GitLab announces AI-DevSecOps platform GitLab 16
GitLab announced on Monday the new GitLab 16 platform, an upgraded and comprehensive AI-driven DevSecOps solution. GitLab 16 includes more than 55 improvements and new features. Upgrades are expected to be available soon. GitLab 16 is available to customers globally and there is a Free, Premium, and Ultimate plan.
What’s new in GitLab 16?
In the GitLab 16 AI-DevSecOps platform, the most notable new technologies include the Value Stream Dashboard, the Centralized Policy Management, GitLab Dedicated and AI tools including Refactor this Code and Resolve this Vulnerability.
Value Stream Dashboard
With the new Value Stream Management, users can visualize end-to-end DevSecOps workstreams, manage software development processes and gain insight into how digital transformation and technology investments are delivering value and driving business results (Figure A).
The dashboard enables users with an enterprise-wide view of DevSecOps metrics, cycle times and other vital metrics like critical vulnerabilities and deployment frequency. GitLab offers actionable reporting on common workflows and metrics, with nothing to install or configure. Those who want to dive deeper can customize metric tracking using the GitLab data store.
“GitLab helps organizations build better, more secure software faster, increase operational efficiency and reduce security and compliance risk,” David DeSanto, chief product officer at GitLab, explained. “GitLab 16 aims to make these results attainable for organizations of every size, from startups to large enterprises, and scales with them as they grow.”
The Value Stream Dashboard can:
- Compare metrics over periods.
- Identify downward trends early.
- Reveal security exposure issues.
- Deep dive into individual projects or metrics to take action.
- Provide visibility and data accessibility to all stakeholders from executives to contributors.
- Identify waste and inefficiencies to optimize workstreams.
- View and manage end-to-end processes.
- Track flows and accelerates.
- Use DORA4 metrics to benchmark DevSecOps maturity.
- Monitor lead time for change and deployment frequency to measure DevSecOps process efficiency.
Supply chain security
GitLab’s existing tools help teams balance speed and security by automating software delivery and securing customers’ end-to-end software supply chain. With GitLab 16, companies will benefit from new security features to start, scale and secure their software supply chains, as well as gain complete visibility into their threat landscape and establish policies to aid compliance (Figure B).
New supply chain security features for GitLab 16 include:
- Enhanced centralized policy management.
- Expanded compliance reports and controls.
- Compliance dashboards.
- Default SLSA Level 3 attestations.
GitLab Dedicated: Compliance and regulatory tech
GitLab 16 will include GitLab Dedicated. This feature is currently under limited availability and will be made generally available.
GitLab Dedicated is a single-tenant software-as-a-service solution that provides organizations within highly regulated industries the tools to meet complex compliance requirements. Its main benefits are data residency, isolation and private networking.
With GitLab Dedicated, GitLab fully manages and hosts each single-tenant instance with data isolation and residency.
“GitLab continues to develop our platform and its capabilities with security and compliance in mind, which is key for organizations in highly regulated industries and the public sector,” DeSanto said.
DeSanto gave the example of Lockheed Martin. The American defense contractor recently revealed how it streamlined software development and deployment, reduced system maintenance times by 90% and strengthened security by partnering with GitLab and AWS.
GitLab solutions include AI-powered features including Code Suggestions, Explain This Code, Explain This Vulnerability and Value Stream Forecasting. GitLab 16 adds new AI tools: Refactor This Code and Resolve This Vulnerability. With these tools, the company moves from using AI to identify threats, explain code and predict future cycles of the value stream to using AI technology to take actions and solve problems.
GitLab AI-driven workflows can:
- Drive efficiency and reduce cycle times for every phase of the software development lifecycle.
- Ensure privacy.
- Support all supply chain teams.
- Speed up and improve the efficiency of code writing.
- Predict productivity and detect anomalies.
- Help remediate vulnerabilities.
- Keep talent up to date by explaining source code.
- Refactor code.
- Resolve vulnerabilities automatically.
DevSecOps shifting left with innovation and AI
GitLab 16 is a direct response to market demands that call for the consolidation of DevSecOps tools and the use of AI to develop better software and ship it faster.
“Dev, Sec and Ops teams are feeling more pressure when it comes to toolchain management,” said DeSanto. “The economy has constrained, budgets have tightened, and DevSecOps professionals are being tasked to ‘do more with less’ as organizations aim to ship software faster and more efficiently.”
GitLab surveyed 5,000 DevSecOps professionals to gain insight into priorities and the state of software development, security and operations. The 2023 Global DevSecOps Report Security Without Sacrifices revealed that 74% of security professionals have shifted security left or plan to in the next three years.
Shift left is a significant change in how software is traditionally developed, moving security, compliance, testing, quality and performance evaluation to early stages of the software development. The GitLab survey also showed that leading developers believe there are too many technology tools. Over half (66%) of those surveyed said they want to consolidate their toolchains.
SEE: DevSecOps: AI is reshaping developer roles, but it’s not all smooth sailing (TechRepublic)
But the major disrupting force in DevSecOps is innovation: 61% of developers say they already use AI and machine learning to check code, up from 51% in 2022. GitLab also found that security, efficiency and automation were the top benefits of a DevSecOps platform.
“GitLab’s new AI-assisted and workflow-focused capabilities aim to meet the industry demand by helping software developers improve their productivity and the security of their code,” DeSanto said. “AI and machine learning are becoming critical components of DevSecOps workflows.”
In a recent blog about GitLab 16, the company highlighted features that build on its AI-assisted features: remote development workspaces, more powerful GitLab SaaS runners and comment templates, as well as its improved AI-powered Code Suggestions.
Top GitLab alternatives
The top alternatives to GitLab in 2023 according to Gartner Peer Insights reviews are Red Hat Ansible Automation Platform, Octopus Deploy, Azure Pipelines, IBM Urban Code Deploy, CloudBees and Micro Focus Release Control.
SEE: GitLab CI/CD Tool Review (TechRepublic)
All leading software development solutions are integrating AI tools into their software. With high-rating reviews, vendors compete heavily in the software developers’ market, which is expected to generate $659 billion in revenue worldwide in 2023.
What sets GitLab apart in the software development market?
GitLab differentiates itself from other vendors by offering a unique approach to DevSecOps. It’s popular among developers because most of the tools they need are available and built into the platform. Continuous integration, development and upgrades are the key to its success.
In addition, GitLab is constantly upgrading and enhancing its platform. The GitLab 16.1 releases are already detailed on the company’s upcoming releases page. GitLab remains highly competitive, with more than 30 million registered users and more than 50% of the Fortune 100 companies using its platform and technologies to develop and ship software.
“We believe that the transformative value of AI comes from incorporating it across job functions, not just in code creation,” DeSanto said. “Implementing AI throughout our product helps us meet the demands of the industry and support customers who are looking to improve efficiency, integrate security and deliver software at the speed of the market.”