[{"data":1,"prerenderedAt":491},["ShallowReactive",2],{"/en-us/the-source/authors/dave-steer/":3,"footer-en-us":32,"the-source-navigation-en-us":340,"the-source-newsletter-en-us":367,"dave-steer-articles-list-authors-en-us":379,"dave-steer-articles-list-en-us":410,"dave-steer-page-categories-en-us":490},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":12,"type":24,"slug":25,"_id":26,"_type":27,"title":11,"_source":28,"_file":29,"_stem":30,"_extension":31},"/en-us/the-source/authors/dave-steer","authors",false,"",{"layout":9},"the-source",{"title":11},"Dave Steer",[13,22],{"componentName":14,"type":14,"componentContent":15},"TheSourceAuthorHero",{"config":16,"name":11,"role":18,"headshot":19},{"gitlabHandle":17},"dsteer","Vice President, Product Marketing",{"altText":11,"config":20},{"src":21},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463457/zbtapdkglu3yb9suaq7w.png",{"componentName":23,"type":23},"TheSourceArticlesList","author","dave-steer","content:en-us:the-source:authors:dave-steer.yml","yaml","content","en-us/the-source/authors/dave-steer.yml","en-us/the-source/authors/dave-steer","yml",{"_path":33,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":35,"_id":336,"_type":27,"title":337,"_source":28,"_file":338,"_stem":339,"_extension":31},"/shared/en-us/main-footer","en-us",{"text":36,"source":37,"edit":43,"contribute":48,"config":53,"items":58,"minimal":328},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":38,"config":39},"View page source",{"href":40,"dataGaName":41,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":44,"config":45},"Edit this page",{"href":46,"dataGaName":47,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":49,"config":50},"Please contribute",{"href":51,"dataGaName":52,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":54,"facebook":55,"youtube":56,"linkedin":57},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[59,86,159,227,289],{"title":60,"links":61,"subMenu":67},"Platform",[62],{"text":63,"config":64},"DevSecOps platform",{"href":65,"dataGaName":66,"dataGaLocation":42},"/platform/","devsecops platform",[68],{"title":69,"links":70},"Pricing",[71,76,81],{"text":72,"config":73},"View plans",{"href":74,"dataGaName":75,"dataGaLocation":42},"/pricing/","view plans",{"text":77,"config":78},"Why Premium?",{"href":79,"dataGaName":80,"dataGaLocation":42},"/pricing/premium/","why premium",{"text":82,"config":83},"Why Ultimate?",{"href":84,"dataGaName":85,"dataGaLocation":42},"/pricing/ultimate/","why ultimate",{"title":87,"links":88},"Solutions",[89,94,99,104,109,114,119,124,129,134,139,144,149,154],{"text":90,"config":91},"Digital transformation",{"href":92,"dataGaName":93,"dataGaLocation":42},"/topics/digital-transformation/","digital transformation",{"text":95,"config":96},"Security & Compliance",{"href":97,"dataGaName":98,"dataGaLocation":42},"/solutions/security-compliance/","security & compliance",{"text":100,"config":101},"Automated software delivery",{"href":102,"dataGaName":103,"dataGaLocation":42},"/solutions/delivery-automation/","automated software delivery",{"text":105,"config":106},"Agile development",{"href":107,"dataGaName":108,"dataGaLocation":42},"/solutions/agile-delivery/","agile delivery",{"text":110,"config":111},"Cloud transformation",{"href":112,"dataGaName":113,"dataGaLocation":42},"/topics/cloud-native/","cloud transformation",{"text":115,"config":116},"SCM",{"href":117,"dataGaName":118,"dataGaLocation":42},"/solutions/source-code-management/","source code management",{"text":120,"config":121},"CI/CD",{"href":122,"dataGaName":123,"dataGaLocation":42},"/solutions/continuous-integration/","continuous integration & delivery",{"text":125,"config":126},"Value stream management",{"href":127,"dataGaName":128,"dataGaLocation":42},"/solutions/value-stream-management/","value stream management",{"text":130,"config":131},"GitOps",{"href":132,"dataGaName":133,"dataGaLocation":42},"/solutions/gitops/","gitops",{"text":135,"config":136},"Enterprise",{"href":137,"dataGaName":138,"dataGaLocation":42},"/enterprise/","enterprise",{"text":140,"config":141},"Small business",{"href":142,"dataGaName":143,"dataGaLocation":42},"/small-business/","small business",{"text":145,"config":146},"Public sector",{"href":147,"dataGaName":148,"dataGaLocation":42},"/solutions/public-sector/","public sector",{"text":150,"config":151},"Education",{"href":152,"dataGaName":153,"dataGaLocation":42},"/solutions/education/","education",{"text":155,"config":156},"Financial