×
\
Nalini Vijayraghavan
Marketing Manager
Nalini, a Marketing Manager with over 10 years of experience in the content world. A believer in Murphy’s law, an ardent Sherlock Holmes fan, and a ... Read More

Unlocking GenAI potential for DevSecOps

DevSecOps integrates security testing across all stages of a software product lifecycle. It is a great collaboration platform for developers, the security, and operations team to work towards building efficient and secure software products through proven tools and processes.

The term DevSecOps has always given me a potluck vibe – with each team (developer, security, and operation) dishing out flavors unique to them to make what is a secure and forward-looking product.

Can GenAI be used in DevSecOps?

But in this day of GenAI, where you are forced to have a fork fight with a robot, it has become essential to know where and how much you add the spice called generative AI.

There are those typical use cases where you can get GenAI to enter through the front door with all its glory intact – content generation, data extraction, summarization, classification, and QnA.

There are a few where entry is slightly tricky since security plays a crucial role, especially when it comes to code generation.

But there lies a deep sense here, where can GenAI fit into your scheme of things? Specifically, can it fit into DevSecOps, where everyone already has their place cut out for them? Those are questions I pondered and wanted you to reflect on with me, hence the blog.

What is DevSecOps

Fig:1 What is DevSecOps?

Let’s look at how GenAI can enhance the ‘Dev’, ‘Sec’, and ‘Ops’ parts.

The ‘Dev’ part: Software Product Development and GenAI

Under DevSecOps, ‘Dev’ stands for development – the whole process of strategizing, coding, deploying, and testing your product. Generative AI seems to fit in here very easily.

Strategy and GenAI: This is where you really fulfil your KRA according to me, think out of the box. Slipping in information to your Generative AI model about what you exactly want and have can help you:

  • restructure tasks at hand
  • open some revolutionary possibilities
  • re-define approaches that you have always stood by

It could obviously enhance your product ROI by supplying some ideas for features your users are more likely to use. It could also help with creative thinking they are more likely to appreciate.

Coding and GenAI: Code generation with AI-based code generators on large language models ensures premium quality code. Use AI tools that generate code within mainstream development environments. You can also:

  • Employ AI-based code completion tools
  • Utilize features like text-to-code generation, or code summarization,
  • Leverage tools for generating contextual code

This is where generative ai can help developers not just code better but also write with greater accuracy.

Deployment, Testing, and GenAI: Doesn’t continuous delivery make it look like a hamster on a wheel situation? High performance is a necessity, and the process of continuous improvement never stops.

With continuous delivery software or software asset management tools, deployment ready code comes in handy, so automatic deployment to production doesn’t take that long.

Adding generative AI within a continuous delivery model means allowing the AI engine to:

  • learn more
  • anticipate better
  • and more importantly improve the product as a whole

The ‘Sec’ part: Security and GenAI

The ‘Sec’ or security part in DevSecOps , seems to be more important now than ever.

AI-engineered tools like ChatGPT help with generating functional code in nanoseconds but the licensing risk is huge and the potential security vulnerabilities that arise do sometimes seem dogmatic and a ludicrous misinterpretation of the oft used phrase – anyone can code.

Dog hacker

Image Source: Stable Diffusion

Side note: I was looking for a nice AI generated image on ‘dogmatic’ but I preferred this one, just for a change of mood.

It is the duty of programmers to ensure their codes do not show traces of security issues or vulnerabilities.

All said and done, GenAI can still be a useful tool for security stress testing where you can opt for:

  • a more systematic form of stress testing
  • configure servers to make small changes and optimize based on workload.

You will easily find generative AI coding tools that excel at secure code remediation of ChatGPT generated code.

This means that the ChatGPT code met your functional criteria, and the code remediation tool generates a fix to secure your code within seconds! Bonus marks to you – Your developer did not have to struggle writing reams of code against the clock.

The ‘Ops’ part: IT Operations and GenAI

We saw that in the ‘dev’ part or the development phase, GenAI can work best for code generation. When it comes to the ‘sec’ part or the security part, the power of generative AI is best leveraged in test generation. And now coming to the ‘ops’ or the operation part where product backend infrastructure plays a key role. How could generative AI fit in there?

  • GenAI for templatization: The IT operations team often creates infrastructure-as-a-code templates for seamless deployment as per compliances and policies. GenAI can augment the template.
  • GenAI for Incident tracking: Analyzing incidents, identifying patterns to pinpoint root causes means the ITOps team or SREs can leverage GenAI to augment incident responses and reduce downtime making Generative AI more reliable.

DevSecOps and GenAI: Quick swipe recap

I have always been a fan of chameleons, not because they change color often but because of their panoramic vision – they process two entirely different images – one from each eye at the same time and then accordingly attack their prey.

That’s 2 different perspectives right there in almost half the time! This is the power according to me that GenAI can give at any stage of the SDLC.

To put the union of GenAI with DevSecOps into perspective, recapitulating the use cases of GenAI in DevSecOps:

  1. Planning phase: Train GenAI models to identify potential threats from past projects to create foolproof mitigation strategies.
  2. Design and Development phase: Use AI-powered security testing tools to scan source code and generate recommendations with GenAI models.
  3. Integration phase: Make security testing tools (viz. IAST) intelligent by analyzing data flow and code behavior to identify security issues.
  4. Delivery phase: Automate security testing to manage security configurations and monitor changes real-time in pre-production environments.
  5. Deployment phase: Use AI-based RASP and SIEM tools for real-time security alerts and blocks.

AI-powered DevSecOps for your product

What are your to-dos when you decide to add GenAI into your DevSecOps? Here are some ideas you can use during implementation:

  • Evaluate: Determine the areas without automation and security gaps. Review your tools and processes, have use cases to prove you need AI-powered DevSecOps for your product.
  • Choose: If all the boxes have been checked, then look for tools that fit right into your entire SDLC ones that scale as you prefer and can integrate fantastically with your existing environment.
  • Implement: Once you choose the tool and both your GenAI model and your teams have been trained, opt for a phase-wise implementation, just to avoid culture shocks (coffee shots are fine…)
  • Adjust: If I haven’t laid enough emphasis – iteration, iteration, iteration. Review if the implementation is on the right course and make a course correction (read through that thick security policy book once more or probe the AI tool) at all points if required.

Oh, and it goes without saying that if there is better technology out there get your artificial intelligence tool to see how you can add to fit into your product and also feedback from the team is equally important – who better to have faith in!

Reach out to us if you would like to know more about our services.

subscribe image

Subscribe to our
fortnightly newsletter!

we'll keep you in the loop with everything that's trending in the tech world.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Accept Cookie policy