[{"data":1,"prerenderedAt":544},["ShallowReactive",2],{"/en-us/the-source/authors/kristina-weis":3,"footer-en-us":29,"the-source-banner-en-us":372,"the-source-navigation-en-us":384,"the-source-newsletter-en-us":412,"footer-source-/en-us/the-source/authors/kristina-weis/":423,"authors-en-us":432,"categories-en-us":468,"kristina-weis-articles-list-en-us":469},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":12,"type":21,"slug":22,"_id":23,"_type":24,"title":11,"_source":25,"_file":26,"_stem":27,"_extension":28},"/en-us/the-source/authors/kristina-weis","authors",false,"",{"layout":9},"the-source",{"title":11},"Kristina Weis",[13,19],{"componentName":14,"type":14,"componentContent":15},"TheSourceAuthorHero",{"name":11,"headshot":16},{"altText":11,"config":17},{"src":18},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463469/eoolq6n6bs0zb8gmf0js.webp",{"componentName":20,"type":20},"TheSourceArticlesList","author","kristina-weis","content:en-us:the-source:authors:kristina-weis.yml","yaml","content","en-us/the-source/authors/kristina-weis.yml","en-us/the-source/authors/kristina-weis","yml",{"_path":30,"_dir":31,"_draft":6,"_partial":6,"_locale":7,"data":32,"_id":368,"_type":24,"title":369,"_source":25,"_file":370,"_stem":371,"_extension":28},"/shared/en-us/main-footer","en-us",{"text":33,"source":34,"edit":40,"contribute":45,"config":50,"items":55,"minimal":360},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":35,"config":36},"View page source",{"href":37,"dataGaName":38,"dataGaLocation":39},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":41,"config":42},"Edit this page",{"href":43,"dataGaName":44,"dataGaLocation":39},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":46,"config":47},"Please contribute",{"href":48,"dataGaName":49,"dataGaLocation":39},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":51,"facebook":52,"youtube":53,"linkedin":54},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[56,114,171,230,298],{"title":57,"links":58,"subMenu":74},"Pricing",[59,64,69],{"text":60,"config":61},"View plans",{"href":62,"dataGaName":63,"dataGaLocation":39},"/pricing/","view plans",{"text":65,"config":66},"Why Premium?",{"href":67,"dataGaName":68,"dataGaLocation":39},"/pricing/premium/","why premium",{"text":70,"config":71},"Why Ultimate?",{"href":72,"dataGaName":73,"dataGaLocation":39},"/pricing/ultimate/","why ultimate",[75],{"title":76,"links":77},"Contact Us",[78,83,88,93,98,103,108],{"text":79,"config":80},"Contact sales",{"href":81,"dataGaName":82,"dataGaLocation":39},"/sales/","sales",{"text":84,"config":85},"Get help",{"href":86,"dataGaName":87,"dataGaLocation":39},"/support/","get help",{"text":89,"config":90},"Customer portal",{"href":91,"dataGaName":92,"dataGaLocation":39},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":94,"config":95},"Status",{"href":96,"dataGaName":97,"dataGaLocation":39},"https://status.gitlab.com/","status",{"text":99,"config":100},"Terms of use",{"href":101,"dataGaName":102,"dataGaLocation":39},"/terms/","terms of use",{"text":104,"config":105},"Privacy statement",{"href":106,"dataGaName":107,"dataGaLocation":39},"/privacy/","privacy statement",{"text":109,"config":110},"Cookie preferences",{"dataGaName":111,"dataGaLocation":39,"id":112,"isOneTrustButton":113},"cookie preferences","ot-sdk-btn",true,{"title":115,"links":116,"subMenu":127},"Product",[117,122],{"text":118,"config":119},"DevSecOps platform",{"href":120,"dataGaName":121,"dataGaLocation":39},"/platform/","devsecops platform",{"text":123,"config":124},"AI-Assisted Development",{"href":125,"dataGaName":126,"dataGaLocation":39},"/gitlab-duo/","ai-assisted development",[128],{"title":129,"links":130},"Topics",[131,136,141,146,151,156,161,166],{"text":132,"config":133},"CICD",{"href":134,"dataGaName":135,"dataGaLocation":39},"/topics/ci-cd/","cicd",{"text":137,"config":138},"GitOps",{"href":139,"dataGaName":140,"dataGaLocation":39},"/topics/gitops/","gitops",{"text":142,"config":143},"DevOps",{"href":144,"dataGaName":145,"dataGaLocation":39},"/topics/devops/","devops",{"text":147,"config":148},"Version Control",{"href":149,"dataGaName":150,"dataGaLocation":39},"/topics/version-control/","version control",{"text":152,"config":153},"DevSecOps",{"href":154,"dataGaName":155,"dataGaLocation":39},"/topics/devsecops/","devsecops",{"text":157,"config":158},"Cloud Native",{"href":159,"dataGaName":160,"dataGaLocation":39},"/topics/cloud-native/","cloud native",{"text":162,"config":163},"AI for Coding",{"href":164,"dataGaName":165,"dataGaLocation":39},"/topics/devops/ai-for-coding/","ai for coding",{"text":167,"config":168},"Agentic