Software program builders and operations groups proceed to undertake DevOps and different agile methodologies in addition to automation and low-code companies, however they nonetheless wrestle with safety, the fallout of the COVID-19 pandemic, and a scarcity of expert safety staff, in line with a newly revealed annual survey from GitLab.
DevSecOps ends in higher code high quality, increased developer productiveness, and improved operational effectivity, in line with the survey of greater than 5,000 software program builders, operations specialists, and utility safety professionals. Safety nonetheless is an issue, nonetheless. Whereas greater than half (57%) of these surveyed thought of safety to be a efficiency metric, practically the identical quantity stated it was “tough to get devs to really prioritize fixing code vulnerabilities.”
The survey performed by the toolchain supplier underscores that every one contributors within the improvement and deployment course of nonetheless want to enhance the communications and relationships between teams, says Johnathan Hunt, vp of knowledge safety and cybersecurity at GitLab.
“Getting builders and safety professionals to work higher collectively requires a culture-first method to software program improvement by way of the creation of a DevOps tradition,” Hunt says. “A DevOps platform lends itself effectively to this method by granting organizations seamless collaboration throughout DevSecOps groups, shared possession of safety and compliance, and strategic makes use of of applied sciences reminiscent of automation and AI/ML.”
Combine and Match
The survey discovered that no single dominant method to software program improvement exists, and most groups use a mixture of approaches. Whereas a majority of improvement groups (47%) used DevOps and DevSecOps, different agile approaches accounted for vital shares as effectively: 34% of groups used Scrum, 24% used Kanban, and 29% used Lean methodologies. Groups even expanded their use of Waterfall improvement, with greater than 1 / 4 (26%) adopting that method.
“DevOps groups usually are not limiting themselves to any a method of working,” Hunt says. “They’re versatile and keen to regulate their approaches to satisfy numerous enterprise and undertaking wants.”
The rise in agile approaches to software program improvement and deployment has resulted in quicker deployment of software program. Seven in 10 survey respondents stated their groups deploy not less than as soon as each few days or extra often, a leap of 11 factors from 2021. Integrating automated testing, deployment, and safety controls into the event pipeline is a key think about rushing utility deployment, with practically half (47%) of groups asserting that their testing is totally automated right now, up from 25% in 2021.
The adoption of low-code and no-code APIs for improvement has additionally made groups extra environment friendly. Two-thirds (66%) of survey takers are utilizing not less than one low-code or no-code instrument of their DevOps apply, a big enhance from the 25% of these surveyed in 2021.
But the increasing variety of choices for improvement, deployment, and securing of software program has resulted in additional confusion, main DevOps groups to look to simplify their pipeline and toolsets, GitLab’s research discovered. Whereas 44% of DevOps groups use two to 5 instruments to handle the software program improvement course of, 41% use between six and 10 instruments.
“That is numerous instruments, and 69% of survey takers instructed us they’d wish to consolidate their toolchains,” GitLab said within the survey report.
AI and Machine Studying ‘On the Rise’
Synthetic intelligence and machine-learning applied sciences have seen blended adoption amongst builders and application-security specialists. Whereas AI/ML is on the backside of the checklist of priorities for builders’ future careers, a majority of safety professionals (54%) stated AI/ML will assist them most of their future careers. AI/ML significantly fits the safety area. For instance, AI/ML programs may be skilled to detect and reply to threats, generate alerts, and set off rule units.
“However AI/ML is much from falling off of builders’ radars. In reality, its use is on the rise,” Hunt says, including: “That is particularly useful in the case of detecting and defending in opposition to assaults and malicious actors, since safety professionals can’t watch each packet and connection that transverses a community.”
Safety continues to take a bigger position within the software program improvement pipeline, with 57% of firms shifting safety accountability “left” and making builders extra answerable for the vulnerabilities of their code. But there’s nonetheless a methods to go, with a big variety of builders blaming safety for delays and the division of accountability for software program safety very a lot in flux.
“Whereas dev and ops are taking up a bigger share of safety possession, it is not so easy on the sec group,” GitLab said within the report. “In 2020 and 2021, the share of safety professionals who stated they had been totally answerable for safety was roughly the identical as those that stated everybody was accountable.”