[{"data":1,"prerenderedAt":552},["ShallowReactive",2],{"/en-us/the-source/authors/taylor-mccaslin":3,"footer-en-us":35,"the-source-banner-en-us":378,"the-source-navigation-en-us":390,"the-source-newsletter-en-us":418,"footer-source-/en-us/the-source/authors/taylor-mccaslin/":429,"authors-en-us":439,"categories-en-us":474,"taylor-mccaslin-articles-list-en-us":475},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":12,"type":26,"slug":27,"_id":28,"_type":29,"title":30,"_source":31,"_file":32,"_stem":33,"_extension":34},"/en-us/the-source/authors/taylor-mccaslin","authors",false,"",{"layout":9},"the-source",{"title":11},"Taylor McCaslin",[13,24],{"componentName":14,"type":14,"componentContent":15},"TheSourceAuthorHero",{"config":16,"name":11,"role":19,"bio":20,"headshot":21},{"gitlabHandle":17,"linkedInProfileUrl":18},"tmccaslin","https://www.linkedin.com/in/taylormccaslin/","Group Manager, Product - Data Science","Taylor McCaslin is the Product Lead for AI/ML at GitLab, where he is responsible for leading the team of product managers who manage the AI Powered and ModelOps stage groups and sets the vision and direction for how to empower GitLab users to leverage data science as part of their DevOps program. Prior to joining GitLab, he held positions at Indeed, Duo Security, and WP Engine.",{"altText":11,"config":22},{"src":23},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463427/trfasilaeasosxfcxmsm.jpg",{"componentName":25,"type":25},"TheSourceArticlesList","author","taylor-mccaslin","content:en-us:the-source:authors:taylor-mccaslin.yml","yaml","Taylor Mccaslin","content","en-us/the-source/authors/taylor-mccaslin.yml","en-us/the-source/authors/taylor-mccaslin","yml",{"_path":36,"_dir":37,"_draft":6,"_partial":6,"_locale":7,"data":38,"_id":374,"_type":29,"title":375,"_source":31,"_file":376,"_stem":377,"_extension":34},"/shared/en-us/main-footer","en-us",{"text":39,"source":40,"edit":46,"contribute":51,"config":56,"items":61,"minimal":366},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":41,"config":42},"View page source",{"href":43,"dataGaName":44,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":47,"config":48},"Edit this page",{"href":49,"dataGaName":50,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":52,"config":53},"Please contribute",{"href":54,"dataGaName":55,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":57,"facebook":58,"youtube":59,"linkedin":60},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[62,120,177,236,304],{"title":63,"links":64,"subMenu":80},"Pricing",[65,70,75],{"text":66,"config":67},"View plans",{"href":68,"dataGaName":69,"dataGaLocation":45},"/pricing/","view plans",{"text":71,"config":72},"Why Premium?",{"href":73,"dataGaName":74,"dataGaLocation":45},"/pricing/premium/","why premium",{"text":76,"config":77},"Why Ultimate?",{"href":78,"dataGaName":79,"dataGaLocation":45},"/pricing/ultimate/","why ultimate",[81],{"title":82,"links":83},"Contact Us",[84,89,94,99,104,109,114],{"text":85,"config":86},"Contact sales",{"href":87,"dataGaName":88,"dataGaLocation":45},"/sales/","sales",{"text":90,"config":91},"Support portal",{"href":92,"dataGaName":93,"dataGaLocation":45},"https://support.gitlab.com","support portal",{"text":95,"config":96},"Customer portal",{"href":97,"dataGaName":98,"dataGaLocation":45},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":100,"config":101},"Status",{"href":102,"dataGaName":103,"dataGaLocation":45},"https://status.gitlab.com/","status",{"text":105,"config":106},"Terms of use",{"href":107,"dataGaName":108,"dataGaLocation":45},"/terms/","terms of use",{"text":110,"config":111},"Privacy statement",{"href":112,"dataGaName":113,"dataGaLocation":45},"/privacy/","privacy statement",{"text":115,"config":116},"Cookie preferences",{"dataGaName":117,"dataGaLocation":45,"id":118,"isOneTrustButton":119},"cookie preferences","ot-sdk-btn",true,{"title":121,"links":122,"subMenu":133},"Product",[123,128],{"text":124,"config":125},"DevSecOps platform",{"href":126,"dataGaName":127,"dataGaLocation":45},"/platform/","devsecops platform",{"text":129,"config":130},"AI-Assisted Development",{"href":131,"dataGaName":132,"dataGaLocation":45},"/gitlab-duo/","ai-assisted development",[134],{"title":135,"links":136},"Topics",[137,142,147,152,157,162,167,172],{"text":138,"config":139},"CICD",{"href":140,"dataGaName":141,"dataGaLocation":45},"/topics/ci-cd/","cicd",{"text":143,"config":144},"GitOps",{"href":145,"dataGaName":146,"dataGaLocation":45},"/topics/gitops/","gitops",{"text":148,"config":149},"DevOps",{"href":150,"dataGaName":151,"dataGaLocation":45},"/topics/devops/","devops",{"text":153,"config":154},"Version Control",{"href":155,"dataGaName":156,"dataGaLocation":45},"/topics/version-control/","version control",{"text":158,"config":159},"DevSecOps",{"href":160,"dataGaName":161,"dataGaLocation":45},"/topics/devsecops/","devsecops",{"text":163,"config":164},"Cloud