AI",{"href":169,"dataGaName":170,"dataGaLocation":39},"/topics/agentic-ai/","agentic ai",{"title":172,"links":173},"Solutions",[174,178,183,188,193,197,202,205,210,215,220,225],{"text":175,"config":176},"Application Security Testing",{"href":177,"dataGaName":175,"dataGaLocation":39},"/solutions/application-security-testing/",{"text":179,"config":180},"Automated software delivery",{"href":181,"dataGaName":182,"dataGaLocation":39},"/solutions/delivery-automation/","automated software delivery",{"text":184,"config":185},"Agile development",{"href":186,"dataGaName":187,"dataGaLocation":39},"/solutions/agile-delivery/","agile delivery",{"text":189,"config":190},"SCM",{"href":191,"dataGaName":192,"dataGaLocation":39},"/solutions/source-code-management/","source code management",{"text":132,"config":194},{"href":195,"dataGaName":196,"dataGaLocation":39},"/solutions/continuous-integration/","continuous integration & delivery",{"text":198,"config":199},"Value stream management",{"href":200,"dataGaName":201,"dataGaLocation":39},"/solutions/value-stream-management/","value stream management",{"text":137,"config":203},{"href":204,"dataGaName":140,"dataGaLocation":39},"/solutions/gitops/",{"text":206,"config":207},"Enterprise",{"href":208,"dataGaName":209,"dataGaLocation":39},"/enterprise/","enterprise",{"text":211,"config":212},"Small business",{"href":213,"dataGaName":214,"dataGaLocation":39},"/small-business/","small business",{"text":216,"config":217},"Public sector",{"href":218,"dataGaName":219,"dataGaLocation":39},"/solutions/public-sector/","public sector",{"text":221,"config":222},"Education",{"href":223,"dataGaName":224,"dataGaLocation":39},"/solutions/education/","education",{"text":226,"config":227},"Financial services",{"href":228,"dataGaName":229,"dataGaLocation":39},"/solutions/finance/","financial services",{"title":231,"links":232},"Resources",[233,238,243,248,253,258,263,268,273,278,283,288,293],{"text":234,"config":235},"Install",{"href":236,"dataGaName":237,"dataGaLocation":39},"/install/","install",{"text":239,"config":240},"Quick start guides",{"href":241,"dataGaName":242,"dataGaLocation":39},"/get-started/","quick setup checklists",{"text":244,"config":245},"Learn",{"href":246,"dataGaName":247,"dataGaLocation":39},"https://university.gitlab.com/","learn",{"text":249,"config":250},"Product documentation",{"href":251,"dataGaName":252,"dataGaLocation":39},"https://docs.gitlab.com/","docs",{"text":254,"config":255},"Blog",{"href":256,"dataGaName":257,"dataGaLocation":39},"/blog/","blog",{"text":259,"config":260},"Customer success stories",{"href":261,"dataGaName":262,"dataGaLocation":39},"/customers/","customer success stories",{"text":264,"config":265},"Remote",{"href":266,"dataGaName":267,"dataGaLocation":39},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":269,"config":270},"GitLab Services",{"href":271,"dataGaName":272,"dataGaLocation":39},"/services/","services",{"text":274,"config":275},"TeamOps",{"href":276,"dataGaName":277,"dataGaLocation":39},"/teamops/","teamops",{"text":279,"config":280},"Community",{"href":281,"dataGaName":282,"dataGaLocation":39},"/community/","community",{"text":284,"config":285},"Forum",{"href":286,"dataGaName":287,"dataGaLocation":39},"https://forum.gitlab.com/","forum",{"text":289,"config":290},"Events",{"href":291,"dataGaName":292,"dataGaLocation":39},"/events/","events",{"text":294,"config":295},"Partners",{"href":296,"dataGaName":297,"dataGaLocation":39},"/partners/","partners",{"title":299,"links":300},"Company",[301,306,311,316,321,326,331,335,340,345,350,355],{"text":302,"config":303},"About",{"href":304,"dataGaName":305,"dataGaLocation":39},"/company/","company",{"text":307,"config":308},"Jobs",{"href":309,"dataGaName":310,"dataGaLocation":39},"/jobs/","jobs",{"text":312,"config":313},"Leadership",{"href":314,"dataGaName":315,"dataGaLocation":39},"/company/team/e-group/","leadership",{"text":317,"config":318},"Team",{"href":319,"dataGaName":320,"dataGaLocation":39},"/company/team/","team",{"text":322,"config":323},"Handbook",{"href":324,"dataGaName":325,"dataGaLocation":39},"https://handbook.gitlab.com/","handbook",{"text":327,"config":328},"Investor relations",{"href":329,"dataGaName":330,"dataGaLocation":39},"https://ir.gitlab.com/","investor relations",{"text":332,"config":333},"Sustainability",{"href":334,"dataGaName":332,"dataGaLocation":39},"/sustainability/",{"text":336,"config":337},"Diversity, inclusion and belonging (DIB)",{"href":338,"dataGaName":339,"dataGaLocation":39},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":341,"config":342},"Trust