You’ve been asked to adopt AI tools with a promise they will accelerate your time to production and improve the quality of your code. Along the way, you’ve noticed a huge increase in the number of changes submitted to code and you’ve also likely felt the pain of your systems and processes not being able to keep up. The inner loop of development is moving at lightning speed, while the outer loop struggles to keep up. 

In many CI/CD workflows, a pipeline failure, which is often caused by a security vulnerability or a configuration error, can leave a developer with the manual, time-consuming task of figuring out what went wrong. They spend too much time investigating, debugging, researching fixes, and resubmitting code. This creates friction between developers, security, and operations teams as they place blame for the issue and identify who is responsible for fixing it. 

At OpenShift Commons Gathering at this year's Red Hat Summit, we took a closer look at the tools in Red Hat OpenShift and explored how to troubleshoot and fix a failed pipeline through an agentic workflow. Our developer advocate, Natale Vinto, demoed how Red Hat OpenShift helps secure and automate the development pipeline by:

  • Defining and enforcing security gates. 
  • Accelerating failure detection and remediation using an AI agent. 
  • Fixing and validating new code with human-in-the-loop oversight before rerunning the pipeline to ensure the fix is effective and all security criteria are met.

To start, Natale leads us to Red Hat OpenShift DevSpaces where he’s submitting an update to a new java application and kicks off a new DevSecOps pipeline. Red Hat OpenShift has defined requirements already in place to proactively enforce security. As code is pushed, the system automatically checks against these defined security policies. The security and ops teams have built robust policy-as-code through Red Hat Advanced Cluster Security for Kubernetes, meaning security definitions are consistent, version-controlled, and deeply integrated with Red Hat OpenShift. When a critical vulnerability is detected—such as a compromised base image showcased in the demo—the pipeline halts deployment before the code can reach a production environment, preventing vulnerable software from ever being deployed.

Figure 1:

Figure 1: An SRE Agent identifies a point of failure in the pipeline after identifying a critical vulnerability with Red Hat Advanced Cluster Security for Kubernetes. Timestamp: 3:42

Normally, this is where the testing comes to a screeching halt while the developer frantically tries to identify why the pipeline stopped and what they need to do to fix it. But Natale has built an AI agent called the SRE-Agent that acts as an intelligent enforcement layer rather than a passive checklist to identify the root of the problem, instead of having to manually sift through logs and debug errors. Through GitHub and Tekton Pipelines-as-Code integrations, the agent creates a new pipeline with the recommended remediation, shows Natale the problem it identified, and proposes a solution. It also leverages Claude to access and verify the issue with Red Hat OpenShift and alert the security team to the issue via Slack. 

Figure 2:

Figure 2: The SRE Agent analyzes the issue encountered and proposes a fix for the security team to review and approve. Timestamp: 4:13

From here the security, ops, and developer teams have full access to the logs reviewed and suggestions made by the agent and are enabled to take action. Now, with a human-in-the-loop, teams have clear, actionable insights so they can review, validate, and apply the fix with a single click. This maintains developer autonomy and trust, ensuring that human expertise is used to authorize the changes while offloading the tedious, manual heavy lifting of research and testing to the agent.

 Figure 3:

 Figure 3: The security team applies the SRE Agents suggested changes. Timestamp: 5:29

After applying the agent's suggestion, it re-runs the pipeline to ensure the fix is effective and all security gates are satisfied. This final validation step is crucial for maintaining zero-critical-vulnerability builds. Teams maintain full visibility to the changes being implemented through GitHub, OpenShift Pipelines, Red Hat Advanced Cluster Security, and Red Hat Trusted Profile Analyzer. After confirming the new changes have low vulnerabilities, Natale can merge the new code into production with confidence. 

Figure 4:

Figure 4: New code is merged into the pipeline and tested again for vulnerabilities. Timestamp: 7:42

The result: a CI/CD pipeline that can support the high volume of code commits without compromising established security, policy, and management protocols.  With Red Hat OpenShift, we unlock the automation of AI-driven tasks within OpenShift Pipelines in the outer loop, addressing the bottlenecks derived from the ever increasing number of AI-assisted code changes in the inner loop. With Red Hat OpenShift, developer, security, and operations teams are given full visibility into the problems identified, suggested fixes from the AI agent, and a full log of changes made so they can confidently validate and merge updates into their target environments. By combining the enterprise-grade stability of Red Hat OpenShift with the flexibility of Tekton and the intelligence of modern AI models, we are enabling teams to build and deliver more secure software with confidence and speed.

Product trial

Red Hat OpenShift Container Platform | Product Trial

A consistent hybrid cloud foundation for building and scaling containerized applications.

About the author

Aubrey Muhlach is a Senior Manager of Product Marketing Red Hat OpenShift based out of Colorado. Focusing on enabling DevOps practices and culture, Aubrey develops and implements go to market strategies for OpenShift and emerging technologies in the ecosystem. Aubrey lives in Colorado with her family where she takes full advantage of the Rocky Mountains and those infamous Boulder Flat Iron views.

UI_Icon-Red_Hat-Close-A-Black-RGB

Browse by channel

automation icon

Automation

The latest on IT automation for tech, teams, and environments

AI icon

Artificial intelligence

Updates on the platforms that free customers to run AI workloads anywhere

open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud

security icon

Security

The latest on how we reduce risks across environments and technologies

edge icon

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure icon

Infrastructure

The latest on the world’s leading enterprise Linux platform

application development icon

Applications

Inside our solutions to the toughest application challenges

Virtualization icon

Virtualization

The future of enterprise virtualization for your workloads on-premise or across clouds