GitLab Duo and the future of AI in DevOps

Dan (0:00:06): You're not just having a look at the issue that you run there or the code file that you run there. You can ask GitLab, Duo, tell me about this whole branch and it'll do so. 

Marc (0:00:21): Welcome to DevOps Sauna Season 4, the podcast where technology meets culture and security is the bridge that connects them. All right, we are back in the sauna. I am super excited today to have Eficode's latest GitLab champion, or actually our first GitLab champion, Mr. Dan Plumbley is with us in the sauna today. Hello, Dan. 

Dan (0:00:57): Hi, Marc. Thank you very much for having me and thank you for the introduction as well. Very, very kind. 

Marc (0:01:02): It's wonderful to have you and I think what a fantastic title. We'll get into that in a moment. I have my usual cohort here. Mr. Darren Richardson. Hi, Darren. 

Darren (0:01:12): Afternoon, Marc. 

Marc (0:01:13): Good afternoon. It is a broiler here in Helsinki on our day of recording. I saw the news come along on our internal Slack and couldn't wait to get you on the podcast, Dan, to hear about your journey to becoming a GitLab champion. You have quite a colorful background. Would you like to tell us... I always like to see how people get into the situation that they are now, what gives you energy and what gets you excited about your work. Could you tell us a little bit about how did you grow up to become a GitLab champion? 

Dan (0:01:51): Yes. No, absolutely. Thank you for... I think you just described it as a colorful background. That's quite a nice way of putting it. The way that I like to describe it is coming out of uni, I was very professionally indecisive for a good long while. I didn't know exactly where my heart lay in regards to where I wanted to end up in my career. One thing that I did know was that I enjoyed software, I enjoyed coding, I was very much a hobbyist in regards to just getting hands-on to some code and creating some web apps that I deployed, really, really super basic stuff, but made me happy and they were usable and quite fun. But going back to, yeah, being professionally indecisive, so I found myself in a couple of different roles as I was trying to find exactly where my passion lay, so I was in market research for a little bit as a consultant, where I was presenting a lot of data to customers and that was fine. I really loved the building rapport with customers and people that I was working with and talking and presenting, but market research wasn't quite it. So then I moved closer to where the hobby lay, which was coding development. So I started working for a company with software development very much at the core. They made their own software, which they rolled out to customers. Again, I was a consultant there, so I jumped on board and helped customers adopt and use this software to the best of its and their abilities. Very quickly realized that actually their way of doing things was not necessarily the best to put it in a diplomatic way. They weren't using proper version control in the software they were creating, so I wanted to get further into the DevOps landscape, if you like. So yeah, I made the decision to move across to Clearvision back then, a company that was acquired by Eficode. And that's what really, really got me into Git and particularly GitLab as well. And then I've been here two and a half years now, working very closely with GitLab, which fortunately evolved, as you said, into this new title that I've been awarded, which is a GitLab champion.

Marc (0:04:00): So do you get to stand on a podium? Do they give you a medal or is there a cup involved? 

Dan (0:04:06): Unfortunately, the medal hasn't yet arrived. I am waiting for that, but no, at the moment, it just seems to be an honorary title, but one that I'm still very much enjoying. The novelty hasn't quite worn off just yet. 

Marc (0:04:19): I think that's really cool. We have certifications in lots of different areas in IT and to be called that. But seriously, I guess you had to go through a bunch of qualifications or you had to learn some things. 

Dan (0:04:32): Absolutely. So yeah, going back to sort of my starting point with Eficode (formerly Clearvision), yeah, so GitLab very generously worked with me and helped me along on the process. So absolutely, there were a bunch of certifications that I really had to get my head down and work through. So I became a Certified Git Associate, a Certified CI/CD Specialist, a Security Specialist, a few more as well, implementations, migrations, that kind of thing, all just to go through these courses, prove that I could actually do the things that I was talking about. 

Marc (0:05:05): And I guess you're one of 47 in the world, really. 

Dan (0:05:09): As it stands, yes. 

Marc (0:05:11): It's that exclusive. 

Dan (0:05:12): It really is, yeah. As it stands, I think there are sort of between 10 and 20 in the EMEA region and then a few dotted around the U.S. and the other regions as well. But yeah, when GitLab released that information recently, that again just added an extra layer of, I don't want to say smugness, but certainly an extra layer of achievement to the title as well. 

