Singapore – GitLab Inc., the most comprehensive DevSecOps platform for software innovation, has released its 7th Annual Global DevSecOps Report: Security Without Sacrifices.
In March 2023, GitLab will survey more than 5,000 IT leaders, CISOs, and developers across industries including financial services, automotive, healthcare, telecommunications, and technology on their DevSecOps implementation successes, challenges, and key takeaways. I researched my priorities.
Security remains a key priority for organizations as the global threat landscape grows.
DevSecOps teams are increasingly recognizing security as a shared responsibility. Embedding or shifting security early in the software development lifecycle enables development, security, and operations teams to work together rather than in silos as they have in the past. .
- 71% of security professionals say more than a quarter of all security vulnerabilities are caught by developers, up from 53% of respondents in 2022.
- 38% of security professionals report being part of a security-focused cross-functional team, up from 29% in 2022.
- Eighty-five percent of security respondents report their budgets are the same or lower than they were in 2022, highlighting the urgent need to do more with less.
AI/ML works with DevSecOps platforms.
Artificial intelligence (AI) and machine learning (ML) have become critical components of DevSecOps workflows. Developers using DevSecOps platforms were more likely to implement automation and his AI/ML for testing than those who did not.
- 65% of developers say they use AI/ML in their testing work or plan to use it in the next three years.
- 62% of developers using AI/ML use it to check their code, up from 51% in 2022.
- 53% of developers using AI/ML say they use bots for testing, up from 39% in 2022.
Toolchain management is a continuing barrier to developer productivity.
Developers and security professionals continue to report that they spend significant amounts of time managing their toolchains, leaving less time for critical tasks such as meeting compliance regulations.
- 66% of survey respondents said they would like to consolidate their toolchains this year.
- Twenty-seven percent of security respondents report difficulty in achieving consistent monitoring across different tools.
- 26% of security respondents say it’s difficult to derive cohesive insights across all integrated tools.
The public sector reports that efficiency and complex development toolchains have plateaued.
Respondents working within government agencies around the world pointed to slow or stagnant software development, despite continued demand for improved digital experiences within the public sector. Encouragingly, more than half of respondents across government said they would evaluate or purchase his DevSecOps solution within one to three years.
- 74% of public sector respondents report deploying software at the same or slower rate than in 2022.
- 44% of public sector respondents reported using six or more tools for software development, with some using 15 or more.
“Organizations around the world are looking for ways to do more with less. I mean,” said David DeSanto, Chief Product Officer at GitLab. “GitLab research shows that DevSecOps tools and methodologies enable leaders to better secure and integrate disjointed and fragmented toolchains, reduce spending, while freeing development teams from mission-critical responsibilities and We can spend more time on innovative solutions.”
