Image Credits:<\/strong> GitLab<\/p>\n<\/div>\n

The new \u201cexplain this vulnerability\u201d feature will try to help teams find the best way to fix a vulnerability within the context of code base. It\u2019s this context that makes the difference here, as the tool is able to combine the basic info about the vulnerability with specific insights from the user\u2019s code. This should make it easier and faster to remediate these issues.<\/p>\n

The company calls its overall philosophy behind adding AI features \u201cvelocity with guardrails,\u201d that is, the combination of AI code and test generation backed by the company\u2019s full-stack DevSecOps platform to ensure that whatever the AI generates can be deployed safely.<\/p>\n

GitLab also stressed that all of its AI features are built with privacy in mind. \u201cIf we<\/span> are<\/span> touching<\/span> your<\/span> intellectual<\/span> property,<\/span> which<\/span> is<\/span> code<\/span>, we<\/span> are<\/span> only<\/span> going<\/span> to<\/span> be<\/span> sending<\/span> that<\/span> to<\/span> a<\/span> model<\/span> that<\/span> is<\/span> GitLabs or<\/span> is<\/span> within the GitLab <\/span>cloud<\/span> architecture,\u201d GitLab CPO David DeSanto told me. \u201cThe<\/span> reason why that\u2019s important to us \u2014 and this goes back to enterprise<\/span> DevSecOps \u2014 is that our<\/span> customers<\/span> are<\/span> heavily<\/span> regulated.<\/span> Our<\/span> customers<\/span> are<\/span> usually<\/span> very<\/span> security<\/span> and<\/span> compliance<\/span> conscious,<\/span> and<\/span> we<\/span> knew<\/span> we<\/span> could<\/span> not<\/span> build<\/span> a<\/span> code<\/span> suggestions<\/span> solution<\/span> that<\/span> required<\/span> us<\/span> sending<\/span> it<\/span> to<\/span> a<\/span> third-<\/span>party<\/span> AI.\u201d He also noted that GitLab won\u2019t use its customers\u2019 private data to train its models.\u00a0<\/span><\/span><\/p>\n

DeSanto stressed that GitLab\u2019s overall goal for its AI initiative is to 10x efficiency \u2014 and not just the efficiency of the individual developer but the overall development lifecycle. As he rightly noted, even if you could 100x a developer\u2019s productivity, inefficiencies further downstream in reviewing that code and putting it into production could easily negate that.<\/p>\n

\u201cIf<\/span> development<\/span> is<\/span> 20%<\/span> of<\/span> the<\/span> life<\/span> cycle,<\/span> even<\/span> if we make<\/span> that<\/span> 50%<\/span> more<\/span> effective, you\u2019re <\/span>not<\/span> really<\/span> going<\/span> to<\/span> feel<\/span> it,\u201d DeSanto said.<\/span> \u201cNow,<\/span> if<\/span> we<\/span> make<\/span> the<\/span> security<\/span> teams,<\/span> the<\/span> operations<\/span> teams,<\/span> the<\/span> compliance teams also<\/span> more<\/span> efficient, <\/span>then<\/span> as<\/span> an<\/span> organization,<\/span> you\u2019re<\/span> going<\/span> to<\/span> see<\/span> it.\u201d<\/span><\/p>\n

The \u201cexplain this code\u201d feature, for example, has turned out to be quite useful not just for developers but also QA and security teams, which now get a better understanding of what they should test. That, surely, was also why GitLab expanded it to explain vulnerabilities as well. In the long run, the idea here is to build features to help these teams automatically generate unit tests and security reviews \u2014 which would then be integrated into the overall GitLab platform.<\/p>\n