2022 State of DevOps [On-demand Session]

Nov 22 2022/Events/31 min read
We’ve assembled a panel of experts for our final webinar of 2022 to look back on the year and discuss key learnings and trends.

DevOps attempts to merge development and operations to develop better-quality software products. DevOps is constantly transforming and has never been more popular than it is today. In fact, “DevOps” is one of the top most searched for phrases in the entire IT industry. So what happened in 2022?

We’ve assembled a panel of experts for our final webinar of 2022 to look back on the year and discuss key learnings and trends such as:

- Trends for DevOps practices and culture in teams
- Workflows and tools that are being adopted
- The trends in deploying software with containerization and Kubernetes
- Programming languages that are rising quickly to the top
- Our favorite security vulnerabilities and tools to help
- A look back on supply chain security trends of 2022
- How the recent tech industry layoffs could affect DevOps and security

Ciara Carey, Developer Relations, Cloudsmith
Aisling Conroy, Senior Manager Competitive Intelligence, CircleCi
Luke Kilpatrick, Director of Developer Experience, LinearB.  

(00:05) I'm Ciara Carey and Welcome to Cloudsmith monthly webinar on all things devops and supply chain security excuse

(01:10) my cookiness for our final webinar 2022 it has to be on the state of the devops in 2022 so we've assembled a panel of experts to look back on the air and discuss our learnings and Trends so before we get started let's go through a few housekeeping notes we're going to be randomly drawing for prize box at the end of the webinar so stay till the end to be in with a chance to win we're streaming on Twitter LinkedIn YouTube and our webinar platform so um if you want to ask a question just use whatever streaming to you're using

(01:46) the chat function or tweet and our very own Hillary we'll be monitoring them and sending them back to me also have a poll so again send in your answers and whatever streaming platform you're using and Hillary will give all her findings to me so so uh let's let's go let's kick off our topic is on the state of the devops in 2022 there's lots of stuff happening in 2022 like how has our developer tooling changed are we getting any better at developing software uh has software supply chain security changed our

(02:27) developer practices there's loads of reports out there at the moment the door reports LinearB reports on um the the languages with the best workflows CircleCI see I have a report on delivering software that's the sack overflow uh stack Overflow a survey of developers so there's so much out there and we are joined today by two representatives from the devops community from Circle CI and Linear B so this is a great opportunity to bring them on stage Aisling and Luke

(03:18) you don't have to introduce yourself so uh Aisling is a senior manager of competitive intelligence and CircleCI is a CICD platform and it helps you build tests and all those automated things when you do when you're building software and Luke Kilpatrick is the director of developer relations and LinearB here LinearB focuses on developer workflow tools so finding those border lacks and helping helping you build software better software faster so I'll start with you Aisling and I

(03:53) actually worked with Aisling and we're in the same section and HP like it was probably a while ago now you're like oh gosh 10 years it's going back in history all right yeah it feels like a different world I know yeah it was it was a lovely it was a lovely team but um you were doing competitive intelligence like right out of college basically but yeah what is it like it seems like a long time to be doing like a like it seems like a new thing competitive intelligence but what what exactly is that yeah I was really

(04:25) lucky to find competitive intelligence so soon after college so I've had literally over 10 years working in competitive intelligence now and um it can mean different things in different sectors and like you say I think it is becoming more mainstream or more people are aware of competitive intelligence and but what it really is or what like why I love doing it every day is that um I spend my time kind of tracking all the major market trends that are happening particularly for devops and hopefully we're going to get into talking about

(04:53) today and I'll take all that and kind of match it with what I know to be like some really important trends that make the most uh which are most important for Circle CI and kind of take them make them insightful and see based on that uh well what would we do differently from a product or from a business perspective like and help that make business decisions and also it has the benefit as well of knowing to it really helps sharpen of like okay where is our product different versus what everyone else is doing

(05:21) um yeah yeah one thing in devops is like there's so many tools and there's actually a lot of overlap between like it's like are they my competitor or are we like okay we find that it's there's a whole lot of us and the other great thing about devops as well is that different from other places and uh in product categories and everything's open you know everyone talks about stuff and shares so there's a lot of information to get through and like you mentioned all the reports as well of being able to

