Hey everyone. Thanks for participating of this conference to DevSecOps. 2024 from, confi 42. And today I'm going to talk a little bit about the improvement of, DevOps workflows with generative AA. So a little bit about me. I am Tulio Arruda, AI Impact Lead at GFT Technologies, leading a global product, focused in a developer productivity using generative AA. I am an 18 years Microsoft MVP focused on DevOps areas, talking about Azure DevOps, talking about GitHub, Kubernetes, productivity, career, and other contents like that. I'm a part of the GitHub Start Program too, and I'm the first one from Brazil. And I'm more recently, I'm a part of the Docker captain program as well, okay. I'm a speaker in technical conference like that. I'm a YouTuber about DevOps, about career, about productivity, about JNA, okay. you can find here the link for my YouTube channel. Youtube. com slash at Julia Arruda. You can find here my LinkedIn as well and my mail. If you need to talk about some content about this presentation or about something else about my contents. Okay. So to start this talk, I think that's an important point that we can explain our, your define here is what is the generative AA? Basically, this is an approach that you can use to generate a new content, such as tests, such a text, images, music, or in our case, source codes, code documentations or, unit testing, for example. I'm talking that it's an. Because we already have a lot of contents and materials and usable, AI tools, AI, frameworks, AI algorithms to, to provide us, many different tasks. And we, already using, artificial intelligence for many years, for different tasks is like a classification information or training, to support us to providing, Data classification to provide us, tools like a chat, chat bots as well. We can do. A lot of things with artificial intelligence from years ago, but, the general TVA provide this, easier way to interact with the artificial intelligence at, before the general TVA to work with artificial intelligence was, very hard and complex to do because we need to know. too much about the complex algorithms, about data classifications, about we need to have a, so many hard skills to work with, to work with artificial intelligence. But with gender TVA, all of us can interact and use the artificial intelligence, the to transform it. The scenario with, the easy way to interact. Basically, I can ask something and generate TVA will be answer to generate a good answer to me. Basically, this new approach changed everything. It's not only for software development life cycle, but for all areas, that you can imagine here. Okay. And to work in with, this general TVA. A new thing appeared that it's a prompt engineering to what is this properly? Basically, this is an art of crafting effective instruction to get best response from AA models. I'm talking here. That's an art because we don't have, exactly point or, exactly, exactly tutorial about how can you create your best problem. We have techniques. We have a lot of techniques of that. But, imagine that if I tell you to create a new prompting, for example, answer to me about, the vulnerability in the code and show me the SQL injection or other points in the code. You probably have one specific result. And if I try to do the same, the result will be so different, will be big different. Basically, the prompt engineering is an art because, you need to improve your prompt to create your prompt with your own ideas. I cannot tell you using this specific word. Using this, using that, you need to try to create something, to imagine, the results to test and test again, improve and improve it again, because it's not a fixed point, about the creation of this. If you change one thing, one small thing, if you include a comma in your prompt, your answer can be changed, entirely changed, okay? Basically, you need to think about that, to study about that. We have a lot of techniques. We have a different kind of promptings like a chain of thoughts, or one shot promptings. We have a different kind of this, but, the creation of this prompt is not a exacting point. It's a, basically an art to creating this. And, we can see here the different of these prompts. I put this in a PPT, but I can show you directly in, in my VS code. Let me open here. For example, let me try my first prompting that I'm using, in this demo, basically I'm requesting for GitHub co pilot, that building an application to display electrical vehicle, vehicle data and I'm request to give some options for how can I structure this app? Okay, I will send this for copilot and I will be, I will be received from this a good information. I will be receiving here, different options about, what I can do this, for example, an MVC, architecture. NMVVM, Microservices Architecture, Component Based Architecture, Serverless Architecture, Monolithic Architecture. And here I have one example. It's a good result. Yes, but, it's not properly that I need because I have a lot of options here, but imagine that if I provide more information, more context for, the co pilot, let me clear my, shed here and let me using my. Second version off the same prompting here in this version off this prompt. I request the same thing. I'm building an application to display electric vehicle data, but I'm including more information here. For example, I went to use express and typescript. Give