Native",{"href":165,"dataGaName":166,"dataGaLocation":45},"/topics/cloud-native/","cloud native",{"text":168,"config":169},"AI for Coding",{"href":170,"dataGaName":171,"dataGaLocation":45},"/topics/devops/ai-for-coding/","ai for coding",{"text":173,"config":174},"Agentic AI",{"href":175,"dataGaName":176,"dataGaLocation":45},"/topics/agentic-ai/","agentic ai",{"title":178,"links":179},"Solutions",[180,184,189,194,199,203,208,211,216,221,226,231],{"text":181,"config":182},"Application Security Testing",{"href":183,"dataGaName":181,"dataGaLocation":45},"/solutions/application-security-testing/",{"text":185,"config":186},"Automated software delivery",{"href":187,"dataGaName":188,"dataGaLocation":45},"/solutions/delivery-automation/","automated software delivery",{"text":190,"config":191},"Agile development",{"href":192,"dataGaName":193,"dataGaLocation":45},"/solutions/agile-delivery/","agile delivery",{"text":195,"config":196},"SCM",{"href":197,"dataGaName":198,"dataGaLocation":45},"/solutions/source-code-management/","source code management",{"text":138,"config":200},{"href":201,"dataGaName":202,"dataGaLocation":45},"/solutions/continuous-integration/","continuous integration & delivery",{"text":204,"config":205},"Value stream management",{"href":206,"dataGaName":207,"dataGaLocation":45},"/solutions/value-stream-management/","value stream management",{"text":143,"config":209},{"href":210,"dataGaName":146,"dataGaLocation":45},"/solutions/gitops/",{"text":212,"config":213},"Enterprise",{"href":214,"dataGaName":215,"dataGaLocation":45},"/enterprise/","enterprise",{"text":217,"config":218},"Small business",{"href":219,"dataGaName":220,"dataGaLocation":45},"/small-business/","small business",{"text":222,"config":223},"Public sector",{"href":224,"dataGaName":225,"dataGaLocation":45},"/solutions/public-sector/","public sector",{"text":227,"config":228},"Education",{"href":229,"dataGaName":230,"dataGaLocation":45},"/solutions/education/","education",{"text":232,"config":233},"Financial services",{"href":234,"dataGaName":235,"dataGaLocation":45},"/solutions/finance/","financial services",{"title":237,"links":238},"Resources",[239,244,249,254,259,264,269,274,279,284,289,294,299],{"text":240,"config":241},"Install",{"href":242,"dataGaName":243,"dataGaLocation":45},"/install/","install",{"text":245,"config":246},"Quick start guides",{"href":247,"dataGaName":248,"dataGaLocation":45},"/get-started/","quick setup checklists",{"text":250,"config":251},"Learn",{"href":252,"dataGaName":253,"dataGaLocation":45},"https://university.gitlab.com/","learn",{"text":255,"config":256},"Product documentation",{"href":257,"dataGaName":258,"dataGaLocation":45},"https://docs.gitlab.com/","docs",{"text":260,"config":261},"Blog",{"href":262,"dataGaName":263,"dataGaLocation":45},"/blog/","blog",{"text":265,"config":266},"Customer success stories",{"href":267,"dataGaName":268,"dataGaLocation":45},"/customers/","customer success stories",{"text":270,"config":271},"Remote",{"href":272,"dataGaName":273,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":275,"config":276},"GitLab Services",{"href":277,"dataGaName":278,"dataGaLocation":45},"/services/","services",{"text":280,"config":281},"TeamOps",{"href":282,"dataGaName":283,"dataGaLocation":45},"/teamops/","teamops",{"text":285,"config":286},"Community",{"href":287,"dataGaName":288,"dataGaLocation":45},"/community/","community",{"text":290,"config":291},"Forum",{"href":292,"dataGaName":293,"dataGaLocation":45},"https://forum.gitlab.com/","forum",{"text":295,"config":296},"Events",{"href":297,"dataGaName":298,"dataGaLocation":45},"/events/","events",{"text":300,"config":301},"Partners",{"href":302,"dataGaName":303,"dataGaLocation":45},"/partners/","partners",{"title":305,"links":306},"Company",[307,312,317,322,327,332,337,341,346,351,356,361],{"text":308,"config":309},"About",{"href":310,"dataGaName":311,"dataGaLocation":45},"/company/","company",{"text":313,"config":314},"Jobs",{"href":315,"dataGaName":316,"dataGaLocation":45},"/jobs/","jobs",{"text":318,"config":319},"Leadership",{"href":320,"dataGaName":321,"dataGaLocation":45},"/company/team/e-group/","leadership",{"text":323,"config":324},"Team",{"href":325,"dataGaName":326,"dataGaLocation":45},"/company/team/","team",{"text":328,"config":329},"Handbook",{"href":330,"dataGaName":331,"dataGaLocation":45},"https://handbook.gitlab.com/","handbook",{"text":333,"config":334},"Investor relations",{"href":335,"dataGaName":336,"dataGaLocation":45},"https://ir.gitlab.com/","investor relations",{"text":338,"config":339},"Sustainability",{"href":340,"dataGaName":338,"dataGaLocation":45},"/sustainability/",{"text":342,"config":343},"Diversity, inclusion and belonging (DIB)",{"href":344,"dataGaName":345,"dataGaLocation":45},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":347,"config":348},"Trust Center",{"href":349,"dataGaName":350,"dataGaLocation":45},"/security/","trust