(05:51) see how Trends are adapting over the year so uh so yeah it's definitely rich in being able to get a lot of information and build a lot of insights out of it yeah so and Luke so uh Luke Patrick is uh from Linear B last time I saw him was at a conference and his presentation didn't work and he just like winged it and was like perfect so I was super impressed I would have been out of there so but I think you were talking about get stream do you want to um Talk a bit about daughter here we go here we go the presentation

(06:29) worked the screen did not work my presentation was fine it was the so I did the presentation off the gitstream website uh and everybody had everybody go to it on the laptop so uh you know I had record web traffic for the product that we released like five days before the conference and it was uh it was in New York and it was uh a great thing it uh just to clarify but our director of developer experience and developer experience means a lot of different things to a lot of different people and we can go into that a little bit later but um the main

(07:03) thing that get stream does is you know we've done a really great job of optimizing that Ops pipeline getting once you get something into the continuous integration and you can start working it through the chain to get it deployed we've done really good as an industry on that the problem is is that there's still humans involved and the more humans you involve the slower everything gets and I'm out of here yeah yeah you know and and a lot of times when you put you and you kind of do a one size fits-all approach and you treat

(07:28) All Humans the same and you know there's some good I there's a lot of ideas we're treating All Humans the same is great and there's a lot of ideas of treating you know when it comes to code there's a lot of differentiation between different people when it comes to code review and so that's something that uh we're trying to help solve and speed up and that's what git stream does it started on our topic so uh Aisling and I'm gonna I gotta ask you first what what do you think is one of the top

(07:57) trends of 2022 with devops with devops yeah that's the thing because I mean 2022 I mean every year is exciting and interesting and different but certainly this year I think when I was back in 2021 looking into the year ahead uh and the the kind of energy and types of plans that I saw a lot of people have it was on this Grand scale uh and I think over the year a lot did get done um but maybe just given I mean I'm reminded of that like uh that boxing phrase is like everyone has a plan until you get punched in the face and that's

(08:29) kind of what it felt like in 2022 um but uh I'd say okay at the end of the year uh whatever about what the plans we started with a lot was accomplished by the end a lot of Trends emerged and I heard someone put it this way they thought was really good uh 2022 the year of the dry kiss uh what they meant look at that was that dryer things are getting a lot more don't repeat yourself things are getting a lot more efficient there's a lot of focus on tooling and uh kind of new features to help people

(08:59) spend less time on manual stuff and become more efficient and the kiss the keep it keep it simple and so I think there's a lot of emphasis on Simplicity and I look at um open source tools uh other tools where there's a great focus on interoperability let's make it really easy to whatever this thing does make it work really easy with all the other things we know people use as well um and then I guess maybe also kind of on the easiness side there definitely was a move that I saw of a lot of products and becoming more broad or

(09:32) being able to um account for a lot more different use cases so like specifically having something that helps specific types of programming languages or maybe work specifically with new operating systems um so that's where I saw things kind of become more about efficiency Simplicity and just like we said things are complex people are dealing with the loss and these kinds of things I think helped a lot in this year yeah yeah like I know one of the um the top well one of the trends I saw I was an open source one of

(10:02) the the newest kind of Open Source uh product that's really like people started adopting is like six store and a big part of that was like to make signing simple and that's uh and that's really part of that supply chain security Trend I suppose so and and what about you Luke what was your top trend from 2022 so so my big top trend is um you know I'm focused a lot more on the you know Dev side versus the upside of devops but I also been seeing a big Trend uh to bring kind of this new role new area and it's been sort of happened

(10:40) the last two years of developer experience are also called platform engineering where you've we're seeing teams where you know a good chunk of the people are writing the feature code to get the next thing but then there's also usually like a senior team or other people that are focused really on those tool chains on making that developer experience better making the Ops experience better and really focusing on you know getting that code all the way through from it being written to deployment and actually spending time

(11:09) and looking at that and some of the most advanced devs are kind of in that area and they're titling a lot of it developer experience and developer uh or platform engineering and it's almost like this evolution of devops that we've been seeing is going to this sort of that next step is okay we figured out devops but now we need to do look at this whole thing holistically you know devops is has always been I've always said it's as much of a people problem as a technology problem and by bringing

(11:39) these new words into you know focusing on developer experience and Technology experience and how that affects your day-to-day um I think that's been a really big Trend and I think you know bringing more of the humanness to uh your thing so when you automate something great but are you automating to save time are you automating to stay for liability and and how those things are happening and changing the platform you know have one that's responsible because we all know there's tons of tools in the chain and