Center",{"href":343,"dataGaName":344,"dataGaLocation":39},"/security/","trust center",{"text":346,"config":347},"Newsletter",{"href":348,"dataGaName":349,"dataGaLocation":39},"/company/contact/","newsletter",{"text":351,"config":352},"Press",{"href":353,"dataGaName":354,"dataGaLocation":39},"/press/","press",{"text":356,"config":357},"Modern Slavery Transparency Statement",{"href":358,"dataGaName":359,"dataGaLocation":39},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":361},[362,364,366],{"text":99,"config":363},{"href":101,"dataGaName":102,"dataGaLocation":39},{"text":104,"config":365},{"href":106,"dataGaName":107,"dataGaLocation":39},{"text":109,"config":367},{"dataGaName":111,"dataGaLocation":39,"id":112,"isOneTrustButton":113},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":373,"_dir":374,"_draft":6,"_partial":6,"_locale":7,"visibility":113,"id":375,"title":376,"button":377,"_id":381,"_type":24,"_source":25,"_file":382,"_stem":383,"_extension":28},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":378,"text":380},{"href":379},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":385,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":386,"subscribeLink":391,"navItems":395,"_id":408,"_type":24,"title":409,"_source":25,"_file":410,"_stem":411,"_extension":28},"/shared/en-us/the-source/navigation",{"altText":387,"config":388},"the source logo",{"src":389,"href":390},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":392,"config":393},"Subscribe",{"href":394},"#subscribe",[396,400,404],{"text":397,"config":398},"Artificial Intelligence",{"href":399},"/the-source/ai/",{"text":401,"config":402},"Security & Compliance",{"href":403},"/the-source/security/",{"text":405,"config":406},"Platform & Infrastructure",{"href":407},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":413,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":414,"description":415,"submitMessage":416,"formData":417,"_id":420,"_type":24,"_source":25,"_file":421,"_stem":422,"_extension":28},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":418},{"formId":419,"formName":349,"hideRequiredLabel":113},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":424,"seo":425,"content":426,"type":21,"slug":22,"_id":23,"_type":24,"title":11,"_source":25,"_file":26,"_stem":27,"_extension":28},{"layout":9},{"title":11},[427,431],{"componentName":14,"type":14,"componentContent":428},{"name":11,"headshot":429},{"altText":11,"config":430},{"src":18},{"componentName":20,"type":20},{"amanda-rueda":433,"andre-michael-braun":434,"andrew-haschka":435,"ayoub-fandi":436,"bob-stevens":437,"brian-wald":438,"bryan-ross":439,"chandler-gibbons":440,"cherry-han":441,"dave-steer":442,"ddesanto":443,"derek-debellis":444,"emilio-salvador":445,"erika-feldman":446,"george-kichukov":447,"gitlab":448,"grant-hickman":449,"haim-snir":450,"iganbaruch":451,"jason-morgan":452,"jessie-young":453,"jlongo":454,"joel-krooswyk":455,"josh-lemos":456,"julie-griffin":457,"kristina-weis":11,"lee-faus":458,"nathen-harvey":459,"ncregan":460,"rob-smith":461,"rschulman":462,"sabrina-farmer":463,"sandra-gittlen":464,"sharon-gaudin":465,"stephen-walters":466,"taylor-mccaslin":467},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Cherry Han","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Jason Morgan","Jessie Young","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Lee Faus","Nathen Harvey","Niall Cregan","Rob Smith","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"ai":397,"platform":405,"security":401},[470,508],{"_path":471,"_dir":472,"_draft":6,"_partial":6,"_locale":7,"config":473,"seo":475,"content":479,"type":503,"slug":504,"category":472,"_id":505,"_type":24,"title":476,"_source":25,"_file":506,"_stem":507,"_extension":28,"date":480,"description":477,"timeToRead":481,"heroImage":478,"keyTakeaways":482,"articleBody":486,"faq":487},"/en-us/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity","ai",{"layout":9,"template":474,"author":22,"featured":6,"isHighlighted":6,"authorName":11},"TheSourceArticle",{"title":476,"description":477,"ogImage":478},"How AI helps DevSecOps teams improve productivity","Learn how DevOps teams are using AI to save time and improve efficiency.