The contribution of AI to DevSecOps


Artificial intelligence made a functional leap forward in 2023 thanks to Chat GPT. The software market in general was quick to catch up, and the DevOps chain did not wait for OpenAI to integrate AI into DevSecOps processes. Take GitLab, for example, a complete platform for DevSecOps tools throughout the cycle.

The DevSecOps chain boosted by AI and Machine Learning

While impressive, code generation is not the only place where AI can come into play in the DevOps chain. According to Tidelift , developers on average spend less than 40% of their time writing code. That leaves 60% of their time for optimisation, and AI hasn’t forgotten that.

AI and Machine Learning are making their way into software development workflows, including security testing and code verification. More than half of developers say they use AI/ML in their testing efforts or will do so in the near future.

The use case for AI in software development goes beyond code generation and also goes beyond the person of the developer. In concrete terms, here’s what AI brings:

Faster deployments: by automating various aspects of the software development lifecycle, including testing and deployment, AI can help DevSecOps teams deliver software faster and more reliably.

Improved security: AI can help identify and mitigate potential security threats by analysing data patterns and behaviours. It can also automate security testing and analysis, enabling faster and more accurate detection and remediation of vulnerabilities.

Improved quality: AI can help automate quality assurance processes by analysing data patterns and identifying potential problems in code, speeding up testing, reducing bugs and improving software quality.

Intelligent monitoring and alerting: AI can help monitor systems in real time, analysing data from logs, alerts and other sources to detect anomalous behaviour and potential security threats.

Predictive analytics: AI can help DevSecOps teams predict potential problems, identify patterns and make data-driven decisions to improve their software before issues become critical.

AI-assisted functionalities today

Suggested reviewers

Suggested reviewers help customers make faster, higher quality reviews by automatically finding the right people to review a request.

Code suggestion

Code is displayed as a suggestion as the developer types. This improves productivity, concentration and innovation. This feature is available at both GitLab and GitHub.

Code explanations

The code displayed and suggested is also explained by the machine. The developer learns and becomes more proficient with his development tool.

Generating Git commands

In the Git command interface, this allows you to discover, recall and execute the many Git commands using natural language. There’s no need to memorise everything… and developers can improve their skills thanks to their DevOps tool.

Explaining vulnerabilities

This enables users to identify an effective way of correcting a vulnerability by combining basic information about the vulnerability with information from their own code.

Test generation in the Merge Request.

Suggesting tests in Merge Request helps members of the security and quality assurance teams to write regression tests to better prevent security problems.

Ticket summary

This feature provides a summary of a ticket and all the associated discussion flow. This saves a considerable amount of time, enabling you to quickly understand the context of the ticket.

Value chain forecasting

This capability is based on historical data and enables teams to better estimate the frequency of deployments.

And even more tomorrow.

This is just the beginning. AI is now involved in specific stages of the DevOps process, enabling teams to optimise the time they spend on the tool so that they can concentrate on developing, creating and optimising what already exists. Since AI also includes Machine Learning, the recommendations and assistance offered can only improve by learning from the decisions made by the teams, their business and their habits.

Thereafter, the exploitation of data will be (and already is!) the lifeblood of AI. To this end, ModelOps, the cycle of improving AI models by exploiting data, is at the heart of AI use strategies.

Article author :
Thomas Poinsot

Thomas Poinsot