Marc (0:05:33): Really? That's cool. Can you tell about the learning curve? Some of us have been doing this for a long time, and we kind of feel these things are in our spine, as we say in Finland, or kind of native. And then there's a lot of companies that are facing challenges in order to implement proper DevOps practices, DevSecOps, do software development in modern kind of ways. Can you talk a little bit about the journey and the learning curve there? 

Dan (0:06:00): Yeah, of course. Well, I'll start with saying it was very, very steep. I think that's probably the best word to describe it. As I said, I came from very much a hobbyist side of things. So I was coding, and I could build you a web app, and I could build you an Android app based on Java. But they wouldn't necessarily have been the best practices, because as I said, I was very much self-taught. So then when I moved away from the company that I mentioned before that were not necessarily implementing the best practices, I had to then come to Eficode (formerly Clearvision) and learn not just all about GitLab so I could train and consult on it, but also exactly, as you say, DevOps or DevSecOps now, of course, what that meant, what that was, how to actually implement that within teams. Because it's great just to talk about it, right? You and I could sit here and say, ah, this is what DevSecOps is, this is what it means to me, fine, this is how it should look in an ideal world. But then actually to get to the point where you can go into teams and sit in a room with a bunch of devs and ops people as well, and actually get them on this path was, yeah, a lot, certainly to the point where you could be comfortable talking about it. So the certifications helped, sure, the certifications that I just mentioned that I did with GitLab, but also it was a lot of just putting myself into rooms with people that knew all of this sort of already and just sponging effectively. So I certainly went home a lot of times in the first sort of six to eight months of working at Eficode (formerly Clearvision) with a bit of a headache, having sort of sponged as much information as I could. But very, very fun, that's the one thing I've sort of moaned about it a little bit there and made it seem sort of slightly hellish, but no, it was really, really great and really awesome to have been given the opportunity to work in a company where I could surround myself with such awesome and experienced DevOps professionals. 

Darren (0:07:48): Being the resident nerd of the group, I would have to say, I have to ask you specifically about the platform in general, GitLab. There are a lot of gits out there, and maybe that's not the best way to phrase it, but- 

Dan (0:08:00): Guilty. 

Darren (0:08:01): I can think of like GiTea, GitHub, Bitbucket, GitLab, just off the top of my head. So what led you towards GitLab specifically? 

Dan (0:08:09): So there were a couple of answers to that, I suppose. One being that I was... The unhelpful answer being that I was hired into the GitLab team within Eficode (formerly Clearvision) at the time. But having said that and sort of jokes aside, I'm having... If I'd have known everything back then that I know now, for me personally, I think I still would have gravitated towards GitLab absolutely. I like the holistic nature of it, and maybe I'm overselling it slightly because it's not perfect at absolutely everything, but it's one of the few Git or Gits out there, as you say, that you can do pretty much the entire DevOps lifecycle in. It's got the project management features, and maybe we'll talk in a moment about how awesome and comprehensive they are, or might not be, but it's certainly got them. It's got the code repository, it's got the CI/CD, it's got the deployment integrations and everything in between. So I just love how holistic it is, but also its model as well. One thing that GitLab is really, really good at is not building everything itself, but instead it takes a bunch of open source toolings, wraps them up, brings them together to form one really nice, seamless, integrated pipeline. I think that's one of the biggest strengths of GitLab, is the fact that we as GitLab consultants, GitLab trainers talk about this single pane of glass approach. That's one of the things that GitLab offers so well, is that minimal context switching. You can do absolutely everything within just one platform. 

Darren (0:09:38): I think that's what me and Marc are seeing a lot across the industry too, is that if people are looking for the kind of one-stop situation, then they're looking at GitLab, and I don't think anyone's really competing with them on that level just yet. I know there are some attempts with GitHub moving with their advanced security and such, you know, I'm the security nerd, I have to bring it up, but it's kind of interesting to see this kind of set and forget idea of GitLab, that you can just, here is your tool, and it does everything you need to. And I think for that reason, it's actually become kind of a favorite among developers. Marc talks quite a lot about shadow IT, and I think GitLab's actually one of the main culprits we find on the desks, hidden in different places.
Marc (0:10:26): Yeah, I think it's great too, that developers make this choice. And oftentimes the way that GitLab comes into the organization is from under a desk. It's like some team needs to solve a problem, they need to have CI/CD pipelines, or they need a place to put their code, they get the open source version of GitLab, and the next thing you know, the organization starts looking at what are its choices in order to try to defragment the tool chains and the ways of working, and they realize that they already have GitLab, and then there's a path towards ultimate, which has, you know, pretty much all the bells and whistles that an enterprise needs in order to be able to professionally produce, deploy, and manage software. And I think that's fantastic. 