services",{"href":157,"dataGaName":158,"dataGaLocation":42},"/solutions/finance/","financial services",{"title":160,"links":161},"Resources",[162,167,172,177,182,187,192,197,202,207,212,217,222],{"text":163,"config":164},"Install",{"href":165,"dataGaName":166,"dataGaLocation":42},"/install/","install",{"text":168,"config":169},"Quick start guides",{"href":170,"dataGaName":171,"dataGaLocation":42},"/get-started/","quick setup checklists",{"text":173,"config":174},"Learn",{"href":175,"dataGaName":176,"dataGaLocation":42},"https://university.gitlab.com/","learn",{"text":178,"config":179},"Product documentation",{"href":180,"dataGaName":181,"dataGaLocation":42},"https://docs.gitlab.com/","docs",{"text":183,"config":184},"Blog",{"href":185,"dataGaName":186,"dataGaLocation":42},"/blog/","blog",{"text":188,"config":189},"Customer success stories",{"href":190,"dataGaName":191,"dataGaLocation":42},"/customers/","customer success stories",{"text":193,"config":194},"Remote",{"href":195,"dataGaName":196,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":198,"config":199},"GitLab Services",{"href":200,"dataGaName":201,"dataGaLocation":42},"/services/","services",{"text":203,"config":204},"TeamOps",{"href":205,"dataGaName":206,"dataGaLocation":42},"/teamops/","teamops",{"text":208,"config":209},"Community",{"href":210,"dataGaName":211,"dataGaLocation":42},"/community/","community",{"text":213,"config":214},"Forum",{"href":215,"dataGaName":216,"dataGaLocation":42},"https://forum.gitlab.com/","forum",{"text":218,"config":219},"Events",{"href":220,"dataGaName":221,"dataGaLocation":42},"/events/","events",{"text":223,"config":224},"Partners",{"href":225,"dataGaName":226,"dataGaLocation":42},"/partners/","partners",{"title":228,"links":229},"Company",[230,235,240,245,250,255,260,264,269,274,279,284],{"text":231,"config":232},"About",{"href":233,"dataGaName":234,"dataGaLocation":42},"/company/","company",{"text":236,"config":237},"Jobs",{"href":238,"dataGaName":239,"dataGaLocation":42},"/jobs/","jobs",{"text":241,"config":242},"Leadership",{"href":243,"dataGaName":244,"dataGaLocation":42},"/company/team/e-group/","leadership",{"text":246,"config":247},"Team",{"href":248,"dataGaName":249,"dataGaLocation":42},"/company/team/","team",{"text":251,"config":252},"Handbook",{"href":253,"dataGaName":254,"dataGaLocation":42},"https://handbook.gitlab.com/","handbook",{"text":256,"config":257},"Investor relations",{"href":258,"dataGaName":259,"dataGaLocation":42},"https://ir.gitlab.com/","investor relations",{"text":261,"config":262},"Sustainability",{"href":263,"dataGaName":261,"dataGaLocation":42},"/sustainability/",{"text":265,"config":266},"Diversity, inclusion and belonging (DIB)",{"href":267,"dataGaName":268,"dataGaLocation":42},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":270,"config":271},"Trust Center",{"href":272,"dataGaName":273,"dataGaLocation":42},"/security/","trust center",{"text":275,"config":276},"Newsletter",{"href":277,"dataGaName":278,"dataGaLocation":42},"/company/contact/","newsletter",{"text":280,"config":281},"Press",{"href":282,"dataGaName":283,"dataGaLocation":42},"/press/","press",{"text":285,"config":286},"Modern Slavery Transparency Statement",{"href":287,"dataGaName":288,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":290,"links":291},"Contact Us",[292,297,302,307,312,317,322],{"text":293,"config":294},"Contact an expert",{"href":295,"dataGaName":296,"dataGaLocation":42},"/sales/","sales",{"text":298,"config":299},"Get help",{"href":300,"dataGaName":301,"dataGaLocation":42},"/support/","get help",{"text":303,"config":304},"Customer portal",{"href":305,"dataGaName":306,"dataGaLocation":42},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":308,"config":309},"Status",{"href":310,"dataGaName":311,"dataGaLocation":42},"https://status.gitlab.com/","status",{"text":313,"config":314},"Terms of use",{"href":315,"dataGaName":316,"dataGaLocation":42},"/terms/","terms of use",{"text":318,"config":319},"Privacy statement",{"href":320,"dataGaName":321,"dataGaLocation":42},"/privacy/","privacy statement",{"text":323,"config":324},"Cookie preferences",{"dataGaName":325,"dataGaLocation":42,"id":326,"isOneTrustButton":327},"cookie