center",{"text":352,"config":353},"Newsletter",{"href":354,"dataGaName":355,"dataGaLocation":45},"/company/contact/","newsletter",{"text":357,"config":358},"Press",{"href":359,"dataGaName":360,"dataGaLocation":45},"/press/","press",{"text":362,"config":363},"Modern Slavery Transparency Statement",{"href":364,"dataGaName":365,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":367},[368,370,372],{"text":105,"config":369},{"href":107,"dataGaName":108,"dataGaLocation":45},{"text":110,"config":371},{"href":112,"dataGaName":113,"dataGaLocation":45},{"text":115,"config":373},{"dataGaName":117,"dataGaLocation":45,"id":118,"isOneTrustButton":119},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":379,"_dir":380,"_draft":6,"_partial":6,"_locale":7,"visibility":119,"id":381,"title":382,"button":383,"_id":387,"_type":29,"_source":31,"_file":388,"_stem":389,"_extension":34},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":384,"text":386},{"href":385},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":391,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":392,"subscribeLink":397,"navItems":401,"_id":414,"_type":29,"title":415,"_source":31,"_file":416,"_stem":417,"_extension":34},"/shared/en-us/the-source/navigation",{"altText":393,"config":394},"the source logo",{"src":395,"href":396},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":398,"config":399},"Subscribe",{"href":400},"#subscribe",[402,406,410],{"text":403,"config":404},"Artificial Intelligence",{"href":405},"/the-source/ai/",{"text":407,"config":408},"Security & Compliance",{"href":409},"/the-source/security/",{"text":411,"config":412},"Platform & Infrastructure",{"href":413},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":419,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":420,"description":421,"submitMessage":422,"formData":423,"_id":426,"_type":29,"_source":31,"_file":427,"_stem":428,"_extension":34},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":424},{"formId":425,"formName":355,"hideRequiredLabel":119},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":430,"seo":431,"content":432,"type":26,"slug":27,"_id":28,"_type":29,"title":30,"_source":31,"_file":32,"_stem":33,"_extension":34},{"layout":9},{"title":11},[433,438],{"componentName":14,"type":14,"componentContent":434},{"config":435,"name":11,"role":19,"bio":20,"headshot":436},{"gitlabHandle":17,"linkedInProfileUrl":18},{"altText":11,"config":437},{"src":23},{"componentName":25,"type":25},{"amanda-rueda":440,"andre-michael-braun":441,"andrew-haschka":442,"ayoub-fandi":443,"bob-stevens":444,"brian-wald":445,"bryan-ross":446,"chandler-gibbons":447,"dave-steer":448,"ddesanto":449,"derek-debellis":450,"emilio-salvador":451,"erika-feldman":452,"george-kichukov":453,"gitlab":454,"grant-hickman":455,"haim-snir":456,"iganbaruch":457,"jason-morgan":458,"jessie-young":459,"jlongo":460,"joel-krooswyk":461,"josh-lemos":462,"julie-griffin":463,"kristina-weis":464,"lee-faus":465,"nathen-harvey":466,"ncregan":467,"rob-smith":468,"rschulman":469,"sabrina-farmer":470,"sandra-gittlen":471,"sharon-gaudin":472,"stephen-walters":473,"taylor-mccaslin":11},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Jason Morgan","Jessie Young","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Nathen Harvey","Niall Cregan","Rob Smith","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters",{"ai":403,"platform":411,"security":407},[476,515],{"_path":477,"_dir":478,"_draft":6,"_partial":6,"_locale":7,"config":479,"seo":482,"content":486,"type":510,"slug":511,"category":478,"_id":512,"_type":29,"title":483,"_source":31,"_file":513,"_stem":514,"_extension":34,"date":487,"description":484,"timeToRead":488,"heroImage":485,"keyTakeaways":489,"articleBody":493,"faq":494},"/en-us/the-source/ai/4-steps-for-measuring-the-impact-of-ai","ai",{"layout":9,"template":480,"author":27,"sourceCTA":481,"isHighlighted":6,"authorName":11},"TheSourceArticle","source-lp-how-to-get-started-using-ai-in-software-development",{"title":483,"description":484,"ogImage":485},"4 steps for measuring the impact of AI","To judge the success of AI initiatives, an effective measurement framework is crucial. Here are four steps to help you focus on the right metrics.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463600/yv1v4ywk7hbobfvlxwhf.png",{"title":483,"date":487,"description":484,"timeToRead":488,"heroImage":485,"keyTakeaways":489,"articleBody":493,"faq":494},"2024-10-29","5 min read",[490,491,492],"The effectiveness of AI in software development should not be measured solely by productivity metrics like code generation, but also by considering the impact of AI on error rates, maintenance, testing, and security.","Successful AI integration requires a holistic approach that combines data-driven insights from the entire software development lifecycle with qualitative insights from developers about AI's real impact on their work and strategies.","With the right approach, AI can enhance collaboration, improve customer experience, and support business goals without compromising software quality or security.","Artificial intelligence (AI) has rapidly evolved into a core part of organizations' technology stacks. AI-powered productivity tools promise to enhance efficiency by automating repetitive coding tasks. However, many organizations are struggling to quantify the business impact of their AI initiatives and are reevaluating metrics to ensure they align with desired outcomes, such as revenue growth or customer satisfaction. This is crucial for making informed decisions about AI usage.