Software Engineering | 06 Oct 2023 | 13 min
DevSecOps integrates security testing across all stages of a software product lifecycle. It is a great collaboration platform for developers, the security, and operations team to work towards building efficient and secure software products through proven tools and processes.
The term DevSecOps has always given me a potluck vibe – with each team (developer, security, and operation) dishing out flavors unique to them to make what is a secure and forward-looking product.
But in this day of GenAI, where you are forced to have a fork fight with a robot, it has become essential to know where and how much you add the spice called generative AI.
There are those typical use cases where you can get GenAI to enter through the front door with all its glory intact – content generation, data extraction, summarization, classification, and QnA.
There are a few where entry is slightly tricky since security plays a crucial role, especially when it comes to code generation.
But there lies a deep sense here, where can GenAI fit into your scheme of things? Specifically, can it fit into DevSecOps, where everyone already has their place cut out for them? Those are questions I pondered and wanted you to reflect on with me, hence the blog.
Fig:1 What is DevSecOps?
Let’s look at how GenAI can enhance the ‘Dev’, ‘Sec’, and ‘Ops’ parts.
Under DevSecOps, ‘Dev’ stands for development – the whole process of strategizing, coding, deploying, and testing your product. Generative AI seems to fit in here very easily.
Strategy and GenAI: This is where you really fulfil your KRA according to me, think out of the box. Slipping in information to your Generative AI model about what you exactly want and have can help you:
It could obviously enhance your product ROI by supplying some ideas for features your users are more likely to use. It could also help with creative thinking they are more likely to appreciate.
Coding and GenAI: Code generation with AI-based code generators on large language models ensures premium quality code. Use AI tools that generate code within mainstream development environments. You can also:
This is where generative ai can help developers not just code better but also write with greater accuracy.
Deployment, Testing, and GenAI: Doesn’t continuous delivery make it look like a hamster on a wheel situation? High performance is a necessity, and the process of continuous improvement never stops.
With continuous delivery software or software asset management tools, deployment ready code comes in handy, so automatic deployment to production doesn’t take that long.
Adding generative AI within a continuous delivery model means allowing the AI engine to:
The ‘Sec’ or security part in DevSecOps , seems to be more important now than ever.
AI-engineered tools like ChatGPT help with generating functional code in nanoseconds but the licensing risk is huge and the potential security vulnerabilities that arise do sometimes seem dogmatic and a ludicrous misinterpretation of the oft used phrase – anyone can code.
Image Source: Stable Diffusion
Side note: I was looking for a nice AI generated image on ‘dogmatic’ but I preferred this one, just for a change of mood.
It is the duty of programmers to ensure their codes do not show traces of security issues or vulnerabilities.
All said and done, GenAI can still be a useful tool for security stress testing where you can opt for:
You will easily find generative AI coding tools that excel at secure code remediation of ChatGPT generated code.
This means that the ChatGPT code met your functional criteria, and the code remediation tool generates a fix to secure your code within seconds! Bonus marks to you – Your developer did not have to struggle writing reams of code against the clock.
The principle of DevSecOps necessitates that security be present at all stages of the software development lifecycle (SDLC) from:
We saw that in the ‘dev’ part or the development phase, GenAI can work best for code generation. When it comes to the ‘sec’ part or the security part, the power of generative AI is best leveraged in test generation. And now coming to the ‘ops’ or the operation part where product backend infrastructure plays a key role. How could generative AI fit in there?
I have always been a fan of chameleons, not because they change color often but because of their panoramic vision – they process two entirely different images – one from each eye at the same time and then accordingly attack their prey.
That’s 2 different perspectives right there in almost half the time! This is the power according to me that GenAI can give at any stage of the SDLC.
To put the union of GenAI with DevSecOps into perspective, recapitulating the use cases of GenAI in DevSecOps:
What are your to-dos when you decide to add GenAI into your DevSecOps? Here are some ideas you can use during implementation:
Oh, and it goes without saying that if there is better technology out there get your artificial intelligence tool to see how you can add to fit into your product and also feedback from the team is equally important – who better to have faith in!
Reach out to us if you would like to know more about our services.
we'll keep you in the loop with everything that's trending in the tech world.