A spaceland with planets and multiple galaxies

2019 Global Developer Report: DevSecOps

A Space Void

Created to encourage conversation and collaboration, the Global Developer Report: DevSecOps dissects the cross-functional relationships of DevOps teams and offers insights into successful practices, problem areas, and potential solutions.

This year, over 4,000 respondents – across various industries, roles, and geographic locations – candidly shared their experiences, helping us uncover what software professionals require in order to innovate rapidly.

By uncovering best practices and unmet needs, the Global Developer Report: DevSecOps is one small step for software professionals to share their thoughts and one giant leap for IT leaders to remove roadblocks to help teams thrive and offer the strongest contributions to software development.

Download the full report
World Map

DevSecOps 2019

Mission Improvement

  • The overall mission objective for all software professionals today is improvement. When faced with the speed of innovation, teams must improve the way they deliver value to both their organizations and customers.

  • Security remains a work in progress: 69% of all respondents say that developers are expected to write secure code, yet 68% of security professionals feel that less than half of developers are able to spot security vulnerabilities (as opposed to security teams later in the process).

  • Role

    1. 50% Software Developer / Software Engineer
    2. 11% Development/Engineering Leadership
    3. 7% DevOps Engineer
    4. 7% Technology Executive - CIO / CTO
    5. 6% Software Architect
    6. 4% Other
    7. 3% DevOps Leadership
    8. 3% Systems Administrator
    9. 2% Product Manager
    10. 1% Systems Engineer / Network Engineer
    11. 1% Engineering Project Manager

    The majority of survey respondents have development roles. When analyzing the data, we filtered responses by role type to get an accurate look at how development, security, and operations teams feel about their organizations’ processes.

  • Nearly two-thirds (62%) plan to invest heavily in CI/CD in 2019, and almost half (45%) work at organizations that continuously deploy code.

  • Industry

    1. 46% Computer Hardware / Services / Software / SaaS
    2. 8% Business Services / Consulting
    3. 7% Education
    4. 6% Other
    5. 5% Banking / Financial Services
    6. 5% Media & Entertainment
    7. 4% Telecommunications
    8. 3% Healthcare

    Unsurprisingly, the majority of survey respondents work in Computer Hardware / Services / Software / SaaS.

  • DevOps = better visibility: Developers, operations team members, and security professionals are 89% more likely to have good insight into what their colleagues are working on when their DevOps model has been in place long term.

  • GitLab is all-remote organization, and we’re interested in learning how remote work influences workflow and collaboration.
  • Remote work makes things easier: All-remote teams are 1.6x more likely to quantify and document their work than in-office teams.

Read more
Development planet rings Planet bars Development planet

Development

Mission Acceleration

  • To help their organizations stay competitive in a rapidly changing market, development teams need to accelerate delivery. The primary focus in 2019 is to identify the biggest roadblocks to innovation.

  • Developers are 1.4x more likely to feel innovative if they have a mature rather than a poor DevOps maturity model.

  • How do developers feel about their DevOps practices?

    1. 33% fair
    2. 28% good
    3. 17% poor

    Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

  • Remote can bring you closer: Developers are 23% more likely to have good insight into what colleagues are working on when they have mostly remote teams.

  • Code deployment frequency

    1. 43% Continuous deployment (on demand, multiple deploys per day)
    2. 41% Between once per day and once per month
    3. 13% Between once per month and once every 6 months
    4. 3% Don’t know

    Continuous delivery – a cornerstone of DevOps – is an area developers see as critical.

  • CD = better insight: Organizations that continuously deploy have Project/Product Managers that are 25% more likely to have a good sense of developer capacity during the planning stages, compared with organizations that deploy between once per month and once every 6 months.

  • Most used CI and build tools

    1. 61% GitLab
    2. 36% Jenkins
    3. 12% Travis CI
    4. 10% Don’t use CI or build tools

    We’re excited, but it’s important to note that 60% of survey respondents are GitLab users.

  • DevOps makes a difference: A full 88% of developers who work at organizations with “immature” DevOps don’t feel that their development processes are designed to help them succeed.

Read more
Security planet ripple Security planet ripple Security planet Security planet stars

Security

Mission Readiness

  • When it comes to security, everyone is ready for more. But because security is a complicated and multi-layer endeavor, involving an entire organization, solutions are often complex and piecemeal and, as such, they can be elusive.

  • They know it’s important, but 55% of security professionals who stated that security vulnerabilities are a performance metric for developers also said it was difficult to get development teams to prioritize remediation of vulnerabilities.

  • How do security professionals rank their security practices?

    1. 36% fair
    2. 24% poor
    3. 20% good

    Respondents were asked to rate their organization’s security processes based on organization, repeatability, and scalability.

  • If the DevOps practice is mature, teams are 3x more likely to discover most security vulnerabilities before code is merged and in a test environment.

  • How do you automate application security testing within your software development pipeline?

    1. 34% Security testing results are included in the pipeline report used by developers
    2. 33% CI/CD automatically kicks off SAST scan
    3. 27% Developers use spell-check-like function for lite scan as they code
    4. 25% Don’t know
    5. 20% CI/CD automatically kicks off DAST and/or IAST scan

    Automation is critical to successful application security testing.

  • Poor DevOps adoption is a problem: Security professionals are 2.6x more likely to encounter red tape that slows efforts to quickly fix vulnerabilities at organizations struggling to implement DevOps.

  • Application security methods

    1. 56% Dependency scanning
    2. 42% Cloud security
    3. 41% Container security
    4. 35% SAST
    5. 29% License compliance
    6. 22% DAST

    Survey respondents use a variety of application security methods to identify problems.

  • Mostly remote teams are 1.6x more likely to have more mature security practices than mostly in-office teams.

Read more
Operations satellite circle
Operations satellite body
Operations satellite circle
Operations satellite body
Operations planet Planet bars

Operations

Mission Clarity

  • For operations teams, having more defined processes and workflows helps keep releases on track. The primary focus for ops teams in 2019 is to bring transparency to processes.

  • Teams with a well-developed DevOps model are 58% more likely to have good insight into what colleagues on other teams are working on.

  • Top development methodologies

    1. 70% DevOps
    2. 61% Scrum
    3. 43% Kanban
    4. 18% Other Agile (e.g. Extreme Programming)

    Survey respondents <3 DevOps, but we know these findings are a bit aspirational compared to the industry.

  • All-remote teams are 1.6x more likely to quantify and document their work than in-office teams.

  • How do operations professionals rank their DevOps practices?

    1. 33% fair
    2. 34% good
    3. 16% poor

    Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

  • A very poor DevOps implementation leaves organizations 2.5x more likely to encounter the most delays during the Planning stage.

  • Top tools for monitoring

    1. 42% Grafana
    2. 30% Nagios
    3. 30% Kibana
    4. 29% Prometheus

    It takes a variety of solutions to manage operations, and teams must select the right tools.

  • All-remote operations professionals are 2.6x more likely to be given sufficient notice to support developers compared to their in-office peers.

Read more

Launch your mission

Embark on a journey to enhance the way your team delivers software and hone your competitive edge.

2019 Global Developer Survey raw data