In the landscape of software development, particularly within the DevSecOps pipeline, artificial intelligence (AI) can help address inefficiencies and streamline workflows. Among the most time-consuming tasks in this arena are code creation, test generation, and the review process. AI technologies, such as code generators and AI-driven test creation tools, tackle these areas head-on, enhancing productivity and quality. For instance, AI can automate boilerplate code generation, offer real-time code suggestions, and facilitate the creation of comprehensive tests, including regression and unit tests. These capabilities speed up the development process and significantly reduce the potential for human error.
In the realm of operations, AI’s role is equally pivotal. CI/CD pipelines, a critical component of modern software development practices, benefit from AI through automated debugging, root cause analysis using machine learning algorithms, and observability improvements. Tools like k8sgpt and Ollama Mistral LLM analyze deployment logs and summarize critical data, allowing for quicker and more accurate decision-making. Furthermore, AI’s application in resource analysis and sustainability, exemplified by tools like Kepler, underscores the technology’s ability to optimize operations for efficiency and environmental impact.
Lastly, security within DevSecOps benefits greatly from AI, with innovations such as AI guardrails and vulnerability management systems. AI can explain security vulnerabilities clearly and recommend or implement resolutions, safeguarding applications against potential threats. Moreover, through features like controlled access to AI models and prompt validation, AI’s contribution to privacy and data security enhances the overall security posture. Transparency in AI usage and adherence to ethical principles in product development further build trust in these technologies.
After the session, InfoQ interviewed Michael Friedlich about how AI can help with DevSecOps.
InfoQ: Given your emphasis on AI’s role in streamlining DevSecOps workflows and improving efficiency, how do you suggest organizations balance the drive for rapid innovation and deployment with the imperative to maintain robust security practices?
Michael Friedrich: Think of the following steps in your AI adoption journey into DevSecOps:
Start with an assessment of your workflows and their importance for efficiency
Establish guardrails for AI, including data security, validation metrics, etc.
Require impact analysis beyond developer productivity. How will AI accelerate and motivate all teams and workflows?
Existing DevSecOps workflows are required to verify AI-generated code, including security scanning, compliance frameworks, code quality, test coverage, performance observability, and more.
I’m referencing an article from the GitLab blog in my talk. The discussions with our customers and everyone involved at GitLab inspired me to think beyond workflows and encourage users to plan their AI adoption strategically.
InfoQ: Specifically, could you share your thoughts on integrating AI tools without compromising security standards, especially when dealing with sensitive data and complex infrastructure?
Michael Friedrich: A common concern is how sensitive data is being used with AI tools. Users need transparent information on data security, privacy, and how the data is used. For example, a friend works in the automotive industry with highly sophisticated and complex algorithms for car lighting. This code must never leave their network and brings new challenges with AI adoption and SaaS models. Additionally, code must not be used to train public models and potentially be leaked into someone else’s code base. The demand for local LLMs and custom-trained models increased in 2024, and I believe that vendors are working hard to address these customer concerns.
Another example is prompts that could expose sensitive infrastructure data (FQDNs, path names, etc.) in infrastructure and cloud-native deployment logs. Specific filters and policies must be installed, and refined controls on how users adopt AI must be added to their workflows. Root cause analysis in failed CI/CD pipelines is helpful for developers but could require filtered logs for AI-assisted analysis.
I recommend asking AI vendors about AI guardrails and continuing the conversation when information remains unclear. Encourage them to create an AI Transparency Center and follow the example at https://about.gitlab.com/ai-transparency-center/. Lastly, transparency on guardrails is a requirement when evaluating AI tools and platforms.
InfoQ: You highlighted several pain points within DevSecOps workflows, including maintaining legacy code and analyzing the impact of security vulnerabilities. How do you envision AI contributing to managing or reducing technical debt, particularly in legacy systems that might not have been designed with modern DevOps practices in mind?
Michael Friedrich: Companies that have not yet migrated to cloud-native technologies or refactored their code base to modern frameworks will need assistance. In earlier days, this was achieved through automation or rewriting everything from scratch. However, this is a time-consuming process that requires a lot of research, especially when source code, infrastructure, and workflows are not well documented.
The challenges are multi-faceted: Once you understand the source code, algorithms, frameworks, and dependencies, how would you ensure that nothing breaks on changes? Tests can be generated with the help of AI, and creating a safety net for more extensive refactoring activities also helps with AI-generated code. Refactoring code can add new bugs and security vulnerabilities, requiring existing DevSecOps platforms with quality and security scanning. The challenges don’t stop there – CI/CD pipelines might fail, cloud deployments run into resource and cost explosions, and the feedback loop in DevSecOps starts anew – new features and migration plans.
