Artificial intelligence (AI) is poised to radically improve the way DevSecOps teams build software. And IT leaders are positioned to help their teams maximize all the benefits that come with using AI — focusing on how the technology can add efficiencies, make developers’ jobs easier, and foster, rather than replace, human-to-human collaboration.
“If developers have the right tools to get their jobs done efficiently, they’re happier and less stressed,” says Abubakar Siddiq Ango, developer evangelism program manager at GitLab. “And if developers are happier, less stressed, and less burned out, they’ll do their jobs better and they won’t be looking to leave for another job. So it means better productivity and retention. Big wins.”
AI capabilities built in an end-to-end DevSecOps platform are about empowering developers and making their jobs easier. Think of AI as the next generation of automation, freeing developers to do the valuable work they love doing — writing innovative code.
Download the ebook The Ultimate Playbook for High-Performing DevSecOps Teams for more insights and tips.
Here are five ways to help your DevSecOps teams use AI to transform the way they work:
1. Boost developer confidence with AI training
A few of the best things executives can do for their teams is to automate routine tasks and make solving problems faster and more efficient, because that makes developers’ jobs easier, more interesting, and less stressful. And that’s just the job for AI.
By employing AI tools — like code suggestions, vulnerability summaries, and code explanations — developers are able to spend less time and mental energy on mundane, repetitive, and time-consuming tasks. And that takes a huge load off their backs and helps improve the quality of their work.
“This is definitely going to improve developers’ jobs,” says Ango. “I’d say 70% of my time is spent on Googling this function or researching that. If I can get that understanding in seconds, instead of a few hours, I can spend all that time and energy actually writing code. AI does the mundane work so humans can spend their time on more important things.”
To get started with AI in a way that won’t simply add stress to DevSecOps team members, managers and executives should make sure their people have the training they need to feel comfortable with AI features. Actually, GitLab’s 2023 State of AI in Software Development report showed that 81% of respondents said they need more training to use AI in their work. Of course, training is always critical but with something as new as AI, leaders should take steps to ensure people begin using the technology with a lot of confidence and excitement.
2. Work with teams to roll out AI strategically
Spending less time on manual tasks means developers have more time to work on building features for the next project iteration or design the next big piece of software. It also means they have more time to go back and work on projects that might have been pushed aside because of time constraints.
By using AI to generate code suggestions and explanations, or by using AI-powered root cause analysis to identify the cause of a problem, developers have more time to move projects forward and focus on bigger-picture needs.
“I think executives and IT leaders need to understand that they’re helping people do more with AI,” says Karen Kwentus, senior solutions architect at GitLab. “These capabilities move repetitive tasks out of the way. When I’m developing, I’ve literally spent hours trying to figure out a problem. If AI can suggest code or summarize vulnerabilities so I don’t have to spend time doing that, that can save me hours. Then I’m suddenly doing more with the same amount of time.”
Ango adds, “AI will lead to more efficiency in how developers can build software, secure software, and deploy software.”
Leaders should stay current with what AI features are available and work with their teams to figure out what workflows to simplify first with AI. Where can AI be used to help developers lighten their load and make their work more efficient? Once an AI solution is in place and developers are seeing positive results, managers can work with their teams to see what projects or efforts have been delayed or back-burnered, and begin to prioritize getting that work back on track.
3. Reinforce the importance of human-to-human collaboration
One of the major benefits of a DevSecOps platform is that it fosters a collaborative environment. By giving all team members — both within DevSecOps teams and throughout other departments in the company — visibility into the entire software development lifecycle, people from different teams are able to communicate about and help each other navigate around roadblocks and offer efficiency suggestions.
AI capabilities support that.
“When colleagues post comments about the code you’re building, it’s only helpful if you have time to take it in and absorb it all,” says Ango. “When someone asks for a review, AI can provide a summary of that request. And when people provide reviews, AI can summarize those comments so it’s easier to understand what everyone is saying about your project. Instead of disconnecting people, AI better connects them."
He adds, "Workflow is AI enabled. AI improved. Not AI replaced.”
AI does more than automate tasks. It helps team members communicate, creating more opportunities for human-to-human collaboration. Leaders can serve their teams by fostering an environment that encourages communication and collaboration, and reminding people that AI is opening that door for them.
4. Encourage teams to share security responsibility
Using AI-powered vulnerability summaries makes securing code more efficient, less mentally consuming, and faster.
For example, if a developer pushes code and gets an alert that a SQL injection has been detected, they might not immediately understand how their code is being impacted. But with AI, it’s easy to get an explanation of what the vulnerability is, how it affects the code, and how it impacts the entire piece of software — as well as suggestions for how to fix it.
“If AI can explain a vulnerability and suggest a fix, then that’s exactly what I want,” says Kwentus. “Developers and security teams are ultimately responsible for implementing the remediation, but they’ll benefit from actionable AI prompting, context, and explanation. With more information, a user can triage and correct the issue faster.”
As IT leaders play a significant role in ensuring that DevSecOps teams are using automated security and compliance testing and alerts, they have a similar responsibility to make sure teams are using security-related AI tools, like vulnerability summaries. Team members are increasingly understanding that security is a shared responsibility. That means correcting problems shouldn’t just be left to a security team taking on issues at the end of a project. Developers creating the code can make use of AI capabilities to explain problems that pop up and use suggestions to correct them as soon as they’re found.
5. Find AI champions in your teams
Executives should create time to talk with their teams about the AI capabilities in their DevSecOps platform, and how these tools can ease their workloads. “Let your teams know what your goals are,” says Kwentus. “Give them information. Talk about saving time and mental energy. Tell them about spending less time researching vulnerabilities and spending more time writing code. They didn’t get into this job to do all of these other tasks. They want to write code and this will give them more time for that.”
And by relieving their workload and stress, developers will be happier in their jobs. And happier people lead to better retention, which leads to more stable DevSecOps teams and less work for executives.
“Developers get stressed when they’re trying to get something done but they keep hitting bottlenecks,” says Ango. “Getting rid of those bottlenecks will decrease their stress and burnout. And that’s easier on everyone.”
IT leaders should, of course, focus on openly communicating with their teams about AI capabilities in their DevSecOps platforms, explaining how the features can make their jobs easier, and making sure they have the training they need to use the tools efficiently and with confidence.
Leaders can make this communication easier by finding and empowering influential people on their teams who are excited about using AI and who will act as champions to encourage others to use the technology. By giving team members not only the tools that will make their jobs easier, but also the knowledge of how to use them, and the encouragement to adopt them, then developers are likely going to be happier in their jobs.
Learn more about ways to support teams in the ebook The Ultimate Playbook for High-Performing DevSecOps Teams.