The recent acceleration in the artificial intelligence (AI) space represents a “tectonic shift” in DevSecOps and could herald a new era of efficiency and productivity for software developers, according to GitLab chief product officer David DeSanto.
DeSanto notes generative AI developments have been a source of great excitement across the global tech industry, he tells ITPro at KubeCon 2023, not least of all in software development and cyber security.
Within days of ChatGPT’s launch last November, devs the world over were fawning over the prospect of harnessing the tool in their daily workflows. The ability to generate and even test code proved tantalizing and appeared to be the silver bullet many had dreamt of.
How AI can power software development
DeSanto believes the industry is currently “at the precipice” of a revolution with regard to the practical implementation of AI within the software development lifecycle. That’s not to say AI or machine learning isn’t already being used in this regard, but the scale of potential is highly evident across the ecosystem.
This potential for improved productivity comes amid a period of troubling macroeconomic conditions that are prompting tightening purse strings and placing a strain on already stretched workforces. Simply put, AI tools could make or break how well teams work moving forward.
“I’ve been calling it a tectonic shift in how DevSecOps is done,” he says. “ The reason I feel that way is that there are still many companies who struggle to get a large enough workforce to support what they want to do.
“If you can make your existing team members more effective, then you also make them more engaged, and by making them more engaged, they’re more likely to stay. You are now building a retention component within how you support your team.”
DeSanto points to code suggestions as an example, noting an AI-based support functionality within the development process could deliver significant benefits to both individuals and broader teams.
Last week, GitLab announced it had moved its own code suggestions functionality into open beta. The signs so far are promising, with indicators it’s led to efficiency gains as well as improving both quality of life and quality of performance among developers.
David DeSanto has been GitLab's chief product officer since December 2022, and leads the product organization, which focuses on providing a single platform for the DevSecOps lifecycle. DeSanto has been at GitLab since September 2019, first as senior director for product manager, then as VP product.
“Now you could have an intermediate developer, for example, functioning and performing like a senior developer,” he suggests.
Other potential use cases, such as leveraging AI to identify vulnerabilities, would also drastically improve efficiency throughout the development lifecycle and help streamline a notable pain point in the process.
“Those sorts of things are going to make everyone more effective, but also as a team, as a company. One of Gitlab’s core tenets is that everyone can contribute. You’re truly going to make it everyone can contribute if you apply AI properly.”
How to implement AI in DevSecOps
GitLab’s own research correlates with what DeSanto tells ITPro about the increasing use – and potential – of AI tools in DevSecOps.
The company’s annual Global DevSecOps report, published today, finds nearly two-thirds (65%) of developers are now using AI or machine learning in testing processes, or expect to be doing so within the next three years.
Similarly, 62% of developers told the company they use AI or machine learning to check code. DeSanto notes, this marks an increase from 51% last year. This, he says, highlights the fact developers view AI as a valuable tool within their proverbial kit.
Walking the line: GitOps and Shift Left security
Scalable, developer-centric supply chain security solutions
DeSanto was keen to emphasize there are certain nuances within this shift in appetite toward AI tools, though. While research shows a notable increase in interest, he believes seniority plays a role in how receptive developers or security personnel may be toward this trend.
“It depends on the maturity of the developer in their career, or on their skillset in terms of the true impact [of AI tools],” he says. “A lot of the time, when it comes to improving developer productivity we see it tends to be newer developers who are getting almost like a coach to support them.
“But developers who are mature don’t have that same big thirst. They view it as a way to get things done faster and spend some of that saved time in code reviewing.”
DeSanto also suggests for teams seeking to leverage AI tools, it isn’t a case of deploy and relax. Deployment requires a concerted effort and razor-sharp focus across the enterprise to maximize the use of AI, else it’ll merely amount to a poorly harnessed stack of tools that add little value.
“For AI to be effective, and for everyone to be effective as a result of this, it can’t just be applied to one part of the software development lifecycle,” he continues. “This is not just the developer, it’s everything involved in delivering software.
“GitLab is an enterprise DevSecOps platform, so obviously we’re focused on covering the entire development lifecycle. In our opinion, you can’t just apply AI to the developer experience and to developer efficiency, you’re not solving the whole problem.”
