The vast majority of developers who use a JVM (Java Virtual Machine) language still use Java, but a sizable chunk of the population is shifting to Kotlin, a JVM-compatible language developed by JetBrains, which Google is encouraging developers to use for Android development.
That's according to Snyk, the secure open-source coding outfit that last month landed $150m in backing, valuing the company at $1bn.
Its survey of 2,000 developers for its JVM 2020 report finds that while 87% of JVM developers still use Oracle Java, the population that use Kotlin has jumped about 130%, from a 2.4% share last year to 5.5% today.
SEE: Six in-demand programming languages: Getting started (free PDF)
Snyk puts growth in Kotlin adoption down to how seamlessly it integrates with Java. The growth has put Kotlin in second place, albeit well behind Java, but now ahead of Clojure and Scala.
Oracle JDK – Java Development Kit – is also losing share to OpenJDK alternatives. Snyk finds a "huge shift" to OpenJDK alternatives, amounting to 36% of all respondents who have left Oracle JDK for some flavor of Open JDK.
Last year, 70% of developers were using Oracle JDK and 21% were using an Open JDK distribution. This year, just 34% report using Oracle JDK.
According to Snyk, only 9% of developers report paying for JDK support, of which 55% are paying Oracle, 17% are paying IBM-owned Red Hat, 16% are paying IBM, and 12% are paying Azul.
Java 8 remains the most widely used version of Java SE in production systems at 64%, followed by Java 11 at 25%.
The survey, worryingly, found that 17% of respondents never apply security patches to JDK. However, on a positive note, 61% of developers apply security updates within a month of release. Meanwhile 15% say they apply security updates within days of their release.
IntelliJ IDEA, an integrated development environment (IDE) from Kotlin-maker JetBrains, is by far the most popular IDE. The survey finds that 62% of developers use the free Community version of IntelliJ IDEA, while half of all respondents report using JetBrains' paid-for 'Ultimate' version.
A further 20% report using the Eclipse IDE, while 10% Apache NetBeans, 4% use Vim and Emacs, while 2% use Microsoft's Visual Studio Code. Snyk notes that Eclipse IDE usage has dropped from 38% last year.
Somewhat surprisingly, among JVM developers, the Microsoft-owned code-sharing site GitHub is overshadowed by rival GitLab, thanks to a high adoption of GitLab's private repositories. Overall, 35% of respondents report using GitLab, while 31% report using GitHub and 25% report using Atlassian's Bitbucket.
Snyk has also uncovered some trends in how developers approach scanning dependencies for known security vulnerabilities.
Nearly a third scan for bugs as part of a CI (continuous integration) process before deploying a system to production. Smaller proportions also scan code in their IDE, pull requests in a code repository, during build time, and during production.