An Erawan release of the DevSecOps platform from Digtal.ai adds an ability to automated applications security along with integration with Backstage, an open-source internal developer platform originally developed by Spotify that is now being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).

In addition, Digital.ai is tightening its integration with the Microsoft Azure cloud platform by making it simpler to validate and manage Helm charts.

Digital.ai CEO Derek Holt said as the pace of application development starts to further accelerate, thanks to the rise of generative artificial intelligence (AI) tools, organizations will need to revisit their DevSecOps workflows. Specifically, they will need a platform with the governance capabilities required, to ensure that only code that has been thoroughly reviewed and tested makes it into a production environment, said Holt.

The company is also working toward adding generative AI tools to its DevSecOps platform to make it simpler to manage code bases that are about to rapidly expand, he noted. Digital.ai has been laying the foundation for that effort via a Digital.ai Intelligence data lake that already applies predictive machine learning algorithms to data collected by both Digital.ai and third-party partners, said Holt.

Over time, many of the capabilities of individual tools that DevSecOps teams once needed to integrate are becoming features of a larger platform to enable DevSecOps teams to better embrace platform engineering as a methodology for managing DevSecOps workflows at scale, he noted.

There are no shortage of options when it comes to DevSecOps platforms, but the ability to apply software engineering intelligence across normalized data collected from increasingly hybrid application development environments will prove crucial, added Holt.

Best DevOps Practices

It’s not clear to what degree organizations that have already invested in a DevOps platform might be willing to switch platforms in the age of AI-assisted application development. However, the number of organizations that will be able to create and deploy custom applications is about to substantially increase. Many of those organizations will eventually need to adopt a set of best DevSecOps practices at a time when governments around the world are moving to hold organizations that build and deploy software more accountable for application security.

In the meantime, DevSecOps teams should assume the amount of code simultaneously moving across pipelines will increase as developers take advantage of various generative AI tools to help them write. The challenge is the first generation of these tools has been trained using code samples of varying quality collected from across the internet. As such, the code generated by these tools might have known vulnerabilities or might not in some cases work at all. Each DevSecOps team, as always, will need to verify that code — regardless of whether it was created by a human or a machine — can be used in a production environment.

After all, the benefits of rapidly building applications are generally erased if the end-user experience deteriorates to the point where DevSecOps teams spend more time troubleshooting existing applications than deploying new ones.