Sonar Acquires Tidelift, Google Boosts DevOps with AI Tools, and Team Facets at KubeCon India

?? Hello, 2025!

It’s here—the year of new possibilities, big ideas, and building what’s next. As 2024 bows out, let’s kickstart this New Year with insights that’ll set the tone for DevOps in 2025.

2024 wasn’t just another year in tech—it was a turning point. Here’s how some big ideas reshaped the DevOps world and why they’ll continue to matter in 2025:

In this edition of “Shift Left, Ship Right!" we’re diving into:

1. The Sonar + Tidelift acquisition and what it means for DevSecOps.
2. How AI-driven DevOps workflows—from 谷歌 ’s Gemini to new automation tools—are supercharging developer productivity.
3. Data Pipeline Modernization in 2025: Integrating DevOps, DataOps, and Database Systems.

And that’s not all, we’ll also dive into the top trends that will reshape 2025!

Bonus: Don’t miss the Facets team’s highlights from KubeCon India 2024—insights, talks, behind-the-scenes moments, and key takeaways from our latest webinar on cloud migration with Porter!

Stick around till the end—let’s get started.

Sonar just acquired Tidelift: A New Era for DevSecOps

The merger of Sonar (proprietary code security) and Tidelift (open-source vulnerability management) is more than a business move—it’s a pivotal shift for DevSecOps. Together, they offer a hybrid platform that secures modern codebases end-to-end.

Here's what caught our attention: over 80% of modern applications rely on open-source dependencies. That's not just a statistic – it's a wake-up call.

This dependence underscores a major security gap. Open-source vulnerabilities are prime targets for attackers—and most modern applications depend on them.

Sonar’s integration of Tidelift directly addresses this, offering a unified solution to secure both proprietary and open-source code.

Sonar’s 2025 roadmap (yet to be revealed) promises AI-powered integrations, streamlining compliance, testing, and security.

Brian Wald , Field CTO at GitLab , envisions a brighter DevSecOps future:

“Shifting operational and security responsibilities to centralized platforms will enhance efficiency, improve quality, and restore velocity to development teams.”

With trends showing that 64% of organizations are investing in code scanning tools and regulations demanding stronger software supply chain security, this move is timely.

Sonar’s AI-powered tools, like AI CodeFix and AI Code Assurance, further streamline vulnerability detection and remediation—keeping developers focused on what they do best: building great software.

The future of DevSecOps isn’t just secure—it’s efficient, AI-driven, and ready for the complexities of tomorrow.

Google Boosts DevOps with AI Tools for Third-Party Platform

Google is expanding its Gemini AI tools, integrating Gemini 2.0 Flash into third-party platforms like Jira, GitHub , Sentry.io, and Atlassian . This move allows teams to automate essential DevOps tasks—from code retrieval to issue identification—simply using natural language commands.

Gemini Code Assist simplifies and reduces the complexity of manual DevOps tasks:

• Automate key actions like summarizing Jira issues, tracking code changes, and identifying site issues using simple commands.
• Transform these commands into secure, parameterized API calls, following OpenAPI standards or YAML configurations.
• Maintain security at every step with OAuth authentication, ensuring your interactions stay protected.

AI in DevOps is no longer a trend—it’s an imperative. 33% of organizations are already using AI, and 28% plan to adopt it in the next year. The real question is no longer whether to adopt AI but how deeply it will be integrated into everyday operations. (Techstrong Research)

This survey makes it clear that in the coming year, organizations will naturally adopt AI as they best see fit, but it’s no longer a question of whether to use AI as much as to what degree to rely on it.

"AI's real productivity benefits will come from automating tasks like writing test plans, explaining code, and verifying fixes,"

– Mitch Ashley , VP at Futurum Group

In short:

The future of DevOps is clear—AI is here to stay. The next phase will be defined by how strategically organizations adopt AI. Companies must act now, integrating tools that enable smarter, faster development while ensuring security and quality.

Takeaway: The question is no longer whether to use AI in DevOps. It's about how deeply you integrate it. The right approach will determine the leaders in the AI-driven revolution.

Data Pipeline Modernization in 2025: Integrating DevOps, DataOps, and Database Systems

Data pipelines are the backbone of modern enterprises.

As we race towards 2025, data pipelines are growing exponentially larger and more complex every year. The integration of DevOps, DataOps, and database systems isn’t just a nice-to-have; it’s a must-have for companies looking to stay ahead in a data-driven world.

Here's why it matters: AI and ML are accelerating data growth, demanding seamless integration across DevOps, DataOps, and databases. The challenge? Most current infrastructures aren’t built for this kind of scale.