(12:10) having people that are responsible for bringing those tools together as their full-time job rather than it being oh yeah we got a bunch of devs and they kind of all do SRE and they all kind of do whatever devops and they all kind of do this having people that are actually dedicated experts to this thing and actually you know uh I'll use the other uh methodology a dry of directly responsible individuals uh for those tool chains and getting those um in place I think has become a big Trend and uh uh I think it's it's a good

(12:40) way that uh that we're moving as an industry yeah I remember a few years ago I was working with the developer and um you know we were moving to the cloud and we were containerizing everything and I felt like I was starting something new like every week but that was like a bad thing you know like I I you know I was like and I wasn't an expert at everything and like I'm I was sure to make configuration mistakes and it seems to be a lot of focus on realizing that if you want developers to be uh produce better codes that you need to

(13:18) take some of that configuration work away from them take some of that uh I suppose like that platform work and so have people in specific roles and not do everything themselves and how that can improve efficiency and then also maybe even um there's less unplanned stuff because it's not like oh you're learning something new it's it's it's that you're you're working on your code which is always I really like the restaurant metaphor you got developers that are chefs they're they're there cooking but having

(13:53) the platform engineering team being like the sous chef uh being able to prep everything already so that that they can co-co cook quickly and then they rotate back and forth so you know most high-end chefs are only as good as their Sousa Chef if you don't have a good shoe Chef prepping your world for you your restaurant's gonna fail and everything's gonna blow up and the waiters are going to come you know it's just a mess whereas if you've got those two teams working together and a lot of

(14:18) times I'm seeing real people doing you know okay one Sprint we're gonna go do Platform where the platform team the next Sprint we're going to be developing new features and then you swap back and forth so that people get chances to cross-pollinate so that hey people can take vacations but also um you get that um you get the whole the whole system is viewed as a platform like you're actually everybody's trying to go to platforms so it's not just you know we're all working on the accounting app

(14:45) it's no we have a platform that this business runs on and whether it's internal apps external apps however you're doing it everything's got to talk to each other everything needs an API and all those apis need to be configured specifically for every company in use case yeah it's really interesting that you mentioned the uh the the restaurant example because I know I read a great book from Jeff Lawson recently ask your developer CEO at twilio but he actually had a I think a Michelin star Chef come

(15:12) in and chat to his team but by platform teams and about how they could you know the focus on the customer and try to think more like the sous chef example you're all working creatively on something together let's do it well as a team um so I think there's definitely a parallel there okay yeah and a lot of the reports as well actually they're like um talking about how CI CD is so important I sometimes like when you're working in devops you're kind of and you're going to these conferences you kind of presume

(15:40) that everybody already has all these things that everybody has version can show surely everybody has cicd but it's it's not it's not like everywhere there's uh I I always I always like the uh uh quote uh the future is here but it's not evenly distributed that captures it very nicely yeah Ed yeah uh we've done a lot of our research um you know where we found our problem was we've actually you know most companies that are adopting Linear B are younger Cloud first you know mid-sized startups uh media such companies the

(16:19) Legacy Enterprise the older Enterprise companies they still have a lot of systems you know on-prem Cloud hybrid all these different systems and they're not they're you know but because that that biases our information a little bit for our research but we've got these adopters that are using Linear B which is a metrics package that kind of looks over your whole developer team but we found where the the the the the bottleneck was was in the PRS uh that code review and so we came up with this thing you know a lot of our customers

(16:49) the CICD stuff is working great they've got that good and their bottleneck is actually human and so we came out with get stream as a way to start to put almost like the same idea of like Ci and CD which is you know automating the um deployment and the integration we're now trying to help automate the merging and we've come with this term continuous merge where you have a yaml file because you know we all in devops we all love yaml files right everybody needs the yaml file you get a yaml file you get a

(17:18) yaml file uh and uh but basically you define how to merge code because a lot of times how to merge code in a developer team it kind of becomes a dark art sometimes it's all stored in one guy's head some guy sometimes it's written down sometimes this is a readme file but we uh we always like anything that we can put as code configuration is code uh merging as code anything that you can code and automate you can get agreement on you can get it under Source control and it helps you get just you know because we all want to get to