preferences","ot-sdk-btn",true,{"items":329},[330,332,334],{"text":313,"config":331},{"href":315,"dataGaName":316,"dataGaLocation":42},{"text":318,"config":333},{"href":320,"dataGaName":321,"dataGaLocation":42},{"text":323,"config":335},{"dataGaName":325,"dataGaLocation":42,"id":326,"isOneTrustButton":327},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":341,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":342,"subscribeLink":347,"navItems":351,"_id":363,"_type":27,"title":364,"_source":28,"_file":365,"_stem":366,"_extension":31},"/shared/en-us/the-source/navigation",{"altText":343,"config":344},"the source logo",{"src":345,"href":346},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":348,"config":349},"Subscribe",{"href":350},"#subscribe",[352,356,359],{"text":353,"config":354},"Artificial Intelligence",{"href":355},"/the-source/ai/",{"text":95,"config":357},{"href":358},"/the-source/security/",{"text":360,"config":361},"Platform & Infrastructure",{"href":362},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":368,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":369,"description":370,"submitMessage":371,"formData":372,"_id":376,"_type":27,"_source":28,"_file":377,"_stem":378,"_extension":31},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":373},{"formId":374,"formName":375,"hideRequiredLabel":327},1077,"thesourcenewsletter","content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"amanda-rueda":380,"andre-michael-braun":381,"andrew-haschka":382,"ayoub-fandi":383,"bob-stevens":384,"brian-wald":385,"bryan-ross":386,"chandler-gibbons":387,"dave-steer":11,"ddesanto":388,"derek-debellis":389,"emilio-salvador":390,"erika-feldman":391,"george-kichukov":392,"gitlab":393,"grant-hickman":394,"haim-snir":395,"iganbaruch":396,"jlongo":397,"joel-krooswyk":398,"josh-lemos":399,"julie-griffin":400,"kristina-weis":401,"lee-faus":402,"ncregan":403,"rschulman":404,"sabrina-farmer":405,"sandra-gittlen":406,"sharon-gaudin":407,"stephen-walters":408,"taylor-mccaslin":409},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Niall Cregan","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"allArticles":411,"visibleArticles":489,"showAllBtn":327},[412,452],{"_path":413,"_dir":414,"_draft":6,"_partial":6,"_locale":7,"config":415,"seo":419,"content":423,"type":447,"slug":448,"category":414,"_id":449,"_type":27,"title":420,"_source":28,"_file":450,"_stem":451,"_extension":31,"date":424,"description":421,"timeToRead":425,"heroImage":422,"keyTakeaways":426,"articleBody":430,"faq":431},"/en-us/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey","platform",{"layout":9,"template":416,"articleType":417,"author":25,"featured":6,"gatedAsset":418,"isHighlighted":6,"authorName":11},"TheSourceArticle","Regular","gitlab-2024-global-devsecops-report",{"title":420,"description":421,"ogImage":422},"3 surprising findings from our 2024 Global DevSecOps Survey","This year, our survey revealed changes in organizations' investment priorities in the wake of AI — and how AI is shaping the way teams work.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464453/vepnkkbnjxdarswtxkga.png",{"title":420,"date":424,"description":421,"timeToRead":425,"heroImage":422,"keyTakeaways":426,"articleBody":430,"faq":431},"2024-06-25","5 min read",[427,428,429],"AI highlights toolchain complexity, pushing for consolidation to improve DevSecOps efficiency.","AI accelerates onboarding but raises concerns about job security and role evolution.","Cloud computing becomes essential, though investment priorities shift toward AI.","This year’s [survey of more than 5,000 DevSecOps professionals worldwide](https://about.gitlab.com/developer-survey/) suggests that as organizations adopt new technologies such as AI, they're reevaluating investment priorities and looking more critically at how they can improve the developer experience. Here's a look at three of the more surprising results from this year's survey, and what they could mean for software development, operations, and security teams in 2024 and beyond.\n\n## 1. AI shines a light on cumbersome toolchains\n\nThis year, we looked specifically at how AI might impact DevSecOps teams’ attitudes toward their existing toolchains, and the findings were somewhat surprising. We know AI can help teams simplify software development, but our survey showed that respondents currently using AI might be more frustrated with their toolchains than those not using AI.\n\nNearly three-quarters (74%) of respondents whose organizations are currently using AI for software development said they wanted to consolidate their toolchain, compared to 57% of those who aren’t using AI. However, there wasn’t a significant difference between the two groups in the number of tools respondents reported using. In other words, respondents currently using AI weren’t using more tools but still felt a stronger need to consolidate their toolchain.