In this episode of RedMonk Conversations, Rachel Stephens (Research Director at RedMonk) sits down with Özer Dondurmacıoğlu, VP of Product Marketing at GitLab, to discuss GitLab’s vision for intelligent orchestration across the software development lifecycle.

AI coding may be accelerating how quickly developers generate code, but what happens to code review, security scanning, compliance, testing, governance, and release coordination when code volume increases? Learn more about GitLab’s vision for leveling up the SDLC.

This is a RedMonk video, sponsored by GitLab.

Links

• GitLab Platform
• LinkedIn: Özer Dondurmacıoğlu

Transcript

Rachel Stephens
Hello everyone, welcome to RedMonk Conversations. My name is Rachel Stephens and I am the Research Director with RedMonk. And today I’m very excited to be joined by the VP of product marketing from GitLab, Özer. Özer, could you give a quick introduction of who you are and what you do with GitLab?

Özer Dondurmacıoğlu
Absolutely, Rachel. Thanks for having me on the show. Everybody tuning in. Hopefully it’s a great discussion for all of you as you define your DevSecOps journeys. I come from the infrastructure space. I spent 20 years.

Rachel Stephens
Okay.

Özer Dondurmacıoğlu
in product management and product marketing roles and marketing leadership roles across infrastructure, technology, startups. And over the last few years, one area of our ecosystem here in Silicon Valley that grew exponentially faster than anything else was the developer ecosystem.

especially with AI, of pour more fuel into the fire And a couple of the folks I know at GitLab pinged me and said, hey, there are exciting things happening at GitLab. You should take a look. And here we are. It’s my fourth month with the company and I couldn’t be more excited.

Rachel Stephens
It’s

amazing. What a whirlwind start. This is ⁓ a hell of a time to start and jump in because you all are doing some exciting things over there, which is why we are here to talk.

Özer Dondurmacıoğlu
Yeah.

Rachel Stephens
we are here to talk about GitLab’s vision for having an intelligent orchestration platform for the

world. And I think this is a particularly exciting time in the industry to have this conversation because the AI narrative, as you mentioned before, has really started to shift the script and how we’re talking about not just writing code anymore. I think we all kind of had that code generation.

aha moment over the last few years. It has moved from being not just a kind of separate tool but it has become something that’s been woven into our approaches. But I think a lot of the time up till now, at least in market and in terms of what has traction in the market, we have seen a lot of that focus still on that code generation side and less on the actual implementation of getting all of this code.

out into production. And so I think one of the things that we as an industry have grappled with is how do we fold AI into the rest of the SDLC? And I think 2025 was a really big year in terms of crossing that chasm and making that from less of a science project into something that is more grounded in reality. It’s still early in the market, but anyways, that is my background and understanding of where the market is. But I would love to hear from the inside.

What do you at GitLab see? What is your broad view into how people are building and shipping software in 2026? And what are you seeing as the kind of software development process evolves?

Özer Dondurmacıoğlu
Absolutely

great question, Rachel. If we look at it from the big picture point of view,

I think the entire software development ecosystem has done amazing innovations and got ready for the cloud innovation cycle GitLab, when it was born in 2015,

showed people a guiding light as to how to build in the cloud and GitLab is one of those leading platforms to show how developers can do that.

And then along the way, lots of others DevSecOps solutions, DevOps solutions, sometimes for specific functions, sometimes as a platform showed up in the marketplace. But the context was always, hey, how do we scale our cloud software? But then with AI, nature of cloud changed.

And that continuous execution of artificial intelligence basically means I can automate things that I were not able to automate before.

And the scale of innovation, I think, coding is a result of

my God, Let me just do that very quickly, very fast. And the volume of code increases. And the innovation speed that the developers experienced all of a sudden went from, let me just write cloud software manually, went up 10X to I can write anything, for any environment.

on any platform very quickly. So what we need to do is take that big innovation wave that’s hitting us, influenced by amazing models developed by the likes of OpenAI, for example, recent GPT 5.2.