(17:48) production faster and then we want production to stay up those are the two things I think that's that's that's rule number one of a devops team is get its production and keep it up yeah and so do you find that uh is it like trying to encourage people to have smaller peers is that a big uh course is this that's like your Step Zero like small PR's are better but the other problem is PRS are expensive they take time you're taking it minimum two developers going back and forth on the pr to get it into

(18:23) merge right so you're sucking up two very expensive highly paid developers potentially um to do that and going back and forth but you know do you really need two developers to change to um code review a white space change in a documentation in documentation or you know if you're writing a whole bunch of tests do you really need that reviewed um they pass the test or not so it's it's getting this right sizing um you know whereas if someone's doing a configuration change on your production environment or trying to you know

(18:55) working on your Helm charts or any of these other you know doing your circle CI configuration um you want that you want someone to spend a good hour half hour making sure all your keys are correct making sure that that's right you know you might want three pairs of eyes on that so it's it's getting that right sizing the amount of review and the amount of humanness looking over before it hits your CICD pipeline because sometimes if it hits your CI pipeline it might already be too late or you're gonna it's

(19:22) gonna fail and it's gonna get back to the developer and you're slowing down again you've seen like a focus on trying to approve flaky tests is that like uh it feels like I've heard a lot about flaky tests being a problem this year yeah and you know now I think that should have been one of my top trends like because you're right I mean I think there was it was really great to see that kind of emphasis kind of shift over this year I think people are more like we're number one aware uh of of of

(19:57) testing but also like the way they're talking about it kind of becoming more uh um aware and in tune and mature um so I know for for what we see at Circle CI and it's interesting and Luke's talking about right sizing because um yes everyone wants everything to go faster and you do want to have this like Optimal size of Pipeline and bring stuff through but what we see actually is that 10 minutes is about what we think is the um optimal time that you'd have for a pipeline run and if you are finding that

(20:26) things are running well and you're under that 10 minutes uh Benchmark and it might be that you do have more space to add more tests and be a little bit more aware about what else you can put in so that you're doing really good test driven developments um and certainly I think what I've seen in terms of flaky tests is that we've moved a lot from I think there's a default of oh it's flaky I'll just rerun and I think that's still maybe what a lot of people [Laughter] but like the more now this um there are

(21:03) more metrics there are more there are more faster feedback loops there are more uh flags for folks to say okay something's wrong maybe I need to do something different here um that that's all helping um I think design things better and ultimately make things that will run faster for us um but yeah I think there's a lot done this year and more emphasis to come in the coming year yeah I could see a massive uh change with tests because I think as let's just say it there's been a lot of Leaning out of a lot of different

(21:35) companies uh especially around the two to 200 to about 5 000 person startup like we've been seeing almost daily um you know oh you're you now get 20 less people surprise um and I can see automating testing you know in a lot of places oh we'll we've we do CI now we don't need a QA Department uh we don't need those things so I I think a lot of people you know we're going to have to do more and more automation because quite frankly if we don't uh you know yeah we're being asked to do more with less

(22:10) and I think we're going to be asked to do more with less as an industry as a whole um and the only way that we're going to survive is automation yeah I think um yeah Automation and trying to enter integrate all the all the desperate all the different [Music] different in one pipeline you just you push your code and the whole thing runs like that's what having like scanners in that and not like having it as a different part of the pipeline is um that's something that we've seen anyway and that's one of the reasons why

(22:45) we added security scanners in Cloudsmith to uh to check for vulnerabilities but um okay so we have a poll what do you think is the biggest Trend in devops in 2022 and I gave people a few different uh answers here or a few different possibilities bringing automated security like scanners into your CI uh AI driven tools to help devs write code I think maybe a bit early for that but it's multi-cloud uh supply chain security or serverless so bringing automated security like scanners into your CI has gotten the most answers there and also

(23:28) multi-cloud is pretty big so uh I I feel like this year I'm hearing less about hybrid cloud and more about multi-cloud so maybe like on-prem is not as as uh is losing traction and sort of but uh how about you guys if whatever what you think about multi-cloud I I I disagree on the on-prem going away I actually think multi-cloud is actually the combination of on-prem as a cloud uh you know you've got tools from nutanix uh for conversion infrastructure um a lot of stuff is going to be brought in as we've been all following the drama

