2019 Global Developer Report: DevSecOps
Created to encourage conversation and collaboration, the Global Developer Report: DevSecOps dissects the cross-functional relationships of DevOps teams and offers insights into successful practices, problem areas, and potential solutions.
This year, over 4,000 respondents – across various industries, roles, and geographic locations – candidly shared their experiences, helping us uncover what software professionals require in order to innovate rapidly.
By uncovering best practices and unmet needs, the Global Developer Report: DevSecOps is one small step for software professionals to share their thoughts and one giant leap for IT leaders to remove roadblocks to help teams thrive and offer the strongest contributions to software development.Download the full report
The overall mission objective for all software professionals today is improvement. When faced with the speed of innovation, teams must improve the way they deliver value to both their organizations and customers.
Security remains a work in progress: 69% of all respondents say that developers are expected to write secure code, yet 68% of security professionals feel that less than half of developers are able to spot security vulnerabilities (as opposed to security teams later in the process).
- 50% Software Developer / Software Engineer
- 11% Development/Engineering Leadership
- 7% DevOps Engineer
- 7% Technology Executive - CIO / CTO
- 6% Software Architect
- 4% Other
- 3% DevOps Leadership
- 3% Systems Administrator
- 2% Product Manager
- 1% Systems Engineer / Network Engineer
- 1% Engineering Project Manager
Nearly two-thirds (62%) plan to invest heavily in CI/CD in 2019, and almost half (45%) work at organizations that continuously deploy code.
- 46% Computer Hardware / Services / Software / SaaS
- 8% Business Services / Consulting
- 7% Education
- 6% Other
- 5% Banking / Financial Services
- 5% Media & Entertainment
- 4% Telecommunications
- 3% Healthcare
DevOps = better visibility: Developers, operations team members, and security professionals are 89% more likely to have good insight into what their colleagues are working on when their DevOps model has been in place long term.
Remote work makes things easier: All-remote teams are 1.6x more likely to quantify and document their work than in-office teams.
To help their organizations stay competitive in a rapidly changing market, development teams need to accelerate delivery. The primary focus in 2019 is to identify the biggest roadblocks to innovation.
Developers are 1.4x more likely to feel innovative if they have a mature rather than a poor DevOps maturity model.
How do developers feel about their DevOps practices?
- 33% fair
- 28% good
- 17% poor
Remote can bring you closer: Developers are 23% more likely to have good insight into what colleagues are working on when they have mostly remote teams.
Code deployment frequency
- 43% Continuous deployment (on demand, multiple deploys per day)
- 41% Between once per day and once per month
- 13% Between once per month and once every 6 months
- 3% Don’t know
CD = better insight: Organizations that continuously deploy have Project/Product Managers that are 25% more likely to have a good sense of developer capacity during the planning stages, compared with organizations that deploy between once per month and once every 6 months.
Most used CI and build tools
- 61% GitLab
- 36% Jenkins
- 12% Travis CI
- 10% Don’t use CI or build tools
DevOps makes a difference: A full 88% of developers who work at organizations with “immature” DevOps don’t feel that their development processes are designed to help them succeed.
When it comes to security, everyone is ready for more. But because security is a complicated and multi-layer endeavor, involving an entire organization, solutions are often complex and piecemeal and, as such, they can be elusive.
They know it’s important, but 55% of security professionals who stated that security vulnerabilities are a performance metric for developers also said it was difficult to get development teams to prioritize remediation of vulnerabilities.
How do security professionals rank their security practices?
- 36% fair
- 24% poor
- 20% good
If the DevOps practice is mature, teams are 3x more likely to discover most security vulnerabilities before code is merged and in a test environment.
How do you automate application security testing within your software development pipeline?
- 34% Security testing results are included in the pipeline report used by developers
- 33% CI/CD automatically kicks off SAST scan
- 27% Developers use spell-check-like function for lite scan as they code
- 25% Don’t know
- 20% CI/CD automatically kicks off DAST and/or IAST scan
Poor DevOps adoption is a problem: Security professionals are 2.6x more likely to encounter red tape that slows efforts to quickly fix vulnerabilities at organizations struggling to implement DevOps.
Application security methods
- 56% Dependency scanning
- 42% Cloud security
- 41% Container security
- 35% SAST
- 29% License compliance
- 22% DAST
Mostly remote teams are 1.6x more likely to have more mature security practices than mostly in-office teams.
For operations teams, having more defined processes and workflows helps keep releases on track. The primary focus for ops teams in 2019 is to bring transparency to processes.
Teams with a well-developed DevOps model are 58% more likely to have good insight into what colleagues on other teams are working on.
Top development methodologies
- 70% DevOps
- 61% Scrum
- 43% Kanban
- 18% Other Agile (e.g. Extreme Programming)
All-remote teams are 1.6x more likely to quantify and document their work than in-office teams.
How do operations professionals rank their DevOps practices?
- 33% fair
- 34% good
- 16% poor
A very poor DevOps implementation leaves organizations 2.5x more likely to encounter the most delays during the Planning stage.
Top tools for monitoring
- 42% Grafana
- 30% Nagios
- 30% Kibana
- 29% Prometheus
All-remote operations professionals are 2.6x more likely to be given sufficient notice to support developers compared to their in-office peers.