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464559/fbvzbz6vxppsblv8sngf.png",{"title":476,"date":480,"description":477,"timeToRead":481,"heroImage":478,"keyTakeaways":482,"articleBody":486,"faq":487},"2024-01-02","6 min read",[483,484,485],"Utilizing AI in DevSecOps workflows significantly boosts efficiency and productivity by automating repetitive tasks, reducing context switching, and providing intelligent assistance.","AI tools can enhance code quality and security by offering real-time suggestions, summarizing potential threats, and providing remediation strategies.","Organizations should develop strategies addressing privacy, intellectual property, and data security concerns, ensuring AI implementations align with legal and ethical standards.","Artificial intelligence (AI) and machine learning (ML) in software development are here to stay, and DevSecOps teams are using them in many different ways to save time and improve productivity and efficiency.\n\nHere are a few ways development, security, and operations teams can incorporate AI into their DevOps processes.\n\n## 9 ways DevSecOps teams use AI\n\n### Ask questions in documentation using chatbots\nTo find answers faster and reduce context switching, DevSecOps teams can use AI-powered chatbots to ask questions and get relevant answers in real time from documentation or other large volumes of text. Instead of leaving the IDE or platform where they’re writing and deploying code to go search the web, developers can ask a built-in chatbot a question and get one concise answer without disrupting their flow.\n\n### Suggest tests and test files\nDevelopers can use AI to suggest tests and generate test files for their code, right in the merge request. This can help them enhance their testing, ensure they have appropriate test coverage for their changes, and reduce the time they have to spend writing and thinking about tests.\n\n### Summarize code changes\nWhen making a commit or merge request, developers can use AI to generate a written summary of the code changes. This can help developers save time when they’re committing changes and asking for code reviews, and AI can also help code reviewers save time - and likely provide a better review - by giving them more context on the changes made before they dive into the code.\n\n### Get suggestions for who can review code\nCode review is an important, but sometimes frustrating and time-consuming, process - especially if the right reviewer isn’t asked the first time.\n\nBy looking at the code changes and the project’s contribution graph, AI can automatically suggest a code reviewer who can provide faster and higher-quality feedback and catch potential issues. AI also can help save time by suggesting someone else to review the code if a suggested reviewer doesn't respond or if their review isn’t sufficient.\n\n### Summarize discussions\nWhen discussions get lengthy or convoluted, teams can use AI to summarize all the comments in an issue or ticket. This can help everyone get on the same page and efficiently understand the status of a project and what the next steps are, leading to more seamless collaboration and faster results.\n\n### Suggest code\n[AI-powered code suggestions](https://about.gitlab.com/blog/top-tips-for-efficient-ai-powered-code-suggestions-with-gitlab-duo/) can help developers write code more efficiently by suggesting code right in their IDE while they’re developing. Developers can use AI to complete blocks of code, define and generate logic for function declarations, generate unit tests, suggest common code like regex patterns, and more. These capabilities can certainly make developers more efficient, but because less than 25% of developers’ time is spent on code development [according to our research](https://about.gitlab.com/developer-survey/), it’s just one piece of the puzzle.\n\n### Explain how a piece of code works\nDevelopers (or anyone on the DevOps team) can use AI to get a quick explanation of what a block of code does and why it's behaving the way it is – without leaving their workflow.\n\nAn AI-generated code explanation can be particularly helpful for developers trying to understand pieces of code that others have created or that’s written in a language they’re less familiar with. And according to [our research](https://about.gitlab.com/developer-survey/), developers spend 13% of their time understanding what code does, so time savings here can really add up.\n\n### Summarize vulnerabilities in code\nUnderstanding a newly detected security vulnerability and how to fix it isn’t trivial, but AI-powered security tools can make it simpler and more efficient. An [AI-generated summary of a vulnerability](https://about.gitlab.com/blog/developing-gitlab-duo-use-ai-to-remediate-security-vulnerabilities/) helps developers and security professionals understand the vulnerability, how it could be exploited, and how to fix it. Some AI-powered tools can even provide a suggested mitigation with sample code. This can go a long way in [helping teams avoid potential security threats and security risks](https://about.gitlab.com/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security/) with less effort.