DevSecOps teams are feeling the push to incorporate security earlier in the development lifecycle so development, security and operations can work together instead of in silos, GitLab said in a new report.
“Organizations globally are seeking out ways to do more with less. This means that efficiency and security cannot be mutually exclusive when identifying opportunities to remain competitive,” said David DeSanto, GitLab chief product officer.
Improving Security of Open Source Software
In GitLab’s freshly released 7th annual study, Global DevSecOps Report: Security Without Sacrifices, the open source software provider identified three key trends:
- Prioritization of security and governance.
- Emergence of AI/ML in software development and security workflows.
- Impact of implementing DevSecOps tools and methodologies on efficiency.
Data for the report was gleaned from surveying some 5,000 IT leaders, CISOs, and developers in industries including financial services, automotive, healthcare, telecommunications, and technology on their successes, challenges, and main priorities for DevSecOps implementation.
Security remains a key priority for organizations amid the growing global threat landscape. DevSecOps teams are becoming more broadly aware of security as a shared responsibility. Here are the supporting data:
- 71% of security professionals said that a quarter or more of all security vulnerabilities are being captured by developers, up from 53% of respondents in 2022.
- 38% of security professionals reported being part of a cross-functional team focused on security, up from 29% in 2022.
- 85% of security respondents report that they have the same or less budget than 2022, highlighting an urgent need to do more with less.
Developers Leverage Automation, AI/ML for Testing
Artificial intelligence/machine learning (AI/ML) go hand-in-hand with a DevSecOps platform. Developers who use a DevSecOps platform are more likely to have implemented automation and AI/ML for testing. Here are the supporting data:
- 65% of developers said that they are using AI/ML in testing efforts or will be in the next three years.
- 62% of developers using AI/ML use it to check code, up from 51% in 2022.
- 53% of developers using AI/ML said they use bots for testing, up from 39% in 2022.
Toolchain management is an ongoing barrier to developer productivity. Developers and security professionals are spending time on toolchain management, reducing time available for adherence to compliance regulations. Here are the supporting data:
- 66% of survey respondents reported wanting to consolidate their toolchains this year.
- 27% of security respondents reported that it is difficult to have consistent monitoring across disparate tools.
- 26% of security respondents said it is difficult to draw cohesive insights across all integrated tools.
More than half of government respondents said they are evaluating or purchasing a DevSecOps solution in one to three years in response to slowed or stagnant software development. Here are the supporting data:
- 75% of public sector respondents reported deploying software at the same rate or slower than they did in 2022.
- 44% of public sector respondents reported using 6 or more tools for software development, including some who use more than 15 tools.
- 59% of US government and aerospace/defense respondents want to consolidate their toolchain.
“GitLab’s research shows that DevSecOps tools and methodologies allow leadership to better secure and consolidate their disparate, fragmented toolchains and reduce spend, while also freeing up development teams to spend time on mission-critical responsibilities and innovative solutions,” said DeSanto.