Have you added any GenAI tools to your DevSecOps pipeline, or are you still worried about introducing security problems?

AI & Machine LearningGenerative AI
2.7k viewscircle icon1 Upvotecircle icon2 Comments
Sort by:
Director of IT9 months ago

In my experience, adding GenAI tools to a DevSecOps pipeline can bring a lot of value in terms of efficiency and predictive capabilities. However, it requires a careful approach to mitigate the potential security risks.

We’ve been cautious in introducing GenAI to our pipeline, focusing on a controlled and gradual implementation. Our approach includes:

 • Rigorous testing in isolated environments to observe any security vulnerabilities GenAI might introduce.
 • Ensuring that we have human oversight in critical decision-making areas.
 • Leveraging GenAI primarily for tasks like vulnerability scanning and code review suggestions while maintaining a strong manual verification layer.

While the potential for security issues exists, proper guardrails and testing can minimize these risks, allowing us to harness the efficiency benefits GenAI brings.

Lightbulb on1
Fractional CISO in Telecommunicationa year ago

Its not something that we have directly integrated yet, but we are experimenting with GenAI to see how it performs at identifying some of the more basic security risks.

Content you might like

What are the biggest technical challenges preventing organizations from being able to use their existing data to enable digital transformation?

Finding data and putting it to good use13%

Controlling the security and privacy of data45%

Understanding how data is currently being used20%

All of the above19%

None of the above1%

View Results

What benefits drove you to adopt agile practices? Select all that apply.

Enhanced ability to manage changing priorities31%

Accelerated software delivery54%

Increased software maintainability41%

Increased team productivity43%

Improved business & IT alignment38%

Improved project visibility27%

Improved team morale17%

Improved engineering discipline16%

Better management of distributed teams13%

Reduced project cost14%

Reduced project risk11%

Improved response to volatile market conditions9%

Other (please specify)1%

View Results

Thoughts on self-healing applications? Any approaches or tools that look promising to you?

How do you tell if AI tools are genuinely helping your engineers, instead of just adding extra steps or confusion?

Read More Comments

Does someone have advice on how they have balanced the risk/reward as it relates to introducing Open-Source Software to organization? My org is dipping its toe into the OSS world and the architecture and risk governance teams are looking to get ahead of these requests by coming up with policies and standards for OSS technology being brought into our environment. To clarify, this is not for software development and CI/CD pipelines, SDLC etc. This is for installing solutions that already exist out there (Zabbix, GreyLog, Prometheus etc.) into the organization's environment. We are looking to provide a balance on the obvious risk with the ability to move fast (like everyone else now).