Development

A Look at DevOps in 2020: Sonatype’s Community Survey

DevOps teams routinely deal with the most sensitive needs of an organization: security, governance, and compliance. However, not every organization is on the same page when it comes to DevOps, which can leave developers feeling overwhelmed and overworked.

Sonatype recently released findings from its seventh annual DevOps Community Survey that examines the differences between mature and evolving DevOps practices, but with a new lens – how maturity levels impact developer happiness and culture. Developers from mature DevOps teams have higher job satisfaction, company loyalty, and productivity.

The Findings

Security:

The integration of security controls into automated pipelines continues to be stronger in mature practices, although evolving DevOps practices continue to integrate security controls. Mature DevOps teams properly integrate automated security tools about twice as often as evolving development practices.

Integrated tooling provides detailed information about the application development lifecycle and therefore allows developers to quickly identify and remediate issues and vulnerabilities. For example, mature DevOps practices prioritize security, leading to fewer OSS-related data breaches – only 28% of mature DevOps practices reported an OSS breach in the past 12 months.

Covid 19
COVID-19: Digital Insights For Enterprise Action

Access Perficient’s latest insights into how you can leverage digital technologies to not only respond to the pandemic, but drive your operations forward and deliver experiences your customers need.

Get Informed

 

Governance and Compliance:

Forty-four percent of mature DevOps practices have integrated automated OSS governance into their software development lifecycles (SDLC), reducing the need for manual intervention. This also increases development velocity, with 55% of respondents saying they deploy code to production at least once per week, up from 47% in 2019.

Integrating security, governance, and compliance into your SDLC can be mandated or voluntary. The survey found that governance and compliance are the #1 motivator for integrating security into DevOps practices.

Breaches have always been a motivating factor for increasing security; although organizations want to get ahead of breaches, developers just don’t have enough time to invest in building secure code. Executives in mature DevOps practices are twice as likely to look at the integration of security controls as a competitive advantage. DevOps practices at these organizations are twice as likely to have automated governance and compliance because it’s top-of-mind for leadership.

Developer Happiness:

According to the survey happiness matters in DevSecOps – developers from more evolved DevOps practices are happier. Happy developers generally have the tools they need to do their job and receive adequate training to continue growing their skillsets. In mature DevOps practices, happy developers said there was little to no friction on their teams, while developers from evolving practices identified management as a key source of friction.

Subsequently, happy developers are 3.6 times more likely to pay attention to security and when it comes to security incidents, they are less likely to rely on rumors. They rely upon evidence from their integrated tools, security teams, and leadership.

About the Survey

Since 2014, Sonatype has conducted its DevOps Community Survey, focused on application development and security practices. This year’s survey was comprised of 34 questions of Sonatype’s DevOps community between Jan. 29 and Feb. 27. In total, 5,045 respondents from more than 70 countries responded to the survey. For more information, download the survey.

About the Author

Caitlin is the Marketing Coordinator for Perficient's Automation, DevOps, and API practices. She's been in her role since September 2019, and has a background in editing and writing for a variety of brands and publications. She lives in St. Louis and is a proud St. Louis Blues fan.

More from this Author

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up