Claude, Opus 4.5, and Gemini 3 by Google. If you look at those statistics that folks are reporting with those models, AI coding is a place where initial predictions earlier in the year of generating 90 % of the code that we write with AI is starting to become the reality. What that means is

we are crossing a threshold of code being generated at very high volumes. The speed is increasing, the accuracy is increasing, the volume is increasing all at once. So it’s a massive wave coming. On the SDLC front, our customers are essentially asking us.

look, I’m starting to really solve AI coding challenge. Like in the initial days, we didn’t really understand how to operationalize around it, how to get our teams up to speed. But nowadays they feel very comfortable adopting AI coding. think 99 % plus of our customers on the GitLab side of the house have adopted AI coding. That’s just part of their day-to-day life.

They’re coming to us and saying, hey, what happens in the rest of the SDLC? Can the code reviews catch up? Can security scans catch up? Can we run tests quickly? How do we enable multiple teams coordinating across multiple projects, which has multiple epics, which has multiple issues across many applications? And by the way, those applications are supported by one or more software teams. To give you an example, one of our

financial customers in Europe, adapted GitLab platform, went from 2,000 users on the platform to 18,000 to 22,000. Pretty sizable growth in one year. But then their team adopted our AI capabilities, not in 10x speed, 60x speed.

They started with

folks on our AI capabilities, automating their SDLC and everything else. Now they’re at 18,000 people out of the 22,000, not only using AI coding, but also running AI, agentic workflows across the SDLC. Build, test, secure, govern, create, verify everything that comes in the SDLC stages. So that’s very exciting to see.

Our job is to amplify that benefit to all our customer base. And hopefully our customers start taking advantage of that. I think overall the innovation speed is quite fast and furious. And the developer teams and the software teams are excited because they’re now able to go above.

the SDLC software lifecycle a little bit, not spend time on mundane tasks, booking meetings, coordinating issues, asking for code reviews, figuring out who’s going to review which type of code. All of a sudden those flows are handled by AI agents.

And they’re very excited to kind of spend the remaining time on their calendars on architecting, imagining new features, serving customers, improving their user experience, designing their existing apps, et cetera. ⁓

Rachel Stephens
for me, the thing that I’ve kind of pictured in our industry up till now, it’s kind of, this is gross. But like if you imagine a snake that has like eaten a mouse and you kind of have this like mouse shaped bulge as the snake learns to digest it and like eating more mice faster does not help the snake digest anymore. So it’s like, think like what, and like I guess what I’m saying is writing the code has never been the bottleneck

Özer Dondurmacıoğlu
That’s right.

Rachel Stephens
for delivering software for the most part. It’s part of it. It’s a really important part of it, but actually getting that code out into the world and through all the SDLC is the part that we really need to focus on and especially we need to focus on now. And so

curious as you kind of see more advances coming through the rest of the SDLC, how do see this helping developers and the platform team?

Özer Dondurmacıoğlu
Yeah, so ultimately, the customer that I just mentioned, has seen AI adoption happen much faster, almost amplify their ability to adopt a platform, if you will. It was always like,

you you want to eat a salad, but if there’s nice dressing on it, makes it, It makes it tasty. And you’re like, okay, well, the salad is actually pretty good. AI acts like that accelerator for folks to adapt standardization, security governance checks, proper code reviews.

the fundamentals become easier to define. Because you’re spending, now that you have agents running around and doing all these tasks for you, sometimes in parallel too, right? Sometimes let’s say 10 software teams check in, commit 20 different things in one day in three different projects. You can just go have some coffee. Your agent, code review agent, can do all that for you. You don’t have to book somebody’s calendars at Code Review anymore.

So since that automation is happening behind the scenes, they have to define what that agent does. They have to say step one, step two, step three. So they have to define organizational standard. They have to define a specific process. And they have to define rules. Who can access what type of context?

How about security scans for some portion of my application because it requires extra double click because we’re dealing with maybe user’s information. And on the other hand, we have other rules. So they have to customize. They have to think in advance a little bit to set their agents go do the work for them.

