Written by Ryan Daws for Developer-Tech.com
70% of security professionals report their teams have moved security considerations to earlier in development. This has increased slightly from 65% last year, showing a due shift in prioritisation.
GitLab’s fifth annual DevSecOps survey reveals that last year was pivotal for the maturation of DevOps.
The only silver lining from the disaster of a year that was 2020 is that it helped to highlight inefficiencies with legacy processes and technologies. As the world looks to “build back better” from the pandemic, the work of DevOps teams should provide some inspiration.
“This year’s Global DevSecOps Survey shows that 2020 was a catalyst for DevOps maturation.
Teams worldwide worked to streamline development cycles and deliver faster release time than ever before, all while adjusting to remote work and shifting priorities to meet the high demands of last year.
We believe we will see improvements in testing as more teams adopt tools to automate the parts of DevSecOps that have continuously caused cycles to slow down.”Eric Johnson, CTO at GitLab
GitLab believes the pandemic-enforced broad adoption of remote work – something which is expected to remain past a broad return to normality – energised teams to embrace “cutting edge DevOps technologies such as Kubernetes, machine learning/artificial intelligence (ML/AI) and cloud computing.”
75 percent of the 4,300 global respondents say their DevOps teams are either using or planning to use ML/AI for testing and code review. This has increased by an incredible 41% over last year’s survey.
Just over half (55%) of operations teams now report their life cycles are completely or mostly automated—a sharp contrast to 2020 when just eight percent reported as such.
The regulatory environment
An increasingly strict regulatory environment around the use of automation technologies has operations teams reporting they’re spending more time on compliance than ever. The California Privacy Rights Act (CPRA) is an example of one such regulation introduced over the past year. The EU also recently published its plans to fine companies up to six percent of turnover or €30 million (whichever is higher) for breaching its AI rules.
84% of developers claim to be releasing code faster than ever before thanks to the addition of tools like source code management and Continuous Integration and Continuous Delivery (CI/CD). 57%t say their releasing code twice as fast – up from 35% last year – while 19 percent even claim to be releasing code 10 times as fast.
Rapidly churning out code can lead to security issues. 42% report that security testing is happening too late in the process. 37 percent report difficulties in tracking the status of bug fixes and 33% are finding prioritising remediation challenging.
Seventy percent of security professionals report their teams have moved security considerations to earlier in development. This has increased slightly from 65% last year, showing a due shift in prioritisation.
Johnathan Hunt, VP of Security at GitLab, commented:
“While the industry has continued integrating security into development, and organisations are beginning to improve security overall, our research shows that a more clear delineation of responsibilities and adoption of new tools is required to completely shift security left.
In the future, we hope to see security teams find more ways to lay out clear expectations for the other members of their organisation, and continue to adopt innovative technologies for scanning and code reviews to improve speed and quality of development cycles.”
In last year’s survey, just 59% of security professionals reported their organisation’s security efforts as “good” or “strong”. This year, that has increased to 72% which shows how far DevSecOps has come over the past 12 months.
You can find a full copy of GitLab’s report here.