GitLab's Jason Yavorska on trends in the DevOps tools market

GitLab's product management director on progressive delivery, feature flags and evidence gathering

When Computing spoke to GitLab's director of product management Jason Yavorska in January we asked him to speak about the broad changes he's seeing in the DevOps tools market, as well as what GitLab has been up to. The interview is edited for brevity. A longer version is available on our market intelligence service Computing Delta in the DevOps section.

GitLab, founded in 2014, operates an end-to-end DevOps platform that's available as SaaS or on premises deployment. The company claims 800,000 paying users and that 100,000 organisations use its services. It is hoping to go public with an IPO planned later this year.

Computing: The market for DevOps tools seems to be consolidating. Would you agree?

Yavorska: Yeah, and I think that the consolidation trend is going to continue. I think there's a couple ways you can be successful. One is to be a solution provider. This is where we are, and this is where the companies that are consolidating are going. Then there's solutions out there like Tasktop that will help you kind of plumb things together, but you'll never quite get the same user experience across the board.

What about acquisitions. I'm thinking of Atlassian, CloudBees…?

The companies that are going after consolidation by acquisitions, I don't know how the exactly, they're going to solve that problem. The companies that are building I think are ultimately going to be the ones that are more successful because these things are tied together much more deeply.

The other way that I think companies can be competitive now is just be very small and innovate and really follow the technology and be a player in that in that space. But then you're having to maintain all of these technology integrations where you're not providing the full stack.

DevOps Live 2020 is coming to London on 18th March 2020. Subtitled 'Getting to the next stage' , this year's event is focused on scaling up initial DevOps experiments, maintaining momentum, gaining traction, and ensuring the organisation doesn't slip back into bad habits. Attendance is free to qualifying IT leaders and IT pros, but places are limited, so reserve yours now.

What are the big cloud providers cloud providers offering?

Both Google and AWS have got they got little point tools out there, but they don't seem to be going after it in the same way that Microsoft is [with GitHub] and looking at a comprehensive developer platform along with their cloud. It's always been the way with Microsoft. If you're a Microsoft developer you have the whole Microsoft ecosystem available to you and it's all nicely tied together. You get treated very nicely and you get a very nice environment to work in. Whereas AWS and Google tend to be a little bit more ‘Wild West'. I don't know why they haven't done so much yet, but I suspect it's because they have a lot of different kinds of customers who expect a lot of very different kinds of features.

But doesn't GitLab have a relationship with Google Cloud Platform?

Yeah, we're hosted there. Maybe that's their play, but they haven't told us that!

Apart from source code management (SCM) and CI/CD as with GitHub Actions and Bitbucket Piplelines, what other consolidation trends are you seeing?

Something that's a bit more of a wild card is financial planning tools that can tell you a little bit about how much you're investing in different parts of your portfolio, how much time you're spending doing different things.

The long tail of continuous delivery related stuff is another area. So feature flags - I think everybody's going to want a solution that they can bundle in their product and help manage software delivery.

Monitoring is another area where all kinds of different tools can add value. If you've got an issue management tool you add monitoring to it so your issues can talk about what they achieved in changing production. And then from a deployment system, it can monitor production after the deployment and potentially auto rollback if it sees problems with KPIs.

What about security? We've been hearing about DevSecOps for some time now. Are security interventions becoming more integrated into the pipeline?

Yeah, I think that there's a lot of interest out there in security and auditing in particular. One thing that we're doing, and I'm sure others are too, is evidence collection associated with releases, everything that happens from when you create an issue. So everybody comments on that issue, then it turns into a merge request; everybody works in that merge request and it ends up in a deployment to an environment; it's tested; it's deployed to another test environment and then it makes it to production. All of that data is super-valuable to auditors.

With continuous delivery, you really can't do this in the old-fashioned way. So, this automatic collection of that is super important. And that, of course ties into security.

Everybody wants things like the scanning in the pipelines to be automatic and security reports to be automatic, prevent the basic mistakes from happening and build all that into the pipeline. Most of the tools now integrate with pretty much any CI/CD pipeline, but deeper things like tying together evidence collection, tying together security across more than area, we're still developing that.

Continues

GitLab's Jason Yavorska on trends in the DevOps tools market

GitLab's product management director on progressive delivery, feature flags and evidence gathering

GitLab provides an end-to-end DevOps platform. Other vendors are consolidating their offerings. Isn't there a danger of a new set of walled gardens emerging?

There are a couple things that protect us from that. In our handbook it's communicated that we play as well with others, so we're always trying to design our future so that any individual part can be unplugged and you can use whatever you want. We want you to use GitLab, and so we don't want you to not be able to use GitLab because you need to use JIRA at your company, or Jenkins, although CI/CD and SCM is typically where we get in first.

It also helps us in that regard that we are open source. So, you can run us on-prem, you can you can see the source code, you could fork it if you want to.

Our research recently found that 75 per cent of the CI/CD solutions in use are open source or open core and this seems very much to be the way things are going. Is there a future for non-open-source DevOps tools?

There are plenty of products out there on the market that are that are not open source. And GitHub is a very big example of that, and there are smaller products like XebiaLabs that are not open source, and they do okay.

I don't think that open source is the only way to be successful, but I do think it helps with early adoption because it's a little easier to spin up within your department or within your team tooling that you just grab it and start using it. You don't have to fill out a purchase order and you don't have to have that scuzzy salesperson come over when you just want to try something out. Also, developers love it because they're often contributors to open source as well and it's easy to get up and running.

GitHub is sort of a unique case. They are respected because it's the home of open source, the social network for open source. So, they're credible within open source, even though their product isn't open source.

DevOps Live 2020 is coming to London on 18th March 2020. Subtitled 'Getting to the next stage' , this year's event is focused on scaling up initial DevOps experiments, maintaining momentum, gaining traction, and ensuring the organisation doesn't slip back into bad habits. Attendance is free to qualifying IT leaders and IT pros, but places are limited, so reserve yours now.

What's on your roadmap? What can we expect to see next?

We've got a bunch of innovation coming on in terms of pipelines and making those easier to use. But I think probably the biggest maybe splashiest thing that we've got coming around progressive delivery. It's an emerging idea, the next step beyond continuous delivery. Progressive delivery is controlling that moment of deployment until it becomes so blurry that there's no single deployment that you can point to anymore. The way that you achieve this is through automatically rolling out feature flags over a period of time, having monitoring tied into that where some customers are getting access to the new feature and metrics are being collected. Review apps are another part of that, where prior to the feature even being completed you've got access for users to be able to get in there and see what the feature is. It's just disaggregating that deployment moment.

Another the big one that that's important here is the evidence collection we talked about.

In terms of the overall market for SCM and CI/CD do you think we'll end up with the usual pattern of two or three huge players and lots of smaller ones in the niches?

I think it'll follow the usual pattern, but there's a lot of really interesting innovation happening on the smaller side. I think that because of the trend towards consolidation, a lot of the smaller CIs are more dedicating themselves to a particular stack or even a state of mind or paradigm. So, they're going in deep in some very specific areas.