Darren (0:11:11): There's kind of an interesting thing there that we see, because we're actually talking about rapid feedback. And I think one of the bits of feedback that gets most commonly ignored is the developer's tool choice. Like, it's very easy for platform engineering teams to just write off whatever they want to put in. And then if we're finding GitLab under the desks of all these developers we're seeing, maybe that's a kind of feedback we need to listen to as well. 

Dan (0:11:37): Absolutely. And we've seen that as well within the team. I don't enjoy talking about sales, so I won't talk about sales too much, but certainly that's one thing that we see. You talk about entry points, right? GitLab is not a new tool anymore, but when I joined it was a little bit newer. So we were having conversations about, right, how do we push GitLab into these houses that are using GitHub and all of the other Gits as well? And sure, you can approach the decision makers, if you like, in big air quotes. But one of the best things to do is approach the people that will be using it, sell it to them, so then they can do the hard work for you and sell it to the wider company. So if you can make something that's really attractive to the users, then that is only going to feed back positively. Absolutely. 

Marc (0:12:20): Awesome. Let's talk a little bit about the AI aspect. This is something that is really, really important for pretty much everybody inside and depending on outside IT. So GitLab has an AI offering called Duo. 

Dan (0:12:36): Indeed. 

Marc (0:12:37): And I believe that you're a proponent. 

Dan (0:12:39): I like it. I absolutely do. I've been lucky enough in my role. Obviously, we at Eficode are a select channel partner, which comes with benefits. One of the benefits being that we get to use some of the features before they are, certainly before they're generally accessible. So I was fortunate enough to be able to get my hands on a few of the GitLab Duo features, and I think they're incredible. I don't know how passionate you want me to start ranting just yet, but certainly things like the security features that are coming into play, I think they're about to be rolled out, are just sort of next level. Really, really exciting. 

Darren (0:13:15): Yeah, that's why I'm excited about the AI components of GitLab, because everything else has been purely focused on coding, in my opinion. You put code through ChatGPT and it may improve the quality. You ask it for code and it will generate it. But GitLab has this unique position of, as you say, the single pane of glass, and that gives them a unique opportunity, which I'm hoping they're going to take, to integrate their AI system, not just with code generation, but with security metrics, with security tooling, and have these kind of direct links with all the tools they have under their hood. And I think that's actually going to be how... because we're not going to see a drop in market share from ChatGPT and Copilot if GitLab Duo is exactly the same. 

Dan (0:14:06): Yes, absolutely. And again, it goes even further than that. You're absolutely right, Darren. It is integrated with the whole lifecycle. That's the word I was looking for there, the software lifecycle. So absolutely, you can say, right, have a look at this code. Is it secure? If not, why not? But again, take that step further. So it'll explain vulnerabilities to you. It'll tell you how to fix them. It's then integrated into issues. So just to bring it back a little bit to the GitLab project management side of things. Issues are GitLab's to-do items or tickets, just in case people are listening that haven't used the GitLab PM side of things before. But on issues and merge requests, you can tell GitLab this new Duo feature to explain what's happened on this issue, explain the code changes that have been made here, explain all the code changes. Good. Do they leave us open to security vulnerabilities? So it'll assess the code that's on that branch and then report back to you through that merge request or through that issue. It's great, this sort of wider context. So you're right. You’re not just having a look at the issue that you run there or the code file that you run there, you can ask GitLab, Duo, tell me about this whole branch and it'll do so. 

Marc (0:15:15): Yeah, I believe you. This has been one of GitLab's strengths for a long time is the integrated security, the SAS and DAS scanning and the integration with issues. And now having the AI there, having Duo to be able to help you once those are identified or even linted as you're writing the code to be able to resolve those and have code suggestions for that. That's really, really cool stuff. And one of the things that I'm noticing using AI tools in software development lately, people talk about the quality of the code or they talk about the speed. And I don't think that the speed is the most important thing. We don't need developers necessarily writing code faster. But the maintainability is the thing that has been really striking me lately that as a developer, no matter how disciplined you are, you still frequently will cross the screen boundary and have something that doesn't fit on the screen, like a function. And then being able to use a tool like Duo to say, OK, break this into three functions. Now run it through the same set of tests and move on. All of a sudden, you've improved the readability and the maintainability of things a lot. And being able to do this while you're still in the flow state and making sure that you're not creating invulnerabilities and things like this at the same time. I think that's really, really cool. 