And that forces them to think architecture, planning, specifications, standardization, compliance rules, governance checks, much more in advance. You know, we as humans are sometimes very good at executing and running fast. But sometimes we might lack the ability to just sit down for a second and strategically think what we’re trying to do.

Rachel Stephens
Mm-hmm.

Özer Dondurmacıoğlu
It’s kind of ironic, but I think AI, especially agentic AI across the SDLC, is forcing us to architect first, plan first, standardize first, and then we go and let our agents do the work for us. This is helping, actually, funny enough, folks adapt DevSecOps best practices faster. So

They don’t think about connecting multiple tools anymore. They’re like, look, I have this other goal in mind now. I have this thing called AI giving me 10x or more productivity benefits. It was cool to try to stitch together five different products.

But I don’t want to do that anymore. I want my data in one place. I want my rules, standards, context in one place so that I can really take advantage of AI’s ⁓ potential for my growth, for my team’s sanity, for our innovation cycles, for our growth.

Rachel Stephens
your answer at the end started to touch on what I wanted to follow up with you. When you’re thinking about that architecture planning stage, do you see that happening at a platform team level, a developer level, both? Do you see any trends emerging there?

Özer Dondurmacıoğlu
Yeah, I mean the business requirement translation to SDLC has been fascinating to watch because usually I was just talking to one of our airlines customers in the United States and their priority is we would like to get rid of tech debt forever.

We don’t want the tech debt word to be sped in our software teams anymore. It’s like, okay, okay, that sounds good. What are you thinking? And he’s like, we are mapping out what happens leading up to tech debt. And as a result of tech debt, what kind of business problems we run into. For example, we cannot change direction to improving user experience on our mobile apps because

Rachel Stephens
It’s an ambitious goal. ⁓

Özer Dondurmacıoğlu
If we were to scale the mobile app to 10 million plus users, the backend is not going to be able to support certain features on that mobile app in order to enable seamless user experience on the mobile app. As we all know, people operating a mobile app are not very patient waiting for things to load. So the latency needs to be good. It needs to look great. The performance needs to be great. But the backend needs to be ready for it. So they’re like, well.

Nowadays it’s taking us three to six months to fix up the back end as we scale the front end. We don’t want that anymore. We want it to take maybe three to six days. So in order for them to basically start mapping out the result of waiting an extra few months for user experience improvements across millions of users, what does that mean to the business? Well,

probably millions of dollars, lots of engagement loss, potential, right, of course, you never know. So they’re like, if I can shrink that time, and if I can remove tech debt, my guess is I’m going to save this much money or I’m gonna increase my opportunity for customer engagement this much, et cetera. So now that we are so digitally aware as a society,

We can find so many examples of this for B2B applications, B2C applications, banking applications, even regulated industries, hospitals, banks, government agencies. They also run everything digital. Now AI has the potential of…

shrinking those innovation cycles from months to days, and customers are thinking about how to do that behind the scenes. And the last 10 years of experience gave them so much data about what customer engagement on a digital platform means to them, what it means to release a software update in a January timeframe versus a May timeframe. They can map that.

Rachel Stephens
Yeah.

Özer Dondurmacıoğlu
They’re much more digitally aware of their business growth or what digital innovation means for their business growth than they used to be 10 years ago, obviously. So that’s, think, helping all the innovation teams translate that to, OK, what can I do with AI to accelerate my software delivery?

Rachel Stephens
and that takes me into a question that I have been pondering.

How do we see this kind of AI enabled SDLC as being different from what we have in place now with continuous integration? And how does intelligent orchestration, is this an evolution of CI/CD? Is this something new in and of itself? How are you thinking about that? And what kind of building blocks do people need to be able to take advantage of this?

Özer Dondurmacıoğlu
Yeah, thanks for double clicking on that topic. there’s a way to adapt AI with no standardization, no context, let’s say no guardrails. And we just adapted AI. It’s a piece of AI technology. we’re like, we’re in an enterprise. said, hey, we have this thing called AI. Let’s just have it run wild.