\n\n### Forecast productivity metrics\nUsing AI, software leaders can [forecast or predict productivity metrics](https://about.gitlab.com/blog/developing-gitlab-duo-ai-impact-analytics-dashboard-measures-the-roi-of-ai/) - such as deployment frequency - to identify trends and anomalies across the software development lifecycle. These actionable insights can help teams implement changes to improve their efficiency and DevSecOps processes.\n\n## The benefits of using AI in software development\nDevSecOps teams are using AI - or plan to use AI - to help them do many things, including:\n\n* Improve efficiency of their software delivery lifecycle\n* Speed up cycle times\n* Streamline compliance checks\n* Improve employee productivity\n* Improve security posture\n* Improve code quality\n* Improve customer satisfaction\n* Improve employee satisfaction and the developer experience\n* Improve collaboration between teams\n* Improve application performance\n* Automate repetitive tasks\n* Reduce operational costs\n* Reduce context switching and cognitive load\n* Reduce human error\n* Get new hires up to speed faster\n* Help employees [learn new programming languages](https://about.gitlab.com/blog/learn-advanced-rust-programming-with-a-little-help-from-ai-code-suggestions/)\n\n## Avoiding privacy and security issues\nWhile there are numerous benefits to integrating AI into the software development process, it’s important to be aware of the potential risks as well as common issues and obstacles.\n\nAccording to our [research](https://about.gitlab.com/developer-survey/2024/ai/), privacy, security, and a lack of familiarity with AI-driven solutions were common obstacles respondents said they encountered or expect to encounter while implementing AI in the software development lifecycle. Of all the obstacles identified, concerns around privacy and data security was the most common response (34%), followed by the lack of appropriate skills (31%) and the lack of AI knowledge (30%).\n\nBusiness leaders should ensure that AI implementations adhere to established privacy and security standards. This involves integrating compliance checks and balances throughout the AI lifecycle to protect sensitive data and maintain user trust. It's also key to ensure you adopt AI tools that are transparent about how their machine learning models use your organization's data.\n\n## Get to know GitLab Duo\nAll the capabilities mentioned above - from code explanations to suggested tests - are part of [GitLab Duo](https://about.gitlab.com/gitlab-duo/), the suite of AI capabilities built into GitLab’s DevSecOps platform. GitLab Duo helps DevSecOps teams boost efficiency, reduce cycle times, and prevent context switching with AI-assisted workflows in every phase of the software development lifecycle, all in a single application.\n\n> Learn why GitLab was named a Leader in the 2024 Gartner® Magic Quadrant™ for AI Code Assistants.\n> [Access the report](https://about.gitlab.com/gartner-mq-ai-code-assistants/){class=\"button\" data-ga-name=\"gartner magic quadrant\" data-ga-location=\"thesource\"}",[488,491,494,497,500],{"header":489,"content":490},"How does AI contribute to better code security in DevOps?","AI-powered security tools identify, summarize, and suggest fixes for vulnerabilities in real time. They provide automated risk assessments and mitigation recommendations, helping teams detect threats earlier in the software development lifecycle and reduce security blind spots.",{"header":492,"content":493},"How can AI forecasting improve software development performance?","AI-driven analytics predict deployment frequency, cycle times, and productivity trends, allowing teams to identify inefficiencies, improve DevOps strategies, and proactively address bottlenecks before they impact performance.",{"header":495,"content":496},"How can AI improve the efficiency of DevSecOps teams?","AI enhances DevSecOps efficiency by automating repetitive tasks, suggesting code improvements, summarizing vulnerabilities, and streamlining compliance checks. It reduces context switching, speeds up workflows, and allows teams to focus on higher-value development and security efforts.",{"header":498,"content":499},"What are the key privacy and security risks when using AI in DevSecOps?","The primary risks include data privacy concerns, AI-generated code vulnerabilities, and a lack of transparency in how AI models handle proprietary data. Organizations should vet AI providers for