\n\nWhy would AI accelerate the desire to consolidate? One explanation could be that different point solutions running different AI models create unmanageable (and unmeasurable) chaos in the software development lifecycle - and that is shedding new light on organizations’ already cumbersome and counterproductive toolchains. As organizations increase their AI investments, there will be a greater need to improve efficiency by consolidating and simplifying toolchain sprawl. Teams get more value from AI when toolchains are smaller, making integrating AI across the entire software development lifecycle easier.\n\nOne survey respondent identified “too many tools (including AI tools) and context switching” as the biggest challenges in software development in 2024, while another pointed to the “complexity of fragmented landscape of tools across the board.”\n\nAnother respondent highlighted AI’s opportunities to help teams address toolchain challenges: “AI is growing fast, and our current toolchain can be massively improved with AI integrations. We need to train team members better, so they know how to use AI effectively in their daily work.”\n\n## 2. AI speeds up developer onboarding - but organizations still have concerns\n\nAlong with the increase in the number of tools teams use, we noted a significant increase in developer onboarding times in this year’s survey. In 2024, 70% of respondents told us it takes developers in their organization more than a month to onboard and become productive, up from 66% in 2023.\n\nWhile it’s not surprising that AI-powered [chat assistants](https://about.gitlab.com/blog/gitlab-duo-chat-now-generally-available/) and [code suggestions](https://about.gitlab.com/blog/top-tips-for-efficient-ai-powered-code-suggestions-with-gitlab-duo/), can help developers onboard faster, the effect we observed in our survey was dramatic: Respondents who use AI for software development were much more likely to say that developer onboarding typically takes less than a month.\n\nDespite AI’s clear benefits for developer experience, respondents expressed several concerns about its rapid adoption. Over half (55%) of respondents said introducing AI into the software development lifecycle is risky, and 49% said they fear AI will replace their current role within the next five years.\n\nRachel Stephens, senior analyst at industry analyst firm RedMonk, shared her perspective on these findings: “There is a component of psychological safety and team culture that impacts how people feel about AI. Individuals may be concerned about the security or privacy implications of AI, but their sense of unpreparedness may also stem from a feeling that AI has personal risk to their livelihoods.”\n\nOur take is that the value of AI lies in its ability to automate repetitive tasks and behind-the-scenes optimization, empowering teams to focus on high-level problem-solving, innovation, and value creation. It’s about supplementing - not replacing - the human element of software development. One survey respondent summed this up as follows: “Fostering and maintaining creativity while leaning into AI is a challenge we face. We must remember that AI is simply one tool creative people use to cut out the junk that would otherwise impede productivity. It doesn’t replace human creativity.”\n\n## 3. The cloud becomes table stakes\n\nIn our survey, cloud computing has consistently ranked as a top IT investment priority over the past several years. In 2022, cloud computing ranked number two, after security, and in 2023 it took the top spot - not surprising, given increased pressure on organizations to undergo [digital transformation](https://about.gitlab.com/blog/lockheed-martin-aws-gitlab/).\n\nIn 2024, though, cloud computing saw a sharp decrease, ranking at number five. However, at the same time, it’s clear that the cloud continues to be important. In fact, we saw a significant increase in the number of respondents who said they are running 50% or more of their apps in the cloud. This suggests that while the cloud is still mission-critical for many businesses, it’s now “table stakes” - and at the same time, the list of priorities for technical teams and IT leaders continues to grow.