The time for DevOps toolchain consolidation has arrived, says GitLab
With Version 15.0 the DevOps vendor is doubling down on its 'one platform' message
GitLab is pushing its credentials as a one-stop platform for DevOps, with its latest major release.
In an interview with Computing at the KubeCon event last week, Kenny Johnston, senior director of product management, repeated the phrase "the one DevOps platform" more than once. Not coincidentally, this tag line also features prominently on GitLab's website and in marketing materials since April, and is an indication that the company believes the time for DevOps toolchain consolidation has arrived.
"The statistics show that most organisations are planning on doing DevOps, but they are not mature. And we're consistently finding that that maturity is inhibited by too many tools, too much glue-ware, and often times it's old glue-ware that was supportive of a non-DevOps model," said Johnston.
Not that customers generally want to go all-in straight away. They typically adopt GitLab for its source code management (SCM) and continuous integration (CI) capabilities first, he said, adding other features as they continue their DevOps journey, including, commonly, package and issue management, operations and security tools.
Consolidation of the DevOps toolchain has been anticipated for some time, particularly with the big cloud platforms offering their own solutions - integrated to a greater or lesser extent - but it has been slow to happen as it's a fast moving area where developer choice has been all important.
GitLab says this is changing, citing a 2021 Bain study that says About 60% of companies say they plan to consolidate on DevOps platforms over the next three years.
However, a recent Computing Delta survey among UK IT leaders found little urgency to consolidate, with them weighing the convenience of having everything in one place against the ability to adopt best-of breed where they want to (although many thought they would ultimately go all-in on a cloud vendor's offering).
Source code management (SCM) was one area where consolidation was definitely thought to be advantageous, with 86% saying it's best to settle on a single SCM platform, but in other areas preference was less clear. Only one-third were keen to consolidate their code security tools for example, the largest proportion were unsure. Nevertheless, it's a safe bet that as DevOps beds in, standardisation will occur.
GitLab's latest major version, 15.0, released today includes container scanning for all tiers, advanced search, and a WYSIWYG editor. With announcements of more to come (a new point version is released on the 22nd of every month with planned features flagged in advance), in the areas of product analytics and experimentation. Also coming down the line are new DevSecOps features; a focus on software supply chain security including upcoming support for Software Bill of Materials (SBOM); improved compliance management; scanning and auditing; and Agile planning and workflow automation features.
This month, the company also open-sourced its pull-based deployment feature, making available what was previously an enterprise GitOps feature to users in the free tier. This is a Kubernetes-only feature that automates code deployment. An agent installed in a Kubernetes cluster pulls changes from branches whenever there is a deviation from the desired configuration, as specified in the manifest.
"You don't get the config drift you get with the push-based model where you can have different versions existing," Johnston explained. "It makes for a better development experience, and it's an important security paradigm."
Acknowledging that other vendors, not least Microsoft's GitHub and Atlassian, are following the DevOps platform trajectory, Johnstone insisted they are following a lead established by GitLab. It's important to listen to DevOps teams and provide them tools to make their lives easier, particularly on the operations and security side, he added.
"DevSecOps is really hard to do if your developers have to jump to a different tool. They'll likely just ignore it. But with security integrated, on every commit you're getting feedback about the implication of the code you wrote. One benefit of that one DevOps platform approach is not having to sacrifice security for speed."