Wm web text white

Mapping the

DevSecOps

Landscape

2020
Survey Results

This year, over 3,650 respondents from 21 countries spoke about their DevOps successes, challenges, and ongoing struggles.

Three facts stood out: DevOps speeds up release times and improves code quality, but it has also dramatically changed the roles and responsibilities of developers, operations pros, security team members, and testers.

Here's what you need to know.

Get the full report

Gitlab devsecops header bg
Gitlab devsecops section mega blob generic

59

59 %

of companies deploy multiple times a day, once a day, or once every few days.

That’s up from 45% last year. In other words, DevOps brings truly continuous deployment.

Devsecops survey iconography coming of age

Coming of age

Over 25% of companies are in the DevOps “sweet spot” of three to five years of practice. And another 37% are well on their way, with between one and three years under their belts.

Devsecops survey iconography code quality

Want better code quality?

It's DevOps FTW The majority of respondents said code quality was the biggest benefit of choosing DevOps.

Devsecops survey iconography work in progress

Still works in progress

The majority of respondents aren’t using Kubernetes and microservices yet, but they are investigating them.

Devsecops survey iconography testing is hard

Test is still hard

Today 47% of companies say testing is the number one reason for delays. That’s down slightly from last year’s survey.

Devsecops survey iconography job satisfaction

Job satisfaction

66% of respondents say their organization’s processes and tools allow them to succeed and innovate.

Pre-deployment tests have provided more confidence that the product is ready to be released; also delivery frequency has increased.
2020 survey participant
Gitlab devsecops bgblob development

Development

Development today is more than just writing code. Devs report they’ve taken on traditional operations roles like creating and maintaining infrastructures.

Gitlab devsecops section mega blob development

82

82 %

of developers report they’re releasing code more quickly.

Most report two to five times increases although one developer said his team was “light years ahead.”

Devsecops survey iconography investing in the future

Investing in the future

Last year, respondents told us they wanted to invest in their DevOps processes. And they did. The top three areas for investment this year: CI, SCM, and test automation.

Devsecops survey iconography more testing stat

More testing STAT

Devs are nearly unanimous in the need for their organizations to do more testing. Apparently, you can’t have too much testing.

Devsecops survey iconography who owns security

Who owns security?

It depends on who you ask. But, more than 25% of developers feel solely responsible for security, indicating that shifting security left has begun in earnest.

Devsecops survey iconography code review

Code review

Love it or hate it, they’re doing it, a lot. Most do code reviews weekly, but many said their organizations are moving to a daily cadence.

Devsecops survey iconography hands off automation

Hands off

Thanks to DevOps automation improvements, developers are happy to report they no longer have to deal with annoying “manual” tasks like testing and deployments.

What changes have you made to your software development process?

  1. 21% Continuous integration
  2. 15% Source code management
  3. 15% Automated testing
  4. 15% Continuous delivery

Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

What traditional “ops” roles are devs taking on?

  1. 35% Continuous integration
  2. 18% Source code management
  3. 14% Automated testing
  4. 12% Continuous delivery

Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

We reduced our CI build queue time by 75%, which allowed developers to have test results faster and allows QA to have build artifacts to test faster.
2020 survey participant
Gitlab devsecops bgblob security

Security

No longer outsiders looking in, security team members say they’re now part of cross-functional teams working more closely with developers than ever before.

Gitlab devsecops section mega blob security

13

13 %

of companies give developers access to the results of dynamic application security tests.

If you want to enable developers to find and fix vulnerabilities, you have to give them the scan results in their pipelines or native workflows.

Devsecops survey iconography org shift left

You call that a shift left?

Sec pros report that their orgs are shifting security left, but they really aren’t doing the scans to support that claim.

Devsecops survey iconography bug friends

Why can’t we be friends?

Just like in last year’s survey, security pros think devs don’t find enough of the bugs at the earliest stages and are slow to prioritize fixing them.

Devsecops survey iconography clound native

Cutting edge is left out

Most sec teams don’t have security processes in place for microservices/containers/APIs/cloud native or serverless.

Devsecops survey iconography who owns it

Who owns it?

Almost 33% of security respondents said they were responsible for security. But nearly as many, 29%, said everyone was responsible for security. Clarity is needed.

