SmartBear announced its acquisition of QMetry, provider of an AI-enabled digital quality platform designed to scale software quality.
Want to get to DevSecOps? Start by developing mature DevOps practices. Security pros report an established DevOps team is three times more likely to find bugs before code is merged and 90% more likely to test between 91% and 100% of code than early-stage efforts. Those findings, from GitLab's 2019 Global Developer Report: DevSecOps, reflect the experience of more than 4,000 developer, security, and operations professionals across various industries, roles, and geographic locations.
Not surprisingly, the survey showed that DevOps done right provides an enormous benefit to companies trying to deliver quality software faster. Nearly half of mature DevOps teams reported daily continuous deployment in at least one part of their organizations, while 89% said a solid DevOps team leads to greater insight into what the team is working on. Developers said they are 1.4 times more likely to feel innovative when they're part of a mature DevOps team, while security pros said effective DevOps helps dramatically reduce the red tape involved in bug remediation. And operations team members are 1.8 times more likely to get sufficient notice to support developer efforts in an established DevOps environment.
But there's no question that for most companies, DevOps is still a work in progress. Only about one-third of the survey respondents rated their companies' DevOps efforts as "good." Roughly 50% of all survey respondents called out testing as most likely to delay development, a fact which underscores the continuing struggle to incorporate automation in to the mix. And despite the clear benefits to security from a mature DevOps practice, the inverse is true: An immature or troubled DevOps team will discover bugs late, battle to get developers on board for remediation and find innovation difficult if not impossible.
So while the benefits of DevOps are clear, the disadvantages of poor DevOps are just as obvious. Here's a quick snapshot of where each group stands relative to DevOps.
Developers and DevOps
The developers surveyed were a relatively upbeat group. Nearly 60% said their organization's development processes were set up to help them succeed and 63% said those processes help them nnovate. More than 50% are very happy with the tools they use. Scrum is the most popular development method at 50%, followed by Kanban (37%) and DevOps (36%). Just 17% use waterfall.
Barriers between dev and ops remain. Only about one-third of developers felt operations were able to quantify and document their work and less than half think operations gets sufficient notice to support them.
About 70% of developers said they are expected to write secure code, but comments offered during the survey made it clear the mechanisms to make that happen remain elusive at most organizations.
And while DevOps isn't quite an established development currency, it's clear to developers what happens when DevOps isn't done well: 88% of those working at companies with a poor DevOps model don't feel their development processes are designed to help them succeed.
Security and DevSecOps
The survey respondents use a variety of application security methods to identify problems. Dependency scanning is the most popular at 56%, followed by cloud security (42%), container security (41%), SAST (35 %), license compliance (29%t) and DAST at 22%. All told, 12% of security teams test between 61-75% of the code.
Automation, though vital for successful DevOps, remains a challenge to implement. Roughly a third of respondents rely on security testing results from the developer pipeline report or use automated SAST in the CI/CD pipeline. And 25% said they don't know how their team automates software testing.
But thanks to DevOps there is steady progress when it comes to bringing developers in to the security process. Half of those surveyed said coders receive and address security feedback during the development process and 44% report that security vulnerabilities are a performance metric for developers in their organizations.
Like the other groups, security pros see the value of a strong DevOps practice particularly when it comes to finding or fixing bugs. A majority of security professionals said not doing DevOps well makes it 2.6 times more likely they have to deal with red tape in order to remediate potential security risks.
Thoughts on Operations
As far as ops pros are concerned, it's DevOps for the win. A full 70% said they practice DevOps, followed by Scrum (61%) and Kanban (43%). And their priorities are clear; operations pros pay attention first to the product roadmap timeline followed by ROI, the current workload of individual developers, and the estimated cost of development.
Ops teams are happy with the tools their organizations use – more than 61% said their tools were the best for the job. And 59% of operations professionals said their recommendations for tools and best practices were followed by their organization. More than half of operations team members surveyed said their organizations continuously deploy, and over one-third deploy somewhere between daily and once a month.
And like their security and developer counterparts, ops pros know the value of a well-running DevOps practice: They said companies are 2.5 times more likely to encounter the most delays in the planning stage if the DevOps model is poor.
Facing the Future
Not surprisingly, all of the survey respondents reported ambitious plans for 2019. Almost two-thirds want to invest in infrastructure to support continuous integration, deployment, and delivery. About half hope to improve automation, while 44% will increase use of containers and 43% will double down on DevOps. And just over one-third plan to expand their use of the cloud.
Developers and security pros also hope to invest more in continuous integration, deployment, and delivery as well as amping up automation and container use. Operations teams are on the CI/CD and automation bandwagons as well, but they're also looking to deepen their commitment to DevOps.
Industry News
Red Hat signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to scale availability of Red Hat open source solutions in AWS Marketplace, building upon the two companies’ long-standing relationship.
CloudZero announced the launch of CloudZero Intelligence — an AI system powering CloudZero Advisor, a free, publicly available tool that uses conversational AI to help businesses accurately predict and optimize the cost of cloud infrastructure.
Opsera has been accepted into the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS.
Spectro Cloud is a launch partner for the new Amazon EKS Hybrid Nodes feature debuting at AWS re:Invent 2024.
Couchbase unveiled Capella AI Services to help enterprises address the growing data challenges of AI development and deployment and streamline how they build secure agentic AI applications at scale.
Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem.
Traefik Labs unveiled the Traefik AI Gateway, a centralized cloud-native egress gateway for managing and securing internal applications with external AI services like Large Language Models (LLMs).
Generally available to all customers today, Sumo Logic Mo Copilot, an AI Copilot for DevSecOps, will empower the entire team and drastically reduce response times for critical applications.
iTMethods announced a strategic partnership with CircleCI, a continuous integration and delivery (CI/CD) platform. Together, they will deliver a seamless, end-to-end solution for optimizing software development and delivery processes.
Progress announced the Q4 2024 release of its award-winning Progress® Telerik® and Progress® Kendo UI® component libraries.
Check Point® Software Technologies Ltd. has been recognized as a Leader and Fast Mover in the latest GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPPs).
Spectro Cloud, provider of the award-winning Palette Edge™ Kubernetes management platform, announced a new integrated edge in a box solution featuring the Hewlett Packard Enterprise (HPE) ProLiant DL145 Gen11 server to help organizations deploy, secure, and manage demanding applications for diverse edge locations.
Red Hat announced the availability of Red Hat JBoss Enterprise Application Platform (JBoss EAP) 8 on Microsoft Azure.
Launchable by CloudBees is now available on AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).