JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
Today, every team involved in developing and delivering software faces the paradox of deploying secure and compliant software faster than ever, while working under time and resource constraints. AI is often discussed as a tool to help enable faster code generation — but by focusing solely on automating code development, much of the potential of AI is left untapped.
In fact, recent research from GitLab found that developers spend only 25% of their total work time writing code, using the remaining time to adjust, understand, test, and maintain code, as well as identify and mitigate security vulnerabilities. If the use of AI is consigned to code generation, organizations may miss some of the most transformative opportunities for AI in software development.
Let's walk through three ways to use AI in your DevSecOps workflows for faster cycle times and accelerated value stream delivery: predictive analytics, code testing and review, and security vulnerability detection.
1. Planning and Predictive Analytics
DevSecOps teams can incorporate AI into the entire software development lifecycle, including at its earliest stages before they even begin writing code. Using AI alongside a unified data store, teams can assess all of the data created as part of their software development lifecycle to visualize their end-to-end workstreams, identify any areas of inefficiency, and optimize these workflows to deliver value quickly and efficiently.
AI can also improve collaboration between teams by automating project management processes, summarizing discussions about deliverables, and creating, organizing, and automatically labeling issues and merge requests to improve planning and execution.
Teams can also use AI to improve the end-user experience by assessing user metrics, feedback, and usage trends and generating recommendations for improvements. Then, once presented with this information, teams can validate the findings using AI without having to parse through data and surface the bottlenecks themselves.
2. Code Reviews and Quality Assurance
Developers are under immense pressure to deliver code at the speed of the market, while also ensuring that it's high-quality and secure. Development teams can incorporate AI to analyze data patterns and identify potential issues in code, leading to faster testing, fewer bugs, and higher-quality software. With upfront automation, intelligent algorithms can spot bugs and errors that humans might miss.
Another critical process to ensure high-quality code delivery is code review. Code reviews are critical to helping developers share knowledge and maintain high-quality software — but when working within larger teams, it can be challenging and time-consuming to identify the reviewer who is best equipped with the necessary experience and context. AI can be used to select the most relevant code reviewers, removing guesswork and ensuring that reviewers have the necessary contextual knowledge to effectively review the selected code. This helps organizations avoid some of the bottlenecks that arise when working in large teams and enable faster software delivery.
3. Identifying Security Vulnerabilities
Security professionals face pressures similar to their development counterparts. Despite constrained budgets teams are under more pressure than ever to maintain their organization's security posture under the looming and increasing threat of cybercrimes. By strategically implementing AI within security processes, security teams can focus on proactive work, rather than on menial and repetitive tasks.
For example, AI can be used to help identify and mitigate potential security threats by analyzing data patterns and user behavior, as well as automate security testing and analysis. This can support faster vulnerability detection and remediation without sacrificing accuracy.
Security has become more of a shared responsibility between security professionals and developers than ever before. AI can lift some of the workload from security teams and empower developers to identify and mitigate vulnerabilities independently, enabling stronger collaboration between the two teams. This can help optimize the process of securing an application to prevent vulnerabilities that can be exploited when it's in production.
Above all, it's important to remember that AI is not a one-size-fits-all technology. Each organization will need to thoughtfully consider priority areas to incorporate automation within their software development workflows. By starting small, and identifying areas with the lowest risk, organizations can strategically scale their AI use without creating vulnerabilities, risking adherence to compliance standards, or risking relationships with customers, partners, investors, and other stakeholders.
AI can be a hugely transformational technology when incorporated thoughtfully. Rather than relegate it to code generation, organizations can fulfill its promise by weaving it into their workflows to improve efficiency and security, while driving innovation.
Industry News
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
SmartBear has added no-code test automation powered by GenAI to its Zephyr Scale, the solution that delivers scalable, performant test management inside Jira.
Opsera announced that two new patents have been issued for its Unified DevOps Platform, now totaling nine patents issued for the cloud-native DevOps Platform.
mabl announced the addition of mobile application testing to its platform.
Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.
GitLab announced the general availability of GitLab Duo Chat.
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.