Dan (0:16:34): Yeah, that's another thing. Again, something that I've not even really spoken about yet is the refactoring. So in GitLab, you can highlight a bunch of code and ask Duo to refactor this for you. And it'll do that. It'll reorganize it. It'll split it up. It'll give you suggestions on how to rewrite the code. It's really, really exciting. It's fun to use as well. 

Marc (0:16:53): And then just kind of doubling down a little bit. The neat thing here is code suggestions in any of the tools out there sometimes can be rather sketchy. And you need to either be a senior developer and understand what you're looking at, or you need to be a bit cautious. But the refactoring suggestions are often spot on because you're just taking something that's already there and breaking it into smaller pieces. And it's a really, really, really powerful feature.

Dan (0:17:19): Yeah, absolutely. You don't like to use words like or terms like foolproof, but it's as close as is, I think, possible. Certainly the refactoring. 

Darren (0:17:28): And there's one thing I think we should pretty much always discuss when we're talking about AI, and that's data sourcing. So if we're talking about data sourcing, it's been kind of a sore point across the AI using world with things like AI artists, artists having their images basically processed by AI without permission. How does GitLab approach this problematic situation that no one really has a good solution for yet? 

Dan (0:17:56): Sure. So a couple of different ways to answer that. Firstly, one point that I've not made yet, and again, those who haven't used a lot of Duo might not be aware, is that GitLab Duo is GitLab's AI offering, but it's not actually one thing. If you look under the hood, Duo is actually made up of lots of different language models that maybe even come from different places. Because again, what GitLab does is it takes very sort of modular open source tooling and it packages it together nicely into one big package, if you like. Where I'm going with that, I promise that is relevant, is because for things like code suggestions, as we were just mentioning there, GitLab have been very vocal, very loud in saying we've been very responsible with where we have sourced our code from. So a lot of the code suggestions are Google run models. All of this Google are, again, very vocal and GitLab likewise, that this is license free or certainly sort of so-called copy left license free. So you're absolutely able to use any of the code from your code suggestions directly into your projects. It's not come from other code repositories, you know, other private IPs, because again, something GitLab has been very vocal of is that it will not take code away from your repositories. It does not train its models on your own code. It's all been trained by properly responsibly licensed code, which yeah, as I say, can then be used within your projects with no fear. 

Darren (0:19:26): There is another topic I kind of want to approach, which is, it might be an entirely personal view of GitLab, but I have always seen GitLab as kind of the underdog. They are hitting against GitHub, as you know, owned by Microsoft. So they're kind of taking a swing at a big market. And I feel like they've always been from that position of having to punch up. Do you think that's a fair comment at this point? 

Dan (0:19:54): Yeah, that's really interesting, your use of the word underdog there. I would very tentatively challenge that. I would say that up until recently, maybe up until a few years ago, you'd be absolutely correct, right? They are the younger platform. They are less mature than competitors such as GitHub that we've mentioned, certainly fewer users. But the reason that I would challenge that, I think, is because, and I mentioned this earlier a little bit as well, one of the things that I love so much about GitLab is its, I said it was a holistic nature earlier on the fact that it does hover sort of the entire DevOps lifecycle, which is more than any other tool. I don't think there's another tool, not that I've come across, that does that in the same way. So you've got platforms that are really, really great at being a code repository, really, really great historically at setting up another platform that might be really, really great at setting up CI/CD pipelines, another platform that is solely looking at running security scans on your code. But there isn't really another one-stop shop, I think was the term that you used earlier that I really, really liked, that sort of competes with it. So in that way, I'm not sure I would class GitLab as an underdog anymore. And certainly, if you have a look at some of the reports that have come out in the last few years, like the Forrester reports that they like to create within the DevOps space, GitLab is now consistently in the leader quadrant, either alongside GitHub and other offerings as well, or on its own in some cases. So I would almost say that it's maybe a little bit unfair to call GitLab an underdog now. I think it has well and truly shaken up the market and well and truly cemented itself as a big, viable platform. Certainly, again, just to sort of bring it back to my experience really, really quickly if I can, I've been consulting and training for GitLab for a couple of years now. And I won't mention any names, of course, but certainly you see some big names that are just using GitLab almost exclusively for their DevOps now. 

