GitLab Inc., a comprehensive DevSecOps Platform for software innovation, today releases its seventh annual Global DevSecOps Report: Security Without Sacrifices, which concludes that security remains a key priority for organizations amid the growing global threat landscape.
In March 2023, GitLab surveyed more than 5,000 IT leaders, CISOs, and developers in industries including financial services, automotive, health care, telecommunications, and technology on their successes, challenges, and main priorities for DevSecOps implementation.
DevSecOps teams more broadly are aware of security as a shared responsibility. Incorporating security earlier in the software development lifecycle, or shifting left, is enabling development, security, and operations teams to work collaboratively instead of working in silos, as seen in previous years.
- 71 percent of security professionals said that a quarter or more of all security vulnerabilities are being captured by developers, up from 53 percent of respondents in 2022.
- 38 percent of security professionals reported being part of a cross-functional team focused on security, up from 29 percent in 2022.
- 85 percent of security respondents report that they have the same or less budget than in 2022, highlighting an urgent need to do more with less.
Artificial Intelligence (AI) and machine learning (ML) have become critical components of DevSecOps workflows. Developers who use a DevSecOps platform were more likely to have implemented automation and AI/ML for testing than those who do not.
- 65 percent of developers said that they are using AI/ML in testing efforts or will be in the next three years.
- 62 percent of developers using AI/ML use it to check code, up from 51 percent in 2022.
- 53 percent of developers using AI/ML said they use bots for testing, up from 39 percent in 2022.
Developers and security professionals continue to report significant time spent on toolchain management, reducing the time available to dedicate to critical tasks such as adherence to compliance regulations.
- 66 percent of survey respondents reported wanting to consolidate their toolchains this year.
- 27 percent of security respondents reported that it is difficult to have consistent monitoring across disparate tools.
- 26 percent of security respondents said it is difficult to draw cohesive insights across all integrated tools.
Despite ongoing demands for improved digital experiences within the public sector, respondents working within U.S. government entities noted slowed or stagnant software development. Promisingly, more than half of government respondents said they are evaluating or purchasing a DevSecOps solution in one to three years.
- 75 percent of public sector respondents reported deploying software at the same rate or slower than they did in 2022.
- 44 percent of public sector respondents reported using 6 or more tools for software development, including some who use more than 15 tools.
- 59 percent of U.S. government and aerospace/defense respondents want to consolidate their toolchains.
For more information, and to access the full report, click here.