DevOps and DevSecOps might be top of the vision list for tech leaders, but reality has yet to catch up in most organisations with plenty still using waterfall methods, research by GitLab has shown.
The CI/CD turned DevOps turned DevSecOps vendor’s latest Global Developer Report shows a proportion of companies with “mature” DevOps models doing well, but the majority of organisations are either stuck in the past, or struggling to really get going on their DevOps journey.
Companies that had DevOps down pat, were much happier all round, the survey suggested. In organisations with a “mature” DevOps model, developers felt 1.4 times more innovative than those in orgs with a “poor” DevOps model. Tellingly, perhaps, just 10 per cent of respondents had “DevOps” in their title.
That said, 54 per cent of respondents worked in Scrum type organisations, while 36 per cent worked in DevOps orgs. Waterfall was still the default for 17 per cent, with the balance using Kanban.
And a third of the developers in those organisations practising DevOps, rated their practices as “fair”, with just 28 per cent rating them as good, while 17 per cent rated them as poor.
CI/CD has been widely adopted, but is arguably nowhere near mainstream, with 45 of respondents saying it was being used “at least somewhere in their organisation”. At the same time, 43 per cent of developers said they deployed on demand or multiple times a day.
So it might not be a surprise that, “Only about a third of developers (36%) believe Operations team members are able to quantify and document their work, while less than half (43%) think Ops gets sufficient advance notice to support development efforts in their organizations. “
Things appear even worse when it comes to security, with 70 per cent of developers saying they’re expected to write secure code, but only 30 per cent rating their security practices as fair, and just a quarter rating them as good. Just under a quarter thought their security practices were out and out “poor”.
Security staff were similarly unimpressed, with 40 per cent saying they “struggle to get developers to make remediation of vulnerabilities a priority.”
Companies with good DevOps practices did better, with security teams in such orgs three times more more likely to discover bugs before code is merged. Overall “security leadership” at companies with “strong DevOps” were 23 per cent more likely to get an accurate view of the security team’s performance.
Remote working seems to correlate with all sorts of good outcomes. Developers in a mostly remote team rated the maturity of their security practices 29 per cent higher than those who were mostly office bound. Meanwhile, over in ops, all remote teams said they were 1.6 times more likely to document and quantify their work, and 2.6 times more likely to be given sufficient notice to support developers.
You can access the full report, after registering, here.