Developers are daunted by security tasks, finds Docker survey, and want better tools

Developers are daunted by security tasks, finds Docker survey, and want better tools
security

A developer survey conducted by container specialist Docker found that one third of developers find security-related tasks “difficult” or “very difficult,” and one quarter of developers would like better tools for remediating security issues.

The 2024 Docker State of Application Development Report was conducted by Docker’s user research team, based on 20-minute online responses, where just over half of respondents had engineering roles, and others were in management, security or AI/ML (artificial intelligence and machine learning) roles. Some 86 percent of respondents are Docker users.

Docker’s researchers believe that developers are getting more involved in security because of pressure to fix potential issues early in the development cycle, rather than relying on operations teams – a “shift left.”

The most common security task is fixing vulnerabilities, cited by 49 percent of respondents, while others include running security scans and monitoring security incidents.

This new focus appears to be challenging, with 32 percent of developers reporting that security-related tasks are difficult or very difficult, and 25 percent stating that better tools are needed.

The most popular security tools and the most common security tasks, according to a Docker survey

Among those surveyed, SonarQube is the most popular security tool. It’s a static analysis tool for detecting bugs and low-quality code. Other popular tools are the AWS Security Hub, and products from Snyk and JFrog, as well as Docker’s own Scout, which is focused on checking project dependencies against a vulnerability database.

Putting this in context though, security and vulnerability tools came fourth when developers were asked where tool improvements are most needed – behind testing, planning, and monitoring/logging.

Another notable trend in the Docker report is that use of microservice architecture continues to grow, with nearly three times as many stating they were breaking down monolithic applications into microservices, than those going in the other direction – though Docker users are perhaps more likely than most developers to have a microservice mindset.

Use of AI in development is now huge, with 64 percent of respondents stating that they use AI for coding, documentation or research, and 46 percent working on machine learning in their solutions. The most popular AI tool is ChatGPT, used by 46 percent, followed by GitHub Copilot at 30 percent and Google Gemini at 19 percent.

Attitudes towards AI vary. Twenty-three percent see it as a threat to their jobs, but 61 percent said that it makes their job easier.

Only 64 percent of respondents do their coding in traditional local PCs or laptops. The other 36 percent are working in ephemeral environments, remote development machines, or remote environments such as GitHub Codespaces.

The full report can be found on Docker’s site.