DevOps Grows Up: Faster Release Times, Better Security Ratings, and Increased Adoption of AI
June 09, 2021

Valerie Silverthorne
GitLab

In 2020, while a pandemic raged and teams everywhere learned how to work remotely, something rather unexpected happened to DevOps: it grew up.

Teams stopped talking about DevOps and simply started doing DevOps, bringing in "big guns" technologies, new ways of thinking, and making huge breakthroughs in everything from release times to automation, new technology adoption and code quality.


In short, GitLab's 2021 Global DevSecOps Survey revealed profound progress across the board:

■ 60% of developers are releasing code 2x faster than before, thanks to DevOps. – up 25% from (pre-pandemic) 2020.

■ 72% of security pros rated their organizations' security efforts as "good" or "strong." – up 13% over 2020.

■ 56% of ops teams members said they are "fully" or mostly automated. – up 10% from 2020.

■ Almost 25% of respondents claimed to have full test automation. – up 13% from 2020.

■ 75% of teams are either using AI/ML or bots for test/code review, or they're planning to. – up 41% from 2020.

■ In our 2020 survey dev, sec, and ops said they needed better communication and collaboration skills for their future careers. This year, after an intense period of enforced soft skills, their priorities have shifted dramatically to AI/ML (devs), subject matter expertise (sec), and advanced programming (ops).

A Snapshot of Today's DevOps

All told, 4300 people from around the world shared their stories of DevOps successes and failures, often in their own words. The picture that emerged was clearly a methodology hitting its stride. For starters, 43% have been doing DevOps for between 3 and more than 5 years, meaning they're very well seasoned.

What's in their DevOps tech stack?

CI/CD followed by DevSecOps, test automation and a DevOps platform. Interestingly, AI/ML use is up to 11.5%, a 7 point jump from the 2020 survey. Almost 70% said they use a DevOps platform, though we left it to them to define what that means, and they credit that with making their practice better, boosting collaboration, and making automation and visibility easier.

But for the third year in a row, testing remains the sore spot and is still the number one reason for release delays. That could change in the near future though: 41% of survey takers use AI/ML to check code or use a bot for testing, up from 16% last year.

Devs on DevOps

Responses from developers clearly underscored how seriously teams are taking DevOps. Devs didn't make incremental changes; instead they brought in game changing technologies including source code management, CI/CD, a DevOps platform and automated testing. As we saw in the 2020 survey, devs continued to report their roles are changing, taking on responsibilities like provisioning and monitoring that used to be the province of operations. And 39% say they're completely responsible for security, clear signs of a "shift left."

But the tech and role changes were just part of what went on in 2020. It's clear dev teams spent thoughtful time on how to improve their DevOps practices. In their own words:

"Our team adopted microservices on a new project and then fully embraced continuous delivery. To get to continuous delivery, we need to assure quality, so we have automated tests built-in. Investing in these areas allowed our team to deploy 2000 times to production over a year, where in the past we would deploy maybe 6 times."

"We are releasing code globally instead of into specific locations with automated deployments. Principally, cutting commit-to-live time (by removing batching) encouraged smaller changes incurring less overhead (due to removing a coping strategy of increasing scope)."

"We divide and conquer: splitting the code into more modules has helped decrease debug time, improved stability, and allow a mix and match approach."

"We evaluated the team and did value stream mapping and finalized the desired state. In most of the cases we found the team needs an automated pipeline for faster delivery and immediate feedback so that they can act fast rather than later . We also moved security left so that developers can fix security issues fast. We also made sure developers are doing code review in a collaborative way through pull requests."

Security Successes

In the 2020 report, security was a standout, but not necessarily in a good way: not many scans were being run, dev and sec continued to point fingers and there was zero agreement over who "owned" security, or even how safe and secure teams were.

Apparently it took a pandemic for that to improve because this year, 72% of security pros rated their sec efforts as either "strong" or "good." Teams are running SAST, DAST, compliance and more scans than ever before, and even the friction between dev and sec has decreased dramatically. Sec pros still complain that devs don't find enough bugs early in the process while devs are still waiting for scan results to show up in their IDEs.

But the results this year feel more like DevSecOps than ever before.

The Changing Roles in Operations

The biggest takeaway from ops pros? Their roles continue to change, with a growing emphasis on managing the cloud (about 50% say that's most of their job today) or on managing infrastructure. In their own words:

"I'm a DevOps coach."

"Everything from provisioning servers to managing people. Most of the stuff in between is building automation platforms to do the day-to-day work."

"I'm a platform engineer."

"I plan the company roadmap for software development, manage the entire developer team, and come up with R&D efforts."

"I'm a Jack of all trades ... a lil bit of everything I can get myself into."

"DevOps, SRE monitor and make sure the platform works."

"Maintain the tools of the DevOps toolchain in operational condition and continue to improve the platform and practices."

Looking to the Future

In another sign of perhaps pandemic-fueled progress, the majority of the survey takers plan to focus their investments this year on the cloud, followed by artificial intelligence. That's a significant change from the 2020 survey where cloud was the 4th place pick and AI was in a distant 8th place.

And after a year of re-thinking and doing, 75% of survey takers said they felt either "somewhat" or "well" prepared for the future.

Valerie Silverthorne is Senior Content Editor at GitLab
Share this

Industry News

October 06, 2022

Platform.sh announced it has partnered with MongoDB.

October 06, 2022

Veracode announced the enhancement of its Continuous Software Security Platform to include container security.

This early access program for Veracode Container Security is now underway for existing customers.

The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.

October 06, 2022

Mirantis announced that Mirantis Container Runtime – latest generation of the Docker Enterprise Engine, the secure container runtime that forms the foundation of Mirantis Container Cloud and Mirantis Kubernetes Engine and is used at the heart of many other Kubernetes deployments – is now available in the Microsoft Azure Marketplace.

October 05, 2022

Perforce Software announced enhanced support for automated testing with the release of Helix ALM 2022.2.

October 05, 2022

Parasoft announced the latest releases of its API and microservices testing tools, including SOAtest, Virtualize, CTP, and Selenic.

October 05, 2022

Vaadin announced the release of four Acceleration Kits designed to make it faster and easier to build and modernize Java applications for enterprise use.

October 04, 2022

Pegasystems announced the latest release of Robot Studio, the robotic process automation (RPA) low-code authoring environment for Pega's intelligent automation platform.

October 04, 2022

EvolveWare announced the Agile Business Rules Extraction (Agile BRE) solution on its Intellisys platform.

October 04, 2022

Mabl announced new features that empower quality professionals to easily validate APIs as part of their integrated end-to-end tests.

October 03, 2022

Spectro Cloud announced a major new release of its Palette Edge platform.

October 03, 2022

Arcion announced agentless change data capture (CDC) for all of its supported databases and applications.

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.