Teams with mature DevOps practices are 3 times more likely to spot vulnerabilities earlier
SAN FRANCISCO, July 15, 2019 - Today GitLab, the single application for the DevOps lifecycle, released the results of its third annual developer survey highlighting the clear benefits – and tricky challenges – of the DevOps methodology. DevOps done right can go a long way to improve security, enable continuous deployment and bring developers, security professionals and the operations team together. The survey of over 4,000 respondents found security teams part of a good DevOps practice are 3x more likely to discover bugs before code is merged and are 90% more likely to test between 91% and 100% of code than in an organization with early stage DevOps. And nearly half of all respondents practiced continuous deployment at least in some part of their organizations. But at the same time, only about a third of respondents actually rated their organizations’ DevOps efforts as “good.”
“This year’s Global Developer Survey expands beyond culture, workflow, and tools to include operations and security groups to provide a comprehensive assessment of the entire software development lifecycle,” said Sid Sijbrandij, CEO and cofounder of GitLab. “The big takeaway from this survey is that early adopters of strong DevOps models are experiencing greater security and finding it easier to innovate, but barriers still prevent developers and security teams from achieving true DevSecOps. Teams need a single solution that can provide visibility into both sides of the process for streamlined deployment.”
All software professionals recognize the need for security to be baked into the development lifecycle, but the survey showed long standing friction between security and development teams remain. While 69% of developers say they’re expected to write secure code, nearly half of security pros surveyed (49%) said they struggle to get developers to make remediation of vulnerabilities a priority. And 68% of security professionals feel fewer than half of developers are able to spot security vulnerabilities later in the lifecycle. Roughly half of security professionals said bugs were most often found by them after code is merged in a test environment.
"Our research tells us that while most developers are aware of the dangers that vulnerabilities present and want to dramatically improve their security capabilities, they often still lack organizational support for prioritizing secure code creation, increasing secure coding skills, and implementing automated scanning and testing tooling to make that happen sooner rather than later." — Colin Fletcher, Manager, Market Research and Customer Insights at GitLab
GitLab also found that overall DevOps adoption is on the rise, and teams that have successfully implemented a mature DevOps model are seeing major improvements in their workflow. For example, developers who work at organizations with “immature” DevOps models feel their processes inhibit them, while those who work with “mature” models are:
On the other hand, a very poor DevOps implementation leaves organizations:
Continuous delivery – a cornerstone of DevOps – is an area developers see as critical. Of those surveyed, 43% said their organizations continuously deploy (meaning on-demand deployment and/or multiple deployments a day) and 41% said deployments happen between once a day and once a month.
Almost two-thirds of respondents want to invest in infrastructure in 2019 to support continuous integration, deployment, and delivery.
Remote work practices often leads to greater collaboration, better documentation and transparency and ultimately more mature security practices, compared to in-office teams. In fact, developers in a mostly remote environment are 23% more likely to have good insight into what colleagues are working on and rate the maturity of their organization’s security practices 29% higher than those who work in a traditional office setting.
The survey suggests that distributed teams are also more likely to quantify and document their work than in-office teams, and operations professionals are more than 2.5 times more likely to be given sufficient notice to support developers compared to their in-office peers.
While strides toward implementing DevOps have been made, there is more work to be done when it comes to streamlining collaboration between security, developer and operations teams.
View the complete 2019 Global Developer Report: DevSecOps and blog post to learn what software professionals view as the greatest challenges and advantages to recommendations on how teams can harmoniously deliver software and value to their organizations and customers.
GitLab surveyed 4,071 software professionals from January 23, 2019 to February 27, 2019. The margin of error is 2% (assuming 23 million software professionals and 95 percent confidence level).
GitLab is a single application built from the ground up for all stages of the DevOps lifecycle for Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab provides teams a single data store, one user interface, and one permission model across the DevOps lifecycle, allowing teams to collaborate and work on a project from a single conversation, significantly reducing cycle time and focus exclusively on building great software quickly. Built on open source, GitLab leverages the community contributions of thousands of developers and millions of users to continuously deliver new DevOps innovations. More than 100,000 organizations from startups to global enterprise organizations, including Ticketmaster, Jaguar Land Rover, NASDAQ, Dish Network, and Comcast trust GitLab to deliver great software at new speeds.