(24:07) um the two data centers that either they don't they don't use I think they burst out into clouds but infrastructure has been kind of published online which is actually really interesting it's been kind of neat to see under the hood uh of there there's been some great Reddit posts by people that used to work there about how they actually set their infrastructure up and how they've actually been able to survive after losing 50 of the people because they actually have a well well set up infrastructure

(24:33) um but this idea of multi-cloud where you can move your load to any Cloud that you need to depending on cost and you know if you're going to do Black Friday you might have your on-prem you might have it in Google you might have an Amazon you might have a digitaloce you might have it all over the place so that you can serve the customer as you need for that big day but then you might collapse back down onto just on-prem because that's enough to take your day-to-day and it's usually on-prem tends to

(24:58) um be cheaper in the long run at a certain size and scale you know usually when you've you've got a certain set of users um you know the public clouds become very cost prohibitive and you're better off to do using a burst model versus a non-prem like um you know and then you also got other places like Walmart uh does a lot of really good stuff on-prem because and with the uh private Cloud because they don't want to give money to their competitor you know there's ad and then also federal government there's

(25:26) there's a lot of stuff banking on-prem's not going away it's going to be where you can burst to and and what type of security you need but that's why multi-cloud I think is changing from this hybrid idea a total plus one to that and I I think as well with the on-premise there may even be certain industries where they'll never be in the clouds you know like there are just certain things like maybe you're on an oil rig maybe you're in Aerospace it just will never make sense to be in in

(25:51) that cloud so there is that portion but I do see if we're looking at the numbers like there is more adoption of the clouds but there'll be always be a certain portion it doesn't go away and maybe even um there it'll make sense that there's certain types of compute that you want to have in-house like I know M1 is kind of a Hot Topic since it's launched there a while back and that might be something that folks want to have in-house and if they want to configure for specific types of compute I think that's

(26:16) something I've seen a few articles say that like coming in 2023 we're going to have more options in the cloud to have more configurable resources so uh there'll be more options for folks to do that that way and maybe it's even also a little bit of an evolution so like I know Edge Computing is different um but you know you're going to be having data centers in places kind of like you're saying it's like in places they weren't before you know um so the nature might be changing kind

(26:41) of we saw the evolution of platform teams and we've seen an evolution uh in how people use multi-cloud here as well um one other point maybe on them on multi-cloud that I think will make us uh be a focus for next year is that there's been Rumblings that I've seen um in uh in uh in newspapers and news articles like tracking legislation at least in the US and that say that uh we might companies of a certain size say like the the fortune 50s and Fortune 500s will have have to adopt a multi-cloud strategy kind of as a best

(27:15) best practice resilience kind of strategy so there may even be other reasons why folks might want to invest in multi-class Cloud strategy Beyond looking for costs but uh yeah I think the US government took on Google to one of their is that yeah yeah the Jedi contract that everybody's been it yeah that's a that's a whole mess because it's been it's been kicked between all three of the majors um and I actually know yeah it's uh it's been interesting stuff I actually think one of the more interesting like were

(27:52) you saying about cost is another Factor uh Vegas casinos they actually run two each Casino has to run two on-prem data center because locally because of uh regulations and then they burst out to Cloud as well so all your slot machines everything everything in Vegas is a computer and it's kind of like a great example of a massive Edge Network um all the cameras all the stuff that's going into those things because and they're doing some really interesting stuff with fraud detection and image processing and there's there's some

(28:22) crazy stuff going on and a lot of really interesting Industries and yeah you need massive amounts of compute that you can burst out to yeah so oh there's one that I wanted to ask you Luke about you Hal and your we have a report about the fastest uh programming languages to actually get a PR emergency yeah yeah I love talking about different program languages it's kind of like a football team you know like oh I I almost think we might be starting to programming language I don't know if they're if a team is a good idea but I

(28:53) almost feel like it might be starting to go into religion yeah you know it it was an interesting report because yeah uh Linear B um our main product is this metrics dashboard that you put in between your jira or your um you know sort of source of Truth your ticketing system and your git repo and it actually monitors between so it actually sees what's going on and it can check and see what works planned what works unplanned how you know how are you reaching your goals it's a lot in a lot of ways um you know one of the things I like

(29:33) that's the easiest way I explain it it's kind of like how Salesforce works for monitoring your sales team this works for monitoring your engineering teams and one thing we're really clear on is it monitors teams we don't go down to the individual developers because that's just a way to destroy your culture no one wants to be stack ranked right so so it's very much at the team base but what we found is yeah different languages take a lot longer to code review and you know like C++ and anything where

