DevOps teams routinely deal with the most sensitive needs of an organization: security, governance, and compliance. However, not every organization is on the same page when it comes to DevOps, which can leave developers feeling overwhelmed and overworked.
Sonatype recently released findings from its seventh annual DevOps Community Survey that examines the differences between mature and evolving DevOps practices, but with a new lens – how maturity levels impact developer happiness and culture. Developers from mature DevOps teams have higher job satisfaction, company loyalty, and productivity.
The integration of security controls into automated pipelines continues to be stronger in mature practices, although evolving DevOps practices continue to integrate security controls. Mature DevOps teams properly integrate automated security tools about twice as often as evolving development practices.
Integrated tooling provides detailed information about the application development lifecycle and therefore allows developers to quickly identify and remediate issues and vulnerabilities. For example, mature DevOps practices prioritize security, leading to fewer OSS-related data breaches – only 28% of mature DevOps practices reported an OSS breach in the past 12 months.
Governance and Compliance:
Forty-four percent of mature DevOps practices have integrated automated OSS governance into their software development lifecycles (SDLC), reducing the need for manual intervention. This also increases development velocity, with 55% of respondents saying they deploy code to production at least once per week, up from 47% in 2019.
Integrating security, governance, and compliance into your SDLC can be mandated or voluntary. The survey found that governance and compliance are the #1 motivator for integrating security into DevOps practices.
Breaches have always been a motivating factor for increasing security; although organizations want to get ahead of breaches, developers just don’t have enough time to invest in building secure code. Executives in mature DevOps practices are twice as likely to look at the integration of security controls as a competitive advantage. DevOps practices at these organizations are twice as likely to have automated governance and compliance because it’s top-of-mind for leadership.
According to the survey happiness matters in DevSecOps – developers from more evolved DevOps practices are happier. Happy developers generally have the tools they need to do their job and receive adequate training to continue growing their skillsets. In mature DevOps practices, happy developers said there was little to no friction on their teams, while developers from evolving practices identified management as a key source of friction.
Subsequently, happy developers are 3.6 times more likely to pay attention to security and when it comes to security incidents, they are less likely to rely on rumors. They rely upon evidence from their integrated tools, security teams, and leadership.
About the Survey
Since 2014, Sonatype has conducted its DevOps Community Survey, focused on application development and security practices. This year’s survey was comprised of 34 questions of Sonatype’s DevOps community between Jan. 29 and Feb. 27. In total, 5,045 respondents from more than 70 countries responded to the survey. For more information, download the survey.