Over 5,000 respondents took part in Sonatype’s 2020 DevSecOps Community Survey, which was announced in a press release.
The participants hold different organizational roles and come from various countries, mainly the US, UK, India, Canada and Germany. The majority were working in the tech sector (39%), banking and financial services (15%), and consulting services (7%).
SEE ALSO: DevSecOps Panel – Best DevOps Security Practices & Best Tools
Let’s dive right into the findings.
DevOps maturity
The adoption of DevOps maturity was rated as “mature” by 15% of respondents and “improving” by 36%. “Immature” (49%) received the highest number of answers. 55 percent, though, said they deploy at least once per week—and of these, 24% deploy multiple times per week. Yearly deployments, on the other hand, are becoming very rare: this model was being used by only 1 percent.
DevSecOps tools
Mature and immature DevOps practices show some different preferences regarding the adoption of security tools. WAF (Web Application Firewall) and OSS (Open Source Software Governance) top the list for both maturity levels. WAF was being used by 59% of mature and 51% of immature DevOps teams, and OSS by 44% (mature) and 31% (immature).
Serverless Deployments with Canary – Creating DevOps engineers at LEGO.com
Nicole Yip (The LEGO Group)
The Road to the Continuous Monitoring
Pawel Piwosz (Epam Systems)
Hacking Terraform for Fun and Profit
Anton Babenko (Betajob)
The next most popular tools were IDS/IPS (Intrusion Detection/Protection System), SAST (Static Analysis Security Testing) and DLP (Data Loss Prevention). Further down the list, the difference in usage rates increased: CSA, DAST, SCA and IAST were being used twice as often by mature DevOps teams.
Not surprisingly, mature DevOps teams also stated almost twice as often that they have properly integrated security tools into their pipeline.
Security breach awareness
In this year’s survey, 24 percent of respondents stated that they had confirmed or suspected security breaches within the last 12 months. Depending on the DevOps maturity, the responses varied between 19% and 28%.
Sonatype interprets the findings to imply that higher maturity levels did not lead to an increased number of breaches, but rather to an increased awareness in breaches:
Failures are not silent in mature DevOps practices, but rewarded.
Developer happiness
Sonatype didn’t just want to know about the hard facts—they also wanted to see how happy DevOps team members are. It turns out that job satisfaction increases with DevOps maturity: 92% of respondents in mature teams said they are satisfied with their job whereas only 61% agreed with this statement in immature DevOps teams.
SEE ALSO: 90% of remote workers would recommend it to a friend
Another finding was that code security analysis was performed significantly more often by happy developers: 65% of happy developers said they perform code security analysis, compared to only 34% of grumpy developers. Friction between colleagues was also encountered less often by happy developers.
For more DevSecOps insights and to find out about the participants’ favorite pizza toppings (including pineapple), see the full report.
The post Developers that use mature DevOps and DevSecOps practices are happier appeared first on JAXenter.
Source : JAXenter
