GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
The prevalence of team silos and point solutions throughout the DevSecOps lifecycle make it increasingly difficult for development, security, and operational teams to have comprehensive visibility into the threats affecting their cloud environments. In fact, according to a recent Dynatrace study, 77% of chief information security officers (CISOs) say it's a significant challenge to prioritize vulnerabilities because of a lack of information about the risks they pose. This issue underscores the critical role that risk assessment plays in effective vulnerability management.
As organizations modernize their application stacks around cloud-native technologies such as microservices and containers, a best practice is to adopt both shift-left and shift-right strategies. Shifting security left means identifying security vulnerabilities in development through testing, while shifting right means identifying vulnerabilities in production through runtime vulnerability analysis and other methods.
Combining these strategies helps to reduce the time it takes to find vulnerabilities from days or weeks to minutes and enables teams to be more effective in their resolution strategies. By using shift-left and -right strategies, organizations can enhance their overall cybersecurity posture and effectively address vulnerabilities throughout the software development lifecycle.
While the advantages of these practices and DevSecOps are widely recognized, many organizations are still in the initial phases of implementation.
Overcoming the Challenges of Siloed Tools
Siloed vulnerability management tools make it difficult for companies to identify and mitigate risks. Switching between and reconciling the insights from siloed tools also proves to be extremely time-consuming, as it hinders IT teams from gaining a holistic view. According to the Dynatrace study, more than 40% of CISOs say analysis is time-consuming, and managing alerts from different tools is labor-intensive.
Time spent on manual analysis detracts from time spent on innovation and problem resolution. According to the study, each member of development and application security teams spends nearly a third (28%) of their time — or 11 hours each week — on vulnerability management tasks that could be automated. Further, only 33% of CISOs have automated handoffs across functions.
The integration and automation of workflows streamline cross-functional collaboration, enabling faster response times and smoother coordination across teams. Organizations must look to adopt a platform approach to eliminate manual processes and error. In fact, 88% of CISOs say DevSecOps would be more effective if all teams worked from one platform integrated into their process.
Implementing an Approach That Converges Observability and Security
By leveraging observability and security across DevSecOps and integrating application security principles and practices into software development and operations, organizations can deliver software and services at speed without compromising application security. IT leaders need to adopt platform solutions that converge observability and security data and are powered by trusted AI and intelligent automation. Solutions that converge observability and security improve an organization's overall security posture and reduce the risk of cyberattacks, helping companies protect their reputation, minimize manual intervention, and deliver precise answers through explainable, intelligent automation.
Looking Ahead with DevSecOps: The Importance of AI and Automation
According to the study, 86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges. By adopting AI and automation and using tools that converge observability and security, customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95%, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.
Industry News
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.