An Erawan release of the DevSecOps platform from Digtal.ai adds an ability to automated applications security along with integration with Backstage, an open-source internal developer platform originally developed by Spotify that is now being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).
In addition, Digital.ai is tightening its integration with the Microsoft Azure cloud platform by making it simpler to validate and manage Helm charts.
Digital.ai CEO Derek Holt said as the pace of application development starts to further accelerate, thanks to the rise of generative artificial intelligence (AI) tools, organizations will need to revisit their DevSecOps workflows. Specifically, they will need a platform with the governance capabilities required, to ensure that only code that has been thoroughly reviewed and tested makes it into a production environment, said Holt.
The company is also working toward adding generative AI tools to its DevSecOps platform to make it simpler to manage code bases that are about to rapidly expand, he noted. Digital.ai has been laying the foundation for that effort via a Digital.ai Intelligence data lake that already applies predictive machine learning algorithms to data collected by both Digital.ai and third-party partners, said Holt.
Over time, many of the capabilities of individual tools that DevSecOps teams once needed to integrate are becoming features of a larger platform to enable DevSecOps teams to better embrace platform engineering as a methodology for managing DevSecOps workflows at scale, he noted.
There are no shortage of options when it comes to DevSecOps platforms, but the ability to apply software engineering intelligence across normalized data collected from increasingly hybrid application development environments will prove crucial, added Holt.
It’s not clear to what degree organizations that have already invested in a DevOps platform might be willing to switch platforms in the age of AI-assisted application development. However, the number of organizations that will be able to create and deploy custom applications is about to substantially increase. Many of those organizations will eventually need to adopt a set of best DevSecOps practices at a time when governments around the world are moving to hold organizations that build and deploy software more accountable for application security.
In the meantime, DevSecOps teams should assume the amount of code simultaneously moving across pipelines will increase as developers take advantage of various generative AI tools to help them write. The challenge is the first generation of these tools has been trained using code samples of varying quality collected from across the internet. As such, the code generated by these tools might have known vulnerabilities or might not in some cases work at all. Each DevSecOps team, as always, will need to verify that code — regardless of whether it was created by a human or a machine — can be used in a production environment.
After all, the benefits of rapidly building applications are generally erased if the end-user experience deteriorates to the point where DevSecOps teams spend more time troubleshooting existing applications than deploying new ones.
Filed Under: Blogs, Business of DevOps, DevOps and Open Technologies, DevSecOps, Doin’ DevOps, Features, News, Social – Facebook, Social – LinkedIn, Social – X Tagged With: CNCF, devsecops, Digital.ai, Erawan, Microsoft Azure
Optimizing Kubernetes infrastructure on AWS
Step 1 of 7
14%
Which best describes your role?
DevOps
Cloud/Infrastructure Engineering
Cloud/Platform Architect
IT
Platform Engineer
Software Development
Operations
What is the primary K8s/container orchestration or management service you use on AWS?
ECS
EKS
Opensource solutions (Kops, microK8s, etc.)
Other
Approximately what percentage of your AWS workloads are containerized?
0-25%
25-50%
50-75%
75+%
All
Approximately how often does your team optimize Kubernetes infrastructure resources?
Continuously
Weekly
Monthly
Quarterly
Biannually or less
Adhoc – as needed
Never
How do you optimize Kubernetes resource utilization?
Cloud provider tools
Custom scripts & automation
Manual review and adjustment
Commercial tools
Third-party managed service
We don’t optimize resource utilization
What is the biggest challenge you face in optimizing Kubernetes infrastructure?
Difficulty executing remediation of unused resources
Optimization is not a high priority relative to their tasks
Complexity and/or lack of skills
Lack of visibility
Available tools are not sufficient
We don’t face any challenges optimizing cloud infrastructure
What K8s infrastructure-related tasks has your team automated?
Resource provisioning
Rightsizing
Bin packing
K8s version updates
Utilizing spot instances
Commitment purchasing and utilization
Δ