compliance with security standards and ensure AI-powered workflows align with internal governance policies.",{"header":501,"content":502},"Can AI help developers understand complex or unfamiliar codebases?","Yes, AI-powered assistants explain code logic in natural language, making it easier for developers to quickly grasp existing code structures and dependencies. This is particularly useful when onboarding new developers or working with legacy code written in unfamiliar programming languages.","article","how-ai-helps-devsecops-teams-improve-productivity","content:en-us:the-source:ai:how-ai-helps-devsecops-teams-improve-productivity.yml","en-us/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity.yml","en-us/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity",{"_path":509,"_dir":472,"_draft":6,"_partial":6,"_locale":7,"config":510,"seo":512,"content":516,"type":503,"slug":540,"category":472,"_id":541,"_type":24,"title":513,"_source":25,"_file":542,"_stem":543,"_extension":28,"date":517,"description":514,"timeToRead":518,"heroImage":515,"keyTakeaways":519,"articleBody":523,"faq":524},"/en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security",{"layout":9,"template":474,"author":22,"featured":6,"sourceCTA":511,"isHighlighted":6,"authorName":11},"source-lp-how-to-get-started-using-ai-in-software-development",{"title":513,"description":514,"ogImage":515},"How AI can help DevOps teams improve security","Find out how DevOps teams are using artificial intelligence and machine learning to improve security, minimize risk, and ship more secure code.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463801/t2lucrovy8dadeimvk48.png",{"title":513,"date":517,"description":514,"timeToRead":518,"heroImage":515,"keyTakeaways":519,"articleBody":523,"faq":524},"2023-12-05","4 min read",[520,521,522],"AI and ML in software development is more than code generation — it can enhance security by mitigating vulnerabilities faster, making code reviews more efficient, and suggesting relevant tests to ensure proper coverage.","Nearly a third of DevSecOps teams already use AI for automated test generation. However, 55% feel that introducing AI into the software development lifecycle is risky.","Organizations should prioritize AI tools that do not train machine learning models with proprietary data or source code and are designed with a privacy-first approach.","Artificial intelligence (AI) and machine learning (ML) in software development aren't just about helping DevOps teams reduce repetitive tasks and ship code more efficiently. AI and ML can help organizations ship better, more secure code and minimize security risk to their organization and customers.\n\nHere are a few ways AI can help bolster your organization’s security:\n\n## Mitigate security vulnerabilities faster\nWhen a security vulnerability is detected, the first step in fixing it is understanding it - and this is a place where AI stands out. Traditional methods require teams to review code for vulnerabilities manually, which can be time-consuming and prone to human error. However, with AI, developers and security teams can generate summaries of potential vulnerabilities and how attackers might exploit them. More advanced AI-powered tools can even provide a suggested mitigation with sample code for each vulnerability - giving teams actionable insights on how to reduce security risks.\n\n## Make code reviews more efficient and effective\nWhen a developer's code is ready for review, there are a few ways AI can help speed things up and help catch potential issues.\n\nAI can help the author choose the best reviewer - one who's familiar with the code base and more likely to catch important issues, and less likely to ignore the code review request, say that someone else should review it, or provide insufficient feedback. While choosing the most appropriate code reviewers can be a complex task for a human, a machine learning algorithm can analyze the changes and the project’s contribution graph to help identify reviewers.\n\nAI also can generate a summary of the merge request to help reviewers quickly understand what they're being asked to review and to ease the code review handoff process.\n\n## Generate tests to ensure proper test coverage\nThoroughly testing code changes is one of the most important ways to ensure code works as expected and doesn’t introduce security issues - but writing tests can be time-consuming and difficult, so code is often pushed to production environments without appropriate test coverage.