That would not be a good outcome because without context it won’t be as intelligent and it won’t be give you the right answers. Without guardrails it might do a bunch of things that you don’t want.

And without the workflows that you define, it might do things that you did not even ask it to do. So we basically said, hey, since we have this amazing technology that we partner with, of course, with all the model providers out there, OpenAI, Gemini, Anthropic, and a GitLab platform.

you can choose which models you use for what type of task. So we give folks that flexibility. We even give flexibility for organizations who might want to self-host their models. So we want the underlying AI model provisioning to be heavily controlled by the customer. And we also allow our customers to deploy their SDLC.

in anywhere they want. It could be self-managed in their own environment. It could be our SaaS service or as a single tenant SaaS service. So once that deployment options figure it out, then we ask few questions to our customers. What are your workflows? Going back to our standardization topic, how do you actually ship? Do you like to integrate security as part of your development process or not? If yes, for which projects?

In those which projects, what type of rules would you like to see?

So they usually give us a definition of, let’s say, a couple of software teams. Each of those software teams tackle seven, eight different projects. Some of them are tied to release cycles of existing applications. Some of them are just brand new use cases. Some of them are internal. Some of them are external. Some of them have user data that needs to be protected. Some of them don’t. And each one of those needs to have some workflows and rules and standardization defined.

So if I take code review agent definition from one project and directly plug it into the next project, it doesn’t work because the rules are different. The context is different. But organizations also want to take a look at the system holistically. They don’t want project history to get lost, issues that were resolved back in the day to get lost, data about business requirements to get lost.

as they try to connect the dots. So ⁓ if you look at, I’m defining my own rules, the next question becomes how clean my data so that the AI is not sifting through tons of context to give me an answer to, for example, if I’m generating, ⁓ if I’m summarizing all the issues in my backlog for my developers to be productive. ⁓

I need to make sure that that backlog content is properly documented beforehand. If I give all the context to the AI, given their limited context size, limited context window, when I interact with a model like Gemini or Claude, for example, that context window can only have so much data in it. If I give it a bunch of garbage, I might get a bunch of garbage out. So…

Our job as a platform, besides allowing our customers to define their workflows, customize to their CI/CD pipeline in a per project,

how they create epics, documentation, issue templates, et cetera, which helps AI to be more accurate and faster. So we call these really in summary, of a bit of a differentiation, bit of a marketing language, but we first allow essentially our customers to find their guardrails. Where is your data gonna live? Where is your SDLC full DevSecOps journey gonna begin on premise?

with your own models in the cloud. Maybe it’s a different strategy in Europe versus US. So we build those guardrails for them. Then we help them define the workflows for which projects. How is your CI CD pipeline looking here? What are your coding principles on this project?

What are your rules for security scanning over here? So we kind of divide and conquer between teams, projects, and releases. And then lastly, we guide them to making the data, underlying data context, really clean, crisp, and ready for AI so that the AI doesn’t get confused about data that doesn’t matter. ⁓

Rachel Stephens
that sounds like an impressive amount of things to orchestrate and pull together. And all of those capabilities are now part of the Duo Agent platform that is recently GA’d. Is that correct?

Özer Dondurmacıoğlu
Ha

Correct, we’re actually GAing January 15th today, exciting day. So looking forward to hearing from our customers. of course…

had the platform in beta, got amazing feedback from customers. Our engineering team has done a great job incorporating customer feedback into many rounds of innovation. So very excited to see what the reaction from the marketplace. And I would say initial comments from our customers are, know, we wanted a wrapper around this.

exciting technology, AI, when it comes to SDLC. We wanted somebody to tell us, okay, what does it mean to take AI to an enterprise setting where true software delivery needs to happen? Initial reaction has been very positive, so excited to see what the rest of the market thinks.

Rachel Stephens
Wonderful, well that sounds great. I would love to hear about where your audience within the GitLab community is at in terms of scales of automation. So if you kind of think about human does everything, agent does everything, and the kind of this very big murky middle of human in the loop, but how does the human need to best be in the loop? How are you kind of balancing automation and that…

concern for compliance and control? How are your customers reacting to that? Where are your pulse on the market right now with that?

