Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Beyond Code Generation: Integrating AI Throughout the Software Development Lifecycle
January 16, 2024
Today, every team involved in developing and delivering software faces the paradox of deploying secure and compliant software faster than ever, while working under time and resource constraints. AI is often discussed as a tool to help enable faster code generation — but by focusing solely on automating code development, much of the potential of AI is left untapped.
In fact, recent research from GitLab found that developers spend only 25% of their total work time writing code, using the remaining time to adjust, understand, test, and maintain code, as well as identify and mitigate security vulnerabilities. If the use of AI is consigned to code generation, organizations may miss some of the most transformative opportunities for AI in software development.
Let's walk through three ways to use AI in your DevSecOps workflows for faster cycle times and accelerated value stream delivery: predictive analytics, code testing and review, and security vulnerability detection.
1. Planning and Predictive Analytics
DevSecOps teams can incorporate AI into the entire software development lifecycle, including at its earliest stages before they even begin writing code. Using AI alongside a unified data store, teams can assess all of the data created as part of their software development lifecycle to visualize their end-to-end workstreams, identify any areas of inefficiency, and optimize these workflows to deliver value quickly and efficiently.
AI can also improve collaboration between teams by automating project management processes, summarizing discussions about deliverables, and creating, organizing, and automatically labeling issues and merge requests to improve planning and execution.
Teams can also use AI to improve the end-user experience by assessing user metrics, feedback, and usage trends and generating recommendations for improvements. Then, once presented with this information, teams can validate the findings using AI without having to parse through data and surface the bottlenecks themselves.
2. Code Reviews and Quality Assurance
Developers are under immense pressure to deliver code at the speed of the market, while also ensuring that it's high-quality and secure. Development teams can incorporate AI to analyze data patterns and identify potential issues in code, leading to faster testing, fewer bugs, and higher-quality software. With upfront automation, intelligent algorithms can spot bugs and errors that humans might miss.
Another critical process to ensure high-quality code delivery is code review. Code reviews are critical to helping developers share knowledge and maintain high-quality software — but when working within larger teams, it can be challenging and time-consuming to identify the reviewer who is best equipped with the necessary experience and context. AI can be used to select the most relevant code reviewers, removing guesswork and ensuring that reviewers have the necessary contextual knowledge to effectively review the selected code. This helps organizations avoid some of the bottlenecks that arise when working in large teams and enable faster software delivery.
3. Identifying Security Vulnerabilities
Security professionals face pressures similar to their development counterparts. Despite constrained budgets teams are under more pressure than ever to maintain their organization's security posture under the looming and increasing threat of cybercrimes. By strategically implementing AI within security processes, security teams can focus on proactive work, rather than on menial and repetitive tasks.
For example, AI can be used to help identify and mitigate potential security threats by analyzing data patterns and user behavior, as well as automate security testing and analysis. This can support faster vulnerability detection and remediation without sacrificing accuracy.
Security has become more of a shared responsibility between security professionals and developers than ever before. AI can lift some of the workload from security teams and empower developers to identify and mitigate vulnerabilities independently, enabling stronger collaboration between the two teams. This can help optimize the process of securing an application to prevent vulnerabilities that can be exploited when it's in production.
Above all, it's important to remember that AI is not a one-size-fits-all technology. Each organization will need to thoughtfully consider priority areas to incorporate automation within their software development workflows. By starting small, and identifying areas with the lowest risk, organizations can strategically scale their AI use without creating vulnerabilities, risking adherence to compliance standards, or risking relationships with customers, partners, investors, and other stakeholders.
AI can be a hugely transformational technology when incorporated thoughtfully. Rather than relegate it to code generation, organizations can fulfill its promise by weaving it into their workflows to improve efficiency and security, while driving innovation.
Industry News
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
April 29, 2024
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
April 29, 2024
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
April 29, 2024
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
April 25, 2024
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