\n\nAccording to RedMonk’s Stephens, “We are in a cash-constrained financial environment, and people are having to make prioritization decisions between technology investments - meaning organizations could be reallocating some, but not all, of their digital transformation budgets to things like AI.”\n",[432,435,438,441,444],{"header":433,"content":434},"How is AI influencing DevSecOps toolchains?","AI is highlighting inefficiencies in DevSecOps toolchains, leading to a stronger desire for consolidation. According to GitLab's 2024 Global DevSecOps Survey, 74% of AI users want to streamline their toolchains to reduce complexity, minimize context switching, and improve workflow integration.",{"header":436,"content":437},"Why is cloud computing considered \"table stakes\" in 2024?","Cloud computing has become a standard infrastructure component rather than a top investment priority. While its ranking in IT investment dropped, more organizations are now running 50% or more of their applications in the cloud, meaning it's still an essential part of modern DevOps.",{"header":439,"content":440},"What are the biggest concerns about AI adoption in software development?","Despite AI’s benefits, 55% of survey respondents say that adopting AI is risky, and 49% fear AI could replace their jobs within five years. Concerns include security risks, privacy issues, and job displacement, highlighting the need for responsible AI implementation.",{"header":442,"content":443},"Does AI speed up developer onboarding?","Yes, AI-powered tools like code suggestions and AI chat assistants help developers onboard faster. GitLab's survey found that organizations using AI are more likely to onboard new developers in less than a month, compared to those not using AI.",{"header":445,"content":446},"How can organizations balance AI adoption with developer creativity?","To successfully integrate AI, organizations should use it to automate repetitive tasks while maintaining a culture that values human creativity and problem-solving. AI should supplement, not replace, developers by enhancing productivity and freeing up time for innovation.","article","3-surprising-findings-from-our-2024-global-devsecops-survey","content:en-us:the-source:platform:3-surprising-findings-from-our-2024-global-devsecops-survey:index.yml","en-us/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey/index.yml","en-us/the-source/platform/3-surprising-findings-from-our-2024-global-devsecops-survey/index",{"_path":453,"_dir":454,"_draft":6,"_partial":6,"_locale":7,"config":455,"seo":456,"content":461,"type":447,"slug":485,"category":454,"_id":486,"_type":27,"title":457,"_source":28,"_file":487,"_stem":488,"_extension":31,"date":462,"description":458,"timeToRead":463,"heroImage":459,"keyTakeaways":464,"articleBody":468,"faq":469},"/en-us/the-source/ai/velocity-with-guardrails-ai-automation","ai",{"layout":9,"template":416,"articleType":417,"author":25,"featured":6,"isHighlighted":6,"authorName":11},{"title":457,"description":458,"ogImage":459,"config":460},"Velocity with guardrails: AI, automation, and removing the security and speed tradeoff","Learn what 'velocity with guardrails' means for you and how the DevSecOps Platform's features support your need for security and speed.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463608/tle7cto9xpbrqlygzqex.png",{"ignoreTitleCharLimit":327},{"title":457,"date":462,"description":458,"timeToRead":463,"heroImage":459,"keyTakeaways":464,"articleBody":468,"faq":469},"2023-04-24","8 min read",[465,466,467],"Technology teams face resource constraints and security challenges, intensified by limited budgets and a shortage of security engineers.","GitLab's DevSecOps platform leverages AI and automation to enhance security, streamline regulatory compliance, and boost developer productivity without sacrificing speed.","The Value Streams Dashboard provides strategic insights into metrics that help decision makers identify trends and patterns to optimize software delivery.","Technology teams are under intense pressure. They are resource constrained, but still need to have one foot firmly on the gas pedal to drive innovation and deliver value to their customers. And they need to do that while protecting their software supply chain – the seemingly endless amount of integrations and add-ons in today’s modern development environment.