Completed by over 3500 developers from 21 countries, GitLab's DevOps survey encompasses three major areas, development and release, security, and testing. The survey results hint at DevOps enabling faster release cycles and improved quality, with the more recent DevSecOps area requiring more organizational fine-tuning.
According to GitLab survey results, the trend towards continuous deployment continues with 59% of companies deploying at least once every few days, up from 45% in last year's survey. The number of developers who are creating the infrastructure their apps will run on has also grown to 34%, highlighting a major role change. Many developers report less hands-on-tasks such as manual testing, deployment, or code merging. Still, 47% of respondents stated testing is the number one reason for release delay, with bugs being found late in the release process. Similarly, DevSecOps is an area where organizations are still struggling to adopt sound practices like early SAST scans and dynamic application security testing (DAST), although things are improving year-to-year.
InfoQ has taken the chance to speak with GitLab's senior developer evangelist, Brendan O'Leary.
InfoQ: GitLab survey confirms the trend bringing development and operation closer, with a significant portion of developers playing roles traditionally held by operations engineers. Is this a good trend overall? Where does it end? Will operations as traditionally understood eventually disappear?
Brendan O'Leary: I think this is a trend we’ll continue to see. DevOps aims to blur the lines between software engineering and operations engineering. While both disciplines have specific requirements, the more linked these disciplines become, the faster organizations can deliver stable software. When it comes to operating software, it’s critical for the developers of that software to have a deep understanding of how it operates at scale. At the same time, operators need to understand and deliver for the needs of the organization’s main goal of delivering better products faster.
InfoQ: What challenges does this convergence of development and operations roles imply for the development process overall? And specifically, what are the challenges for security and how could they be tackled?
O'Leary: I think the biggest challenge is the ability to connect real-world operations data with the changes either made or required to improve the customer experience. In addition, the old-style command-and-control security methodology doesn’t work when you’re looking for continuous delivery and shipping code to production every week, every day or multiple times a day. The older disjointed toolchains developed for siloed roles need to morph into a single DevOps platform that lets engineers work together and share a common set of data and measurements. We’ve seen the industry moving in this direction as DevOps tool makers consolidate around building a single platform for the entire lifecycle.
InfoQ: Testing has been integral to DevOps from its start, from unit tests to end-to-end tests through integration tests. One of the most recent trends has been “shifting left” testing. While shifting-left testing is surely beneficial, do you see some shadows in this trend? What are the risks to avoid? And how can this change the current DevOps scenario?
O'Leary: I think that shifting testing left is critical to anyone’s DevOps transformation. However, there are risks if we don’t re-imagine what those tools look like in a modern DevOps scenario. For instance, security testing must also shift earlier in the cycle, allowing developers to address issues before they make it further down the lifecycle. It also becomes critical to invest as much time in technical debt in our CI/CD pipelines as we would with the product itself. A "set it and forget it" testing model is no longer viable, but the way we integrate, test and deploy code needs to be just as adaptable as our code itself.
InfoQ: All in all, convergence of (traditionally) different roles such as development, operations, testing, and security can be seen as a matter of evolving patterns of communication and collaboration within an organization. How can this relate to the explosion of remote working due to the current COVID-19 pandemics? How important are tools to drive and manage this change of shift?
O'Leary: The increase in the need and ability for teams to collaborate across disciplines can directly benefit those teams who now have to collaborate remotely. From what we’re seeing in the industry, the current crisis has widened the gap between teams who have been able to implement effective communications and collaboration and those who have traditionally struggled. Long processes and red tape have not helped teams move faster, and have negatively impacted those teams who now have to work together remotely.
You can get the full report from GitLab's website.