\n\nHistorically, measuring developer productivity has been challenging, with or without AI-powered tools. [Research conducted by GitLab](https://about.gitlab.com/developer-survey/) found that less than half of CxOs are happy with their organizations’ current approach to measuring developer productivity, and 36% feel their current productivity measurements are flawed.\n\nEvaluating the productivity of AI-enhanced coding requires a more nuanced approach than traditional metrics such as lines of code, code commits, or task completion. It necessitates shifting the focus to real-world business outcomes that balance development speed, software quality, and security.\n\nHere are a few steps organizations can take today to ensure they can measure the full impact of AI on software development processes.\n\n## 1. Set clear goals for implementing AI\nWhen implementing AI in software development, organizations must have clear goals and key performance indicators (KPIs) in place to measure success. This includes both short-term and long-term objectives that align with the overall business strategy. For example, a short-term goal could be to reduce code review time by 30% using AI-powered tools, while a long-term goal could be to improve customer satisfaction ratings through faster release cycles and higher quality code.\n\nAdditionally, organizational leaders should involve developers in setting these goals and metrics. Developers have firsthand experience with the impact of AI on their work and can provide valuable insights into how it has improved or hindered productivity. [GitLab research](https://about.gitlab.com/developer-survey/) showed that 63% of developers expect AI to significantly change their role in the next five years, and 56% feel that introducing AI into the software development lifecycle is risky. By asking developers where they see opportunities for AI to help them, as well as where they have concerns about AI, organizations can create more meaningful and relevant success metrics that reflect the actual business impact of AI on software development teams.\n\nIt's also important for organizations to regularly revisit and reevaluate these goals as they continue to integrate AI into their processes. Technology evolves quickly, and so do business processes and priorities. Setting clear goals allows teams to track progress and make adjustments as necessary.\n\n## 2. Look beyond coding metrics\nProductivity is more than acceptance rates or lines of code generated. Developers spend [more than 75%](https://about.gitlab.com/developer-survey/) of their time on tasks other than code generation. Efficient use of AI could therefore reduce the time developers spend reviewing, testing, and maintaining code.\n\nIn order to fully realize and appreciate the benefits of AI-aided software development, organizations should focus on a holistic view of [AI's impact on productivity](https://about.gitlab.com/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity/) and their bottom line across the software development lifecycle (SDLC). The optimal approach combines quantitative data from the entire SDLC with qualitative insights from developers about AI's real impact on their daily work and its influence on long-term development strategies.\n\nOne effective measurement technique is the [DORA framework](https://about.gitlab.com/solutions/value-stream-management/dora/), which assesses a development team's performance over a specific period. DORA metrics evaluate deployment frequency, lead time for changes, mean time to restore, change failure rate, and reliability. These performance metrics provide visibility into a team's agility, operational efficiency, and velocity, serving as proxies for how well an engineering organization balances speed, quality, and security.\n\nFurthermore, teams should utilize [value stream analytics](https://about.gitlab.com/solutions/value-stream-management/) to examine the complete workflow from concept to production. Value stream analytics continuously monitors metrics such as lead time, cycle time, deployment frequency, and production defects, focusing on business results rather than individual developer actions. This comprehensive approach surfaces data-driven insights to ensure a more productive and efficient development process.