, a plain-language explanation, and a visual badge in the vulnerability report. Teams can also trigger the analysis manually on demand for any open finding. The feature addresses one of the most common complaints about SAST tooling: alert fatigue driven by low-signal findings. By surfacing a confidence indicator inline, security engineers and developers can prioritize remediation without leaving the GitLab UI. The capability is distinct from the 18.11.3 security patch released on May 14 — it is a productivity feature in the 18.11 what's-new release notes, not a CVE fix.