According to a GitLabs study, security is the most common reason for using a DevOps platform and the area with the highest planned investments.
For the sixth time, the company behind the software development platform GitLab has conducted the annual “Global DevSecOps Survey”. It brings to light that security is key and the most cited reason for using a DevOps platform. According to GitLab, the fact that security is coming to the fore is a sign of a clear change: In recent years, security teams have often brushed aside concerns in order to release software faster.
In this edition of the study, GitLab surveyed over 5000 people in various DevOps roles – including developers, site reliability engineers and decision makers – in May 2022 on topics such as toolchain, security, test automation and deployment.
Safety comes first
Three quarters of respondents are using a DevOps platform or plan to start using it this year. In making this decision, increased security is paramount—over cost and time savings, DevOps improvement, and simplified automation. The study participants state developers as the most likely users of the platform, but according to 38 percent, the entire DevOps team should use the platform. According to the study, DevOps is primarily used to increase code quality, developer productivity and operational efficiency. Other reasons for DevOps are security, time-to-market, better collaboration and happier team members.
A clear change towards security can also be seen in the everyday work of the developers surveyed: In 2021, 39 percent of developers were still “completely responsible” for security in their companies, this year it is 53 percent – an increase of 14 percent. GitLab sees this as an indication of a Shift Left. An additional 39 percent of the developers surveyed see themselves as part of their team responsible for security, and seven percent see other team members as primarily responsible for this. The increased security awareness seems to be paying off: According to 87 percent of those surveyed (2021: 75 percent), their company makes it possible to avoid security incidents.
Faster deployment, variety of tools and planned investments
Other findings from the study include faster deployment. 70 percent of those surveyed deploy either multiple times a day, daily, or every few days—an increase of 11 percent year-on-year. Of these, multiple daily deployment accounts for 27 percent of those surveyed. However, the clear majority complained that there were too many tools in their tool chain that they would like to consolidate: Over 40 percent of the study participants use between six and ten different tools. The tools used include version control tools such as GitLab, GitHub or BitBucket, recently released in version 15.3, and microservices and Kubernetes are also frequently used.
With regard to investments, the people surveyed from the Dev, Sec and Ops areas agree and want to invest primarily in security this year. Cloud computing comes second in investment plans, followed by DevOps, artificial intelligence and blockchain. The plans vary depending on the role, for example management as well as security teams see blockchain investments as a top priority.
These and other finds can be read in the study report, which GitLab makes available as a PDF file if you provide your contact details. A blog entry highlights the central points.