me some options for how to structure this app. I'm informed that's a large scale project with more than 1000 users online. For authentication, I'm using Key Cloak for front end. we'll be creating TypeScript and the application will be deployed on Azure Kubernetes Services, for example. let me send this for my GitHub Copilot. And now, we can see that the information is, a little different. For example, I have here a project structure, a key components, information about key cloak integration, and for example here, source codes, to implement my key cloak integration, to implement my, route for vehicle data. Basically, I have more detailed, more examples about what I can do here. and for example, the container code to generate my, Kubernetes implementation, basically the point here is, if you provide more information, more details about, your request, if you provide more context or how many that they use, you provide in these, you will be received. best information. as possible. all the time when you need to use, generate two, like a chat, TPT, Google Gemini, or get hub copilot. In this case, the important point is providing more context, be clear about your request to prove to receive the good Answers. Basically, good things in the prompting, good things out in the answer. Okay. Basically, is that what happened here? And it's basically what happened in all tools that you are using. All General TVA tools that you are using. Or in the tool, GNA tool that you can develop in the future. Basically, the idea is the same. Context is important. The prompt is important and how many details you provide is very important. Okay? And Only to understand how this prompting, works on GitHub Copilot, but not only on GitHub Copilot. The idea, of this will be the same, in other JNAA tools like a JDPT or in the tool that you can be developing, using JNAA. Okay, the structure will be Something like that, with the change, the necessary changes. Like you are using, other techniques to interact with GenerateVA, but the core is that. The user will be making a request for your tool, in this case GitHub Copilot, for example, to create a web server in TypeScript. The GitHub Copilot will be understanding this, and Append a system prompting. What is this? The idea of the system prompting basically is a set of rules that you, provide for your system, for your, GNAA tool. In this case, for example, the GitHub CodePilot have, two lines in the beginning here. You are a friendly code assistant and probably have something like, you need to answer the question about source code only. you need to guarantee that you are not implementing vulnerabilities in the code. and you need to talk only about the code, without for, and you do not have answers. I don't know for polyfix or other contents without source code development. using the system tag with this set of rules, your DNA will be, Follow these rules to answer only the necessary information. For example, if I try to work to ask about, for copilot, about politics, for example, to get help copilot to be answered for me, something like, I was not able to answer about that. Okay. The idea is that of the system. area in the prompting. Basically now, I'm sending to GNA the user section, create a web server script, and assist an area with the set of rules from GitHub Compilator or from ChatPT or from your tool. Okay? And I send the both information for GNA like, GPT 4 or cloudy 3. 5 sonnet or Google Gemini pro. it's don't matter. I send this for my GNA and GNA will be understanding. Okay. I have these rules. I have this answer. And now, I have this rule. I read this question and now I need to answer this question. Basically now I have new, a new section called assistant with the answer from GNA. Okay. that response for your tool and your tool response for a user. Basically, it's that the workflow about the prompting on GitHub Compilator and other GNA tool. Okay. I'm talking about this, but you probably, asking for why we use Gene a in the SDLC, and I have here these four key points, but we can include other because we have a lot of benefits to using, JA in a DevOps workflow, but. These four key points are the most important for now for me, okay? The first one is the enhanced developer experience because, when I started to work as a software developer, I learned that the user experience is the most important part of software development because if the user don't like the experience, about don't like the user experience. The users will not use your application anymore. but yes, it's important. But the other part is important as well. The developer part, it's very important because if the developer have a good experience in the source code creation, the product creation, we will have best results for product creation. The final user, not only in the user experience, but we have a good back end, a good source code, improvement, in the usability, in the higher viability of the application, we can have. a lot of benefits if you're focused in a developer experience, okay? GNAA will be solving all points of the developer experience. No, it's not the idea, but it's a interesting point to start in this if you don't have, a developer experience implemented in your process yet. Okay, only about developer experience, you can have, One, another talk about that because we have a lot of contents for this, but for now, keep in mind