Modern software development problems require modern AI-powered DevSecOps

Sep 7, 2023 · 9 min read
William Arias GitLab profile

The landscape of software development is already being impacted by the integration of AI tools. GitLab is making that impact a positive one. Infusing AI throughout the software development lifecycle lowers the barrier for everyone to contribute. Let's take a look how organizations can evolve the idea "every company is a software company" into "every company should be an AI-first company" and how this transformation can happen by embracing AI-powered DevSecOps.

An effective way to demonstrate how AI can be a game-changer for software development teams is to walk through a detailed scenario. In this example, you'll see how applying GitLab Duo, the suite of AI capabilities powering workflows, to a dilemma that many organizations face – how to automate complex customer-facing tools – can improve the experience for DevSecOps teams and customers alike.

Challenge: Keeping customer Q&A systems from going stale

Imagine a large financial services firm has an extensive FAQ section on its website but keeping that information up to date and easy to navigate has become increasingly difficult. Also, the FAQs don't cover queries that are less frequent but should be easy to respond to.


To resolve this, the company proposed building an AI-enabled Q&A system that not only answers common queries but also other finance-related questions. The process to build the AI-enabled system described above can look like this:


Problem definition and collaboration

The journey begins with a GitLab issue. This is where the team collaborates, discusses ideas, and brainstorms to define the problem and scope of work. Collaborating on solving the Q&A system problem results in a lengthy issue thread where it can be challenging to quickly understand the status of the work. Anyone new to the issue or even current participants may need to spend considerable time reading comments to get an overview of the problem status and the decisions that have been made. AI-driven text summarization simplifies understanding of the comments, allowing developers and business teams to align on the problem and requirements.

AI-driven text summary

Text summarization applied to issue comments

GitLab provides an AI-generated summary right in the issue where all the collaboration took place, thus helping development teams to get an overview of the main points and takeaways. The AI-generated summary enables developers and other team members to quickly extract and review key points from the issue without having to read through long conversations.

Solution development

The proposed solution involves leveraging a large language model (LLM) to build a Q&A system. The AI-generated summary allows developers to quickly break down the requirements and store them in GitLab using Requirements management. The requirements are stored as easy-to-understand items with their own criteria of success and expected behavior as depicted in the figure below:


AI Q&A system requirements in GitLab

Having clear requirements is key to starting implementation of a successful solution, creating a merge request, and iterating on the solution to the problem.

While working towards a solution, GitLab Duo Code Suggestions can help developers focus. Leveraging generative AI, Code Suggestions provides relevant suggestions reducing time spent on repetitive or common code. This frees up developers to focus their efforts on complex problems that require deeper understanding of the codebase and business logic.


Generated code speeds up development

Developers get code suggestions inline in their integrated development environment, or IDE, as they type or after prompting the model with code comments. The suggestions are predicted based on the code written before the cursor and the file extension of the script.

Efficient code review

Let's consider that, until this point, developers working on the AI-enabled Q&A system have committed code contributions to build the solution. And it is also evident that infusing AI into the software development lifecycle has allowed the team to move faster. To move faster without compromising quality, however, it’s important to carry out code reviews on all the contributions done so far by the development team. Code reviews help developers share knowledge and maintain high-quality software. Companies like the one in this scenario might have a large number of developers, and identifying suitable reviewers can be challenging and time consuming. To resolve this, the company can leverage GitLab Duo Suggested Reviewers. This feature employs machine learning to suggest the most relevant code reviewers, streamlining and speeding up the review process.


Suggested reviewers appear in the reviewer dropdown

The machine learning algorithm that powers Suggested Reviewers learns from the project’s contribution graph data; the suggestions it generates are contextual to the changes made in the code.

Code review summarization and test generation

AI-driven text summarization helps in understanding suggested code changes derived from the code review at a glance. In our scenario, once the appropriate reviewer has been chosen, this person can go through the code and submit comments, propose changes, or identify potential edge cases that may have been overlooked. Getting a quick summary of all the suggested code changes before diving into the details can potentially speed up software delivery.


Code Review summary

As part of the review, it is important to make sure that all the functions have been tested. If there was the case of an overlooked test, once again it is possible to leverage generative AI within GitLab to create test cases.


Test cases generated by AI

In the figure below, we see the test code generated by AI. This provides helpful assertions that can also serve as an inspiration for discovering edge cases that might have not been considered before.

test cases

Suggested test cases

This solidifies the quality of the project codebase, closing the loop of efficient code reviews.

Minimizing context switching

Allowing developers to obtain guidance and answers to GitLab-related questions without leaving the platform can be achieved by interacting with GitLab Duo Chat functionality.This AI-powered feature reduces context switching and enables developers or other team members to ask open questions and request information using natural language. Let's assume that a developer wasn't exactly sure how to leverage AI to generate test cases like the ones requested during the code review. Using GitLab Duo Chat, the developer can ask how to achieve exactly that without having to leave the platform, as depicted in the figure below:

GitLab Duo Chat

GitLab Duo Chat

Interacting with the platform using natural language provides a convenient way to achieve results and get things done while minimizing context switching, improving the software delivery experience and speed. Now, speaking of speed, let's dive into the realm of continuous integration/continuous delivery and deployment (CI/CD).

GitLab CI/CD

The AI-infused DevSecOps approach described so far aligns and enhances CI/CD methodologies. The financial services company in this scenario uses these continuous methodologies to deliver software faster since these are proven ways to automatically build, test, secure, and deploy software.


GitLab CI/CD pipeline

The figure above depicts the CI/CD pipeline that is triggered and used in the development of our LLM Financial Q&A system. The jobs it executes are:

Once the solution is deployed, end users can ask questions to it, and the FAQ problem can be considered solved.


The AI touchpoints explored in this scenario and that led to the faster development of our AI-powered Q&A system are seamlessly integrated within DevSecOps methodologies, enhancing the development and operations experience.


Ultimately, this increases the likelihood of a successful and secure deployment of the AI-powered Q&A system.


Going back to the process overview, in the following table we see how the different AI touchpoints are used throughout the software development lifecycle.

  What AI-powered DevSecOps can do for you Feature
brainstorming AI generates a summary of the discussions and provide the most relevant information for your team to move forward in the solution development Summarize issues
requirements The team agrees on a chatbot and break down the application requirements and set criteria it must fulfill Requirements management
develop Developers leverage Code Suggestions to speed up code and generate tests Code Suggestions
reviewer Quickly find the most suitable person to review code changes and move on in the delivery process Suggested Reviewers
code-review Summarize Merge Request, which includes code summary, helps contributors understand the most important changes that need to be addressed Summarize Merge Request
pipeline CI/CD and integrated security CI/CD testing
deploy Kubernetes agent, and multi-cloud deployments Kubernetes integration

Watch the video walkthrough of the financial services scenario:

As organizations embark on their AI journey, more and better software will have to be created. Drawing insights from DevSecOps combined with AI-powered workflows provides a solid foundation to enjoy the benefits of AI, unlock new use cases, and provide robust solutions that learn from data. Ultimately, AI enables organizations to enhance software development practices and to tackle modern problems with modern solutions.

Get started with GitLab Duo today with this free trial of GitLab Ultimate.

“Learn how to apply AI-powered DevSecOps to common software development challenges.” – William Arias

Click to tweet

Edit this page View source