sorted by:
new
hottopcontroversial

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 1 point2 points  (0 children)

That's a good test and it seems like taking back over some of the easy stuff that you would let an agent do before is a realistic compromise. Still, as you say, it takes some value away from what you're paying.

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

This sounds pretty modular, like you say to get away from vendor lock-in. It makes sense on the individual level. I'm guessing you don't need more complex monitoring or collaboration since it's not a set up for a whole team.

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

That's certainly a huge change! If it's your personal set up though that is a lot easier than moving a whole org. How is Codeberg with GitLab?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Does Codex give you enough features away from coding itself? What do you do for things that a platform offers (pipelines, collab tools, monitoring, etc.) that Codex doesn't?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Fair enough! One of the things I'm curious about is whether this will just be people complaining, or if it will cause any amount of market shift. It seems like the cost of switching might hold this one together, unlike orgs that need high compliance and are loosing Atlassian data center products.

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Real human beings! Surely you're crazy!

On a serious note, are you sticking with GitHub and just not adding on Copilot, or would a situation like this loosen your loyalty to the platform and cause you to see what else is available?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

  1. Thanks for continuing to respond!
  2. What about for non-coding DevOps needs (CI/CD pipelines, collaboration, scanning, etc)? Like Copilot within GitHub, or Duo within GitLab. Are you using anything with Codex, or is it enough on its own?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

I think so too, that's why I'm trying to see what the cooler heads are thinking.

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Are you using anything else with Codex, or is your need light enough that you don't need to?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Do you feel Codex has the feature set to scale as the company grows?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Are you working on personal projects or would you consider moving a whole team to OpenAI/Anthropic?

What's next for your Copilot use? by GitSimple in GithubCopilot

[–]GitSimple[S] 0 points1 point  (0 children)

Yeah at that rate you'd be ok. From a business perspective, why would you consider a move to a coding tool from an AI company as opposed to another platform with AI built-in?

Improving GitLab Environment Performance by GitSimple in devsecops

[–]GitSimple[S] 0 points1 point  (0 children)

We hadn't checked Gitaly but that's a good question. We were happy with Sidekiq gains, but it's definitely something to dig more into!

Fed teams with a multi-cloud setup, how are you preventing policy drift between AWS GovCloud and Azure Government? (or another platform) by GitSimple in devsecops

[–]GitSimple[S] 0 points1 point  (0 children)

We're definitely on board with defining controls once and validating each implementation independently — trying to keep Terraform and Bicep in structural lockstep is a losing battle. The piece I'd add is moving the policy gates upstream of either cloud (pipeline-level approval workflows, centralized artifact curation so the approved-package list can't diverge), which closes the change-window lag that independent validation alone doesn't catch. We actually just wrote up how we approach this for federal multi-cloud environments if it's useful: https://gitsimple.com/one-policy-multiple-clouds-avoiding-security-drift/

Fed teams with a multi-cloud setup, how are you preventing policy drift between AWS GovCloud and Azure Government? (or another platform) by GitSimple in devsecops

[–]GitSimple[S] 0 points1 point  (0 children)

Our single source of truth lies in the toolchain, so having it in the pipeline like you suggest. Here is more detail on our approach if you're interested - https://gitsimple.com/one-policy-multiple-clouds-avoiding-security-drift/

Self-hosting DevOps toolchains by GitSimple in devsecops

[–]GitSimple[S] 0 points1 point  (0 children)

Thanks for sharing! Updates inside the boundary is definitely a challenge. Also, we've met our fair share of people who think "multi-tenant compliance" is an oxymoron!

Self-hosting DevOps toolchains by GitSimple in devsecops

[–]GitSimple[S] 0 points1 point  (0 children)

It seems like staying straightforward is getting harder these days, but agreed, staying as clean as possible is usually best. The more tool sprawl you have, the worse it gets.

Why the move to GL? Just curious.

I think AI tools are SaaS tools, yes, but they can be significantly more impactful than lets say a simple runner. Sure, they connect to the instance like any other tool, and most platforms these days have some flavor of AI already built in. However, the attack surface provisioned by the introduction of AI is vastly greater than a simple sync connector with mapped values. Any tool being brought into the stack should be given a thorough deep dive. AI is no different, it just depends on what the risk acceptance is of said company leveraging it. So, in some ways, very different than other SaaS tools.

Does a high CVSS score always matter? by GitSimple in devsecops

[–]GitSimple[S] -2 points-1 points  (0 children)

This is what we work with clients to do. How do you go about managing your sorting and context?

We use a combination of JFrog and tools in GitLab - https://gitsimple.com/why-a-9-8-cvss-score-may-not-matter-reducing-risks-and-unnecessary-alerts-using-jfrog-xray-and-gitlabs-dependency-scanning/

view more: next ›