Software program builders and operations groups proceed to undertake DevOps and different agile methodologies in addition to automation and low-code providers, however they nonetheless battle with safety, the fallout of the COVID-19 pandemic, and a scarcity of expert safety employees, in response to a newly revealed annual survey from GitLab.
DevSecOps ends in higher code high quality, greater developer productiveness, and improved operational effectivity, in response to the survey of greater than 5,000 software program builders, operations specialists, and utility safety professionals. Safety nonetheless is an issue, nonetheless. Whereas greater than half (57%) of these surveyed thought of safety to be a efficiency metric, almost the identical quantity mentioned it was “troublesome to get devs to truly prioritize fixing code vulnerabilities.”
The survey carried out by the toolchain supplier underscores that every one individuals within the improvement and deployment course of nonetheless want to enhance the communications and relationships between teams, says Johnathan Hunt, vice chairman of data safety and cybersecurity at GitLab.
“Getting builders and safety professionals to work higher collectively requires a culture-first strategy to software program improvement via the creation of a DevOps tradition,” Hunt says. “A DevOps platform lends itself nicely to this strategy by granting organizations seamless collaboration throughout DevSecOps groups, shared possession of safety and compliance, and strategic makes use of of applied sciences similar to automation and AI/ML.”
Combine and Match
The survey discovered that no single dominant strategy to software program improvement exists, and most groups use a mixture of approaches. Whereas a majority of improvement groups (47%) used DevOps and DevSecOps, different agile approaches accounted for important shares as nicely: 34% of groups used Scrum, 24% used Kanban, and 29% used Lean methodologies. Groups even expanded their use of Waterfall improvement, with greater than 1 / 4 (26%) adopting that strategy.
“DevOps groups will not be limiting themselves to any a method of working,” Hunt says. “They’re versatile and prepared to regulate their approaches to fulfill numerous enterprise and undertaking wants.”
The rise in agile approaches to software program improvement and deployment has resulted in quicker deployment of software program. Seven in 10 survey respondents mentioned their groups deploy not less than as soon as each few days or extra steadily, a soar of 11 factors from 2021. Integrating automated testing, deployment, and safety controls into the event pipeline is a key consider dashing utility deployment, with almost half (47%) of groups asserting that their testing is totally automated at present, up from 25% in 2021.
The adoption of low-code and no-code APIs for improvement has additionally made groups extra environment friendly. Two-thirds (66%) of survey takers are utilizing not less than one low-code or no-code software of their DevOps apply, a major enhance from the 25% of these surveyed in 2021.
But the increasing variety of choices for improvement, deployment, and securing of software program has resulted in additional confusion, main DevOps groups to look to simplify their pipeline and toolsets, GitLab’s examine discovered. Whereas 44% of DevOps groups use two to 5 instruments to handle the software program improvement course of, 41% use between six and 10 instruments.
“That is loads of instruments, and 69% of survey takers informed us they’d prefer to consolidate their toolchains,” GitLab said within the survey report.
AI and Machine Studying ‘On the Rise’
Synthetic intelligence and machine-learning applied sciences have seen blended adoption amongst builders and application-security specialists. Whereas AI/ML is on the backside of the checklist of priorities for builders’ future careers, a majority of safety professionals (54%) mentioned AI/ML will assist them most of their future careers. AI/ML notably fits the safety area. For instance, AI/ML techniques will be educated to detect and reply to threats, generate alerts, and set off rule units.
“However AI/ML is much from falling off of builders’ radars. The truth is, its use is on the rise,” Hunt says, including: “That is particularly useful in the case of detecting and defending towards assaults and malicious actors, since safety professionals can’t watch each packet and connection that transverses a community.”
Safety continues to take a bigger position within the software program improvement pipeline, with 57% of firms shifting safety duty “left” and making builders extra chargeable for the vulnerabilities of their code. But there may be nonetheless a methods to go, with a major variety of builders blaming safety for delays and the division of duty for software program safety very a lot in flux.
“Whereas dev and ops are taking over a bigger share of safety possession, it isn’t so easy on the sec crew,” GitLab said within the report. “In 2020 and 2021, the share of safety professionals who mentioned they had been totally chargeable for safety was roughly the identical as those that mentioned everybody was accountable.”
