In GitLab's 2023 Global DevSecOps Report, developer productivity and operational efficiency were top of mind for most respondents and ranked as the two top benefits organizations strive for when adopting DevSecOps methodologies. At the same time, artificial intelligence (AI) and machine learning (ML) have become highly relevant to research and development teams in recent years and have gained increased importance in the software development process of many companies. Across the software development lifecycle, generative AI is enabling faster development cycles, less time spent on code reviews, and more secure software development practices.
At GitLab, we’re using generative AI and ML to deliver productivity and efficiency gains to DevSecOps teams throughout the software development lifecycle. In this blog post, we will look at how the suite of GitLab Duo AI capabilities boost productivity. First, let's understand the underlying technology: generative AI.
What is generative AI?
Generative AI is a branch of AI capable of generating new content. The generated content is created by using patterns learned from examples or input data during the training process. One of the most popular architectures used to learn from data is a transformer model. Given the success of transformer models in natural language processing (NLP) and their flexibility in being adapted or fine-tuned to different and more specific tasks, they have been called "foundation models," a term coined by Stanford researchers in an August 2021 research paper.
These models, when trained on text data, are capable of learning context and meaning by tracking relationships in the input data. A successful application of transformer models is large language models (LLMs): algorithms trained with petabyte-scale, text-based data sets to recognize, predict, and generate various forms of content. Examples of LLMs include Google’s PaLM 2, OpenAI’s GPT series and Meta’s Llama 2. According to Ark Invest, generative AI is expected to increase the productivity of knowledge workers more than fourfold by 2030.
The GitLab DevSecOps Platform leverages generative AI and LLMs to power GitLab Duo, a suite of AI capabilities that enable organizations to boost efficiency and ship secure software faster. Now, let’s take a look at the capabilities of GitLab Duo.
Efficient & secure software development
In a research paper looking into the impact of AI on developer productivity published in February 2023, Peng et al. found that developers who used AI-powered tools completed their tasks 55.8% faster than those who didn’t. In this section, we'll look at how GitLab Duo can help teams reduce development time, improve developer productivity, and ensure secure software development.
Code Suggestions
Efficient developer experience is critical to productivity, and GitLab Duo Code Suggestions improves the developer experience and leads to shorter cycle times. If you want to import dependencies in your favourite programming language or create a function along with unit tests, Code Suggestions automatically provides suggestions in your IDE with a high degree of accuracy.
Code Suggestions is currently available in Beta for all tiers on GitLab.com and in self-managed GitLab from Version 16.1. You can use Code Suggestions with the GitLab WebIDE, Visual Studio Code, and other IDEs.
Code explanations
Developers spend a ton of time on search engines trying to figure out what a block of code does or why it behaves the way it does. The "explain this code" feature is currently an experiment on GitLab.com and uses LLMs to explain code in natural language, including context based on the code selected for it to explain.
AI-generated tests for code changes
Ensuring code changes are thoroughly tested is hard work and can be time-consuming. In your merge requests, with generative AI, you can generate test files for your code to provide coverage for the change introduced, reducing the time spent writing tests.
Vulnerability explanations
A critical part of preventing the escalation of vulnerabilities is understanding why vulnerabilities were discovered and how to fix them. This takes much effort to research before making an informed decision on the next action step. GitLab Duo vulnerability recommendations provide detailed information on identified vulnerabilities, including context from your code, how they can be exploited, and example fixes, thus allowing quick remediation of vulnerabilities.
Value stream forecasting
The efficiency of the software development lifecycle is critical to a team’s productivity and quality of value delivery. It is critical for software leaders to identify trends from events occuring in the lifecycle and implement changes to improve efficiency. GitLab’s Value Streams Dashboard allows teams to track software performance and the flow of value across the software development lifecycle with DORA metrics, value stream analytics, and vulnerability reports.
Improved code review processes
In a 2019 survey, 55% of respodents were either indifferent to or dissatisfied by their team’s code review process, and this is largely due to code reviews being seen as added work (necessary but often time-consuming). In this section, we'll look at how GitLab Duo can help reduce review cycles and increase speed.
Merge request change summary
Once your changes are ready for review, you create a merge request, which allows you to collaborate with other stakeholders. Merge request descriptions often give the context on why the changes were made, but sometimes don’t include details of the changes themselves, except if you look at the code. Leveraging AI and LLMs, GitLab can provide relevant summaries of merge requests, reducing time spent ensuring the merge request description is up to date as changes evolve. All you need to do is use the /summarize_diff quick action to add a summary of changes in a comment.
Issue comment summary
When planning work, discussion is an essential element of collaboration. Discussions can become lengthy and catching up on all the comments can be a challenge, especially in an organization with an asynchronous culture. Similar to summarizing merge request changes, GitLab can summarize issue comments, which is valuable in efficiently understanding the status of work from the issue discussions and the next steps to take. Here is a video of how it works:
Suggested reviewers
Identifying reviewers can be time-consuming, especially with cross-functional collaborations in a large team. When enabled by project maintainers or owners, GitLab suggests reviewers for a merge request based on the code changes made and the project’s contribution graph. This leads to higher-quality feedback from team members with domain knowledge and increases the speed of reviews.
Merge request review summary
Code reviewers often leave feedback across several parts of the changes they’ve reviewed, then proceed to write a separate comment to give an overview of all the feedback given. The reviewer spends valuable time ensuring the merge request author has the context to understand the review. With GitLab Duo, the reviewer can simply use the "summarize my code review" capability to provide authors with context around the feedback, without the need to process the entire review.
What's coming next
GitLab is continuously iterating on our AI-assisted capabilities to find innovative ways to enable you to efficiently build more secure software faster, while putting privacy first in a single application that gives every stakeholder visibility. This includes AI experiments such as GitLab Duo Chat, which uses generative AI to answer product-specific questions about GitLab, reducing time spent reviewing the GitLab documentation. Another experiment is the "fill in merge request description" capability, which uses AI and content from the proposed changes to fill in a merge request decription template.
GitLab Duo’s AI-assisted workflows enable teams in every phase of the software development lifecycle to deliver secure software faster with increased efficiency and reduced cycle times. Learn more about GitLab Duo here.