\n\n## 3. Prepare for growing pains\nWhile AI can accelerate code production, it can also contribute to technical debt if the resulting code lacks quality and security. AI-generated code often demands more time for review, testing, and maintenance. Developers might save time using AI initially, but this time is likely to be spent later in the software development lifecycle. Furthermore, any security flaws in AI-generated code will need attention from security teams, requiring additional time to address potential issues. As a result, development and security teams may initially be skeptical of AI.\n\nTo start, teams should develop best practices by working in lower-risk areas before expanding AI applications. This cautious approach ensures safe and sustainable scalability. For instance, AI can facilitate code generation, test generation, syntax correction, and documentation, helping teams build momentum and improve results while learning to use the tool more effectively.\n\nProductivity might dip initially as teams acclimate to new workflows. Organizations should provide a grace period for teams to determine how best to integrate AI into their processes.\n\n## 4. Integrate AI holistically with a DevSecOps platform\nOne way organizations can ease the growing pains of implementing AI in their development processes is by utilizing a DevSecOps platform that integrates AI capabilities - such as AI-powered code generation, discussion summaries, and vulnerability explanations - throughout the software development lifecycle. DevSecOps platforms provide a centralized and streamlined workflow for both developers and security teams, allowing them to collaborate more effectively and [catch potential issues earlier in the development process](https://about.gitlab.com/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security/).\n\n[AI-powered code review and testing tools](https://about.gitlab.com/blog/how-gitlab-duo-helps-secure-and-thoroughly-test-ai-generated-code/) within a DevSecOps platform can help identify and address security flaws or coding errors before they make it into production. This not only saves time but also reduces technical debt and improves overall software quality. When AI tools are part of an integrated platform, teams can also [blend AI with root cause analysis ](https://about.gitlab.com/blog/developing-gitlab-duo-blending-ai-and-root-cause-analysis-to-fix-ci-cd/)to fix errors in CI/CD pipelines and release secure code faster. The goal is to apply automated code quality scanning and security scanning to all of the code the organization is producing, especially AI-generated code.\n\nIn addition, teams can easily track the [ROI of AI](https://about.gitlab.com/blog/developing-gitlab-duo-ai-impact-analytics-dashboard-measures-the-roi-of-ai/) with a platform's built-in analytics, which provide valuable insights such as the impact of AI on productivity.\n\nAI will play a critical role in the evolution of DevSecOps platforms, reshaping how development, security, and operations teams collaborate to accelerate software development without sacrificing quality and security. Business leaders will want to see how their investments in AI-powered tools are paying off - and developers should embrace this scrutiny and leverage the opportunity to showcase how their work aligns with the organization’s broader goals.\n\nBy adopting a holistic approach that evaluates code quality, collaboration, downstream costs, and developer experience, teams can leverage AI technologies to enhance human efforts while also driving business impact.",[495,498,501,504,507],{"header":496,"content":497},"What are the biggest challenges of adopting AI in software development?","One major challenge is the adjustment period, as teams need time to adapt to AI-driven workflows. AI-generated code may also introduce security risks or technical debt if not properly reviewed. Organizations should implement security scanning, best practices, and continuous feedback loops to mitigate these risks while refining AI integration strategies.",{"header":499,"content":500},"Why are traditional coding metrics inadequate for evaluating AI-driven development?","Metrics such as lines of code or code commits fail to reflect AI's impact because they only measure raw output rather than efficiency or quality. Since AI automates tasks beyond just code generation, organizations should instead track workflow efficiency, issue resolution speed, and deployment frequency to get a more accurate picture of AI’s benefits.",{"header":502,"content":503},"How can organizations track the ROI of AI adoption?","Tracking AI’s ROI involves measuring efficiency gains, such as reduced cycle times and fewer production defects, alongside qualitative benefits like improved developer experience. A DevSecOps platform with built-in analytics provides visibility into AI-driven improvements, helping teams assess the tangible impact of AI on software development.",{"header":505,"content":506},"How