(29:57) you're doing your own memory management I I see that taking a lot more time because there's such a much much more difficult uh stuff to code whereas if something's really abstract and there's a lot of really easy tooling good linting stuff good stuff like Visual Studio code that can do your debugging for you um you know your review cycle shorter because a lot of the times the developer is catching stuff in the writing of it um faster because you got more tooling to help you find the bugs before they

(30:26) get merged before they get that kind of ties into that like um improving uh developers efficiency and quality of code using too or is it kind of ties back inside because I was surprised to see Java and C sharp at the top of that list but it's because they have a they have a great amount of tooling that works with them just integrates with their IDs that it's like they they're at like 15 hours which is a comparison to like the average of 40 from from that report it's like it's that's really

(31:00) impressive well and I think a lot of those um those languages are also going specifically into you know uh client server applications and stuff there's not there where's the a lot of the other ones are are focused with web and different interfaces so you it's there's a lot of there's there might be less stuff less enough to test um and there's there's just more you know there's just a lot of they're both also uh more mature languages that have a lot of really great tooling like that

(31:27) you know um and that's and that's a big that's a big Trend um you know and that's you know JavaScript and typescript those are both do I find it interesting that typescript is uh longer than uh um what you call it um uh longer than JavaScript because you know if being a little stronger type and stuff but uh maybe it's like JavaScript is maybe it's not as reviewed as we we always have a joke uh you know why you want to do smaller pull requests 10 line pull requests someone's going to go

(32:03) through and complain about tabs and spaces and white spaces and spelling mistakes if it's a 500 review pull requests lgtm looks good to me and it sets right and and that's the thing we don't want to have and so maybe it goes into like different cultures that these languages have maybe some other languages have a more thorough process maybe it's because what they're doing is more um uh system critical or something like that like so but um okay well I'm gonna talk about one last thing before we go is like uh

(32:42) AI and software development do we feel like that was a trend this year do we think that like there is two people use Ai and software development to like I know there's GitHub co-pilot and actually Ashlyn did a circle CI you you uh what did you you acquired some AI yeah that's right yeah I mean it's been really interesting Year from an AI perspective like it's another one that I think everyone was really excited to start the year that there's going to be just AI everywhere and I see AI coming in like we we do see it being

(33:18) uh becoming something that there's progress being made on but I'd say it's not quite at the stage where it's taking over everything um I mean every time I chat with uh my new friends uh from phony code they're part of CircleCI know I get really excited about what they're doing and um the ways they can help and uh in config to make things easier um and uh Visual Studio code extension that was launched recently does a lot to kind of help on the efficiency side um but I think it's uh it's still

(33:48) something when we talk about AI uh it's something that can have the ability to help um I think I've seen a lot of reports on people say when they use AI they're happier and they feel more confident but also also at the end of it the code might not be as secure and I think that's something that is it because you don't understand it or hears it because maybe you're repeating yourself more because it's like you know like you don't need to because you're not writing it yourself or something

(34:17) that you're like uh the it's it's uh you might have bits of code that are similar in different places is that is do people is that a problem or I I I I think that there can be those kinds of problems and that's where I think anyone thinking about okay what what how should we implement this it should be done with the very reasoned approach uh it's not yeah adopt and go I think this is something we'll need a lot of kind of working behind the scenes checking if it works for your own specific uh use case

(34:47) and some gotchas that might get you along the way like some of the stuff that you're talking about Kara yeah I I think there's some really interesting stuff with AI um especially about ownership you know like that's a really big question I have I haven't seen I don't think it's gotten fully tested to the courts yet because um American copyright law and European copyright law and World copyright law is all a mess um but there's also you know there's um you know it's it's it's like if you

(35:21) adopt a code from an npm repo into your thing or you know you're pulling it from that how is it owned how is it licensed is that GPL being infectious there's there's all kinds of different things with licensing the AI has to take into account and that the AI algorithm is wrong you could end up you know there's a big risk there you can end up having to open source massive Parts uh um of your code actually having to now be open source because you you sucked in some code that actually was you know

(35:51) gpl'd and you know there's there can be some real real issues and like we're starting to see some interesting stuff with um this big Trend with I think it's lenza of all these people posting you know you load 20 pictures and then AI spits back a whole bunch of other pictures um some are really interesting some are really really fascinating um John Oliver did a really great segment on on AI doing images with him and such but I'm wondering how that's going to look for code and if the images