\n\nThe dynamic is brutal. Security engineers are outnumbered. One customer told me that for every 100 developers, there is only 1 security engineer. Couple that with dwindling budgets – according to the [2023 GitLab Global DevSecOps Report: Security Without Sacrifices](https://about.gitlab.com/developer-survey/), 85% of respondents said security budgets are flat or reduced – and you get a dynamic where speed and convenience will trump security and compliance.\n\nBut that dynamic does not need to be the norm.\n\nWe believe in a simple mantra: **Velocity with guardrails**. Artificial intelligence technologies and automation solutions accelerate code creation and, when paired with a comprehensive DevSecOps platform, create the security and compliance guardrails that every company needs. Velocity with guardrails means no more trading off the need for fast software innovation with the need for secure software development. Velocity with guardrails only happens in a world where AI and automation extend beyond code creation. In fact, our Global DevSecOps Report found that 62% of developers said they use AI/ML to check code and 65% of developers are using – or plan to use in the next three years – AI/ML in testing efforts.\n\nGiven the resource constraints DevSecOps teams face, automation and artificial intelligence become a strategic resource. Our DevSecOps Platform helps teams fill critical gaps while automatically enforcing policies, applying compliance frameworks, performing security tests using GitLab’s automation capabilities, and providing AI-assisted recommendations - which frees up resources.\n\nIn the past few months, we’ve introduced a host of new features and capabilities to bring this mantra to life. Here’s a taste.\n\n## Increase velocity with Code Suggestions\n\nEvery day, millions of developers use GitLab to contribute code. In February, we launched a Beta for our Code Suggestions feature, and since then, we’ve been working hard to make [Code Suggestions available to more developers](https://about.gitlab.com/releases/2023/04/22/gitlab-15-11-released/#code-suggestions-for-ultimate--premium-users). During Beta, Code Suggestions is free for all Ultimate and Premium customers. GitLab Code Suggestions can improve developer productivity, focus, and innovation without context switching and within a single DevSecOps platform.\n\n![code-suggestions](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175755/Blog/riutt3jhxurt2mm4eexa.png)\n\nCode Suggestions is only the start of our journey infusing AI/ML into all aspects of the software development lifecycle. Along with [Suggested Reviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/#suggested-reviewers), we have been [sharing previews of these AI/ML-powered features on our blog](https://about.gitlab.com/blog/tags.html#AI/ML) every Thursday in a weekly series.\n\n## AI-assisted vulnerability guidance\n\nAccording to our Global DevSecOps Report, security respondents who don’t use a DevSecOps platform were more likely to struggle to identify who can perform remediation and consider it difficult to understand vulnerability findings. To help teams identify an effective way to fix a vulnerability within the context of their specific code base, we have released an experimental feature that provides GitLab AI-assisted vulnerability recommendations leveraging the explanatory power of large language models. This capability combines basic vulnerability information with insights derived from the customer’s code to explain the vulnerability in context, demonstrate how it can be exploited, and provide an example fix. Initial testing shows significant promise in reducing the time to determine a fix for a vulnerability.\n\n![gitlab-Improper Restriction-XXE](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175758/Blog/fzmf286umydhtolli4xi.png)\n\nThis is just one of [a number of experimental AI-assisted capabilities](/blog/ai-ml-in-devsecops-series/) we’ve shared in the past few months to improve developer productivity and software delivery efficiency.\n\n## Gain a new level of visibility with Value Streams Dashboard\n\nWith AI accelerating productivity, visibility and transparency have never been more important. Our new Value Streams Dashboard provides strategic insights into metrics that help decision makers identify trends and patterns to optimize software delivery. This data is grounded in [DORA4 metrics](https://docs.gitlab.com/ee/user/analytics/dora_metrics.html) and the [flow of value delivery](https://docs.gitlab.com/ee/user/group/value_stream_analytics) across projects and groups.