can AI help reduce development time without sacrificing security?","AI streamlines repetitive tasks such as bug detection, test generation, and documentation, allowing developers to focus on more complex coding challenges. By integrating AI-driven security checks into DevSecOps platforms, teams can automate vulnerability detection and maintain security standards while accelerating development.",{"header":508,"content":509},"How can organizations effectively measure the impact of AI in software development?","Organizations should establish clear goals that align AI initiatives with business outcomes, such as improved software quality or faster deployments. Traditional coding metrics like lines of code are insufficient, so teams should use holistic productivity indicators like DORA metrics and value stream analytics. By focusing on efficiency, security, and real-world business impact, organizations can accurately assess AI’s role in development.","article","4-steps-for-measuring-the-impact-of-ai","content:en-us:the-source:ai:4-steps-for-measuring-the-impact-of-ai.yml","en-us/the-source/ai/4-steps-for-measuring-the-impact-of-ai.yml","en-us/the-source/ai/4-steps-for-measuring-the-impact-of-ai",{"_path":516,"_dir":478,"_draft":6,"_partial":6,"_locale":7,"config":517,"seo":519,"content":524,"type":510,"slug":548,"category":478,"_id":549,"_type":29,"title":520,"_source":31,"_file":550,"_stem":551,"_extension":34,"date":525,"description":521,"timeToRead":526,"heroImage":522,"keyTakeaways":527,"articleBody":531,"faq":532},"/en-us/the-source/ai/how-to-put-generative-ai-to-work-in-your-devsecops-environment",{"layout":9,"template":480,"author":27,"featured":6,"sourceCTA":518,"isHighlighted":6,"authorName":11},"navigating-ai-maturity-in-devsecops",{"title":520,"description":521,"ogImage":522,"config":523},"How to put generative AI to work in your DevSecOps environment","Learn how artificial intelligence, when integrated throughout the platform, can reap tangible rewards for organizations and their DevSecOps teams.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463955/b01uj40kjfhezhwiczhp.png",{"ignoreTitleCharLimit":119},{"title":520,"date":525,"description":521,"timeToRead":526,"heroImage":522,"keyTakeaways":527,"articleBody":531,"faq":532},"2024-03-07","7 min read",[528,529,530],"To fully leverage AI's potential in DevSecOps, it's essential to incorporate AI not just as a coding assistant, but throughout the entire software development lifecycle.","Consolidating AI tools across the organization reduces complexity, operational risks, and costs, fostering a streamlined and secure environment.","Evaluating AI's effectiveness requires more than traditional metrics like code production frequency. Implement standard workflows within your organization to capture comprehensive metrics such as vulnerability resolution times and code review efficiencies.","Generative AI has ushered in a new wave of innovation that's poised to help alleviate many tedious manual and time-consuming aspects of software development and delivery, and, as a result, improve developer experience and accelerate DevSecOps workflows. But to realize the full potential of generative AI, the technology has to be sprinkled not just at the point of code creation, but everywhere.\n\nAccording to our [2024 survey of more than 5,000 DevSecOps professionals](https://about.gitlab.com/developer-survey/2024/ai), code creation accounts for less than 25% of a developer's time. There are so many other critical tasks that happen from the first commit through to production that could benefit from the power of AI.\n\nAI can be infused at each stage to help shepherd software from idea to delivery, creating better, more secure software faster. For instance, something as commonplace as examining a failed build can be improved by using AI to assess what went wrong and how to fix it. Although AI does not eliminate the task, it can help [reduce the steps and time required to complete it](https://about.gitlab.com/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity/).\n\nHere is what your DevSecOps team can do to begin to understand - and measure - the impact of generative AI.\n\n## Start with an assessment of your workflows\n\nBefore you can fully realize the impact of AI, you’ll have to do some upfront work, including revisiting your workflows. You want to understand the ideal workflow you can build out to have consistency in your approach to using AI and have the [proper guardrails in place](https://about.gitlab.com/the-source/ai/velocity-with-guardrails-ai-automation/) to reduce any risks that AI might introduce.\n\nFor instance, if your team is writing code with generative AI, some of that AI-generated code might include security vulnerabilities. That's just how it works. So you'll need a [workflow in place to catch those vulnerabilities](https://about.gitlab.com/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security/) and reduce the chance of them making it into production. Once you have this workflow, you can start to introduce a lot of AI functionality in a more consistent manner that will increase the velocity of your development process.