Jul 15, 2019 - Suri Patel    

2019 Global Developer Report: DevSecOps finds security roadblocks divide teams

Over 4,000 software professionals shared their DevOps experiences, helping us uncover what they require in order to innovate rapidly.

Read the full report

We have liftoff! The 2019 Global Developer Report: DevSecOps has arrived! Thanks to the 4,071 crew members – across various industries, roles, and geographic locations – we’ve uncovered what helps and hurts software professionals on the journey to bring developers, security professionals, and operations team members together.

According to our survey respondents, the primary mission for all software professionals today is improvement. Everyone wants more secure code, increased visibility, reduced cycle times, and continuous deployment, but how do teams get there? Based on our survey results, DevOps done right can help realize these goals. But DevOps itself can be challenging to implement, creating other difficulties.

Here are a few key takeaways from the survey that might help you create a more nuanced and strategic DevOps flight plan for your organization.

Good DevOps: The answer to security problems?

Security teams in a longstanding DevOps environment reported they are 3 times more likely to discover bugs before code is merged and 90% more likely to test between 91% and 100% of code than teams who encounter early-stage DevOps. Nearly half of all mature DevOps respondents practiced continuous deployment in at least some part of their organizations. But at the same time, only about a third of respondents actually rated their organizations’ DevOps efforts as “good.”

“The big takeaway from this survey is that early adopters of strong DevOps models experience greater security and find it easier to innovate, but barriers still prevent developers and security teams from achieving true DevSecOps,” said Sid Sijbrandij, CEO and co-founder of GitLab. “Teams need a single solution that can provide visibility into both sides of the process for streamlined deployment.”

Clearly challenges remain, and nowhere is that more obvious than in security. While 69% of developers indicate they’re expected to write secure code, nearly half of security pros surveyed (49%) said they struggle to get developers to make remediation of vulnerabilities a priority. And 68% of security professionals feel that fewer than half of developers are able to spot security vulnerabilities later in the lifecycle. Roughly half of security professionals said bugs were most often found by them after code is merged in a test environment.

2019 Developer Report security findings

Choosing DevOps

More companies are making the move to DevOps than before, and for good reason – teams that have successfully implemented a mature DevOps model experience major improvements in their workflow. According to the survey, developers who work at organizations with immature DevOps models feel their processes inhibit them, while those who work with mature models are almost 1.5 times more likely to feel innovative and 3 times more likely to discover security vulnerabilities earlier on in the pipeline.

Poor DevOps practices slow teams down. Those organizations are 2.5 times more likely to encounter significant delays during the planning stage and 2.6 times more likely to wade through red tape, slowing efforts to quickly fix security vulnerabilities.

Remote work works

According to our survey respondents, working remotely leads to greater collaboration, better documentation, and transparency. In fact, developers in a mostly remote environment are 23% more likely to have good insight into what colleagues are working on and rate the maturity of their organization’s security practices 29% higher than those who work in a traditional office environment.

About the survey

GitLab surveyed 4,071 software professionals across various industries, roles, and geographic locations. The margin of error is 2%, assuming a population size of 23 million software professionals and a 95% confidence level.

Methodology

We launched a Global Developer Survey on Jan. 23, 2019, collecting responses until Feb. 27, 2019. During that time, we promoted the survey primarily on GitLab’s social media channels and newsletter.

Frequently asked questions

How can I read the report? You can download the full report here.
Are the raw results publicly available? Yes, you can view the raw data here.
Did only GitLab users take the survey? No, it was open to all software professionals across various industries, roles, and geographic locations.
How can I ask questions or give feedback about the survey and results? Please direct questions or comments about the survey to surveys@gitlab.com.
I’d like to participate in the next survey. Can I sign up for alerts? The best way to receive news about the Global Developer Survey is to sign up for our bi-weekly newsletter.

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab for Free

Try GitLab risk-free for 30 days.

No credit card required. Have questions? Contact us.

Gitlab x icon svg