\n\nThe Value Streams Dashboard offers visibility across every step of the software development lifecycle, without needing to buy or maintain a third-party tool. The result: Fewer tools, increased visibility, and more transparency, all within GitLab.\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://player.vimeo.com/video/819308062?h=752d064728\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n## Set license policies and scan software licenses for compliance\n\nViolating or breaching a license by using software with an incompatible license may result in an expensive lawsuit or many developer hours to remove problematic code. We recently released a new and improved [license compliance scanner](https://about.gitlab.com/releases/2023/02/22/gitlab-15-9-released/#new-license-compliance-scanner) along with [license approval policies](https://docs.gitlab.com/ee/user/compliance/license_approval_policies.html). The new scanner extracts license information from packages that are dual-licensed or have multiple licenses that apply and automatically parses and identifies more than 500 different types of licenses, a substantial increase from previously identifying only 20 types of licenses.\nLicense approval policies help minimize the risk that unapproved licenses are in use, saving organizations time and effort to manually ensure compliance.\n\n![set-license-policy](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175772/Blog/lrbb8llvys1vi9xmjv1p.png)\n\n![dependencies list](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175777/Blog/le4em81ydxaxo7rdz54n.png)\n\n## Protect secrets from being leaked\n\nA recent [string of attacks](https://securityboulevard.com/2023/02/secrets-exposed-why-modern-development-open-source-repositories-spill-secrets-en-masse/) pointed to leaked personal access tokens (PATs) in source code as the culprit. GitLab Secret Detection can protect against that. We now [automatically revoke PATs](https://about.gitlab.com/releases/2023/02/22/gitlab-15-9-released/#automatic-revocation-of-leaked-personal-access-tokens) leaked in public GitLab repositories, mitigating the risk of a developer mistakenly commiting a PAT into their code. This capability helps protect GitLab users and their organizations from credential exposure and reduces risk to production applications.\n\n![personal-access-token](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175793/Blog/apfch5ueplqozpclunvt.png)\n\nWe are not stopping at remediating GitLab managed credentials. We now support [responding to leaked secrets in public projects](https://about.gitlab.com/releases/2023/04/22/gitlab-15-11-released/#automatic-response-to-leaked-secrets-on-any-public-branch) by revoking the credential or notifying the vendor who issued it. We’re actively expanding the list of supported vendors which [any SaaS vendor can join](https://docs.gitlab.com/ee/user/application_security/secret_detection/automatic_response.html#partner-program-for-leaked-credential-notifications) to help us secure any secret a developer might use.\n\n## Automatically enforce security policies\n\nManually enforcing security policies for different projects and code commits can be time-consuming. Applying automation to policy enforcement can prevent security rules from being bypassed without proper approval. Security teams can configure [policy rules](https://docs.gitlab.com/ee/user/application_security/policies/), such as requiring multiple approvers across various teams (e.g., QA, Business, Legal), a two-step approval process, and approval for exceptions for using out-of-policy licenses. Such policies can be applied to multiple development projects, at the group or subgroup level, to allow for ease in maintaining a single, centralized ruleset.\n\n![enforce-policies-approvals](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175795/Blog/zj0e8kcvx6di0scperh6.png)\n\n## Avoid false positives in security testing\n\nSecurity professionals report that too many false positives rank among their top three frustrations, according to the GitLab 2023 Global DevSecOps Survey. Our [DAST API Analyzer](https://docs.gitlab.com/ee/user/application_security/dast_api) is now more accurate and reduces false positives by an estimated 78%, making it easier for DevSecOps teams to hone in on true security threats.\n\n![dast-vulnerabilities](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175800/Blog/zpsdggcnl1u7jry5pqvn.png)\n\nWe’ve also just introduced [vulnerability dismissal reasons](https://about.gitlab.com/releases/2023/04/22/gitlab-15-11-released/#vulnerability-dismissal-reasons) to help track why vulnerabilities were resolved to improve compliance tracking and audit reports.