\n\nHere's an example of how assessing your workflow upfront can improve the benefits you'll get from AI. While AI can automatically build tests for you, you wouldn't want it to do so after the code's already created. Developers are not part of the QA team because they only test what they've written. Generative AI acts similarly, so you need your workflow for an AI-generated test to start earlier - where developers can use details in issues to interactively generate unit tests for the code they want to write. By considering the workflow, they can create the merge requests with the test first, and then, when they pull the branch to start working on the implementation, their code suggestions are more robust because the context now includes the proper tests and their response hits will be much higher than if they started with the code directly.\n\nYou can't revamp all your workflows at once, so make sure to focus on those related to your biggest software development and delivery challenges, such as modernizing legacy code bases, handling an increase in security issues, or operating on ever-thinning budgets and staff.\n\n## Establish guardrails for AI\n\nYou'll also want to consider the risk of AI in terms of the data it's interacting with and make sure you're putting guardrails in place to mitigate that risk and meet your unique compliance needs. You'll want to consider the AI models you're using, whether you're accessing vector databases, and how large language models (LLMs) are being trained.\n\nFor these questions, you'll want to pull together your legal, compliance, and DevSecOps teams together to ask tough questions of your AI providers. We provide some helpful guidance in the [GitLab AI Transparency Center](https://about.gitlab.com/ai-transparency-center/) and [our blog post on building a transparency-first AI strategy](https://about.gitlab.com/the-source/ai/building-a-transparency-first-ai-strategy-7-questions-to-ask-your-devops/).\n\nAnother critical guardrail is streamlining how many separate AI tools you're using throughout the software development lifecycle and across your organization. The more tools used, the more complexity introduced, causing operational issues, oversight challenges, and potential security risks. In addition, numerous tools result in increased overhead costs.\n\n## Measure the impact of AI\n\nMeasuring the changes in productivity and other key metrics will be essential to [truly understanding the impact of AI in your organization](https://about.gitlab.com/the-source/ai/4-steps-for-measuring-the-impact-of-ai/). Typically, organizations would look at output from the perspective of how often they are shipping code into production, the [four DORA metrics](https://docs.gitlab.com/ee/user/analytics/dora_metrics.html), or the time it takes to remediate bugs. But that doesn't provide a holistic picture.\n\nAt GitLab, we measure the impact of AI by building out the standardization of workflows inside our hierarchy structure of groups and projects so we can roll up metrics from teams to business units and analyze those outputs directly inside the user interface.\n\nWhen you implement AI on top of this structure, you're able to see the increase in velocity, including the time it takes to resolve vulnerabilities and validate that merge requests have the right reviewers and the right tests, which reduces the time it takes to go through the code review process. You can see each stage inside GitLab, including dependencies, and the delta it takes the development team to get through those stages. Dashboards show what that speed looks like and makes it easier to pivot based off that data. For instance, you can decide whether to release software into production.\n\n### Practical uses for an SDLC AI assistant\n\nHere are some practical ways to use AI assistants like [GitLab Duo](https://about.gitlab.com/gitlab-duo/) throughout the software development lifecycle.\n\n- **Write merge request descriptions:** Automate the creation of comprehensive descriptions for merge requests and quickly and accurately capture the essence of an MR's string of commits. It can also surface tasks that are missing based on the code that is written and the intent of the MR's linked issue.\n\n- **Explain code in natural language:** QA testers can use code explanations to quickly and easily understand code. For instance, if an MR includes code written in Rust and a complex set of methods, the QA tester can highlight the methods and receive a natural language readout of what the change is trying to do. This allows the QA tester to write much better test cases that will cover not just the sunny day but also rainy day scenarios.