European tech company Cube drives secure software with AI in GitLab Duo

For Cube, the decision to adopt GitLab Ultimate was a game-changer, energizing the entire organization. Almost their entire workforce operates within a DevSecOps framework, focusing on efficiently creating, securing, and deploying products. Since adopting GitLab in 2019, Cube has continually sought ways to optimize their processes. In the spring of 2024, they expanded their toolkit with GitLab Duo, an AI-powered addition to their GitLab Ultimate plan, enhancing their ability to deliver software applications, websites, and manage background data for their clients.

While Cube leverages a wide range of Ultimate features — everything from automation to security scanning and value stream management — a major driver for the company to upgrade earlier this year was to be able to use GitLab Duo. Members of their DevSecOps teams had been asking to use artificial intelligence, wanting a time-saving boost from code creation and a chat assistant.

First, Cube tried out GitHub’s Copilot tool and the JetBrains AI assistant. Neither provided the seamless AI integration that Cube’s teams required across the entire SDLC. Cube needs a single platform where all team members — from developers to test engineers, security specialists, and project managers — can use GitLab Duo.

“We went with GitLab Duo because it has features, like Code Suggestions, test generation, and summarizations, that immediately were able to help us become more efficient,” says Mans Booijink, operations manager at Cube. “We wanted to use a whole package of AI features on one platform.”

Cube started using GitLab Duo in the spring of 2024, launching its AI journey by first using Code Suggestions and GitLab Duo Chat, an AI-powered conversational assistant. From the onset, teams quickly began seeing benefits, especially for junior developers, who could use more help in developing code and making sense of long lists of requests or comments.

“We’re still in the starting phase with using AI, mainly focused on Code Suggestions, but already people have said they’re happy when they see improvements, when they don’t have to do tasks manually, or they save time,” says Booijink. “When a developer has an issue with 20 or 30 comments, it can be a lot to sort through it all. But with Duo Chat, they can just ask what’s important or what has to be done. It gives them a quick overview, pointing them in the right direction and saving them time.”

Cube may only be getting started using artificial intelligence, but they’re already seeing results.

Developers used GitLab Duo to improve and add new features to a mobile app for one of their long-time customers. The app enables its users to analyze and manage their daily gas or electricity use, as well as see how much of their energy was produced by solar panels.

Using Code Suggestions and code explanations, developers saved time and effort, while quickly delivering requested improvements to a valued customer.

Cube already is planning how they will expand their use of AI throughout their teams and the entire SDLC.

“We want to use all the AI features available in GitLab Duo so we can make secure software faster,” says Booijink. “It’s important to our business. We need to be fast and efficient to stay competitive in the market. That means using AI features, like merge request summaries, vulnerability explanations, and issue and merge request summaries across the entire SDLC. We love that everything comes together in one system.”

He’s eager for his teams to begin using security-focused AI capabilities that can detect and raise immediate alerts about potential code risks before they even go into merge requests. Booijink, who is excited about GitLab’s roadmap for self-hosted features, also plans to use AI for resolving vulnerabilities.

“I appreciate GitLab’s plans to expand with self-hosted capabilities,” Booijink. “We want to try everything as soon as it’s ready because that will help us save even more time and get more efficient.

And as Cube expands the number of AI features it’s using, Booijink is looking for the number of team members using GitLab Duo to grow, as well. In fact, he expects to go from 60% of DevSecOps teammates using AI in July of 2024 to 100% by the end of the year. Right now, a few developers are still using Copilot but Booijink expects them to switch, as their teammates already have, to GitLab Duo on their own as they see that it will enable them to use AI for more than just Code Suggestions.

“Yeah, suggestions are nice, but DevSecOps engineers have so much more work to do than only writing or checking code,” he adds. “It's about benefiting the full cycle. And that is where you can really gain efficiency. That will be the reason everyone switches to GitLab Duo.”

Cube has offered AI training but leaders are planning to provide even more educational opportunities as they move ahead. As employees within the company plan to continually increase their usage of artificial intelligence, both across teams and the entire development lifecycle, they see the need for training to keep pace with expansion.

And part of that will be encouraging teammates with more experience to mentor others and collaborate as they move ahead.

“We want to offer the help teams need but we’re also encouraging people to communicate with each other and support each other,” says Booijink, noting that they’ll also offer courses through GitLab University. “We have already seen our people share knowledge about how they use AI in GitLab for Code Suggestions. We’ve done knowledge sharing on Fridays where we show examples on a big screen. We like learning from each other.”

Being able to use GitLab Duo was just one reason Cube wanted to move from Premium to Ultimate. One of the other major reasons was to gain added automated security features like dependency scanning, both static and dynamic application security testing, and secret detection. DevSecOps teams immediately started implementing the new security features because they knew it would help them achieve their ISO 27001 certification, which is an international information security standard.

“It's easier to develop secure software without losing any speed in development or deployment,” says Booijink. “We have automatic scanners that go over all new code, and we have approved rules set up in them that ensure every vulnerability is handled appropriately, no matter who is working on that code. It makes securing our software easier for us but it’s also better for our clients because they are assured that any problem is always handled the right way.”

At its heart, DevSecOps is about collaboration. It’s a team sport. And having a single, end-to-end platform fosters that collaboration.

Booijink notes that by using epics, issues, milestones, and iterations in GitLab, their teams stay on the same page, are continuously updated about the status of projects, and are easily able to pitch in and help each other. “People use GitLab right from the beginning when they’re planning a project,” he says. “They communicate in issues about what needs to be done. And our clients and other stakeholders can be involved as guest users, working together in GitLab, asking and answering questions. It’s so much more efficient than emailing back and forth.”

Clients, he notes, even can start their own issues to raise concerns or requests. “It’s great to connect with clients, show them insights into what we’re doing and why we’re doing it, let them know where the process stands, and then quickly get their view on it,” Booijink adds. “It’s so much more collaborative.”

Value stream management, which is aimed at improving security and DevSecOps processes, has been important to teams at Cube. And they took big steps forward, using GitLab’s platform to create a value stream dashboard that notes where roadblocks and slowdowns are happening. If they can see what is happening and when it’s happening in the process, it’s much easier and faster to fix the problem.

That quick attention keeps Cube in line with their clients’ expectations.

“It keeps us on top of our service level agreement response time,” explains Booijink. “When our clients start a new ticket for a project, our response time is part of the deal. By monitoring those dashboards, we can see where we stand with expected time to market. And we have to give clients regular updates about our response time and the dashboards give us the information we need to give to them, and to be able to fix bottlenecks and improve our timing.”

Building those critical dashboards was easier because they did it as part of the platform. “It would have been so much harder without GitLab,” says Booijink. “It was user friendly and now we have a clear understanding of processes, numbers, and what’s behind all that data. And it works the same way for every project.”

He adds that since all of the features in Ultimate, whether AI capabilities, automatic security scanning, or value stream management, are all part of a single platform, it makes work easier for Cube employees using GitLab.