GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
Artistic swimming, formerly known as synchronized swimming or water ballet, seems like it should be nearly impossible for humans: a synchronized, choreographed routine, accompanied by music, involving many people who are often fully or partially submerged under water. Yet it has existed as a form of competition since it debuted in 1891 in Berlin, Germany. To successfully combine dancing and swimming as a whole team, the swimmers must work together seamlessly and wordlessly on a global stage, in and under the water. It requires each person to trust their teammates to do the right thing at the right time, without looking to make sure it happens. Sound familiar? That's the ideal product development lifecycle as well.
Source: Los Angeles Times
Complex Coordination Challenges
Modern application development teams usually use an agile (or agile-adjacent) methodology for the development lifecycle to help ease the pain of coordinating across all the teams involved in shipping an application out to the world. These cross-functional teams must communicate clearly and consistently to bring everyone — developers, testers, user interface (UI) and user experience (UX) designers, security, platform engineering, and project managers — together to build and deploy applications.
Building and deploying applications can be challenging even when everyone is sitting in the same room. But even with some RTO policies, many teams remain distributed, whether working from home or from different office locations, adding a layer of complexity to already-complex communications. Even the best asynchronous communication tools and practices aren't enough to make up for misunderstandings, missed information, and context-switching between teams. So, while the goal is to have perfectly choreographed communication and deployment, the reality is that instead of looking like synchronized swimmers, they often look more like a bunch of five year olds playing near each other in a pool.
Deploying Apps Is Getting More Complex
The issue is not that these individual team members aren't smart, thoughtful, or capable in their roles. The reality is that new technologies, frameworks, and tools emerge all the time, and keeping up with it all is really hard! Moving to microservices, containers, and Kubernetes enables scalability and modularity, but also increases challenges related to managing dependencies, ensuring API compatibility, and adjusting to more ephemeral environments and different infrastructure requirements.
In addition, modern apps frequently integrate multiple services, databases, and application programming interfaces (APIs) to build more complex applications, as well as integrating with more 3rd party APIs. That complexity requires careful design, development, and testing to make sure everything works well together. And the unfortunate reality is that the threat landscape is also growing, with malicious actors ready and able to take advantage of vulnerabilities and misconfigurations to steal sensitive data and infiltrate infrastructure. That means that security considerations must be an integral part of the product development life cycle as a whole.
Everything is moving too fast; applications are changing all the time to keep up with what users are doing, the universe of APIs is constantly expanding, and security threats continue to evolve. All these teams need to keep up with a changing world while operating within a coordinated product development lifecycle where each group has a distinct set of motivating factors. Trying to share that context across teams in a straightforward way that enables coordination and seamless deployment isn't just difficult, it seems as impossible as communicating underwater.
Bridge the Gap Between Teams
Right now, there are many solutions that offer important capabilities, but trying to make sure they all work together and each team understands what they're for and why they're important is difficult. What we need is to develop tools that make it easier for individual teams to trust that while they're doing their moves, everyone else is in sync and doing exactly what they need to do as well. The only way to do this is to put the application at the center of the tooling or processes in use.
There's a long history of building applications and services, and it's gotten (much) more complex in recent years. Like the synchronized swimmers, though, whose goal it is to deliver a seamless and beautiful performance, the goal of DevOps, engineering, and security is to deliver a scalable, available, and secure application. All tools and methodologies created to date help with that process, but they haven't focused on the application itself. It's time for tooling that puts the application at the center of everything and building the infrastructure and security around the application's needs.
One example of new tooling that does this is Infrastructure from Code (IfC), which analyzes application code to identify dependencies, core infrastructure, APIs, and ingress/egress requirements, then generates the deployment architecture and the infrastructure as code (IaC), ensuring that the application and infrastructure adhere to relevant security, privacy, and coding standards. This application-centered infrastructure enables individual teams to trust that everyone around them is doing exactly what needs to be done concurrently to deploy securely and quickly.
Make Provisioning Infra and Deploying Apps Easier
Putting applications out into the world is getting more complicated and difficult, whether you're deploying to the cloud or to on-prem environments. There are multiple security, hardware, scalability, and uptime requirements that cross-functional product development teams need to meet. Programming for all these dependencies is hard, particularly for teams who must also overcome increasingly challenging communication burdens. To address those challenges, organizations should move to application-centered infrastructure to improve communication, automatically build in security and ensure best practices are followed, and enable teams to more easily provision infrastructure and deploy applications. Putting the application at the center enables application development teams to deliver their infra and apps as gracefully and seamlessly as synchronized swimmers, all without having to poke their heads out of the water.
Industry News
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium, the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.