GitLab just released its 7th annual Global DevSecOps Report. Unsurprisingly, security continues to be a key priority for organizations in the face of growing global threat.
Titled ‘Security Without Sacrifices’, the report surveyed over 5,000 IT leaders, CISOs, and developers across industries spanning technology, telecommunications, healthcare, automotive, and financial services. The participants shared their successes, challenges, and chief priorities for DevSecOps implementation.
Security continues to shift left to counter growing threat
DevSecOps teams are shifting left, incorporating security earlier in the software development lifecycle, so that security is treated as a shared responsibility. No longer working in silos, development, security and operations teams are collaborating more effectively compared to previous years.
- 71% of security professionals said that a quarter or more of all security vulnerabilities are being captured by developers, up from 53% of respondents in 2022.
- 38% of security professionals reported being part of a cross-functional team focused on security, up from 29% in 2022.
- 85% of security respondents report that they have the same or less budget than 2022, revealing an urgent need to do more with less.
AI/ML sees greater implementation in DevSecOps workflows
Artificial Intelligence (AI) and machine learning (ML) are now integral components of DevSecOps workflows. Developers were more likely to have implemented automation and AI/ML for testing if they used a DevSecOps platform than if they did not.
- 65% of developers said that they are using AI/ML in testing efforts or will be in the next three years.
- 62% of developers using AI/ML use it to check code, up from 51% in 2022.
- 53% of developers using AI/ML said they use bots for testing, up from 39% in 2022.
Toolchain management eats into developers’ time and productivity
Development and security teams reported spending significant time on toolchain management, which left them with less time to tackle critical tasks such as adherence to compliance regulations.
- 66% of survey respondents reported wanting to consolidate their toolchains this year.
- 27% of security respondents reported that it is difficult to have consistent monitoring across disparate tools.
- 26% of security respondents said it is difficult to draw cohesive insights across all integrated tools.
U.S. public sector reports stagnation and need for a consolidated toolchain
Survey respondents working in U.S. government entities reported slowed or plateaued software development, despite ongoing demands for less complex digital solutions. On a promising note, over half of the respondents were evaluating or planning to purchase a DevSecOps solution within the next three years.
- 75% of public sector respondents reported deploying software at the same rate or slower than they did in 2022.
- 44% of public sector respondents reported using 6 or more tools for software development, including some who use more than 15 tools.
- 59% of US government and aerospace/defense respondents want to consolidate their toolchain.
“Organizations globally are seeking out ways to do more with less. This means that efficiency and security cannot be mutually exclusive when identifying opportunities to remain competitive,” said David DeSanto, Chief Product Officer at GitLab. “GitLab’s research shows that DevSecOps tools and methodologies allow leadership to better secure and consolidate their disparate, fragmented toolchains and reduce spend, while also freeing up development teams to spend time on mission-critical responsibilities and innovative solutions.”
You can read the full report here.