DevOps teams have begun to make more intensive use of advanced technology to improve DevSecOps deployment and achieve faster software releases and more powerful automation.
This is according to research from GitLab, conducted between January and March 2021 among nearly 4,300 respondents, 20 percent of whom were active in businesses within the EU and Russia. GitLab is a provider of an application that supports the full DevOps cycle.
Release pace is higher than ever
Of the respondents, 84 percent said the release rate of their software is higher than ever. According to GitLab, this is due to the increasing integration of Continuous Integration & Continuous Delivery (CI/CD) practices. More than half of respondents say they are releasing twice as fast, up from 35 percent a year earlier. It can be even faster, however, as 19 percent say they release ten times faster.
Automation is an important reason DevOps teams can release their products faster. For example, three-quarters of respondents said they plan to use artificial intelligence or machine learning to test or evaluate their code or are already doing so. That is a significant increase from 2020, when 41 percent said the same.
More than half of those surveyed say they have largely or even completely automated their lifecycles. That is a huge increase from 2020, when it was only 8 percent. With these lifecycles automated, teams have more time left for other priorities. Managing cloud services is seen as the top priority by more than half of respondents.
Security testing lags behind
The main area where teams are still lagging behind is security testing. Over 40 percent feel this happens too late in the process and a similar percentage struggles with identifying and fixing vulnerabilities. Keeping track of the status of bug fixes is a problem for 37 percent and 33 percent have difficulty prioritising bug fixes.
Nevertheless, progress has been made in the area of DevSecOps. Of all the security professionals surveyed, 72 percent now rate their company’s security activities as “good” or “strong”. This percentage was still 59 percent in 2020. 70 percent of security professionals say their teams are addressing security earlier in the development process. One reason for this is that more developers are performing static and dynamic security tests on applications.
Responsibility remains a pain point
A persistent problem appears to be determining who is responsible for security within a company. There appears to be disagreement among the respondents: 39 percent of the security professionals say they are fully responsible for security, but 28 percent say that everyone is responsible for security. This is little different from the previous year.
“While the industry has continued integrating security into development, and organizations are beginning to improve security overall, our research shows that a more clear delineation of responsibilities and adoption of new tools is required to completely shift security left,” said Johnathan Hunt, vice president of security at GitLab. “In the future, we hope to see security teams find more ways to lay out clear expectations for the other members of their organization, and continue to adopt innovative technologies for scanning and code reviews to improve speed and quality of development cycles.”