that, a GNA can be support you on this to starting, To start to improve in this, but why? Because going to the second point, it's increased the productivity because the DNA tools enables the developers to work more smarter because we have, for example, GitHub Copilot, a code assistant directly in my IDE, in this case, I do not need to go anymore for forums on the internet or to Google to, understand how can I solve a problem. I remember in the past, before GitHub for Pilot, I spent more time, looking in the internet, looking in the forums, how to solve, specific problems in my source code, in my tasks. because, some, some errors happens and I have no idea why. Or I need to specific implementation that I have no idea how can I do and I need to made a lot of researches this and this spend time, a precious time that you have, in the projects and now with GitHub Copilot I can use this to support me on this part because GitHub Copilot already suggests, implementation to me based, in, in what I'm writing. In my code, for example, if I'm writing here a switch case, the GitHub copilot already suggests me, how can I complete the section? I can use the copilot to suggest to me improvements in this code. Or for example, if I don't remember, I don't know, how can I do a SQL insert, in a SQL language on Oracle database, because I don't use Oracle database so much here. I don't need to go to Google anymore. I can only ask for my chatbot in my IDE. And in a second, I have now an implementation, an explanation if necessary, and the implementation will follow my code standards that I'm already creating for. It's a very interesting point. Okay? And it's providing, so many productivity for us. and going for the 13 point, it's, providing us, increased learning because it's supporting me to understanding more about my projects and not only about that, but imagine if you are starting in a new project that you have no idea what this project does, you need to see the documentation, right? Yeah, but we have a point here. It's very common that projects don't have documentations, right? Or if have documentations, the documentation is very outdated. And basically you need to check with other teammates, how this project works, what this project does, to understand, to understand what happened here. And you need to spend time for other team members for this. Using Jinner TVAA like GitHub Copilot or other tools like ChiefTAI Impact that I'm working for, you can increase this because we can, for example, generate the documentation, about the project using Jinner TVAA, having this documentation alive day by day, for example, or week by week, it doesn't matter for now. You can have a live documentation properly, or you can use a github compiler, for example, to explain, in a real time for you what the project does, what class does, and it will be, increase your learning. But it's. The increased learning is not only about your project, but you can, increase the learning about other points, about a new language, for example. If you have no idea what another language does or how can you start programming in another language, you can use IdentityVA to support you on this. For this specific point, I have a personal example. a few months back. One month ago, I needed to create here in my project, a new VS code extension, and TypeScript. But I never wrote a code in TypeScript before. This is, this was my first contact with, TypeScript. And then use it, a GitHub copilot to support in me, to explain. more about TypeScript to support me to create a hello world project on TypeScript to try to understand a little bit more, to create more complex process. And I'm using GitHub Copilot to support me to create this extension as well. And I have, I had a very good experience on that because I created this extension. So there is that. It's not so complex extension, but have a good complexity. but they created this in two days, a new functional VS code extension. And I had no knowledge before. Now, I'm not a specialist on TypeScript, but I have more knowledge on TypeScript. I know how can I write a code, understand the problems, improve the code, but I had no knowledge before. I'm using only GitHub compiled to teaching me. How can I do that? Supporting me in the implementation and in two days. I implemented a new feature with the things that I have no, I had no knowledge before. It's a very important and it's a very interesting about the powers of the GNAA tools into developers productivity. And going then of these key points, we can focus on the business properly because we don't have to, to looking for, about, common things. FNL, switch and case or other simple parts, of the software development that you cannot remember day by day and you need to go to Google to search, about this because This will provide us this information and you can focus to improve the application to understand the business rules to improve the best ways of this business rules to create the best implementation for all to have the best application for our users. Okay, basically, this is four key points that you can, understand about why you can use GNA on SDLC. Okay. And how can GNA tools improve the developer, the DevOps workflows for us? we can have here a lot of points. I sat in here, six, The first one is the code creation. It's the most common, for all of you. Probably you are already using a GitHub Copilot or Amazon Q or other, code, assistant in your IDE. And, it's can provide us, as I mentioned before, a lot of suggestion, a lot of improvement support us in so many tasks here. It's a very interesting and I'm using this a lot and it's amazing. The second one is the code reviewer process because we know that, the developers was not providing information for us. But if you don't know what I'm talking here, the code review and process basically is when a developer made a new change in the source code and need to request. That this change is merged in a production version of the application. Basically, the developer had a new task, worked on this, created a new source code implementation and needed to merge this code. The idea of this process is that the developer creates a good description about the changes that he made to support the approval to understand everything. happened here and decide if this change can be approved or nothing, or if this change can be, need to be improved before this merge happens. But we know that the developers do not wrote this explanation properly in general, or developers wrote no information or put update the code. And it's. Provide no information for us. Okay? And following this, the approval need to go to the source code, read line by line to understand what's good happening, or call for the developer, to request developers to, to, to, explain the changes. And it's, spend a lot of time to, to do this using generative a tools. like a GFG AI impact, for example, or GitHub Compilator or other, tool for that. The GNA is supporting you to understanding the change and explain everything for you. Basically, it can generate a good description with a lot of details. Details, change by change, implementation suggestion. We can do much more. with GNA2 in a code review, making the approval job easier. Okay? The next one here is documentation. I already mentioned before because, in general, the projects have two scenarios. It's the most common. Or the project don't have documentation, and it's a problem that we know that. because no one have any idea about what's project does, if the creators, go out of the company, no one, will have a knowledge about that. Or, in general, we have a documentation, but this documentation was created in the first version of the application, the first implementation. And it's very outdated. And it's very outdated. In both case, we basically have no documentation for the persons. Yeah. But using Jenny eight to you have to impact as well. you can, Have an alive documentation because we can use a GNA2 to scan your source codes automatically, understanding the source code and creating a new markdown documentation. For example, a new PDF documentation or in another format documentation and, store this in your documentation repository. To support your developers to understand what happened here. To support your future developers to understand what happened here. And, you can use this to generate documentation change by change. If the code changes, the documentation, changes too. And maintain real life. it's a great, improvement in our process. Another point that we can do here is a test generation. For example, we can use a unit test to support us in a unit test creation following your standards, your company standards. you can use this to, to generate functional testing, for example, using natural language. in general, you need to create a functional test in mapping, HTML fields. Pass some information, making this process a little bit difficult because if, the front end developers change everything, change a component, your test will be broken, but you can use here, tools with generative VA to write your tests in natural language, for example, requesting only to make a login in a specific page, with specific username and password and the DNA to will be identifying it. For example, your fields and components on your screen, and you don't need to care, with how the field is called, is named for, because it will be identified this for you and create this automatically. The other point that, I can mention here is the code correction because we can use to understanding, what's wrong. With your source code or vulnerability in your source code or bugs in your source code and request for GNI to support us to improve, to correct, this implementation and we can do manually, with chatbot tools or automatically with, batch tools like a GitHub code, correct, GFTI impact code fixer as well. But we can do much more on this. I put these only five points here, but you can, improve in this to creating, to support your creation, DevOps workflows properly to support you to create a Kubernetes, scripts properly, for example, or supporting you in a modernization process. For example, for, from an ODS language for a newest one, from, I don't know, from CoWolf to Java or to Java 8 to Java 21 for, from C sharp 3. 5 to C sharp 8, for example, you can use this for a lot of tasks. And day by day, new tools and new ideas, is appearing. to support us on this, improvements. And it's very interesting. If you're very amazing for us. And today I'm using this two tools. The first one It's the GitHub Copilot, in general I'm using GitHub Copilot to support my things, to write code, the VS Code extension and here with the chatbot experience, but I'm using the other parts of the GitHub Copilot because GitHub Copilot today have So many implementations like, another one that I like to like them what too much is, GitHub co pilot to workspace. It's a very interesting implementation. And the next one that I'm using is the GFTI impact. I'm working for in this tool. I'm, I'm one of the creators of, this tool on GFTI and. The focus here is improve the software development life cycle with generative VA focused on productivity again, integrating this in a pipeline if, if it's possible, but have a user experience to support other tasks like a user story creation, documentation creation, create a unit testing, reviewing, code review and code correction test. We have so many tasks here and I'd like to show a little bit about Both of them today. Okay. To support you to understand how can GNA, can be supporting us in a software development life cycle in a develop, devops workflows process. Okay. I have here two demos. The first one, it's more simple, because it will be executed directly in my IDE. Okay. And what I will be do here. Basically, I received here this scenario, I'm working in a new project that I have no much information and I need to solve a vulnerability reported, by my SAS tool, document the code and create, a unit test here. Okay. Basically, I received this information from my SAS tool that I have a SQL injection. What I can do here. Let me open my, My VS code here in this project. Let me check only. I'm still connected on my okay. I have connection with my JFJ. Impact. And here, I'm have my GitHub copilot XC assistant here and the file with the vulnerability mentioned in my PPT. For example, here, if I'm back If I'm back here on my PPT, I have here the information is the user. java and I have here this SQL injection. And what I can do here? Basically, I can request to GitHub Copilot to explain me the code. And the GitHub Copilot is explaining about this class, what class does. And supporting me to understanding this easier. But I need to solve this SQL injection and what I can do here. I will be request, for example, for my github compiler to refactor this code and correct SQL injection. Let me see what happened here. Now, The GitHub Copilot will be understanding here my request and basically it's generating to me a refactored code and if you see here the SQL injection solved it for me. And this is explaining for us what the change was made here, basically replaced the statement with prepared statement, added a final here, moved the return. And I can copy this, for example, and based on this to have a new, implementation. And I have here a correct version of, the source code. an interesting point that we can do here is using a different LLMs. I have here Cloud 3. 5 Sonnet 01. Mini 01 preview as well, and we can use all of them to generate our answers if it's necessary. But I already generate here with Copilot, my new implementation. And now my request is generate documentation and generate unit tests. How can I do that? Basically, if I'm going here in my file explorer now, I already have my GFT AI Impact extension installed here and I can click in the file and request to create the documentation. And here I can choose the prompts because I have a different prompts on AI Impact. I need to choose the source code language to have the standards. and the LLM that my GFTI Impact is supporting today. We support the three principal clods with AWS with clod 3. 5, Sonnet, GMI and GPT 4. 0. Okay, I will be using AWS clod. And we need to wait now, the documentation process. But, for now, the AI Impact is understanding the codes And applying a lot of, convention and standards to generate a very good and detailed documentation for us. Okay, and the process generate a new Markdown document for us like that. I will be open my Markdown preview to see better here. And, okay, now I have here a documentation with overview, process flow, insights, dependencies, data manipulation. We have here important information about this person, but yes, we already have a new document here. Now to finish, you need to create a unit tests. Let me right click again, create unit tests for this class. And again, I need to choose my prompting. I need to choose my frameworks, the source code language, the LLM. And here, The impact is asking to me if I'd like to include existing test file. For example, if I try to create a new test for a new class. Like that, I cannot include, I do not include, existing test files, but if I already have unit tests for this, I can put yes and point in this file to use extra context and the impact will be, improve or correct the unit test for us. Okay. Basically now the process is working for and the impact to be understanding the source code class for you. And, we are applying internally a lot of standards, best practices to create the unit test for us. and we already have here the unit tests we have here, the imports, the user test class with mock you and a lot of unit tests to support this current implementation for us. Okay. Now, following this idea, we already have the demo one implemented. Great! We used GitHub Copilot and AI Impact inside the developer IDE to increase the productivity, explain the project, support the code, in the code correction, documenting the code, and creating a unit test. Okay? Let me open the presentation module. It's changed. Bye. And in the second demo, we have a lot of, a little different process. I need