My advice is to adapt AI-powered workflows in iterations. Identify the most pressing or lightweight approach for your teams and ensure that guardrails and impact analysis are in place.
For example, start with code suggestions, add code explanations and vulnerability explanations as helpful knowledge assistance, continue with chat prompts, and use Retrieval Augmented Generation (RAG) to enrich answers with custom knowledge base data (e.g., from documentation in a Git repository, using the Markdown format).
If teams benefit better from AI-assisted code reviews and issue discussion summaries, shift your focus there. If developers spend most of their time looking at long-running CI/CD pipelines with a failure rate of 90%, invest in root cause analysis first. If releases are always delayed because of last-minute regressions and security vulnerability reviews, start with test generation and security explanation and resolution.
InfoQ: Are there AI-driven strategies or tools that can help bridge the gap between older architectures and the requirements of contemporary DevSecOps pipelines?
Michael Friedrich: Follow the development pattern of “explain, add tests, refactor”; and add security patterns, preferably on a DevSecOps platform where all data for measuring the impact comes together in dashboards. Take the opportunity to review tool sprawl and move from DIY DevOps to the platform approach for more excellent efficiency benefits.
Speaking from my own experience, I had to fix complex security vulnerabilities many years ago, and these fixes had broken critical functionalities in the product of my previous company. I have also introduced performance regressions and deadlocks, which are hard to trace and find in production environments. Think of a distributed cloud environment with many agents, satellites, and a central management instance. If I had AI-assisted help, understanding the CVE and proposed fix could have avoided months of debugging regressions. A conversational chat prompt also invites follow-up questions, such as “Explain how this code change could create performance regressions and bugs in a distributed C++ project context.”
I’ve also learned that LLMs are capable of refactoring code into different programming languages, for example, C into Rust, solving a problem with memory safety and more robust code. This strategy can help migrate the code base in iterations to a new programming language and/or framework.
I’m also excited about AI agents and how they will aid code analysis, provide migration strategies, and help companies understand the challenges with older architectures and modern DevSecOps pipelines. For example, I would love to have AI-assisted incident analysis with querying live data in your cloud environment through LLM function calls. This aids Observability insights for more informed prompts and could result in infrastructure security and cost optimization proposals through automated Merge Requests.
Companies working in the open, i.e., through open source or core models, can co-create with their customers. More refined issue summaries, better code reviews, and guided security explanations and resolutions will help everyone contribute, with a bit of help from AI.
CHICAGO (AP) — United Airlines has struck a deal with Elon Musk’s SpaceX to offer satellite-based Starlink WiFi service on flights within the next several years.
The airline said Friday the service will be free to passengers.
United said it will begin testing the service early next year and begin offering it on some flights by later in 2025.
Financial details of the deal were not disclosed.
The announcement comes as airlines rush to offer more amenities as a way to stand out when passengers pick a carrier for a trip. United’s goal is to make sitting on a plane pretty much like being on the ground when it comes to browsing the internet, streaming entertainment and playing games.
“Everything you can do on the ground, you’ll soon be able to do on board a United plane at 35,000 feet, just about anywhere in the world,” CEO Scott Kirby said in announcing the deal.
The airline says Starlink will allow passengers to get internet access even over oceans and polar regions where traditional cell or Wi-Fi signals may be weak or missing.
Sony has made it easy for Canadian consumers to preorder the PlayStation 5 Pro in Canada directly from PlayStation’s official website. Here’s how:
Visit the Official Website: Go to direct.playstation.com and navigate to the PS5 Pro section once preorders go live on September 26, 2024.
Create or Log in to Your PlayStation Account: If you don’t have a PlayStation account, you will need to create one. Existing users can simply log in to proceed.
Place Your Preorder: Once logged in, follow the instructions to preorder your PS5 Pro. Ensure you have a valid payment method ready and double-check your shipping information for accuracy.
Preorder Through Major Canadian Retailers
While preordering directly from PlayStation is a popular option, you can also secure your PS5 Pro through trusted Canadian retailers. These retailers are expected to offer preorders on or after September 26:
Best Buy Canada
Walmart Canada
EB Games (GameStop)
Amazon Canada
The Source
Steps to Preorder via Canadian Retailers:
Visit Retailer Websites: Search for “PlayStation 5 Pro” on the website of your preferred retailer starting on September 26.
Create or Log in to Your Account: If you’re shopping online, having an account with the retailer can speed up the preorder process.
Preorder in Store: For those who prefer in-person shopping, check with local stores regarding availability and preorder policies.
3. Sign Up for Notifications
Many retailers and websites offer the option to sign up for notifications when the preorder goes live. If you’re worried about missing out due to high demand, this can be a useful option.
