Have you added any GenAI tools to your DevSecOps pipeline, or are you still worried about introducing security problems?

2.7k views1 Upvote2 Comments

Sort by:

Director of ITa year ago

In my experience, adding GenAI tools to a DevSecOps pipeline can bring a lot of value in terms of efficiency and predictive capabilities. However, it requires a careful approach to mitigate the potential security risks.

We’ve been cautious in introducing GenAI to our pipeline, focusing on a controlled and gradual implementation. Our approach includes:

• Rigorous testing in isolated environments to observe any security vulnerabilities GenAI might introduce.
• Ensuring that we have human oversight in critical decision-making areas.
• Leveraging GenAI primarily for tasks like vulnerability scanning and code review suggestions while maintaining a strong manual verification layer.

While the potential for security issues exists, proper guardrails and testing can minimize these risks, allowing us to harness the efficiency benefits GenAI brings.

Fractional CISO in Telecommunication2 years ago

Its not something that we have directly integrated yet, but we are experimenting with GenAI to see how it performs at identifying some of the more basic security risks.

Content you might like

Any tips on safely using AI for test generation? How do you avoid potential security or quality risks?

Has your organization found success using AI tools for UX?

Yes, we’re doing this successfully20%

Too early to say — we’ve just implemented AI UX tools60%

No, AI tools were not a good fit for UX10%

N/A, we haven’t tried this10%

View Results

How long does your organization retain original systems logs used to filter SOX-related actions into a system that requires review of the logs and retains the filtered logs for seven years? Does your organization consider those original system logs records subject to record retention requirements, or supporting information used to create the SOX records?

90 Days20%

365 Days40%

3 years40%

5 years

7 years

Other (share in the comments)

View Results

How do you get your business stakeholders more invested in your team’s agile workflows?

Do you think that AI coding assistants are inspiring more people to work in software? Are you seeing a wider pool of entry-level candidates who use AI?

Have you added any GenAI tools to your DevSecOps pipeline, or are you still worried about introducing security problems?

Sort by:

Content you might like

Any tips on safely using AI for test generation? How do you avoid potential security or quality risks?

Has your organization found success using AI tools for UX?

How do you get your business stakeholders more invested in your team’s agile workflows?

Do you think that AI coding assistants are inspiring more people to work in software? Are you seeing a wider pool of entry-level candidates who use AI?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

2024 Software Engineering Priorities and Challenges

Improving Software Developer Experience

Current State of Software Developer Experience

Emerging Software Security Risks: How Are Tech Leaders Preparing for 2024?

Take Your Insights On-the-Go