2022 DevSecOps Predictions - Part 1
January 19, 2022

As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2022.


The DevSecOps practice will continue to increase in 2022 as more and more organizations are understanding both the efficiencies and improved security of this strategy. DevSecOps is a proven strategy within the DevOps Platform that reduces risk and security incidents while allowing faster and more secure code deployments — and organizations know this to be true. In 2022, DevSecOps will be the preferred strategy across all industries to combat today's evolving threat landscape. Although we are seeing an increase in the implementation of certain security protocols, overall, the industry has been slow to respond. Much of this is due to the understanding, complexity, and difficulty in implementation of full DevSecOps within the tech stack. We will see a big jump in the adoption of DevSecOps in 2022 as more and more companies need to shore up their defenses against outside attacks.
Johnathan Hunt
VP of Securityt, GitLab

In 2022 we'll continue to see the push towards integration of DevSecOps with product and enterprise application development. This will be driven by developers who recognize critical security issues, and in order to address those issues they'll need to have the right tools. Regardless of an organization's DevSecOps posture, security tools will also be needed to flag vulnerabilities with prescriptive steps to solve them.
Asaf Karas
CTO Security, JFrog


Security will continue to shift into being a standard facet of delivery as we move into 2022. This will enable rapid and contextual feedback to be instantly acted upon by our DevOps teams. Monitor at runtime and feedback or even pull request infrastructure-as-code changes back in the version control system. Enabling DevOps engineers to evolve to DevSecOps engineers is a journey and 2022 will continue to see this movement evolve.
Ryan Sheldrake
Field CTO, Lacework and DevOps Institute Ambassador

Most companies have IT security as a top concern as they now have a larger digital footprint and are holding more data than ever, and given the strong fines around GDPR they are forced to take keeping their customers' data safe seriously. These companies are under a tremendous amount of pressure and tend to lean on concepts they know and trust like InfoSec and CyberSecurity meaning the term DevSecOps hasn't really caught on (certainly not as much as DevOps) despite its principles being very relevant. Dev teams will use more and more security tools that can be embedded in the development process early, especially ones that meet the audit and controls requirements to meet certifications like ISO27001. Dev teams are busy so will pick tools that can be easily integrated by developers and have SaaS hosting options.
Craig Cook
Principal Engineer, Catapult CX

The pandemic pushed us further into the cloud, which has made us more reliant on microservices and containers. However, the rapid proliferation of microservices has outpaced the cyber security capabilities of most organizations. In an effort to improve cloud native cyber security practices, organizations will begin to embed security from the very beginning of the development process, ensuring microservices remain secure wherever they are deployed. As organizations become more agile, putting forth a DevSecOps approach from the start ensures microservices are adequately secured.
Tobi Knaup
Co-Founder and CEO, D2iQ


We've seen a rapid increase in adoption as companies focus more on shifting security left (having largely solved the automated testing problem). The future direction for DevSecOps will tie the build-phase scanning that we see in DevOps today with Security Operations work that happens in the operational phase. DevSecOps and SecOps will become one larger discipline.
Anand Ahire
Senior Director, Product Management, DevOps, ServiceNow


Shift-left practices will continue to grow, however this will come as a detriment to organizations that must secure their APIs if architectural mindsets do not change. The shift-left mindset was born out of a desire to ensure that stronger security practices like thorough security testing are implemented earlier on in an application's lifecycle. However, it has become much too tempting to over rotate, leaving security gaps as a result. While shift-left approaches aim to identify code quality and security issues prior to production delivery, API security needs additional consideration. For example, securing APIs in production requires protections beyond application or API code, which is often beyond the scope of development teams. Many API flaws and abusable business logic only manifest in runtime, and these issues can't be tested for effectively prior to delivery on infrastructure. Effective API security requires tooling for continuous testing and remediation. Any tooling also needs to be easily and automatically integrated into security and nonsecurity workflows, of which CI/CD build pipeline integrations are just one aspect. In 2022, more organizations will realize that the only way to truly secure APIs from increasingly complex and advanced cyber attacks is to embrace holistic processes and a full life cycle focus. This mindset requires a shift away from the desire to test all code with scanning tools that already struggle to provide adequate code coverage and leave business logic unaddressed. The mindset shift requires that practitioners account for an organization's unique business logic in application source code as well as misconfigurations or mis-implementations of infrastructure that lead to API vulnerabilities and API abuse.
Michael Isbitski
Technical Evangelist, Salt Security


As security concerns such as encryption and complying with data transfer and storage regulations continue to "shift left," they become developer and operator concerns. As a result, the specific practice of operationalizing security will become irrelevant. In 2022, DevSecOps will go away.
Tobias Kunze
CEO and Co-Founder, Glasnostic


By 2022, 90% of software development projects will claim to follow DevSecOps practices. Mainstream adoption of DevSecOps has set the stage for a more proactive method for assuring the effectiveness of an organization's security strategy against sophisticated cyberattacks, but now it's time to move to the next stage: SecValOps. Security teams will look beyond implementing security practices within every IT operation to testing and validating its efficacy. Think of SecValOps as a continuous stress test intended to help businesses increase their security readiness. Secure left and validate right.
Maor Franco
Senior Director of Product Strategy, Pentera

Go to: 2022 DevSecOps Predictions - Part 2

Share this

Industry News

September 21, 2023

Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.

September 21, 2023

Harness announced the availability of Gitness™, a freely available, fully open source Git platform that brings a new era of collaboration, speed, security, and intelligence to software development.

September 20, 2023

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

September 20, 2023

Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.

September 20, 2023

DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.

September 19, 2023

Oracle announced the availability of Java 21.

September 19, 2023

Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.

September 19, 2023

Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.

September 19, 2023

CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).

September 18, 2023

Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.

September 18, 2023

CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.

September 18, 2023

Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.

September 14, 2023

CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.