GitLab has released the results of its annual DevSecOps survey. GitLab’s 2022 Global DevSecOps Survey highlights the continued prioritization of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption.
The survey consisted of 5,001 respondents, including developers, operations and security practitioners and organizational leaders. It found that, following two years of explosive technological adoption, nearly three-quarters of respondents have adopted–or plan to adopt within the year– a DevOps platform in order to meet rising industry expectations around security, compliance, toolchain consolidation, and faster software delivery.
“Rapid deployment and speed-to-market are some of the biggest differentiators in today’s business landscape. This often comes at the cost of security – a major concern across technology, business and government leaders – but it doesn’t have to,” said Johnathan Hunt, VP of Security at GitLab. “Streamlined toolchains and standardized, transparent processes help organizations keep security and compliance at the core of the software development lifecycle (SDLC), rather than an afterthought.”
The 2022 survey results highlight security as the highest-priority investment area for organizations, with more than half of security team members stating their organizations have either shifted security left or plan to this year. Toolchain consolidation is also a high-priority focus, with 69% of survey takers wanting to consolidate their toolchains due to challenges with monitoring, development delays, and negative impact on developer experience.
Security is both top challenge and top area of investment for DevOps teams
Security has surpassed even cloud computing as the number one investment area across DevOps teams at global organizations. However, despite an appetite to shift security left, many companies are still nascent in their approach and results – only 10% of respondents reported receiving additional budget for security.
Data continues to support the ongoing trend of misalignment between security and development teams. Over half of survey respondents stated that security is a performance metric for developers within their organizations, however, 50% of security professionals report that developers are failing to identify security issues – to the tune of 75% of vulnerabilities. In order to align performance metrics with reality, developers must be incentivized to practice security protocols and be provided with full visibility into the toolchain and potential risks.
When security collaboration is achieved, organizations produce great results. Development, security, and operations teams broadly noted better security as a key advantage to a DevOps platform. Survey data demonstrated that a commitment to security was a driving force for many decision-makers when choosing a DevOps platform or other tools. Additionally, investing in a single platform allows practitioners to take advantage of more features with fewer tools – and fewer a la carte expenses.
Plans to consolidate tech stacks skyrocket as toolchain tax continues to challenge developers
Although 60% of developers surveyed are releasing code faster than before, toolchain sprawl is impacting speed and productivity, taking valuable time away from developers. Nearly 40% of developers are spending between one-quarter and one-half of their time on maintaining or integrating complex toolchains – more than double the percentage from 2021.
Accordingly, 69% of those surveyed stated that they would like to consolidate their toolchains. Primary concerns surrounding toolchain management include challenges around consistently monitoring a myriad of tools, and difficulty context switching, as well as slowed development velocity, increased costs, and retention.
“The last year marked a significant turning point in the adoption of DevOps tools, platforms, and processes. In 2022, we’re seeing the fruits of those efforts,” said David DeSanto, VP of Product at GitLab. “Despite hurdles presented by the ongoing pandemic, including cultural shifts, all remote and hybrid team collaboration, and challenges surrounding hiring and retention, teams are releasing new applications faster than ever. We’ll see an ongoing focus on speed, security, and compliance as organizations continue to consolidate their DevOps toolchains and processes.”
However, the trend toward speedy software releases is mainly restricted to the private sector, as the survey found that the speed of software delivery within the public sector stalled from the previous year, with 59% of government respondents reporting the same rate of delivery or slower than 2021.
“It’s encouraging to see that half of American government respondents have adopted a DevSecOps platform, but there’s still a ways to go for the public sector to catch up with its private sector counterpart in terms of software release speed and innovation,” said Bob Stevens, VP of Public Sector at GitLab. “Government agencies must invest in tools that enable rapid software delivery to meet the needs of service members and citizens or risk stagnation and even attacks.”
Overall, the data shows that releases are faster than ever and developers point to investment in a DevOps platform as the reason why.
The rapid adoption of DevOps in 2021 drove rapid software delivery, better code quality, and improved developer productivity. Key challenges and opportunities for the upcoming year include tool consolidation, an increased focus on security and compliance, and a continued effort to align development and security teams.