GitLab's take on the current state of DevOps

A GitLab survey found that DevOps is continuing to gain momentum, but there's plenty of room for improvement when it comes to testing and security.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

GitLab, a prominent Git-based DevOps company, has released the results of its fourth annual DevSecOps survey This global survey of over 3,650 respondents found that DevOps rise has led to "sweeping changes in job functions, tool choices, and organization charts within developer, security and operations teams."

The vast majority of developers are finding DevOps is living up to its promise of faster software releases. According to the survey, nearly 83% of developers report being able to release code more quickly with DevOps. 

Continuous integration and continuous delivery (CI/CD) is also reducing build and deployment times. Thirty-eight percent said their DevOps implementations include CI/CD. Of those using CI/CD, nearly 60% deploy multiple times a day, once a day, or once every few days. That's up considerably from last year's 45%. Twenty-nine percent also said their DevOps implementations include test automation.

George Tsiolis, Ubitech engineering lead and GitLab core contributor, added:

"Over the last year, Ubitech introduced CI/CD practices to multiple teams for new and existing projects within the organization. So far, implementing CI/CD has led to an overall boost in test coverage efforts and more frequent deployments. It's also given our team new insight we needed to spot potential vulnerabilities before and after deploying our applications."

Testing, however, is still a major bottleneck. Forty-seven percent reported that testing was the area most likely to cause delays. True, automated testing is on the rise, but only 12% claim to have full test automation. And while 60% of companies report deploying multiple times a day or once a day, over 42% of those surveyed said testing still happens too late in the development lifecycle.

DevOps itself is living up to its promise of blurring the lines between developers and operators. Thirty-five percent of developers say they define and/or create the infrastructure their app runs on -- with 14% monitoring and responding to infrastructure issues. 

DevOps adoption rates are also up. Twenty-five percent of companies are in the DevOps "sweet spot" of three to five years of practice, while another 37% are well on their way, with between one and three years of experience under their belts. 

As you'd expect with numbers like that, roles across software development teams are shifting as responsibilities overlap. 70% of operations professionals report that developers can provision their own environments.

That's good news. But, while DevOps is enabling businesses to dramatically increase their software release times and moves to truly continuous integration/deployment (CI/CD), it's not all sunshine and kittens. 

Sid Sijbrandij, GitLab's CEO and co-founder, said in a statement: "There is still significant work to be done, particularly in the areas of testing and security. We look forward to seeing improvements in collaboration and testing across teams."

You see, it's not just a changing world for developers and operators. Security and testing teams also need to be brought into the DevOps world. 

The survey found a real disconnect between developers and security teams. The problem -- and this is an ancient one -- is no one's sure who's really in charge of security. More than 25% of developers reported feeling solely responsible for security, compared to testers (23%) and operations professionals (21%). On the security team side, 33% of security professionals said they're in charge, while 29% said they believe everyone should be responsible for security.

Specifically, security teams say developers are not finding enough bugs in development's early stages of development. Over 42% said testing still happens too late in the life cycle, while 36% reported it was hard to understand, process, and fix any discovered vulnerabilities, and 31% found prioritizing vulnerability remediation an uphill battle. 

Johnathan Hunt, GitLab's vice president of security, stated, "Security teams need to implement concrete processes for the adoption of new tools and deployments in order to increase development efficiency and security capabilities."

So, there's still work to be done with DevOps. That said, DevOps is well on its way to becoming the new way IT staff not only develops but operates their systems. 

Related Stories:

Editorial standards