(36:21) that come back are slightly off and slightly crazy and slightly things um how much is it going to work with uh with code and rights and yeah there's there's just a lot of uh it you know I I feel like they're we're at the cusp here of it's it's going to happen go putting the genie back in the bottle isn't going to happen um computers algorithms are gonna there but it's what type of controls are being gonna put on it who owns what if AI you know if the AI pulls up a license or something and it brings it into your

(36:53) code how is the compensation done is it you know is it infectious there's I think there's just a whole lot of rules that really need to be looked at and again going back onto the human rules rather than you know relying all on the computers it's we have to set the rules up before the you know the sooner we set the rules up the regulations otherwise we end up basically like what we've got with crypto right uh we have a fully unregulated Market that's causing lots and lots of pain right now

(37:20) um you know and this also to understand what's happening I suppose and it's the same way the stock market happened in the 20s you know as things mature regulations and rules and guidelines have to get created because if you don't have the boxes drawn around you keep breaking out of them and hurting people it like I remember seeing an article that said uh the the age of the high school essay is dead because of chatGPT and I don't know if you if you've played with us but I mean some of the

(37:51) stuff it comes back with can be kind of on the money and then other things it just completely computer says this webinar I was like what are the trends 2022 for devops but they didn't tell me because it was like oh my data is from 2021 or something but I was like oh [Laughter] it could have been so easy yeah for the webinar it's okay I got the answers one last thing I promise it's the last thing what do you think are the trends in open source this year or is it one of the trends I think is like it's been two

(38:32) years since Supply uh since solarwinds which was a big software supply chain hack and we either kind of it's helped us even though I don't think that was to do in open source but it's it's kind of helped us realize how dependent code is on open source and this year I feel like there's more to laying around that and more like um software Frameworks to help us be more secure while using open source what do you guys think or it's definitely a lot of activity happening in open source this year and I

(39:08) guess to start on that point um the open policy agent is another software an open source and project that I'm starting to see crop up in a lot of different places and it's great to see that kind of adoption and um especially even if I look at how that's being adopted adopted the Linux Foundation does amazing uh metrics and research on how tools are being adopted by different companies and particularly I see in like Finance accounting those kinds of companies that's there they're using more

(39:36) um open policy agents rules and so that's that's one another one it's been really great to see so many um uh open source tools in the kind of software delivery side graduates so we saw like Argo techton um I think flux CD like so it's again going back to I think the maturity that we're seeing in our industry um so a lot happens this year for sure yeah and I think open source is a as a whole is healthier and um you know especially when it comes to security I think the old idea of oh people just can't see your code that's

(40:09) what makes it secure is uh going away and people you know they don't have you know the level of trust that the industry has for other people's code um is lower than it probably has ever been and therefore being able to actually see this close then where you know and this is right now we're giving away get stream for free but it's a closed Source product as we're working on building it because quickly we don't want to open it up until um and people look at our code until we've got it into a solid product and it

(40:38) you know is well documented and looks good because yeah when you open source something um you better look good or else people are going to uh you know if you're not up to a standard people are gonna people are gonna say huh how do that that works that way that's that's kind of interesting why did you make that decision if they're being nice if they're not being nice well you know yeah so I suppose another reason do you talk about trust and how um where have less trust in code and I suppose that's

(41:14) where all this stuff about sign in that's coming in and getting some metadata from your bill to like your CICD and kind of using that to build a picture of how the software is built and that's like big for cloud Smith as well so um yeah I think that's that's huge this year supply chain security and signing and open source tools to help you secure and also um to secure your your code so yeah there's a lot there's a lot of times so I think uh we'll we'll end it up just there I we're gonna we have a few prizes

(41:54) Hillary is going to reach out to you guys after the event and um yeah so thanks for everybody for coming to the webinar the next one is on in January and it's going to be

(42:43) predictions for 2023 of course this one was uh what happened in 2022 so the next seminar has to be on predictions and um the person moderating it and will be Dan McKinney because I'm going to go on maternity leave I will be I'll be gone for a few months but and I will before we leave I want to say thank you so much to our wonderful guests Aisling and Luke you guys have been insightful and interested and we're we're delighted that you came on
Get our next blog straight to your inbox