What the ML is up with DevSecOps and AI?

GitLab believes at our core that AI will revolutionize the power of DevSecOps platforms to bring to life a software development experience that feels straight out of science fiction. GitLab users already benefit from a step-function increase in productivity when they adopt our platform: streamlined collaboration, operational efficiencies, and massive acceleration in time to delivery. But by introducing machine learning (ML) and other artificial intelligence (AI) capabilities into the fabric of The DevSecOps Platform feature set, we aim to take those gains to a whole new level.

GitLab occupies a unique seat in relation to defining how AI and ML will impact DevSecOps into the future. As the creators of the DevSecOps platform category, we are the founders behind a successful philosophy for bringing DevSecOps principles into practice. By virtue of curating the entire software development lifecycle, our platform also has an unrivaled level of visibility into the code, configuration, testing, deployment, and operation of the applications it produces. It is in the rich data set underpinning that curated experience where unbounded opportunity lurks. These opportunities include the ability to deliver:

• Faster deployments: By automating various aspects of the software development lifecycle, including testing and deployment, AI/ML can help DevSecOps teams deliver software faster and more reliably.
• Improved security: AI/ML can help identify and mitigate potential security threats by analyzing data patterns and behavior. It can also automate security testing and analysis, leading to faster and more accurate detection and remediation of vulnerabilities.
• Enhanced quality assurance: AI/ML can help automate quality assurance processes by analyzing data patterns and identifying potential issues in code, leading to faster testing, fewer bugs, and higher quality software.
• Intelligent monitoring and alerting: AI/ML can help monitor systems in real time, analyzing data from logs, alerts, and other sources to detect anomalous behavior and potential security threats.
• Predictive analytics: AI/ML can help DevSecOps teams predict potential issues, identify patterns, and make data-driven decisions to improve their software before issues become critical.

GitLab will focus on incorporating AI/ML capabilities that leverage our unique strengths to deliver unique value. In particular, we plan to:

• incorporate generative AI into GitLab to massively simplify, accelerate, or entirely obviate parts of the software development process,
• use the unique data set at our disposal to make novel connections and surface insights to users about their teams, their processes, and the software they are building - insights that are otherwise lost to the voids of piecemeal DevOps toolchains.
• build the MLOps and DataOps plumbing that will enable organizations to build and deploy AI/ML workloads using GitLab.

AI/ML in GitLab today

Here are some of the ways we are using AI/ML in GitLab today.

AI/ML for automation

First, we are applying ML and AI to automate mundane tasks and reduce the cognitive load for our customers. We are currently developing AI Assisted capabilities to improve productivity and efficiency for everyone in the software delivery workflow. Here are some AI Assisted capabilities available in GitLab today:

• Suggested Reviewers, released last September, automatically suggests the best available reviewer for a merge request. This capability removes the guesswork by ensuring the right reviewer with the right contextual knowledge is reviewing code changes so that developers can deploy software more efficiently. Early users have told us that Suggested Reviewers minimizes delays and leads to better reviews. They now have more confidence in the code they deploy. The tool has generated tens of thousands of suggested reviewers to more efficiently and securely review code on our platform. You can learn more about the feature and how to enable it in our Suggested Reviewers documentation.

• GitLab Code Suggestions, released in closed beta this past February, aims to increase developer speed and productivity by providing code suggestions in GitLab’s VS Code IDE plugin. We’re actively building this into GitLab’s new Web IDE and Remote Development solution as well. Ultimate customers interested in joining the beta of Code Suggestions can fill out this form. Additional information about Code Suggestions can be found on our direction page.

Protecting customer source code

We’ve heard from many of our enterprise DevSecOps customers that their organizations care deeply about the privacy of their source code. They understandably want control over who processes their data and if their code is used to train code generation AI models. That’s why we’ve built our code suggestions feature to work natively within GitLab. Customer source code does not leave the GitLab instance and it is not used to retrain generic multi-customer code generation models.

The road ahead for GitLab and AI

We plan to add many AI capabilities throughout our DevSecOps platform, including:

• automating mundane tasks across the software development lifecycle with Workflow Automation including assigning, labeling, and summarizing.
• reducing the risk due to insecure coding practices by automatically detecting and help remediating code quality and security vulnerabilities with Intelligent Code Security.
• augmenting developers with generative Code Suggestions while writing, reviewing, and fixing code.

We also want to make it easier for customers to build and deploy amazing AI/ML-backed applications to their customers faster. We are working to integrate ModelOps features into the GitLab DevSecOps Platform to better support data science workloads and extend DevSecOps workflows to AI and ML workloads. This includes:

• enabling data science teams to work seamlessly within the Gitlab platform with better support for python notebooks and GPU runners.
• improving handoffs between data science teams and DevSecOps teams with a native GitLab Model Registry.

Follow along

This blog is the first in an ongoing series about GitLab’s journey to [build and integrate ML/AI into our DevSecOps platform. Throughout the series, we’ll feature blogs from our product, engineering, and UX teams that will showcase how we’re infusing AI/ML into GitLab.

We believe AI is going to dramatically change the way teams work and the way organizations develop, secure, and operate software. We’re using our core value of iteration and our experience building the most comprehensive DevSecOps platform to bring the power of AI/ML to bear on the software development lifecycle.

Want to continue reading about AI? Check out the next blog in this series:How AI-assisted code suggestions will advance DevSecOps!

Disclaimer: This blog contains information related to upcoming products, features, and functionality. It is important to note that the information in this blog post is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this blog and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab.