Grit automatically fixes technical debt by combining static analysis and machine learning to generate pull requests that clean up code and migrate to the latest frameworks.
How Grit.io can help you:Â
Why choose Grit.io: Key featuresÂ
Who should choose Grit.io:
Categories
How to Perform Code Reviews in Tech - The Painless Way
Okay, I know you may be skeptical: other guides have promised painless only to reveal that their solution requires some hyper-specific tech stack or a paid developer tool. I won't do that to you. This guide provides a straightforward and flexible template for that you can apply to your engineering team. The only requirement is that your app code is . You can test a TypeScript workflow, Java workflow, Python workflow, PHP, Ruby or even some wacky web stack you invented. And it doesn't matter if you're developing on Windows, Linux, or Mac. Best of all, you don't have to perform convoluted configuration or install software beyond a . I've been in engineering for the last 15 years, and have a bad reputation. We've all witnessed or lived through horror stories where sometimes it feels like every previous line gets torn to shreds. So, what can you do differently? How can you make reviewing your code painless so that even the biggest nitpick on your team has nothing but praise? After participating in code reviews for a decade, taking code reviews less personally is the single biggest thing you can do to improve your code. Why? Because all software is iterative. Even "perfect" code will eventually become outdated. Instead of thinking of it like a graded assignment, think of it as a part of the process. This tutorial uses free, open-source tools. You'll need to have a GitHub account to help you make your code reviews more pleasant and valuable. The term "code review" can refer to various activities, from simply reading code over your teammate's shoulder to a 10-person meeting where you dissect code line by line. I use the term to refer to a formal and written process, but not so heavyweight as a series of in-person code inspection meetings. In a project where you work on a repository with other developers, after you complete your work, you commit, push, and create a pull request on the VCS, most likely using Git commands. Then, everyone reviews the pull request to determine whether it's okay to use. If so, they approve it, and that code gets used in the project. Code Reviews are a tool for knowledge transfer. They help make devs more efficient when doing maintenance on a part of the system they didn't write. When you review a pull request, it's an opportunity to iron out issues before they become technical debt. Code reviews can also be a good setting for mentoring junior developers. Now, let's discuss what is not the purpose of a code review: Nitpicking on style issues - settle for one style and use formatters or AI tools to enforce it. Just keep in mind that there are many things that an AI tool cannot check. Code reviews are an excellent place to ensure the code is sufficiently documented or self-documenting. Do you want to know how you can check this? Return to the code you wrote 6-12 months ago and try to understand what it was written to do. If you understand it quickly, that means it's readable, and the code review was done properly and in a helpful manner. Despite their importance, many devs don't like doing code reviews - in part because they can be challenging, especially if you're not following best practices. Here are some pain points I've observed during my years of participating in code reviews: These pain points often bottleneck our development velocity. But recent advances in AI-assisted code review tools have started addressing these common friction points in our PR workflows. Let's explore how AI-powered tools, along with some best practices, can address these review challenges and optimize your development workflow. While AI hasn't replaced human code reviews, it is a powerful force multiplier in the review process. Here's how: AI code reviews excel as a preliminary screening tool, catching common issues before human reviewers see the code. This becomes especially valuable in open-source projects where maintainer bandwidth is limited. I recently started using AI code reviews on a case-by-case basis for my projects. AI tools improve my existing workflows, reduce failure rates by detecting logic errors early on, and boost productivity. So I've added it to my CI/CD pipelines. It doesn't have to be perfect at detecting logic errors, as long as its false positive rate is very low (ideally as close to 0 as possible). Most importantly, AI reviews respect the golden rule of 'value your reviewer's time' by handling routine checks. This allows human reviewers to focus on architecture, business logic, and complex edge cases. This approach positions AI as a complementary tool that augments rather than replaces human expertise in the code review process. When reviewing code, try to prioritise what matters most using the Code Review Pyramid. This is a framework that helps you focus your attention where it creates the most value. Think of it like building a house -- start with the foundation before worrying about paint colours. The pyramid has five layers, from most critical (bottom) to least critical (top): Remember: if you want to catch issues/bugs, there are more appropriate processes for that. That is why we have automated testing, canary releases, testing environments, and so on. In my personal opinion, using code reviews as a bug catching tool is somewhat of an anti-pattern where you're compensating for a development process that may be lacking some key steps/processes. There is no general rule in engineering for code reviews, as what you'll need to focus on depends on many factors. You can and should set up the process according to your company standards and way of working as a team. Here are some factors you'll need to think about before setting up a code review process: As an example, at my work we have a very simple rule: all code changes must be reviewed by at least one developer before a merge or a commit to the trunk. Code reviews need a systematic approach, but maintaining consistency across every PR is challenging. It's useful to let computers handle repetitive checks (style, formatting) while humans focus on what matters most: architecture and logic. This balanced approach makes reviews both thorough and sustainable. Take a look at this example. It shows how we can optimize our process by intelligently delegating tasks between humans and automated tools. The diagram below illustrates a typical code style review workflow, comparing manual human review steps against automated tooling. The diagram shows a real problem we all face in code reviews. See the left side? That's we humans doing manual formatting checks: finding weird spaces, fixing indents, writing comments about it... pretty tedious stuff. But check out the right side: that's where tools like just fix these formatting issues automatically. No meetings, no back-and-forth - just done. That's why I started using , which is a dev tool that caught my attention recently. The CodeRabbit docs describe the tool pretty effectively, so I'll just leave this here: CodeRabbit is an AI-powered code reviewer that delivers context-aware feedback on pull requests within minutes, reducing the time and effort needed for manual code reviews. It provides a fresh perspective and catches issues that are often missed, enhancing the overall review quality. - from the CodeRabbit docs Let me walk you through a real example. When you submit a PR, CodeRabbit: I first discovered last month while I was searching for something else on GitHub. I accidentally came across it and I was surprised by how many people are already using it. I instantly signed up because I was looking for exactly such a solution which could help me and my team out with our reviews. I read through the CodeRabbit docs and was very impressed. Getting started using it is pretty much a plug and play process. In the next section, we'll go through the quick steps you can follow to enable CodeRabbit using an example repo. Next, add CodeRabbit to some of your public GitHub repositories. Now, CodeRabbit is fully integrated and ready to do code reviews on your selected repo. Yes: it's that simple and fast. And in my opinion, it's one of the main reasons the tool is so useful. Here are some sample PRs for you to check out: Everyone's code needs reviewing. Just because someone is the most senior person on the team does not mean that their code doesn't need to be reviewed. In this article, I talked about code reviews along with some common pain points. I then showed you how you can leverage CodeRabbit to iterate quickly through your code reviews and focus more on business. In this article I talked about basic intro to CodeRabbit, because that was my use case with my blog. For more advanced functionality, check out the official CodeRabbit docs or read their blog. I hope you found it helpful learning how to use AI tools for code reviews. If you like my writing, these are some of my other most recent articles.
freeCodeCamp
Wed, 4 Dec, 12:33 AM UTC
How AI-powered remediation can help tackle security debt
AI helps reduce security debt by automating vulnerability remediation Financial debt, if left unchecked, can spiral out of control quickly. Simply making the minimum payments on a credit card or avoiding debt collectors doesn't solve the root problem. Instead, interest continues to build, compounding the issue over time. Similarly, in the world of IT management, a concept called "security debt" operates much the same way. Security debt refers to software flaws that remain unresolved for longer than a year. Much like financial debt, the longer these vulnerabilities go unaddressed, the more they accumulate, leaving businesses exposed to significant risk. Research reveals 74% of organizations have some level of security debt, with half grappling with high-severity vulnerabilities - commonly referred to as 'critical' security debt. Despite these concerning statistics, organizations can take actionable steps to reduce their security debt. To effectively reduce security debt, it's important to first understand how it builds up. One major factor is a lack of prioritization, where organizations fail to focus on remediating the most critical vulnerabilities. The age and size of applications also significantly contribute to security debt. Studies show a strong correlation between the age of an application and the likelihood that flaws will go unresolved. Nearly two fifths of all critical security debt are found in older applications (over 3.4 years old), meaning the older the application, the higher the chances of flaws accumulating. Application size compounds the issue. As codebases grow, so does the volume of unresolved flaws. Large applications often carry the highest proportion of security debt, with 40% having unresolved flaws and 47% dealing with critical debt. While smaller or newer applications aren't immune to security debt, older and larger monolithic systems typically present the greatest challenges. Another contributing factor is the use of third-party, open source code. Vulnerabilities in third-party code are discovered on an ongoing basis, so unless these libraries are updated regularly, applications face an increasing risk. Additionally, the rise of generative AI in coding exacerbates the issue. Gartner predicts that by 2028, 75% of enterprise developers will use AI code assistants. While AI-generated code isn't inherently less secure than human-written code, it often carries risks. Many Large Language Models (LLMs) used to generate code are trained on insecure open-source projects, resulting in vulnerabilities if not properly vetted. An over-reliance on AI without proper oversight can accelerate the accumulation of security debt. It's also worth noting that security debt isn't necessarily the result of poor decision-making or mismanagement. Time and resource constraints often force developers to make difficult choices about which flaws to address and which to defer. Fortunately, advancements in AI tools provide development teams with powerful tools to reduce security debt. AI-driven solutions, particularly those trained on curated security datasets, excel at identifying and remediating vulnerabilities with high accuracy. These tools enable developers to address security risks more efficiently while ensuring data integrity and system security. AI allows developers to "shift security left" in the software development lifecycle, identifying and resolving issues as they write code. This proactive approach minimizes the likelihood of costly vulnerabilities arising later in the development process, saving valuable time and resources. Additionally, by incorporating AI, organizations can better manage the growing volume of flaws, tackling both critical and less severe security debt. Frequent code scanning remains essential, but without actionable remediation, it is not enough. AI bridges this gap by enabling continuous fixing alongside continuous scanning. By automating parts of the remediation process, AI helps teams overcome resource constraints and ensures that vulnerabilities are addressed before they become significant liabilities. Despite initial concerns about AI's role in security, it is clear that using it responsibly is key to mitigating security debt effectively. As AI continues to reshape the technological landscape, its impact on security is set to grow. With seven out of ten organizations already facing significant backlogs of security debt and vulnerabilities on the rise, development teams will need all the help they can get to stay ahead. The future of software security will place greater emphasis on prevention. Rather than solely focusing on identifying and fixing flaws, the priority will be to prevent vulnerabilities from entering the codebase in the first place. AI has the potential to accelerate this shift by enabling scalable, secure fixes and supporting developers in tackling not only critical security debt but also the broader spectrum of unresolved flaws. By working with AI responsibly and strategically, organizations can build a safer, more secure digital future while giving developers the tools they need to address security debt effectively. We've featured the best Large Language Models (LLMs) for coding.
TechRadar
Thu, 20 Mar, 10:10 AM UTC
How to Reduce Technical Debt With AI
Join the DZone community and get the full member experience. Join For Free Technical debt covertly slows down business progress that builds up over time through rushed software development, outdated systems, and old tools. Companies find it difficult to grow, stay competitive, and keep up with new technology due to technical debt. In today's digital landscape, wherein the majority of businesses rely on SaaS architecture, technical debt can significantly impact agility, scalability, and efficiency. Outdated software and systems don't just slow down performance -- they also stop companies from using smarter tools like predictive software. These tools can improve how teams work, spot issues before they happen, and even suggest better ways to run operations. Technical debt costs businesses over $2.4 trillion every year just in the U.S. A certain level of debt is expected and normal; however, with the rise of AI software development, it has become more risky. However, using AI in SaaS smartly can help organizations reduce technical debt, enhancing software maintenance. This piece of information dives into how you can responsibly integrate AI into your development stack to reduce technical debt. Prioritize Identifying the Core of the Technical Debt Firstly, get to the root of the technical debt and address it with a strategic approach. Allowing debts to stay there for a long time results in prolonged and time-wasting inefficiencies. Addressing the core issues paves the way for better efficiencies and a clear approach. It helps reduce maintenance costs, enhances productivity, and curbs future disruptions due to technical debts. Choosing the Right AI Tools for Your Dev Stack To reduce technical debt effectively, organizations need to integrate AI tools that work seamlessly within their current SaaS architecture. Prioritize solutions offering robust compatibility across key components like version control (GitHub, GitLab), Integrated Development Environments (IDEs), Continuous Integration/Continuous Deployment (CI/CD) pipelines, and container orchestration platforms (Docker, Kubernetes). When evaluating AI tools for reducing technical debt, consider the following integration capabilities: REST APIs Having well-documented REST APIs enables flexible integration with various parts of your development pipeline. REST APIs help connect your AI software development stack with automation workflows. CLI Tools A robust Command-Line Interface (CLI) allows developers to interact directly with the AI tool from their terminal. This facilitates scripting and automation of debt-related analyses within your build processes or custom workflows. IDE Plugins Native plugins for popular IDEs (e.g., VS Code, JetBrains suite) offer automated code review, real-time feedback on code quality, and potential debt as developers write code, acting as a preventative measure. Git Hooks Support Git hooks (pre-commit, pre-push) allow for automated AI-powered checks for code style violations, complexity issues, and potential vulnerabilities before code is even committed, preventing the introduction of new technical debt. These AI capabilities are important in SaaS architecture because continuous integration and deployment help deliver reliable performance. AI ensures software maintenance is proactive with built-in support for automated code review, security checks, and code quality analysis. For teams using Docker and Kubernetes, AI can analyze manifests and configurations for hidden performance or security risks, helping to reduce technical debt from the infrastructure level upward. Crucially, consider the interoperability of AI tools within your CI/CD pipeline (e.g., Jenkins, GitLab CI, GitHub Actions). The ability to incorporate AI-driven code quality checks, security vulnerability scans, and complexity analysis as automated steps in your pipeline ensures consistent enforcement of coding standards and early detection of potential technical debt. Explainability and Developer Trust in AI-Driven Debt Reduction In AI software development, explainability is essential as developers need to understand why a code segment is flagged as problematic. Avoidance of "black-box" AI models is crucial because the reasoning behind its outputs is opaque. It hinders developer understanding and consequently erodes trust in its recommendations. This lack of transparency can impede adoption and make it challenging for development teams to effectively act upon the AI's suggestions. Developers need insight to understand why an AI tool is specifying a particular code segment as potential technical debt. To build confidence in the AI's suggestion, it is essential to understand the patterns identified, the concerns raised, and the probable consequences of the identified issues, because of a lack of this transparency, developers may get confused about adopting the recommendations that can eventually result in more debt rather than reduced technical debt. For example, Amazon CodeGuru Reviewer exemplifies a commitment to explainability. It provides justification links alongside its code recommendations. When it raises a potential issue (e.g., resource leaks, inefficient code), it offers links to relevant documentation, best practices, or specific rules to specify the reasoning for raising the concerns. Here, the AI isn't just suggesting better code -- it's justifying the suggestion. This is critical in AI software development, where reproducibility and transparency must be first-class citizens. It helps improve the understanding, encouraging adoption, and strengthening software maintenance practices. Embedding AI into Existing Development Workflows To minimize the disruption in the development processes, it is advisable to emphasize the adoption of AI to reduce the technical debt. Embedding AI capabilities directly within development processes is a more feasible and effective strategy than investing entirely in new platforms. Minimizing disruption is key when using AI in SaaS to reduce technical debt. Technically, this integration can be achieved through various mechanisms: Technically, this integration can be achieved through various mechanisms: Embedding AI helps with the deployment of bots that automatically comment on Pull Requests (PRs) with AI-driven suggestions for reducing technical debt. When a developer submits code for review, an integrated AI analysis tool can be triggered (e.g., via a GitHub Actions workflow). Let's say your team uses GitHub. You can configure an AI tool to analyze code and leave comments directly on the PR: The resulting findings, highlighting potential code smells, security vulnerabilities, or performance inefficiencies, can then be automatically posted as comments directly on the PR. Embedding AI like this ensures technical debt is addressed without slowing down delivery, an essential aspect of modern SaaS architecture and software maintenance. Preventing AI-Induced Technical Debt While AI software development offers significant potential for reducing existing technical debt, it's crucial to implement safeguards to prevent the introduction of new debt stemming from the AI tools themselves. Over-reliance on automated code generation without proper oversight can inadvertently lead to suboptimal code, inconsistencies, or even security vulnerabilities, thus creating a new form of technical debt. To mitigate this risk; To effectively govern the use of AI in software development and mitigate the risk of AI-induced technical debt, a robust governance framework is essential. One such framework is T.R.U.S.T., which emphasizes the following key principles: By adhering to a governance framework like T.R.U.S.T., development teams can harness the power of AI in SaaS for reducing technical debt while simultaneously safeguarding against the introduction of new debt stemming from the AI tools themselves, ensuring a sustainable and high-quality codebase. Responsible AI: The Foundation for Scalable SaaS The successful and sustainable integration of AI for technical debt reduction is intrinsically linked to responsible AI practices, which ultimately pave the way for a more scalable Software-as-a-Service (SaaS) offering. The sustainability of SaaS architecture depends heavily on how responsibly AI is integrated. It is possible to reduce the technical debt with AI only if a deliberate and strategic integration process is followed. Key Considerations for Responsible AI Integration: Smart Scaling Through Predictive Software and AI in SaaS One of the most effective applications of AI in SaaS is through predictive software tools that help teams forecast system behavior, plan upgrades, and reduce downtime. These predictive insights aid in long-term software maintenance, catching issues before they reach production. For example, using AI-powered anomaly detection during build pipelines can alert teams to performance regressions. Similarly, automated code review features can identify risky patterns introduced by new developers, helping to reduce technical debt while onboarding. By embedding predictive software into your CI/CD process, you're not just reacting to issues -- you're preventing them. That's what smart scaling looks like in modern SaaS architecture. Conclusion Technical debt can be addressed through a systematic approach that incorporates appropriate technologies, tools, and a capable team. By integrating AI capabilities, organizations can improve software maintenance, reduce costs, and support digital innovation, all contributing to the reduction of technical debt. Leveraging experienced teams and modern technology solutions can help maintain a competitive and adaptable digital ecosystem.
DZone
Sat, 12 Jul, 12:07 AM UTC
GitHub taps AI to eradicate software vulnerabilities with Copilot-powered security updates
With Copilot Autofix, developers and security teams can keep new vulnerabilities out of code and confidently remediate their backlog security debt GitHub, the world's leading AI-powered developer platform, announced the general availability of AI-powered remediation with Copilot Autofix in GitHub Advanced Security (GHAS). Copilot Autofix analyses vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found. During the public beta, GitHub found that developers were fixing code vulnerabilities more than three times faster than those who do so manually, a powerful example of how AI agents can radically simplify and accelerate secure software development. Developers can keep new vulnerabilities out of their code with Copilot Autofix in the pull request, and now also pay down the backlog of security debt by generating fixes for existing vulnerabilities. "Code scanning tools detect vulnerabilities, but they don't address the fundamental problem: remediation takes security expertise and time, two valuable resources in critically short supply. In other words, finding vulnerabilities isn't the problem. Fixing them is," said Mike Hanely, CSO and SVP of Engineering at GitHub. "With Copilot Autofix, we are one step closer to our vision where a vulnerability found means a vulnerability fixed," Hanely added. Since its introduction in public beta in March 2024, developers have used Copilot Autofix in their pull requests to help them quickly fix vulnerabilities in new code before they get merged to production where they can impact customers. Fixes can be generated for dozens of classes of code vulnerabilities, such as SQL injection and cross-site scripting, which developers can dismiss, edit, or commit in their pull request. Based on customer data from public beta between May through July 2024, Copilot Autofix has already shown dramatic reductions in the amount of time between detection and successful remediation: 3x faster. Overall, the median time for developers to use Copilot Autofix to automatically commit the fix for a pull request-time alert was 28 minutes, compared to 1.5 hours to resolve the same alerts manually.7x faster. Cross-site scripting vulnerabilities: 22 minutes, compared to almost three hours.12x faster. SQL injection vulnerabilities: 18 minutes, compared to 3.7 hours. Early users of Copilot Autofix have also reported dramatic improvements in efficiency and productivity. "Since implementing Copilot Autofix, we've observed a 60% reduction in the time spent on security-related code reviews and a 25% increase in overall development productivity," says Kevin Cooper, principal engineer at Optum. "In the healthcare space, where security is critical, it helps us act on proven industry solutions quickly. This proactive approach to security helps us prevent potential issues, saving thousands of hours per month that would otherwise be spent on remediation." Just as GitHub Copilot helps developers code more quickly, Copilot Autofix accelerates the pace of remediation so security teams make real progress with the backlog of existing vulnerabilities, commonly known as security debt. When a developer is asked to fix vulnerabilities in code that they haven't seen in a while or aren't familiar with, it can take hours to assess the surrounding code and experiment with manual fixes. Copilot Autofix dramatically reduces this burden so developers can fix old vulnerabilities with more speed and confidence. Here's how it works. To initiate Copilot Autofix for vulnerabilities in existing code, a developer simply presses the "Generate fix" button on an alert in the GHAS code scanning alert. Copilot Autofix assesses the code and the vulnerability and returns an explanation and code suggestion for review. The developer can then press the "Create PR with fix" button to create a new pull request which includes code changes to fix the alert. With Copilot Autofix, teams can pay down years' worth of security debt-even those hard-to-prioritise low- and moderate-severity alerts-in just a matter of a few clicks. Behind the scenes, Copilot Autofix leverages the CodeQL engine, GPT-4o, and a combination of heuristics and GitHub Copilot APIs to generate code suggestions. Copilot Autofix builds an LLM prompt based on sources including CodeQL analysis and short snippets of code around the flow path. As the global home of the open source community, GitHub is uniquely positioned to help maintainers detect and remediate vulnerabilities so that open source software is safer and more reliable for everyone. GitHub believes that it's highly important to be both a responsible consumer of open source software and contributor back to it, which is why open source maintainers can already take advantage of GitHub's code scanning, secret scanning, dependency management, and private vulnerability reporting tools at no cost. Starting in September, GitHub will add Copilot Autofix in pull requests to this list and offer it for free to all open source projects. From GitHub Copilot Workspace to GHAS, GitHub is championing a future where AI doesn't just assist but helps transform businesses, from productivity and innovation to security and risk reduction. Within GHAS, GitHub is leveraging AI not only to help fix vulnerabilities in code, but also to improve the scope and accuracy of secret scanning, and with new workflows that scale Copilot Autofix for organisations with a high volume of security debt, all on the familiar platform that developers already know and love. About GitHub As the global home for all developers, GitHub is the world's leading AI-powered developer platform to build, scale, and deliver secure software. Over 100 million people, including developers from 90 of the Fortune 100 companies, use GitHub to build amazing things together across 420+ million repositories. With all the collaborative features of GitHub, it's never been easier for individuals and teams to write faster, better code.
CXOToday.com
Mon, 19 Aug, 2:08 PM UTC
How Cursor AI, GitHub Copilot, Devin, and Amazon Q Help Reduce Technical Debt
Recently, Amazon CEO Andy Jassy revealed that by leveraging Amazon Q, the company was able to save 4,500 developers-years of work. "Yes, the number is crazy, but real," he posted on X. With Amazon Q, the company has significantly cut down the time needed to update Java applications. "The average time to upgrade an application to Java 17 plummeted from what's typically 50 developer days to just a few hours," he said. He added that in under six months, the company has been able to upgrade more than 50% of its production Java systems to modernised Java versions at a fraction of the usual time and effort. "Our developers shipped 79% of the auto-generated code reviews without any additional changes." "The benefits go beyond how much effort we've saved developers. The upgrades have enhanced security and reduced infrastructure costs, providing an estimated $260 million in annualised efficiency gains," he claimed. Indeed, generative AI has made coding a breeze. Tools such as GitHub Copilot, Devin, and Amazon Q simplify the development process, making application creation easier and helping developers and enterprises reduce technical debt. Technical debt arises when an enterprise rushes a product to meet deadline requirements without properly checking the code quality and debugging. Incomplete documentation and insufficient testing can lead to errors and inefficiencies that add to the debt. Converting Legacy Code Base Amazon is not the only company reducing technical debt with AI. San Francisco-based Databricks, which uses generative AI to quickly analyse and understand its legacy code base -- something its CIO says has eased the burden on engineers. Seventy-five-year-old payroll-processing company ADP is also looking at generative AI to convert COBOL to Java. "A big problem that we, and other legacy companies face is that we have COBOL running in our systems," said Amin Venjara, the chief data officer of ADP. He added that today, very few programmers are familiar with COBOL. The Roseland, NJ-based company is exploring the use of generative AI to convert its mainframe code from COBOL -- a language developed in the 1950s and still widely used in banks and financial services -- into Java, a programming language that has been around since 1995. Wayfair, the online furniture retailer, is using generative-AI-based coding tools to update old code. Though Wayfair, established two decades ago, does not use COBOL, it does have "legacy code" in languages such as PHP and outdated database code in SQL. Additionally, there is code written by developers who are no longer with the company. GenAI to Assist in Tedious Tasks Generative AI acts as an intelligent assistant that automates tedious tasks, suggests improvements, and enhances code quality. Armand Ruiz, the VP of product at IBM, says that his favourite use case for generative AI is in software development. According to Ruiz, GenAI has several use cases in software development. It can convert plain English instructions into code in the preferred programming language. Code translation tools convert languages like COBOL to Java, and facilitate code modernisation and migration. Bug-fixing tools identify and suggest fixes for code errors, thereby enhancing code reliability. Notably, IBM recently announced the IBM watsonx Code Assistant for Enterprise Java Applications, expected to be generally available later this year. Generative AI also plays a significant role in streamlining code maintenance through refactoring. Generative AI automates refactoring by suggesting or implementing code transformations. It can identify common anti-patterns and propose more efficient alternatives, ensuring that refactoring adheres to coding standards and best practices. Generative AI Tools are Shaping Software Engineering Recently, AI coding tool Cursor AI has been generating buzz on social media. OpenAI co-founder Andrej Karpathy praised the AI-integrated code editor, saying, "Programming is changing so fast... I'm trying VS Code Cursor + Sonnet 3.5 instead of GitHub Copilot again, and I think it's now a net win." "Just empirically, over the last few days, most of my 'programming' is now writing English (prompting and then reviewing and editing the generated diffs) and doing a bit of 'half-coding', where you write the first chunk of the code you'd like, maybe comment on it a bit so the LLM knows what the plan is, and then tab tab tab through completions." Previously, software engineers used to take a substantial amount of time to deliver a product, but now this has drastically decreased. GitHub recently launched Models, a playground which will offer developers access to leading LLMs, including Llama 3.1, GPT-4o, GPT-4o Mini, Phi 3, and Mistral Large 2. "With GitHub models, developers can now explore these models on GitHub, integrate them into their dev environment in Codespaces and VS Code, and leverage them during CI/CD in Actions - all simply with their GitHub account and free entitlements," explained Github chief Thomas Dohmke. Then, there are AI software engineers like Genie and Devin. Genie is designed to emulate the cognitive processes of human engineers, enabling it to solve complex problems with remarkable accuracy and efficiency. "We believe that if you want a model to behave like a software engineer, it has to be shown how a human software engineer works," said Alistair Pullen, the cofounder of Cosine. Learn to use AI Tools if you are a Software Engineer "Software development companies will start hiring coders who can demonstrate in interviews that they master AI-assisted coding tools like Copilot or Cursor," said Andriy Burkov, machine learning lead at TalentNeuron. He added that claims that LLMs can't write reliable code are immature. "Most junior and mid-level coders can't write reliable code either. This is why software engineering has, over decades, equipped itself with automated and semi-automated tools to ensure that code is production-ready." He further explained that LLMs are already being fine-tuned specifically for coding. Companies are investing hundreds of millions of dollars to enhance these LLMs' coding capabilities because, if executed correctly, coding is the only use case where they can charge $10 or even $100 per million tokens from corporate clients. One issue that the developers face is the belief that AI-generated code may contain bugs. Many AI startups are emerging to address these concerns. One such startup is YC-backed CodeAnt AI. CodeAnt's AI-driven code review system can significantly reduce vulnerabilities by automating the review process and identifying potential issues before they reach the customer. With advancements in AI-driven coding tools and platforms such as IBM watsonx and GitHub Models, there is no doubt that developers are now better equipped to handle legacy code, streamline code maintenance, and enhance productivity.
Analytics India Magazine
Tue, 27 Aug, 10:00 AM UTC
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
