DevSecOps company GitLab Inc. today announced an expansion of its partnership with Google Cloud to deliver new generative artificial intelligence-powered features for developers directly within its platform while maintaining security and privacy standards.

Generative AI is the technology that underlies OpenAI LP’s ChatGPT chatbot and Google Bard. It’s capable of generating new content from large sets of training data such as producing reports, summarizing large documents, doing research, generating insights, writing software code and even holding humanlike conversations.

GitLab chose Google Cloud for this partnership because of its powerful foundational enterprise AI technology and ability to protect the privacy and security of users while training AI data. This will allow GitLab to maintain its own commitment to its users by keeping the intellectual property and source code of its users within its cloud and maintain a privacy-first approach to software development while still taking advantage of Google Cloud’s AI capabilities.

In particular, GitLab will gain access to Google Cloud’s Vertex AI platform for managed machine learning that Google says can train AI models using 80% fewer lines of code than alternative platforms. It provides the same toolkit Google users internally and provides powerful training capabilities for GitLab to build its features.

“GitLab’s vision for generative AI is grounded in privacy, security, and transparency,” said David DeSanto, chief product officer at GitLab. “Our partnership with Google Cloud enables GitLab to offer private and secure AI-powered features, while maintaining customer data in our cloud infrastructure.”

The first new feature that will join GitLab’s suite of products using Google Cloud’s generative AI models will be “Explain this Vulnerability,” a capability that will enable developers to understand vulnerabilities in their code by describing the issue in natural language. It will provide them with an array of remediation possibilities and research and recommendations at the time of detection so they can quickly determine how they want to handle the issue.

Since generative AI is capable of both understanding code and natural language, it can serve as an intermediary for translating between human and software, as well as doing the necessary research into describing the underlying faults in an understandable way. That makes it an appropriate security assistant for developers, security professionals and operations teams. That in turn makes it a cross-disciplinary tool that can do more than just detect and fix problems, but also help customers speed time to delivery.

GitLab said that by using AI-assisted tools in customers’ DevSecOps lifecycle workflows, efficiency can be increased considerably by lowering discovery and research tedium. The objective of these tools is to let developers and security professionals spend more time on their work and let the AI do the drudgery.

According to GitLab’s 2023 DevSecOps Report: Security Without Sacrifices, an increasing number of developers have been using AI for testing and security with 62% of developers using AI and machine learning to check code, up from 51% in 2022.

“Organizations today are required to deliver software faster than ever before to remain competitive while requiring a stronger security posture,” said June Yang, vice president of cloud AI and industry solutions at Google Cloud. This has been driving more developers and security teams to turn to AI and machine learning tools as a way to make their jobs easier and turn the tide against security issues and stay on task.

Explain this Vulnerability will be joining a number of GitLab’s already existing artificial intelligence and machine learning enabled features including Code Suggestions, which provides suggested code during the development process, and Suggested Reviewers, which suggests who should review code before it is reviewed. GitLab is also experimenting with much more advanced features such as Explain this Code, Summarize Issue Comments and Summarize Merge Request Changes, which themselves are focused on making the everyday work of developers less of a chore.

Photo: Pixabay