Özer Dondurmacıoğlu
Yeah, very good question. mean, ultimately, AI technology, we’re all excited about it, we’re all innovating about it, but it’s still early days.

I would say that there are tons of solutions and solution spaces out there that I have not crossed the chasm yet. ⁓ Retrialing, cetera. I think AI coding is very well, at this point, is pretty much well established that it’s not going anywhere anytime soon. So it’s great to see the excitement, but enterprises…

Rachel Stephens
Mm-hmm.

Özer Dondurmacıoğlu
and public sector organizations, regulated industries, they want to double-click. They want to test, they want to validate, they want their own compliance governance rules to be in check when they adapt these technologies. So they’re asking us to help them with their adoption journeys. To give you an example, when it comes to DevOps, Agile Framework Principles and DevOps Principles,

Ten years ago, we were helping our customers jump onto that journey.

Nowadays, they’re asking us for a similar guide in their AI adoption journey. So we are putting together a variety of different assets to help them.

in that effort. First we have a set of journeys defined to help them go from

Maybe some kind of like a tool chain sprawl if would it make sense to migrate them to GitLab so that everything is in one place? The second journey is sometimes teams would like to keep DevOps and security, scanning, vulnerability management, compliance, framework enforcement, policy management separate.

from DevOps, or they can merge into GitLab and adopt DevSecOps, That’s the second journey that we’re helping them with. And the last piece of the puzzle is the third journey that we’re gonna be helping them with is which agents for what projects and when.

Rachel Stephens
Mmm.

Özer Dondurmacıoğlu
Should we start maybe with one of the software teams of 300 developers out of the 1,000 developers in the company running on two software projects where they’re maybe building out a desktop application for internal users?

Maybe that’s a good place to measure best practices, see what’s working, enable security analyst agent and then enable planner agent and maybe don’t start with any custom agents yet and see the impact of that. Measure the impact of it, see how the productivity is going up, see if we can build best practices to carry over to the next project. So agent by agent, team by team adoption.

So those three journeys are top of mind. Our customer experience team has been developing assessments, if you will. It’s a relatively quick questionnaire to start and then lots of different questions and we have cadences to chat with our customers on which steps they have accomplished and we have been able to enable in their environment and measuring the impact of

So our customer experience team constantly are in the middle of those conversations. And we’re taking those learnings and we’re actually bringing that to market more visibly in the March timeframe, March, April timeframe to start educating the rest of our audience.

Rachel Stephens
I guess, is there a lot of pro-serve involved in this process? Are teams able to kind of pick this up via the product itself? How involved do you need to be in terms of helping and guiding your customers?

Özer Dondurmacıoğlu
Yeah, very good question. I would say majority of our customers prefer self-serve. I think it’s the GitLab way and the principle of software as a service. They would like to read the docs. Our epics are publicly visible. Our roadmap is publicly visible. Our docs is always public. Of course, we have an open source core. People can contribute to our core platform.

that tradition continues, I think as part of the GitLab culture, majority of our customers like to do it themselves. In some cases, some of our organizations are so large, so big, tens of thousands of developers, lots of projects. We just want to be ready for those organizations that might want to adapt it in scale and have a timeline.

Rachel Stephens
Mm-hmm.

Yeah.

Özer Dondurmacıoğlu
⁓ Some of them just utilize our customer experience capabilities that are part of the subscription. ⁓ Some of them want to extend that to a professional service. And some of them also want to take advantage of that with the trusted partners that we have in the marketplace, managed service or reseller partners that we go to market with and kind of define what that custom adoption journey looks like for them.