\n\n![vulnerability-dismissal](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175802/Blog/komqc28v6rxdnejo0xnw.png)\n\nWe've introduced a lot of new capabilities that enable our customers to achieve velocity with guardrails. Watch this 90-second video to see how GitLab secures your end-to-end software supply chain.\n\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://player.vimeo.com/video/762685637?h=f96e969756\" frameborder=\"0\" allowfullscreen=\"true\"> \u003C/iframe>\n\u003C/figure>\n\n## More velocity, more guardrails coming soon\n\nGitLab has an ambitious roadmap for 2023 to make it easier to integrate security into our customers’ software development lifecycle so they can deliver secure code easier and more efficiently. Capabilities coming soon include:\n\n- [Group and subgroup level dependency lists](https://gitlab.com/groups/gitlab-org/-/epics/8090) provide users a simple way to view their projects’ dependencies, as managing dependencies at the project level can be problematic for organizations with hundreds of projects.\n- [Continuous container and dependency scanning](https://gitlab.com/groups/gitlab-org/-/epics/7886) improves visibility and timeliness of vulnerability discovery by automatically scanning for new findings any time a new security advisory is published or code is changed.\n- [Management tools for compliance frameworks](https://gitlab.com/groups/gitlab-org/-/epics/9101) allow customers to apply the compliance frameworks to existing projects and multiple projects at once. Currently, customers can apply compliance frameworks and policies individually per project.\n- [SBOM ingestion](https://gitlab.com/groups/gitlab-org/-/epics/8024) will allow GitLab to import CycloneDX files from third-party tools to create a single source for all of the software’s dependencies giving greater system-wide visibility and helping to create actionable insights.\n\n> __Learn how to increase velocity securely with [Secure by Design principles](https://about.gitlab.com/the-source/security/strengthen-your-cybersecurity-strategy-with-secure-by-design/).__\n",[470,473,476,479,482],{"header":471,"content":472},"What does \"velocity with guardrails\" mean in DevSecOps?","\"Velocity with guardrails\" refers to achieving fast software development while maintaining strong security and compliance measures. By leveraging AI and automation, organizations can accelerate code creation, automate security enforcement, and reduce risks without sacrificing speed.",{"header":474,"content":475},"How does GitLab automate security policy enforcement?","GitLab’s security automation ensures compliance by enforcing security rules across multiple projects. Teams can set policies such as multi-step approvals, license compliance checks, and automated secret detection, reducing security risks and improving regulatory adherence.",{"header":477,"content":478},"What is GitLab’s Value Streams Dashboard, and how does it help teams?","GitLab’s Value Streams Dashboard provides visibility into software delivery performance using key metrics. It helps organizations track trends, optimize workflows, and improve efficiency without relying on third-party analytics tools.",{"header":480,"content":481},"How does AI-assisted vulnerability guidance enhance security remediation?","AI-assisted vulnerability guidance in GitLab analyzes detected vulnerabilities, explains potential risks, and suggests example fixes. By leveraging large language models (LLMs), it helps developers quickly understand security threats and implement effective solutions with minimal manual effort.",{"header":483,"content":484},"How does GitLab’s AI-powered Code Suggestions improve developer productivity?","GitLab’s Code Suggestions feature uses AI to help developers write code faster by providing real-time recommendations within the DevSecOps platform. This reduces context switching, improves efficiency, and enables developers to focus on innovation while maintaining high code quality.","velocity-with-guardrails-ai-automation","content:en-us:the-source:ai:velocity-with-guardrails-ai-automation:index.yml","en-us/the-source/ai/velocity-with-guardrails-ai-automation/index.yml","en-us/the-source/ai/velocity-with-guardrails-ai-automation/index",[412,452],{"ai":353,"platform":360,"security":95},1753475369976]