Devsecops survey iconography testing traction

Testing traction

Over 42% said testing happens too late in the lifecycle, 36% reported it was hard to understand, process, and fix any discovered vulnerabilities, and 31% found prioritizing vulnerability remediation an uphill battle.

In your experience how is the security role changing?

  1. 28% I am increasingly part of a cross-functional team focused on security
  2. 27% I am more involved in the day to day/more hands on
  3. 23% I am more compliance-focused
  4. 19% My role is not changing

Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

In your organization, which group is primarily responsible for security?

  1. 33% Security
  2. 29% Everybody
  3. 21% Developers
  4. 12% Operations

We’re excited, but it’s important to note that 60% of survey respondents are GitLab users.

(Security) is becoming less focused into silo positions and more of a Jack of all trades role.
2020 survey participant
Gitlab devsecops bgblob operations

Operations

Perhaps nowhere more than in operations can the sweeping changes wrought by DevOps be seen. Ops is the place where process changes, tech changes, and cultural changes all seem to collide.

Gitlab devsecops section mega blob operations

52

52 %

of operations team members say their first priority today is managing cloud services.

Devsecops survey iconography changing roles

Changing roles

Over 60% report new and different responsibilities because of DevOps.

Devsecops survey iconography automation on the move

Automation is on the move

Almost 40% of operations team members said their development lifecycle is “mostly” automated.

Devsecops survey iconography blending dev

Blending in with dev

Almost 70% of ops pros report that devs can provision their own environments, a sure sign of shifting responsibilities brought on by new processes and changing technologies.

Devsecops survey iconography staying secure

Staying secure

Over 21% of ops pros say they feel solely responsible for security in their organizations.

How automated is your development lifecycle?

  1. 38% Mostly
  2. 35% Partially
  3. 16% Just beginning
  4. 3% No automation at all

Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

How many monitoring tools do you use?

  1. 65% Between two and five
  2. 18% One
  3. 12% None

We’re excited, but it’s important to note that 60% of survey respondents are GitLab users.

[Operations today] is 60% new project work and 40% operations/fire-fighting/developer support.
2020 survey participant
Gitlab devsecops bgblob test

Test

Testing is hard, and there’s never enough of it. But one bright spot: Almost 35% of testers surveyed said their organizations were more than halfway to full test automation.

Gitlab devsecops section mega blob test

47

47 %

of ops pros report that devs can provision their own environments.

This is a sure sign of shifting responsibilities brought on by new processes and changing technologies.

Devsecops survey iconography closer collabs

DevSecOps = closer collabs

About 33% of testers report closer (and presumably happier) collaboration with developers than ever before.

Devsecops survey iconography automation

Automation is happening, slowly

Just 12% claim to have full test automation.

Devsecops survey iconography org shift left

Some shift left

Almost 75% of testers say their orgs have shifted testing left (meaning closer to development).

Devsecops survey iconography qa dept

QA departments aren’t shrinking

Almost 60% said their teams are the same size they were last year, despite advances in automation.

Devsecops survey iconography bots

The bots have it

A small but intriguing percentage of test teams (16%) either use “bots” to review their code or have an AI/ML tool in place for testing.

Devsecops survey iconography securing security

Securing security

23% of testers think they’re solely responsible for security in their organizations.

How have your daily responsibilities changed because of DevOps?

  1. 30% I’m working more closely with developers
  2. 26% There is more test automation
  3. 16% I feel like I have a more visible seat at the table
  4. 11% Things haven’t changed

Respondents were asked to rate their organization’s DevOps processes based on organization, repeatability, and scalability.

Where is test located in your organization?

  1. 56% Embedded with developers
  2. 22% Are a separate organization
  3. 15% Are part of operations

We’re excited, but it’s important to note that 60% of survey respondents are GitLab users.

We do TDD. QA and dev act as a team. We have automated tests running parallel with developing code.
2020 survey participant

Explore the new DevOps landscape

Chart your course in a rapidly changing technological landscape to move your teams towards greater collaboration and velocity.

Gitlab devsecops footer separator blob
Footer logo

GitLab is committed to better DevOps

Your thoughts in this survey shape how we build products to help teams strengthen collaboration, iteration, and delivery.

Gitlab devsecops icon button decoration left Learn more about GitLab and DevOps Cta arrow Gitlab devsecops icon button decoration right