\n\n- **Root cause analysis of pipeline errors:** If your pipelines are becoming larger and you try to refactor them, you could break something, which can be difficult to troubleshoot – especially if you're executing a series of bash scripts or running a Docker image leveraging internal commands inside the image. You can run the errors you receive through generative AI and it will explain a possible root cause and a recommended solution that you can copy and paste directly back into your CI job.\n\n- **Vulnerability resolution:** In the rush to shift security left, engineering teams have had to quickly become security experts. With generative AI tools, engineers can access chat to learn what the vulnerability is, where it is in the code, and even open an automated MR with a possible fix – all within the development window, so no context-switching.\n\n## GitLab Duo: Your one-stop shop for impactful, generative AI features\n\nWe're building GitLab Duo, our expanding suite of AI-powered tools for our DevSecOps platform, with powerful generative AI models and cutting-edge technologies from hypercloud vendors. Today, [GitLab Duo has features in general availability, beta, and experimental phases](https://docs.gitlab.com/ee/user/ai_features.html), ranging from code assistant to conversational chat assistant to vulnerability explainer. When used consistently across the software development lifecycle, GitLab Duo will drive a 10x faster cycle time, helping organizations do more with less and allowing employees to spend their time on higher-value tasks.\n\nThe \"[Omdia Market Radar: AI-Assisted Software Development, 2023–24](https://learn.gitlab.com/devsecops-plat-ai/analyst-omdia-ai)\" report highlighted GitLab Duo as one of the products the analyst firm considers “suitable for enterprise-grade application development,\" noting that its “AI assistance is integrated throughout the SDLC pipeline.”\n\nHere is a look at GitLab Duo's features in action:\n\n\u003C!-- blank line -->\n\u003Cfigure class=\"video_container\">\n  \u003Ciframe src=\"https://www.youtube.com/embed/s19nBOA2k_Y?si=qEcsZbpMChynYlfn\" frameborder=\"0\" allowfullscreen=\"true\">\u003C/iframe>\n\u003C/figure>\n\u003C!-- blank line -->",[533,536,539,542,545],{"header":534,"content":535},"How can organizations measure the impact of AI on software development?","Organizations should look beyond traditional coding metrics and track improvements in speed, quality, and security. By analyzing AI's effect on code review times, vulnerability resolution speed, and developer productivity, teams can assess its true impact. Using AI-powered dashboards and analytics within a DevSecOps platform provides deeper insights into AI-driven efficiency gains.",{"header":537,"content":538},"What are the key steps to successfully implement AI in DevSecOps?","To effectively implement AI, organizations should start by assessing their workflows to identify areas where AI can provide value. Next, they should establish guardrails to ensure AI-generated code meets security and compliance requirements. Finally, teams should measure AI's impact using productivity metrics such as DORA and value stream analytics to track improvements in development speed and security.",{"header":540,"content":541},"What are some practical applications of AI in DevSecOps?","AI can be used for various DevSecOps tasks, including writing merge request descriptions, explaining complex code, performing root cause analysis of pipeline errors, and resolving security vulnerabilities. AI-powered assistants like GitLab Duo help teams automate these processes, reducing manual effort and improving software quality.",{"header":543,"content":544},"What security risks does AI introduce in software development?","AI-generated code can sometimes contain security vulnerabilities, increasing the risk of introducing flaws into production. To mitigate these risks, organizations should integrate AI with DevSecOps platforms that include automated security scanning, vulnerability detection, and compliance checks. This ensures that AI-generated code is reviewed and secured before deployment.",{"header":546,"content":547},"How can generative AI improve DevSecOps workflows?","Generative AI enhances DevSecOps by automating repetitive tasks, improving security, and accelerating development cycles. AI can assist with writing code, explaining complex logic, identifying vulnerabilities, and generating test cases. By integrating AI across the software development lifecycle (SDLC), organizations can streamline operations and improve efficiency.","how-to-put-generative-ai-to-work-in-your-devsecops-environment","content:en-us:the-source:ai:how-to-put-generative-ai-to-work-in-your-devsecops-environment.yml","en-us/the-source/ai/how-to-put-generative-ai-to-work-in-your-devsecops-environment.yml","en-us/the-source/ai/how-to-put-generative-ai-to-work-in-your-devsecops-environment",1761814445355]