Developer Productivity Engineering Blog

Did you know that over 20,000 new software security vulnerabilities were disclosed in just the first half of 2025? And since February 2025, the volume of disclosed vulnerabilities has increased by more than 3x.

Although AI is opening up vast opportunities for innovation, it’s also introducing new risks, and in some cases, being used to attack the software toolchain itself. As a result, we need a more comprehensive approach that extends far beyond traditional security measures. For DevOps and software supply chain professionals, understanding and implementing robust Governance, Risk, and Compliance (GRC) is becoming essential for protecting an organization’s most critical business systems.

Taking measurements first to establish a base state before attempting to improve performance applies not just to optimizing application performance in production, but to optimizing the entire developer experience. Let’s apply that powerful performance engineering mindset to our internal processes and our path to production.

When you put an application in production today, being able to observe its real-time behavior is a non-negotiable requirement. Yet this is rarely the case for our internal software systems that we use to build and release these same production applications.

I see a persistent and dangerous blind spot in the industry in overlooking the operational health of the software toolchain itself. We should view every component related to the build, tests, CI pipelines, local build systems, and DevOps tools—what I refer to collectively as the toolchain—as production systems.

We’re excited to share a tool designed to cut down on the frustrating build and test cycle and bring build performance analysis right where you spend most of your time: your favorite IntelliJ IDE, like IDEA or Android Studio. We’re talking about the Develocity IntelliJ Plugin, which integrates powerful real-time analysis directly into your IDE.

In their blog post, the Commonhaus Foundation announced our sponsorship of their foundation with a with free dedicated instance of Develocity. This partnership brings comprehensive toolchain observability, build and test acceleration technologies, and rapid troubleshooting features to Commonhaus projects, enabling their communities to build, test, and deploy code faster and with greater confidence.

The software industry is currently at an inflection point due to the avalanche of GenAI code output. Engineering organizations are facing unprecedented challenges in feedback cycle frequency and code volume and complexity, magnifying the potential for errors, unintended behaviors, and deployment risks.

To meet the challenges AI has introduced to modern software delivery, we need a new approach: toolchain observability. Our toolchain observability platform, Develocity 360, empowers your organization to gain actionable insights for faster troubleshooting, optimize build performance and compute resources, create a more reliable software delivery pipeline, and ensure more secure and compliant software.

DevOps has brought remarkable improvements in efficiency and velocity across the SDLC, but a critical frontier remains: the automation of Governance, Risk, and Compliance (GRC). Learn why a Strongly Identifiable Binary (SIB) is the key to the next evolution of DevOps with Continuous GRC.

Scala creator Martin Odersky and Gradle founder Hans Dockter sat down with Trisha Gee, Java Champion, to unpack the question of what it means to be truly productive as a developer in the modern JVM ecosystem. This post, summarizing the top takeaways from their conversation, sheds light on the emerging complexities introduced by GenAI code and offers crucial insights into the path forward.

Explore how Develocity helps you adopt and improve DORA capabilities, including continuous delivery, in order to achieve software delivery excellence in your organization.