\n\nAI can look at code changes and suggest relevant tests along with test files, so developers can spend less time thinking about and writing tests and [more time coding](https://about.gitlab.com/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity/).\n\nIn fact, many DevOps teams are already using AI to generate tests. In our [2024 survey of more than 5,000 DevSecOps professionals worldwide](https://about.gitlab.com/developer-survey/2024/ai), nearly a third (32%) of respondents whose organizations were using AI said they were using it for automated test generation.\n\n## Protect your proprietary data when using AI\nFor many organizations, it’s important that the efficiency gains of using AI and ML don’t come at the cost of privacy, security, or compliance. More than half of survey respondents (55%) said they feel that introducing AI into the software development process is risky. Concerns around privacy and data security were the top AI-related obstacle identified by respondents.\n\nBefore integrating AI into your software development processes, make sure to understand how your proprietary data will or won’t be used to train its machine learning models. Allowing DevOps teams to use the wrong AI tool can lead to painful and costly [leaks of top-secret data and source code](https://www.techradar.com/news/samsung-workers-leaked-company-secrets-by-using-chatgpt).\n\n> Find out what your DevSecOps team can do to begin to understand - and measure - the [impact of generative AI](https://about.gitlab.com/the-source/ai/how-to-put-generative-ai-to-work-in-your-devsecops-environment/).\n\n### Improve security with AI-powered DevSecOps workflows\n\nAI solutions like [GitLab Duo](https://about.gitlab.com/gitlab-duo/) can help DevOps teams use AI to improve security throughout their software development lifecycle with [capabilities](https://docs.gitlab.com/ee/user/ai_features.html) such as vulnerability summaries, suggested tests, and merge request summaries.\n\nGitLab Duo does not train ML models with customers’ proprietary data or source code and is designed with a privacy-first approach to help enterprises and regulated organizations adopt AI-powered workflows.",[525,528,531,534,537],{"header":526,"content":527},"How can AI-powered DevSecOps workflows improve software security?","AI-powered DevSecOps workflows integrate security at every stage of development by providing vulnerability detection, risk analysis, automated testing, and secure code recommendations. By leveraging AI-driven security insights, teams can ship more secure software faster while reducing manual workload and human error.",{"header":529,"content":530},"Can AI assist with test generation to improve security?","Yes, AI can automatically generate tests to ensure proper code coverage and reduce the likelihood of security vulnerabilities going undetected. By analyzing code changes, AI tools suggest relevant unit tests, integration tests, and security tests, helping DevOps teams validate software without the burden of manually writing every test case.",{"header":532,"content":533},"How can AI help DevOps teams detect and mitigate security vulnerabilities?","AI can speed up vulnerability detection and mitigation by generating summaries of security risks and suggesting actionable fixes. Instead of manually reviewing code for vulnerabilities, DevOps teams can use AI-powered security tools to analyze code, identify weaknesses, and provide remediation suggestions, reducing the time it takes to address security threats.",{"header":535,"content":536},"What security risks are associated with using AI in software development?","The biggest risks of using AI in DevOps include privacy concerns, compliance issues, and potential data leaks. Organizations should carefully evaluate AI tools to ensure they do not train machine learning models using proprietary source code. AI solutions like GitLab Duo prioritize a privacy-first approach, ensuring that sensitive data remains protected.",{"header":538,"content":539},"How does AI enhance the efficiency of code reviews?","AI improves code review efficiency by suggesting the most relevant reviewers based on contribution history and expertise. It can also generate merge request summaries, helping reviewers quickly understand the changes and focus on key security risks. This reduces bottlenecks in the review process and ensures higher-quality security assessments.","4-ways-ai-can-help-devops-teams-improve-security","content:en-us:the-source:ai:4-ways-ai-can-help-devops-teams-improve-security.yml","en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security.yml","en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security",1761852441703]