Without tight collaboration between DevOps, DataOps, and database teams, bottlenecks emerge. AI-driven solutions demand fast, reliable data—teams must align to stay competitive.

The Key Insight?

DataOps + DevOps = Seamless Pipelines

Early collaboration between DevOps, DataOps, and database teams improves data quality and reduces cycle times. Identifying issues early leads to faster delivery and fewer errors, with testing in lower environments speeding delivery by 60% and reducing errors by 50%.

"DataOps isn’t just DevOps for data. Both must blend best practices to ensure secure, reliable, and optimized pipelines.”

– Loreli Cadapan, DataOps expert

In short:

The future of data pipelines is integration. Unifying DevOps, DataOps, and databases are key to future-proofing your infrastructure. Without it, you risk falling behind.

Alright, let’s take a quick tour of what’s coming in 2025! Here's ?? 5 DevOps Trends to Watch in 2025:

• AIOps: Automates anomaly detection and incident management improves system reliability
• DevSecOps: Security integrated into every DevOps phase with automated CI/CD checks.
• Microservices: Enables scalable, independently deployable services enhancing agility and fault tolerance in software applications.
• GitOps & IaC: Automates infrastructure with tools like Terraform and ArgoCD.
• Sustainable DevOps: Focus on energy efficiency and green cloud providers.

?? Team Facets at KubeCon India 2024: Highlights and more!

Our Facets team had an incredible experience at KubeCon India 2024. Here’s what went down:

KubeCon India 2024 ???? in Delhi was a game-changer for our team. It was more than just a conference; it was a milestone for 200,000 developers.

We attended sessions on Platform Engineering, SDLC, AI & ML—amazing insights! Here are some highlights:

• India ???? is emerging as a global open-source hub, with LF India leading the charge.
• Platform engineering is on the rise, with companies like Swiggy, Amdocs, Airbus, and EarnIn building scalable systems.
• Shift-left is gaining momentum as companies like NielsenIQ integrate security and DevOps earlier in the development cycle—a trend we’re adopting at Facets.
• GenAI workflows are automating code generation, testing, and bug detection, streamlining pipelines, and boosting efficiency.
• Shift-Left will be standard soon. Just like Kubernetes is now, teams won’t question using it—they’ll expect it.

Ishaan Kalra from the Facets Team took detailed notes, which we’ve shared on our blog. From Pepsico’s platform insights to Flipkart’s service mesh, we’ve covered it all.

Check it out here: https://www.facets.cloud/kubecon-2024-live

Golden nuggets from Cloud Migration at Scale Webinar with Porter :

Alright, picture this: You’re staring down a massive, decade-old system. Migrating from AWS to GCP? Sounds like a challenge, right? Well, that’s exactly what Pravanjan Choudhury (Co-Founder, Facets.cloud ) talked about with Ankit Srivastava , VP of Engineering at Porter , in the recent webinar we hosted.

Here are a few key takeaways for you:

• Embrace the power of iteration! Don't try to do everything at once. Break the migration into smaller, manageable phases, and learn from each step. Porter saw their migration batches go from 9 days to half a day—all because they kept refining their approach!
• Plan for the unexpected. Migrating a decade-old system comes with surprises. Thorough discovery is crucial, but you'll uncover hidden challenges. Build in buffer time and be prepared to adapt!
• Invest in upskilling your team. Equipping your developers with the right skills for the new cloud environment is essential. The more they understand, the faster and smoother the migration will be.
• Don't underestimate the post-migration phase. Stabilizing the new cloud environment takes time and effort. Plan for a hypercare period to address any issues and optimize your setup.

Ankit’s insights were gold, and if you’re planning a cloud migration—big or small—this webinar is a must-watch.

Catch the recording here if you missed it: https://www.facets.cloud/webinars/inside-porters-large-scale-cloud-migration

2025 Ahead: What's Next

As we wrap up 2024, one thing's crystal clear: innovation isn't taking a break. From AI-powered DevOps to evolving platform engineering, we're just getting started.

So here's to another year of shifting left and shipping right! See you in 2025, fellow tech adventurers!

?? Top Picks from Spotify

1. Kubernetes Podcast from Google?- Device management in Kubernetes, with John Belamaric -?Listen here
2. DevOps Paradox?- DOP 298: Tools Versus Culture -?Check it out here
3. Screaming in the Cloud?- Replay - Helping avoid the Kubernetes Hiccups with Rich Burroughs - Listen now

?????? Words of Wisdom

1. Stateful workload operator: stateful systems on Kubernetes at LinkedIn. ?Link
2. Agile and DevOps for SaaS and low-code development.?Link
3. The Future of DevOps in 2025 ?Link