Brandon Jung, VP of Alliances, Gitlab & Board Member, Linux Foundation, sits down with Stu Miniman & John Walls for AWS re:Invent 2019 at the Sands Expo & Convention Center in Las Vegas, NV. #reInvent #AWS #theCUBE https://siliconangle.com/2019/12/06/qa-gitlab-empowers-devops-making-cisos-happy-reinvent/ Q&A: GitLab empowers DevOps while making CISOs happy There is a deep relationship between the speed of application development and the matter of securing the software. It seems that as one factor goes up, the other goes down. And, of course, to thrive in the app development operations world, there’s demand for a well-balanced formula of both. Chief information security officers might not agree to speedy prototypes and quick implementation of unproven infrastructure, which slows down the DevOps delivery process. To accelerate this, the security would have to belong to the entire software lifecycle. GitLab Inc. was built with this idea in mind — to provide support for the entire DevOps lifecycle, including security. The company accomplishes this by taking the Git basics and using CI/CD pipelines. This combination helps organizations focus on the software lifecycles and deliver frequent code changes. The continuous integration, delivery, and deployment formula can empower DevSecOps to push security and collaborate with DevOps. Teams can ship their applications faster and go with a security passport in hand, according to Brandon Jung, board of directors at the Linux Foundation and vice president of alliances at GitLab Inc. “Being able to do the security earlier is so much faster because you’re not having to iterate later … Devs are more and more saying, “That’s not going to change any time soon,” Jung said, Brandon Jung, board of directors at the Linux Foundation and vice president of alliances at GitLab Inc. “Empowering those devs to own the security … they love that.” Jung spoke with Stu Miniman (@stu) and John Walls (@JohnWalls21), hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS re:Invent event in Las Vegas. They discussed alliances at GitLab, GitLab for DevOps lifecycle, the debate around development speed versus security, and the open-source community. (* Disclosure below.) [Editor’s note: The following has been condensed for clarity.] Walls: Let’s talk about what you do at GitLab? What does that encompass? Jung: It covers all of the big key partnerships with us. So that’s going to be obviously Amazon, the other big cloud providers, a lot of strategic technology partnerships, and then all your system integrators … and then functionally anything else that comes in. Miniman: Git, of course, is one of the predominant drivers for the proliferation of open source. Tell us a little bit about … why GitLab is so critical to what [your customers are] doing? Jung: We’re Git, so that was where our base was when we started in 2012, 2013. So Git continues to be that core piece you need. So whether you’re doing GitOps, infrastructure as a code, or application development, you’ve got to have the estate. And then a couple of years later, we picked up and did a bunch of stuff in the CI/CD space. And, initially, we had them separate, and customers kept saying, these might work well together. And to the Linux world, it has always been a single tool, very sharp, very narrow. So we held off on that for a long time. Then we finally said, “We’re going to give it a go.” We shipped them together, and that led to where we are now, which is we think of GitLab as a single tool for the entire DevOps lifecycle. Walls: When you talk about security, is it being reflected in budgets? Are people making these kinds of investments? Jung: For us, a big growth area is application security in a pipeline. The notion of shift left. And it’s actually one of the easier conversations, because the CISOs really want to make sure that every piece of code is tested. Be it static code, dynamic code, license scanning, or all of the above. The way they’ve traditionally done it is at the end of a pipeline, and they make every dev unhappy because they throw it all the way back to the front with the dev. And [CISOs] kill the most important thing, which is cycle time, [which] is time from idea to shipping. So by shifting it left, there’s plenty of money, and the CISOs love it because they get all the code tested. And the devs love it because they get [instant] feedback. Being able to do the security earlier is so much faster because you’re not having to iterate later. Devs are … more and more saying, “That’s not going to change any time soon.” Empowering those devs to own the security … they love that. Miniman: So CI/CD, I think, leads to greater security. Do you have some stats around that for your customers as to how they measure that? ...