Rachel Stephens
that absolutely tracks with how I understand GitLab and I just want to make sure things hadn’t changed in the era of AI, which things can be a little bit more fluid and quickly moving. So all good. All right, so for my final question, and I feel like we’ve touched on this in bits and pieces, but I would love to kind of just get your full narrative on why choose a single provider.

for intelligent orchestration. I think…

In particular, think one of the things a lot of organizations are struggling with right now is AI is being injected everywhere. And so how are we supposed to decide where we’re making our investments? These people are wanting to know, they want to understand where they need to be developing their skill sets and where they need to be kind of doing the glue work themselves to bring all these tools together versus having someone who’s already done that for them and trying to figure all of that out. So how are you guiding people

Özer Dondurmacıoğlu
Yeah.

Rachel Stephens
that conversation.

Özer Dondurmacıoğlu
⁓ You know, we talked about the value of our technology, right? Being able to bring enterprise guardrails and context and rules and workflows into and managing the entire SDLC, automating the entire SDLC with AI. ⁓ And then we talked about the journeys, right? Okay. Customers are adapting a unified platform and…

putting agent AI on top to accelerate, and then what happens? We have been putting a lot of data points together and what we’re realizing is as follows. We looked at coding. Around estimated to be from multiple sources based on our studies, based on public sources, seems to be around 20 % of engineers time across the SDLC.

20%. So let’s say I’m using Opus 4.5 from Anthropic and it’s much better than the previous model and all of sudden my productivity went 10x. My quality of code increased, I feel more comfortable generating production ready code and all of a sudden my productivity as a developer, a coder went up 10x. That only gives me

10x growth in that limited 20%. So the real math, if you look at the entire SDLC, has 100 units of time. Let’s say 100 hours or 100 days. I shrink my time from 100 to 82. I don’t save 10x in the entire 100 units of time. And then we said, OK, let’s

do some customer interviews and data collection, what happens when I take different tools, let’s say four or five of them, that make up the SDLC and bring it to a single platform? That gives me some more. That saves me another, let’s say, 15 units of time. It depends on the scenario, and we have some calculators in the works for this, but based on customer data,

we basically started to realize, okay, well, I shave another 10 units of time. If I integrate security on top, I shave another 10 units of time. And if I have my agents helping me answer questions quickly about issues, epics, rules, regulations, et cetera, I shave some more. And if I let those agents come to life and actually not only answer my questions, but actually run things for me in parallel, you know, a code review agent doing…

thousand code reviews a day without any complaints, what does that mean? That shaves another 20 minutes of time. So we looked at multiple scenarios and what we’re seeing is those hundred units of time with AI coding has a potential to go down to 82, let’s say. But with a unified DevOps, integrated security, agentic AI workflows, it has a potential to go down to 30. So 300%.

Time savings is the so what. 300 % time savings means an engineering team spends more time on architecting the next big thing, shipping front and backend features, for example, not only features, but maybe removing tech debt from their platforms instead of managing code as it flies through the SDLC. So that’s turning out to be the punchline.

Rachel Stephens
Yeah.

Özer Dondurmacıoğlu
Time

is very important to everybody for any business in any organization and we’re starting to show that so what benefit for our customers.

Rachel Stephens
And you are dangerously close to getting me on a theory of constraints rant because that’s one of my favorite topics. But no, absolutely, I see where you’re coming at and I agree we have addressed one bottleneck on the code generation side, but there’s bottlenecks all throughout that we all need to continue kind of shaping off those rough edges and making things faster and flow together.

Özer Dondurmacıoğlu
Hahaha

Yeah, there you

I I agree. And very excited to see where the market is going. It’s exciting times. Being part of the developer ecosystem is very exciting nowadays. And if folks are…

willing to take a look at DuoAgent platform. There are variety of different information on the website. As many of your audience might already know, we’re an extremely transparent organization. mean, everything is documented about the company, about our solutions platforms. DuoAgent platform is no different. So lots of demos, lots of technical information out there. But yeah, looking forward to hearing more from the market and more from our customers on what they think.

Rachel Stephens
Well, will drop some links in the show notes below so people can find it easily. thank you, Özer thank you so much for your time and for walking me through this. This has been a delightful conversation.

Özer Dondurmacıoğlu
Absolutely. Same here, Rachel. Thanks for having me.