The Latest DevOps Trends To Watch

By:?Patrick Taylor , National Technology Evangelist - AIM Consulting

In May, more than 5,000 DevOps professionals shared details about their teams and practices with GitLab. The recently released survey results shed light on the current state of DevOps and the direction the field is headed in. Read on for our key takeaways.

The Push for Security

The GitLab survey revealed that security is the number one investment area for developers, surpassing even cloud computing. Not only are organizations dedicating more budget to security, but their developers are dedicating more time to it.

The majority of sec team members (57%) said their organization has either already shifted security left - meaning DevOps teams ensure security early in the development cycle - or are planning to this year. This correlates with increasing feelings of responsibility for security - 53% of developers said they are "fully responsible" for security in their organizations, and another 39% said they feel responsible for security but as part of a larger team.

Yet this delegation of work doesn't necessarily equate to high-quality results. Although 57% of respondents agreed security is a performance metric for developers in their organization, 56% said it was difficult to get devs to actually prioritize fixing code vulnerabilities.

Fifty-three percent of developers said they are "fully responsible" for security in their organizations.

Even more concerning is the fact that less than 20% of security team members said devs found between half and three-quarters of the bugs.

Major trends in DevSecOps specifically were the use of security scans and automated tools. Static scanning (the automated analysis of code files) and Dynamic scanning (the automated analysis of system behavior) both saw double-digit increases in their rates of adoption. This is an extremely positive development. Putting those tools to proper use and responding to their results will be the thing in 2023 that allows teams to use existing technology to make observable improvements in the security of their systems.

Toolchain Frustrations

An impressive 70% of teams deploy multiple times per day, daily, or every few days, up 11% from last year. Yet toolchain sprawl is still inhibiting productivity and speed, causing frustration among developers.

Nearly seven out of every 10 developers expressed a desire to consolidate their toolchains. This isn't surprising, given that 44% of DevOps teams use between two and five tools, and another 41% use between six and 10 tools.

Nearly seven out of every 10 developers expressed a desire to consolidate their toolchains.

Respondents expressed frustration with toolchain sprawl for numerous reasons, the primary reason (37%) being that time spent on toolchain maintenance takes away from time that could be spent on compliance. Another 35% said it's difficult to consistently monitor across so many tools, and devs aren't happy with all of the context-switching. Others identified pain points like slowed development velocity, cost increases, and difficulty retaining developers.

GitLab’s Audience

The survey respondents represented a wide variety of industries and roles. The respondent industry makeup was 45% computer software, with the rest split between 16 different industry categories. The role makeup was even more diverse: 15% of respondents were software developers, 30% held different DevOps and Ops roles, 14% held security roles, and the remaining balance held a variety of leadership, strategic, and quality roles.?

This diverse audience provides us with insight into how a wide variety of professionals see DevOps, outside of the potentially narrow view of software engineers at tech companies. At AIM Consulting , we know firsthand that many industries like retail, food service and healthcare require advanced technology and modern, custom software to compete in their verticals.?

The Bottom Line

Tools and techniques exist that give teams the potential to realize the dream of DevSecOps, but significant challenges remain. Developers are overwhelmed with changes in technology and apprehensive about the increasing rate of change they see coming. The landscape of useful tools is broad and many organizations use more than their staff can keep up with. Shifting left and automated scans have the potential to eliminate security holes before the security team does their testing, but security professionals report that a significant and unsettling number of problems exist in systems they are given to inspect.?

Narrowing our selection of tools, standardizing their use, and deepening our understanding of their value is the best thing that the industry can do to improve security in the systems we build.?

AIM Consulting offers and supports all of the trends occurring in DevOps , from rolling out test automation, to improving security and compliance, to consolidating your toolchain to effectively streamline development. We can help you reach the promise of a true DevSecOps culture with a mature end-to-end approach, enabling your organization to release the right products faster, more efficiently, and with fewer defects.

About the Author:

Patrick Taylor ?is the National Technology Evangelist at AIM Consulting Group and holds over 20 years of experience in technology leadership. He helps our clients solve their hardest technology problems by providing reference architectures, high-quality tools, and industry-leading techniques for software development.