GitLab recently launched GitLab Duo, a suite of capabilities that provides AI-assisted workflows for everyone involved in developing and deploying software.
The team at OTTRA have recapped this launch, and here’s what you need to know:
- First, AI is integrated throughout the software development lifecycle
- GitLab knows that privacy is critical to our customers, so they’ve built their AI capabilities to be privacy and transparency first
- Finally, they have architected their platform to use Best in Class models
Source
Let’s look at the problems an organisation faces when trying to ship secure software faster:
- Triaging security vulnerabilities when you don’t understand them – and you may not be the original owner
- Enforcing security standards across the platform while not slowing down developers
- Siloed planning and project management that weakens collaboration across teams
- Low quality code in deployment due to lack of testing
- Poor developer experience due to context switching and ineffective documentation.
These obstacles are made worse without AI throughout the software lifecycle.
The solution: A comprehensive AI-powered DevSecOps platform.
- One that brings together the entire software development lifecycle into a single application.
- One that enables a value stream-driven mindset – a mindset that is all about going from customer need to customer value with the fastest cycle time possible.
- One that is built on a single data store so that
- Planning is integrated with the rest of the SDLC vs. treated as a siloed activity
- Monitoring and analytics leverages the same data fabric so that there is one place with a single data store to measure everything involved in software delivery and deployment.
- Security guardrails are on the same platform as the developer experience so that rules are consistently followed at scale
AI is integrated throughout the software development lifecycle. This is only possible with a platform like GitLab, which is built on a unified data store.
- The user experience improves cycle time as a whole rather than focusing only on the initial stage of code creation
- Integrated AI throughout the SDLC solves big pain points:
- Using AI with disjointed point solutions is a mess. If you expect inconsistent results from one prompt, just imagine the chaos of multiple GenAI point solutions running in parallel. Lack of consistency creates more risk in security, compliance, and other areas of the SDLC
- Also, using AI just at the point of code generation creates faster coding, but does not actually reflect the day in the life of a developer. GitLab’s DevSecOps study asked: How do developers spend their time? While a quarter of time is spent coding, fully 75% of time is spent on all other tasks associated with shepherding code through the development and deployment process, like testing, securing, analyzing software
Privacy
- We know Privacy is a concern, especially at enterprise level. That is why GitLab takes a Privacy-first approach to designing AI-powered capabilities
- GitLab is building AI capabilities with IP protection, privacy and compliance in mind
- For example: Code Suggestions – their marquee AI offering that assists developers in writing code – is built with privacy as a critical foundation. Private non-public GitLab customer data is not used as training data.
Transparency
- There are challenges with the adoption of AI, limited by a lack of trust of humans into an AI’s output
- For more than a decade, GitLab has earned the trust of their customers by responsibly managing their most valuable data, and they have worked to earn the trust by being transparent about how we introduce innovations in a safe way to our DevSecOps platform
- You can see which models they’re using and how they’re using your code base in their documentation. This allows you to evaluate the risks and benefits of adopting AI and make an informed decision.
Conclusion
Interested to learn more about GitLab Duo and how OTTRA can help you use it to improve your workflows? Book a chat with us on our website.