Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.
In all the talk about DevOps tools and technologies, it is easy to forget this methodology is also about fundamental change. And change is afoot.
In May, nearly 3,700 people from 21 countries told GitLab about their DevOps journeys. They shared spectacular successes like continuous deployments and faster release times and equally impressive problems in areas like testing and security.
Respondents shared that their roles are changing dramatically, no matter where they sit in the organization. The lines surrounding the traditional definitions of dev, sec, ops and test have blurred, and as we enter the second half of 2020 (and a completely altered economic landscape) it is perhaps more important than ever for companies to understand how these roles are evolving.
Of course, your mileage may vary — over 70% of respondents came from companies with 1,000employees or fewer, meaning they're likely nimble and not legacy-laden. That said, their experiences represent a targeted look into what the future of DevOps may be, and for that reason, it's worth hearing what they had to say.
The Multi-Faceted Developer
We asked developers to tell us in their own words how things are changing:
"Developers are now deploying at will whereas earlier deployments had to be planned and scheduled outside business hours."
"Automated testing and continuous integration have made our deployments safer and more optimized. Now everyone in the team has the permission to deploy the code."
"A ticket that had to go to 7 departments to [get to] ‘button press' went from 6 weeks to 2 hours."
Devs are certainly more ops-involved than ever before. Fully 35% of developers told us they define and/or create the infrastructure their app runs on. An additional 14% reported actually monitoring and responding to that infrastructure — all roles traditionally held by ops. Over 18% instrument their code for production monitoring, while 12% serve as an escalation point when there are incidents.
Devs are also doing more testing, though they're the first to say there can never be enough testing. And for many, security has shifted left ... in some cases right into their laps. Just over 28% of developers said they feel solely responsible for security. That's a pretty astonishing percentage.
Security Has a Seat at the Table
Almost two-thirds of respondents (65%) said security in their organizations has actually shifted left. One way that's manifested itself is that security pros, long the lone wolves of the SDLC, are beginning to be team players. Almost 28% said they're part of a cross-functional team focused on security, while 27% said they were more "hands on" and involved in day to day development processes. And just over 22% said they were more focused on compliance.
In their words:
"(Security) is becoming less focused into silo positions and more of a Jack of all trades role."
"We don't have separate security, developers and operations; we are DevSecOps (and more)."
Ops Steps Back and Looks Forward
If there's one place where process changes, tech changes and cultural changes seem to collide, it's operations. In fact, over 60% of them told us their roles have changed substantially because of DevOps.
"It's 60% new project work and 40% operations/fire-fighting/developer support."
"We keep the lights on."
"Anything between dev and ops. From planning to deployment but not monitoring and maintaining apps in production."
What do those new responsibilities look like? Today 42% see their role as primarily managing hardware and infrastructure, while 52% say their first priority is managing cloud services. And ops takes security seriously: 21% feel they're solely responsible for it.
Testing as a Team Sport
There's no way around it: testing is a challenge and for the second year in the row gets the largest share of the blame for delayed releases (47% pointed squarely at test).
But this role is evolving too, and it's most decidedly not disappearing, despite the inroads made by test automation. Almost 60% said their teams are the same size they were last year.
And, in a change from the past, 33% of testers said they had closer collaboration with developers than in the past, thanks to DevOps. About 17% said dev and test work as a team to test "as close to real time as possible," and about 9% said they practice test-driven development (TDD). DevOps has helped 16% of testers feel they have a more visible seat at the table and 15% are now able to do more testing that matters rather than repetitive busy work.
Overall 75% of testers say their organizations have shifted test left.
As they shared:
"We have to write less paper and tickets and have faster reaction times."
"We're all the same — dev team is the ops team."
"We're starting to see light at the end of the tunnel."
We know change is hard, but DevOps is hard too. While it's impossible to say what the future holds, especially now, spending time looking at how your DevOps practice can adjust to changing roles and responsibilities likely won't be a waste of time. We're doing it ourselves right now, with "efficiency" and "agility" projects underway. The voices in our survey were excited and enthusiastic about the changes, so we'd better be prepared for the ride.