We spoke with Brendan O'Leary, Staff Developer Evangelist at GitLab about the current state of DevSecOps, where DevOps is headed in the future, and how dev teams have been affected by new ways of working and toolchain sprawl and their expanded roles.

devmio: Thank you for taking the time to answer our questions about the GitLab 2022 Global DevSecOps Survey! According to the survey, only 10% of companies are claiming to allocate more budget for security, even though security issues are more prevalent than ever. Is this a massive security problem that will erupt later?

Brendan O'Leary: While security should be a more active investment priority, and our survey shows that it is the number one area of investment over the coming year, the disparity between actual budget allocation brings up an interesting point. Budget reallocation is not always indicative of an organization’s security posture.

71% of security pros rated their organization’s security efforts as either “good” or “excellent” – largely due to organizations’ ongoing push toward a more secure future. Nearly this same percentage of respondents responded the same way in 2021. Instead of simply watching where money has moved, we’ve kept an eye on how DevSecOps professionals’ roles have shifted in the last year.

For instance, we’ve seen a gradual increase in security ownership across DevOps teams in recent years. Additionally, security has become the number one reason for DevOps platform adoption, and DevOps will continue playing a key role in software security in the future.

devmio: In 2022, 47% of respondents responded that they practice DevOps or DevSecOps—an 11% increase from 2021. What would you say is the reason for this movement? Do you expect any shifts in the most practiced development methodologies in the coming years?

Brendan O'Leary: More teams are picking up DevOps or DevSecOps due to better code quality, developer productivity and operational efficiency, according to 37% of respondents, followed closely by better security and more secure applications.

Other clear benefits of DevOps include faster time to market, better communication/collaboration, and happier developers/DevOps team members. Organizations are finding both technological and cultural benefits for dev, sec and ops across industries. Today, every company is a software company, and DevOps empowers teams of any size or location to work together more collaboratively and effectively.

Based on this year’s survey, we expect DevOps adoption to continue rising. Five percent of respondents this year said they had added DevOps within the last year, and 1 in every 5 survey respondents shared that DevOps is their top area of investment in 2022.

Other clear benefits of DevOps include faster time to market, better communication/collaboration, and happier developers/DevOps team members.

devmio: Your survey states that 47% of teams report about fully automated testing—22% more than last year. 53% of survey takers said they are testing during coding (32% in 2021) and 59% of developers test their own code (24% in 2021). There is a lot happening in the testing department. How can these trends be interpreted?

Brendan O'Leary: A lot of teams are adopting more testing in their efforts to shift left. This year, 57% of sec team members said their orgs have either shifted security left or are planning to this year. In conjunction with the 53% of developers that told us they are “fully responsible” for security in their organizations, this shows a clear direction of movement within organizations.

Testing aids shift left efforts because it allows developers to test their code for vulnerabilities and revise it before sending it to security team members, improving workflows and the software pipeline overall.

devmio: 75% of all respondents said they use a DevOps platform. When deciding which platform they want to use, what are the most important criteria? What are the differences between available DevOps platforms?

Brendan O'Leary: The main benefits of DevOps platforms were security and cost and time savings, according to this year’s survey. Platforms help in shifting left and streamlining DevOps, allowing teams to test and pass code down their pipelines, as well as maintain visibility and determine their own metrics. A majority of dev teams said use of a DevOps platform was the number one reason for the increased pace of code release (70% of teams deploy multiple times a day, daily, or every few days) followed by automated testing, source code management, planning tools, and observability.

Every DevOps tool has different capabilities. Some offerings focus on communication and functionality or project and data management, but they all fall short of being an end-to-end, multi-cloud solution for the entire software development life cycle. However, GitLab offers more than a toolset. It is the One DevOps Platform that integrates all the tools DevOps teams need to scale, secure, and deliver software faster.

Testing aids shift left efforts because it allows developers to test their code for vulnerabilities and revise it before sending it to security team members, improving workflows and the software pipeline overall.

devmio: AI and ML are becoming more important in the IT world. Can you tell us how they are part of today’s DevOps teams and how they are used to make everyday tasks easier?

Brendan O'Leary: Today, 31% of teams are using AI/ML for code review, double where we were at last year (15%). Additionally, 37% of teams are using AI/ML in software testing, and 20% plan to introduce it this year.

AI/ML is becoming especially valuable to security professionals since AI/ML systems can be trained to detect and respond to threats. Test automation is growing quite common and ModelOps is growing in popularity, with 62% of survey takers already practicing ModelOps today. We’re excited to see AI/ML’s role continue growing in DevOps and driving value for organizations.

devmio: With the vast majority of teams “shifting left” and constantly-expanding dev roles, how has the daily life of a developer changed?

Brendan O'Leary: Between shifting responsibilities, the pandemic, security threats, culture changes, and complex tech learning curves, devs were placed under a lot of stress in the last couple years. Developer roles continue to shift in all directions, taking on more responsibility for security, as well as traditional ops responsibilities. Over one third of dev respondents are instrumenting their code for production monitoring, creating infrastructure for their app runs on, monitoring their infrastructure, and remaining on-call for app production alerts – activities that used to be reserved for ops professionals.

Additionally, with their expanding roles, dev toolchains are more sprawling than ever before, and they are spending more time than ever before managing these toolchains. 2 in every 5 developers spend up to half of their time maintaining and integrating complex toolchains, pointing to organizational needs for a single, unified DevOps platform.