Marc (0:21:50): Yeah, we've seen everything from top 10 global financial entities to companies that are leading in everything from logistics to manufacturing and that are doing huge amounts of work on GitLab. And I think that's really cool, especially something that comes from open source and still somewhat supports the open source. All right. Quite an interesting journey. Let me ask you, Dan, let's kind of summarize a little bit. Like, I love to see your enthusiasm and the energy here, so why this job? 

Dan (0:22:25): Why do I do this job? Mainly because it plays to my strengths. I mentioned that I've been in previous consulting jobs before. I love working with customers and this job gives me that. But on top of that, I've fallen in love with GitLab. You just mentioned that you can hear it in my voice, the passion when talking about it. I think it's such a great tool. So this job allows me to spend lots of hours of my day talking about GitLab, which keeps me very, very happy. 

Marc (0:22:48): All right. So why fall in love with GitLab? 

Dan (0:22:52): I just love what it does, the way it approaches. I'm at risk of repeating myself if I start talking about, you know, the way that it packages up loads of different open source tools so seamlessly. But I think it is just the best tool that you can just sit down on, go through the whole life cycle of ideation, planning, creation, deployment. And I find it just so user friendly as well. It's really easy to navigate because there's no context switching. The UI stays the same. And again, I could go on and ramble. I'm trying to shorten my answer here just because of all the strengths that I think it has. But yeah, no, I think if I could summarize, user interface is wonderful. The accessibility of it all is wonderful. And I think it's just a really powerful, holistic tool. 

Marc (0:23:38): So I won't ask why you chose Eficode, but I would ask instead, why would you choose Eficode? 

Dan (0:23:46): Why would I choose Eficode? Eficode have been a pleasure to work for. That's my first sort of deliberately vague and generic answer. Just to get that one out of the way, Eficode have allowed me to carry on my journey, to push myself further. I wouldn't be where I am now if it wasn't for Eficode. I mentioned that I was a coding hobbyist before, but have in quite a short space of time become a DevOps consultant and of course, a GitLab champion. Just to throw that one out there one more time, if I may.

Marc (0:24:17): Oh, you may. 

Dan (0:24:18): Thank you very much. And sorry, Eficode just provides a really nice platform to do that through. I get all of the infrastructure to play with, the AWS instance that I can mess around with and learn upgrading, downgrading, installing, maintenance, everything else as well. So many benefits and it's just such a nice place to learn as well as work. And that's something that I love doing is learning all the time. 

Marc (0:24:44): I completely agree. So Dan, one final question then, what's next for you? 

Dan (0:24:48): What's next for me? More of the same. I'm enjoying myself quite a lot. So again, the consulting work, I'm definitely not going to be moving away from that. The GitLab champion allows me to progress that further, of course. For me personally, I am actually in a little bit of a journey as well. I'm moving towards more of a delivery leadership role. It will still be a hybrid role. As I say, I'm not moving away from consultancy and training because I do love those things. But yeah, as we in the GitLab side of Eficode expand our team, I'll be heading up the delivery side of things. Again, just to ensure that we're maintaining really good standards of delivery. So hopefully we can have more GitLab champions in the team in the future. 

Marc (0:25:30): Awesome. Thank you, Dan. It has been a pleasure to not only speak with you about this, but to learn of your own journey and to kind of bask a bit in your enthusiasm. And this was not sponsored by GitLab. We are an independent DevOps Atlassian, GitLab, Microsoft, lots of partnerships. But if you're looking for a one-stop solution, I believe that we can help you. So thanks, Dan, for coming on and sharing. And thank you, Darren, as well. 

Dan (0:26:01): Thanks both for having me. Pleasure. 

Darren (0:26:02): Thanks, Marc. Pleasure as always. 

Marc (0:26:04): Thank you. And we'll see you back in the sauna next time. We'll now give our guest an opportunity to introduce himself and tell you a little bit about who we are. 

Dan (0:26:17): Hi, I'm Dan Plumbley. I am a technical consultant in the GitLab team within Eficode. And I have recently been given the honor of becoming a GitLab champion just because of my work with GitLab and how well that has all progressed. 

Marc (0:26:33): Hi, I'm Marc Dillon, lead consultant at Eficode in the advisory and coaching team. And I specialize in enterprise transformations. 

Darren (0:26:41): Hey, I'm Darren Richardson, security architect at Eficode. And I work to ensure the security of our managed services offerings. 

Marc (0:26:48): If you like what you hear, please like, rate, and subscribe on your favorite podcast platform. It means the world to us.