You’ve been asked to adopt AI tools with a promise they will accelerate your time to production and improve the quality of your code. Along the way, you’ve noticed a huge increase in the number of changes submitted to code and you’ve also likely felt the pain of your systems and processes not being able to keep up. The inner loop of development is moving at lightning speed, while the outer loop struggles to keep up.
In many CI/CD workflows, a pipeline failure, which is often caused by a security vulnerability or a configuration error, can leave a developer with the manual, time-consuming task of figuring out what went wrong. They spend too much time investigating, debugging, researching fixes, and resubmitting code. This creates friction between developers, security, and operations teams as they place blame for the issue and identify who is responsible for fixing it.
At OpenShift Commons Gathering at this year's Red Hat Summit, we took a closer look at the tools in Red Hat OpenShift and explored how to troubleshoot and fix a failed pipeline through an agentic workflow. Our developer advocate, Natale Vinto, demoed how Red Hat OpenShift helps secure and automate the development pipeline by:
- Defining and enforcing security gates.
- Accelerating failure detection and remediation using an AI agent.
- Fixing and validating new code with human-in-the-loop oversight before rerunning the pipeline to ensure the fix is effective and all security criteria are met.
To start, Natale leads us to Red Hat OpenShift DevSpaces where he’s submitting an update to a new java application and kicks off a new DevSecOps pipeline. Red Hat OpenShift has defined requirements already in place to proactively enforce security. As code is pushed, the system automatically checks against these defined security policies. The security and ops teams have built robust policy-as-code through Red Hat Advanced Cluster Security for Kubernetes, meaning security definitions are consistent, version-controlled, and deeply integrated with Red Hat OpenShift. When a critical vulnerability is detected—such as a compromised base image showcased in the demo—the pipeline halts deployment before the code can reach a production environment, preventing vulnerable software from ever being deployed.
Figure 1: An SRE Agent identifies a point of failure in the pipeline after identifying a critical vulnerability with Red Hat Advanced Cluster Security for Kubernetes. Timestamp: 3:42
Normally, this is where the testing comes to a screeching halt while the developer frantically tries to identify why the pipeline stopped and what they need to do to fix it. But Natale has built an AI agent called the SRE-Agent that acts as an intelligent enforcement layer rather than a passive checklist to identify the root of the problem, instead of having to manually sift through logs and debug errors. Through GitHub and Tekton Pipelines-as-Code integrations, the agent creates a new pipeline with the recommended remediation, shows Natale the problem it identified, and proposes a solution. It also leverages Claude to access and verify the issue with Red Hat OpenShift and alert the security team to the issue via Slack.
Figure 2: The SRE Agent analyzes the issue encountered and proposes a fix for the security team to review and approve. Timestamp: 4:13
From here the security, ops, and developer teams have full access to the logs reviewed and suggestions made by the agent and are enabled to take action. Now, with a human-in-the-loop, teams have clear, actionable insights so they can review, validate, and apply the fix with a single click. This maintains developer autonomy and trust, ensuring that human expertise is used to authorize the changes while offloading the tedious, manual heavy lifting of research and testing to the agent.
Figure 3: The security team applies the SRE Agents suggested changes. Timestamp: 5:29
After applying the agent's suggestion, it re-runs the pipeline to ensure the fix is effective and all security gates are satisfied. This final validation step is crucial for maintaining zero-critical-vulnerability builds. Teams maintain full visibility to the changes being implemented through GitHub, OpenShift Pipelines, Red Hat Advanced Cluster Security, and Red Hat Trusted Profile Analyzer. After confirming the new changes have low vulnerabilities, Natale can merge the new code into production with confidence.
Figure 4: New code is merged into the pipeline and tested again for vulnerabilities. Timestamp: 7:42
The result: a CI/CD pipeline that can support the high volume of code commits without compromising established security, policy, and management protocols. With Red Hat OpenShift, we unlock the automation of AI-driven tasks within OpenShift Pipelines in the outer loop, addressing the bottlenecks derived from the ever increasing number of AI-assisted code changes in the inner loop. With Red Hat OpenShift, developer, security, and operations teams are given full visibility into the problems identified, suggested fixes from the AI agent, and a full log of changes made so they can confidently validate and merge updates into their target environments. By combining the enterprise-grade stability of Red Hat OpenShift with the flexibility of Tekton and the intelligence of modern AI models, we are enabling teams to build and deliver more secure software with confidence and speed.
Product trial
Red Hat OpenShift Container Platform | Product Trial
About the author
Aubrey Muhlach is a Senior Manager of Product Marketing Red Hat OpenShift based out of Colorado. Focusing on enabling DevOps practices and culture, Aubrey develops and implements go to market strategies for OpenShift and emerging technologies in the ecosystem. Aubrey lives in Colorado with her family where she takes full advantage of the Rocky Mountains and those infamous Boulder Flat Iron views.
More like this
Accelerate and upskill with Red Hat AI training and certification
Accelerating the time to science for the CDC and NIH
Technically Speaking | Defining sovereign AI with open source
Technically Speaking | Inside open source AI strategy
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Virtualization
The future of enterprise virtualization for your workloads on-premise or across clouds