Beyond Code Generation: Integrating AI Throughout the Software Development Lifecycle
January 16, 2024

Taylor McCaslin
GitLab

Today, every team involved in developing and delivering software faces the paradox of deploying secure and compliant software faster than ever, while working under time and resource constraints. AI is often discussed as a tool to help enable faster code generation — but by focusing solely on automating code development, much of the potential of AI is left untapped.

In fact, recent research from GitLab found that developers spend only 25% of their total work time writing code, using the remaining time to adjust, understand, test, and maintain code, as well as identify and mitigate security vulnerabilities. If the use of AI is consigned to code generation, organizations may miss some of the most transformative opportunities for AI in software development.


Let's walk through three ways to use AI in your DevSecOps workflows for faster cycle times and accelerated value stream delivery: predictive analytics, code testing and review, and security vulnerability detection.

1. Planning and Predictive Analytics

DevSecOps teams can incorporate AI into the entire software development lifecycle, including at its earliest stages before they even begin writing code. Using AI alongside a unified data store, teams can assess all of the data created as part of their software development lifecycle to visualize their end-to-end workstreams, identify any areas of inefficiency, and optimize these workflows to deliver value quickly and efficiently.

AI can also improve collaboration between teams by automating project management processes, summarizing discussions about deliverables, and creating, organizing, and automatically labeling issues and merge requests to improve planning and execution.

Teams can also use AI to improve the end-user experience by assessing user metrics, feedback, and usage trends and generating recommendations for improvements. Then, once presented with this information, teams can validate the findings using AI without having to parse through data and surface the bottlenecks themselves.

2. Code Reviews and Quality Assurance

Developers are under immense pressure to deliver code at the speed of the market, while also ensuring that it's high-quality and secure. Development teams can incorporate AI to analyze data patterns and identify potential issues in code, leading to faster testing, fewer bugs, and higher-quality software. With upfront automation, intelligent algorithms can spot bugs and errors that humans might miss.

Another critical process to ensure high-quality code delivery is code review. Code reviews are critical to helping developers share knowledge and maintain high-quality software — but when working within larger teams, it can be challenging and time-consuming to identify the reviewer who is best equipped with the necessary experience and context. AI can be used to select the most relevant code reviewers, removing guesswork and ensuring that reviewers have the necessary contextual knowledge to effectively review the selected code. This helps organizations avoid some of the bottlenecks that arise when working in large teams and enable faster software delivery.

3. Identifying Security Vulnerabilities

Security professionals face pressures similar to their development counterparts. Despite constrained budgets teams are under more pressure than ever to maintain their organization's security posture under the looming and increasing threat of cybercrimes. By strategically implementing AI within security processes, security teams can focus on proactive work, rather than on menial and repetitive tasks.

For example, AI can be used to help identify and mitigate potential security threats by analyzing data patterns and user behavior, as well as automate security testing and analysis. This can support faster vulnerability detection and remediation without sacrificing accuracy.

Security has become more of a shared responsibility between security professionals and developers than ever before. AI can lift some of the workload from security teams and empower developers to identify and mitigate vulnerabilities independently, enabling stronger collaboration between the two teams. This can help optimize the process of securing an application to prevent vulnerabilities that can be exploited when it's in production.

Above all, it's important to remember that AI is not a one-size-fits-all technology. Each organization will need to thoughtfully consider priority areas to incorporate automation within their software development workflows. By starting small, and identifying areas with the lowest risk, organizations can strategically scale their AI use without creating vulnerabilities, risking adherence to compliance standards, or risking relationships with customers, partners, investors, and other stakeholders.

AI can be a hugely transformational technology when incorporated thoughtfully. Rather than relegate it to code generation, organizations can fulfill its promise by weaving it into their workflows to improve efficiency and security, while driving innovation.

Taylor McCaslin is Group Manager, Product - Data Science AI/ML at GitLab
Share this

Industry News

February 22, 2024

Check Point® Software Technologies Ltd. introduces Check Point Quantum Force series: an innovative lineup of ten high-performance firewalls designed to meet and exceed the stringent security demands of enterprise data centers, network perimeters, campuses, and businesses of all dimensions.

February 22, 2024

Tabnine announced that Tabnine Chat — the enterprise-grade, code-centric chat application that allows developers to interact with Tabnine AI models using natural language — is now available to all users.

February 22, 2024

Avaamo released Avaamo LLaMB™, a new low-code framework for building generative AI applications in the enterprise safely, securely, and fast.

February 21, 2024

CAST announced the winter release of CAST Imaging, an imaging system for software applications, with significant user experience (UX) enhancements and new features designed to simplify and accelerate processes for engineers who develop, maintain, modernize, complex software applications.

February 21, 2024

Pulumi now offers native ways to manage Pinecone indexes, including its latest serverless indexes.

February 21, 2024

Orkes, whose platform offers the fastest way to scale distributed systems, has raised $20 million in new funding.

February 20, 2024

JFrog and Carahsoft Technology announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens.

February 20, 2024

Multiplayer, a collaborative tool for teams that work on system design and distributed software, announced its public beta.

February 20, 2024

DataStax announced its out-of-the-box retrieval augmented generation (RAG) solution, RAGStack, is now generally available powered by LlamaIndex as an open source framework, in addition to LangChain.

February 20, 2024

UiPath announced new features in its platform designed to enable developers to build, test, and accelerate implementation of automations.

February 15, 2024

Kong announced a suite of open-source AI plugins for Kong Gateway 3.6 that can turn any Kong Gateway deployment into an AI Gateway, offering unprecedented support for multi-Language Learning Models (LLMs) integration.

February 15, 2024

ngrok unveiled early access to its API gateway-as-a-service.

February 15, 2024

Tabnine announced a strategic partnership with DigitalOcean.

February 15, 2024

Salt Security announced that the Salt Security API Protection Platform is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of CrowdStrike compatible security products.

February 14, 2024

Perforce Software signed a definitive agreement to acquire Delphix.