to hear, the same, scenario, but we need to run this directly in a pull request because the idea of this, let me copy the corrected file. The idea of this project is this process now is, Do the same job that the developer does. I will be creating a new change, submit this change and waiting for approval. And basically I will be open my source code file here in my repository. I'll be open the user. java, edit this file, and I will be paste my corrected version of the code. Commit this, create a new branch. Okay. and create a new, pull request here. When I create the pull request, I'm using here a GitHub in this case, but you can use Bitbucket, your other DevOps tool. It's not important. It is important that this DevOps tool can be triggered a new pipeline when this pull request is created like that. Basically, if you see here, The GitHub, actions, was triggered a new pipeline and this pipeline, is triggering the GFTI impact. And what will be happening here, basically, I'm creating a smart request process that I'm calling, internally because I'm using different tools from AI impact. Okay. To support the pull request, to improve the pull request. For example, we saw in the IDE that I can create a documentation and create a unit test with, the, with the IMPACT. And I mentioned for you before that you can use JNA to analyze, the changes to generate a code review. What I'm doing here, when the developer create a new change, submit a new change, We know that, the documentation will be outdated and in general, the developers do not create Unity tests properly or forget to create a part of the Unity test, do not create implementation, all implementation as possible. In this smart pull request, included, in my action process, a calling from, for AI impact to run the Unity test creation. To create a unit test for this, a document creation to create a new documentation. And after that, review this pull request. If you can see here, I already have this test generated, documents generated. And if I click on files, change it, I can see here in the first file, the user. java, the file that I changed. Okay. My chains, have here, the user test dot Java. The red section is the existing tests and the red is to change its tests because I changed the implementation. The impact understood that I need to change the test class and you can see here what happens. some tests was removed. Other tests was be included or improved. Okay. Okay. And. In the final of that, I included a new documentation in Markdown. Let me open in a display rich GIF, it's be easier to see. But I have here a new documentation with an overview, process flow, like we saw in TVS Code IDE, with insights, dependencies, data manipulation, and here a vulnerability section, because we have a lot of vulnerabilities in the source code. I do not solve all of them. I can do, but I didn't this. But, I can see here password storage, exception handling, providing new information about that. And if I'm back in here to my pull request description, I have now the revision created by, GFTI Impact Bots, providing us a general description about the changes here. For example, to, this implementation, improve the security and code quality include changes. And here I have summary file by file explaining the changes in the class that I manually does. And in the usertest. java that AI impact does. And user. java. md that is documented, included. AI impact in the process. here we have recommendations for this pull request related with this change. Okay. It's not a generic recommendation. It's a specific recommendation. And we have here explanation of vulnerabilities if necessary. Okay. With examples, if necessary. Okay. Basically we are using the generative AI to improve Our process to, improve our productivity day by day here to improve the developer experience because, now, I can, support developers to do the task is more easier. For example, with the reviewing processing, supporting the description generation with a lot of details to support the best creation automatically to create documentation automatically, or using the ID to creating this directly in your, developer environment, we can do a lot of different tasks in a different places here, but It's provide us so many productivity here. I'm using this both to get hub copilot and AI impact in my days. And it's very interesting to me. I'm getting a lot of productivity. I was talking with my boss recently that, I'm using a lot the GNA tools like a GitHub copilot and Microsoft probably is boring with me because I spent more money, than a GitHub copilot. Then the license provided in general for GitHub code, but because I use it really a lot, Again, a lot of productivity using this JNA tools. Okay? Thanks for participating for this talk. I think that Can be help you to have more ideas, to have more insights about that. If you need to discuss About the GitHub compiler to our impact, please send me an email or, look about me in, in, in linkaginess and, me, a message, if you need to know more about, DevOps, Azure DevOps, Career, GNA, Productivity. Follow me on my YouTube channel. Okay. most part of my content is in Brazilian Portuguese, but, I have so many videos in English, as well. Okay. Again, thanks for participating. Don't forget to follow me in my social networks. I hope to see you again in next, sessions in next conference. Thank you. And bye bye.