Visit Retailer Sites: Look for a “Notify Me” or “Email Alerts” option and enter your email to stay informed.
Use PlayStation Alerts: Sign up for notifications directly through Sony to be one of the first to know when preorders are available.
4. Prepare for High Demand
Preordering the PS5 Pro is expected to be competitive, with high demand likely to result in quick sellouts, just as with the initial release of the original PS5. To maximize your chances of securing a preorder:
Act Quickly: Be prepared to place your order as soon as preorders open. Timing is key, as stock can run out within minutes.
Double-Check Payment Information: Ensure your credit card or payment method is ready to go. Any delays during the checkout process could result in losing your spot.
Stay Informed: Monitor PlayStation and retailer websites for updates on restocks or additional preorder windows.
Final Thoughts
The PlayStation 5 Pro is set to take gaming to the next level with its enhanced performance, graphics, and new features. Canadian gamers should be ready to act fast when preorders open on September 26, 2024, to secure their console ahead of the holiday season. Whether you choose to preorder through PlayStation’s official website or your preferred retailer, following the steps outlined above will help ensure a smooth and successful preorder experience.
For more details on the PS5 Pro and to preorder, visit direct.playstation.com or stay tuned to updates from major Canadian retailers.
Since the PlayStation 5 (PS5) launched four years ago, PlayStation has continuously evolved to meet the demands of its players. Today, we are excited to announce the next step in this journey: the PlayStation 5 Pro. Designed for the most dedicated players and game creators, the PS5 Pro brings groundbreaking advancements in gaming hardware, raising the bar for what’s possible.
Key Features of the PS5 Pro
The PS5 Pro comes equipped with several key performance enhancements, addressing the requests of gamers for smoother, higher-quality graphics at a consistent 60 frames per second (FPS). The console’s standout features include:
Upgraded GPU: The PS5 Pro’s GPU boasts 67% more Compute Units than the current PS5, combined with 28% faster memory. This allows for up to 45% faster rendering speeds, ensuring a smoother gaming experience.
Advanced Ray Tracing: Ray tracing capabilities have been significantly enhanced, with reflections and refractions of light being processed at double or triple the speed of the current PS5, creating more dynamic visuals.
AI-Driven Upscaling: Introducing PlayStation Spectral Super Resolution, an AI-based upscaling technology that adds extraordinary detail to images, resulting in sharper image clarity.
Backward Compatibility & Game Boost: More than 8,500 PS4 games playable on PS5 Pro will benefit from PS5 Pro Game Boost, stabilizing or enhancing performance. PS4 games will also see improved resolution on select titles.
VRR & 8K Support: The PS5 Pro supports Variable Refresh Rate (VRR) and 8K gaming for the ultimate visual experience, while also launching with the latest wireless technology, Wi-Fi 7, in supported regions.
Optimized Games & Patches
Game creators have quickly embraced the new technology that comes with the PS5 Pro. Many games will receive free updates to take full advantage of the console’s new features, labeled as PS5 Pro Enhanced. Some of the highly anticipated titles include:
Alan Wake 2
Assassin’s Creed: Shadows
Demon’s Souls
Dragon’s Dogma 2
Final Fantasy 7 Rebirth
Gran Turismo 7
Marvel’s Spider-Man 2
Ratchet & Clank: Rift Apart
Horizon Forbidden West
These updates will allow players to experience their favorite games at a higher fidelity, taking full advantage of the console’s improved graphics and performance.
Design & Compatibility
Maintaining consistency within the PS5 family, the PS5 Pro retains the same height and width as the original PS5 model. Players will also have the option to add an Ultra HD Blu-ray Disc Drive or swap console covers when available.
Additionally, the PS5 Pro is fully compatible with all existing PS5 accessories, including the PlayStation VR2, DualSense Edge, Pulse Elite, and Access controller. This ensures seamless integration into your current gaming setup.
Pricing & Availability
The PS5 Pro will be available starting November 7, 2024, at a manufacturer’s suggested retail price (MSRP) of:
$699.99 USD
$949.99 CAD
£699.99 GBP
€799.99 EUR
¥119,980 JPY
Each PS5 Pro comes with a 2TB SSD, a DualSense wireless controller, and a copy of Astro’s Playroom pre-installed. Pre-orders begin on September 26, 2024, and the console will be available at participating retailers and directly from PlayStation via direct.playstation.com.
The launch of the PS5 Pro marks a new chapter in PlayStation’s commitment to delivering cutting-edge gaming experiences. Whether players choose the standard PS5 or the PS5 Pro, PlayStation aims to provide the best possible gaming experience for everyone.
Preorder your PS5 Pro and step into the next generation of gaming this holiday season.
