DevOps is Taking Over Traditional SDLC, but Still Has a Long Way To Go
GitLab found that the use of AI in DevOps practices has considerably streamlined the SDLC, although inculcating security ownership is still work in progress.
According to GitLab, 84% of IT pros believe code release and application delivery has accelerated significantly in the last year, thanks to the use of multiple DevOps tools, processes, and practices. The use of AI, in particular, has considerably streamlined the SDLC, although inculcating security ownership is still a work in progress. Here’s what GitLab discovered.
The rapid adoption of DevOps is well on its way, a study by DevOps lifecycle platform vendor GitLab revealed. Not only that, emerging technologies such as artificial intelligence and machine learning (AI/ML) are playing an outsized role in software development. Subsequently, GitLab found that the speed of software development doubled for nearly 60% of developers in the past year.
Overall, 84% of respondents, including professionals from several development and operations roles in IT, said they’re releasing code faster than before. Also, approximately one-fifth (19%) developers said their code goes into production at a speed ten times faster than before.
The reason? Developers started leveraging multiple practices apropos to a successful DevOps strategy. Just over 21% of developers started using source code management, almost 18% and 14% of respondents ingrained continuous integration and continuous delivery (CI/CD), respectively, and nearly 12% started using a DevOps platform. Moreover, 56% SDLCs are fully or mostly automated, while more than 10% implemented automation in application testing.
Moreover, the conventionally defined role of a developer is now merging with what a seasoned IT professional would call operations. The study found that 62% of respondents believe they now have new and different responsibilities because of DevOps.
See Also: Security and Speed, Two Opposing Priorities Can Co-Exist in DevOps
What Is DevOps?
DevOps is a portmanteau of the words ‘development’ and ‘operations’. According to The Agile Admin, “DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.”
It is basically a way to increase an organization’s ability to rapidly deliver applications and services. It combines tools, dev practices, and cultural (with respect to development) alignment, which would, over the traditional software development processes and infrastructure management processes, take lesser time.
The aim here is to continuously evolve dev practices and improve products, leading to better customer service and imparts an effective competitive advantage in the market.
Synopsys, a leading silicon to software provider, reckons DevOps to be “the direct descendant of agile software development, born from the need to keep up with increased software development velocity and throughput agile methods.” As agile development advanced, the need for a more holistic approach to the software delivery life cycle became apparent, which is what we now call DevOps.
Adopting DevOps does away with the usually siloed nature of various teams under traditional development practices. There is an overlap between development and operations teams. Both may even be merged to allow developers to take on a cross-functional role to streamline the application or software development lifecycle (SDLC): development → test → deployment → operations.
AI in DevOps
Going by the study, an increasing number of organizations are leveraging technologies such as AI and cloud computing within their DevOps process. GitLab’s study revealed that 75% of respondents said their DevOps teams are either using or planning to implement AI/ML or bots for testing/code review, a 34% bump from 41% in 2020.
The focus here is to automate testing, which, if done manually, is usually a time and money-consuming process. Application or software testing is performed to identify errors or requirements that may have been overlooked compared to actual client requirements. Testing is done to check if the application matches requirements and is free from bugs.
DevOps test automation facilitates feedback loops between operations and development teams without any significant human involvement so that iterative updates can be deployed faster to applications in production. Essentially, it can perform test tasks with reduced human intervention and deliver an accelerated process execution and scalable production environments, all culminating into a shorter delivery time.
GitLab found that 55% of ops teams either completely or mostly automate their software development lifecycle. Just over 27% have partially automated SDLC, and 11% are in the initial stages. Only 6% haven’t incorporated test automation whatsoever. For perspective, 8% of teams claimed full automation in 2020 compared to nearly 19% this year, while 25% have implemented full test automation, which is more than double of last year.
A shortening SDLC is the major reason why development teams may continue to uphold AI-driven test automation practices.
See Also: Rethinking DevSecOps To Meet Today’s Dynamic Threat Landscape
Security in DevOps (DevSecOps)
Besides automation, security is a major talking point in the SDLC. Security sticks out as one of the areas that cannot be overlooked, which is why organizations have been courting the notion of DevSecOps, a shift-left approach to application security. DevSecOps stems from the idea that security should be introduced early on in the SDLC.
Shifting left is the practice of detecting and preventing any security flaws, vulnerabilities or problems that threaten the security fabric of an application early in the SDLC or DevOps by testing as early as often possible. The requirements of the software are noted on the left side of the development plan; hence the name term ‘shift left’.
Compared to 65% in 2020, this year, 70% of security teams have shifted left. This is indicative of a move away from legacy security implementation practices wherein development and testing practices were decoupled from each other. And if you think shifting left could hamper development speed, the trade-off for security concern against speed is quite low at 14% for immature DevOps. For mature DevOps, however, it stands at 35%, which is certainly an area of improvement.
Yet, 42% of respondents said security testing is happening later than desired. An equivalent number of respondents said they or their teams struggled to unpack, process, and fix vulnerabilities. Almost 37% said it was tough to track the status of the bug fixes, and 33% said it was hard to prioritize the remediations. Finally, 32% said it was difficult just to find someone to fix the problems.
Why is this happening? The problem may lie somewhere in the fact that nearly a third (30.73%) of respondents said the security team is responsible for the security. But wait! Isn’t that precisely the job of a security pro? Well, not entirely; at least not under a DevSecOps approach. The ownership of security needs to lie with everyone. Presently, just 27.88% of respondents said all three, viz., security, operations, and development teams are responsible for security.
Johnathan Hunt, vice president of security, GitLab, said, “While the industry has continued integrating security into development, and organizations are beginning to improve security overall, our research shows that a more clear delineation of responsibilities and adoption of new tools is required to completely shift security left.”
He adds, “In the future, we hope to see security teams find more ways to lay out clear expectations for the other members of their organization, and continue to adopt innovative technologies for scanning and code reviews to improve speed and quality of development cycles.”
Closing Thoughts
GitLab’s Fifth Annual Global DevSecOps Survey shows stark changes in IT pros’ outlook toward DevOps. In 2020, development, operation, and security teams sought better communication and collaboration skills for their future careers.
This year, however, the priority for developers seems to have shifted to fostering efficiency through AI/ML-driven automation to bring operational consonance with the surging present-day demands. On the other hand, security teams seem confident with where they are heading as part of DevOps.However, DevSecOps will remain a pipe dream unless there’s harmony between all three areas (dev, sec, and ops) with respect to application ownership.
Note: GitLab’s findings are based on its survey conducted between January to early March 2021 of over 4,294 software professionals working across the globe in various industries.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
