Delve into the practices of mature DevOps organizations.

Sticker_DabbingUnicorn
Happy vs Grumpy Developers

The happiest developers are 2.3x more likely to be using automated security tools. 

BugSticker
Open Source Related Breaches are Down

28% of mature DevOps practices confirmed an OSS related breach in the past 12 months.

TimeFliesSticker
No More Time, But Much More Automation

47% don't have enough time to spend on security, but mature DevOps teams have built in more automation.

55% of respondents deploy to production at least once per week.

It’s not what we do once in a while that shapes our practices, it is what we do consistently. 

SURVEY QUESTION: How frequently do you deploy to production?

  • 7
  • 11
  • 24
  • 13
  • 23
  • 9
  • 12
  • 1
  • With every change
  • Multiple times per day
  • Multiple times per week
  • Weekly
  • Every few weeks
  • Monthly
  • Multiple times per year
  • Yearly

Job satisfaction is higher in mature DevOps practices

Our survey reveals the more evolved DevOps practices are, the happier we found their developers. Happy developers spend more time thinking about security than their grumpy peers.

 

Happy Developers

 

Grumpy Developers

  • 92%
     
     
  • 61%
     
     

Agree: “I am satisfied with my job.”

  • 86%
     
     
  • 53%
     
     

Agree: “I would recommend my place of employment to other job seekers.”

  • 89%
     
     
  • 69%
     
     

Agree: “I feel like I can complete the work assigned to me.”

Mature DevOps practices prioritize WAF, OSS Governance, and IDS/IPS.

SURVEY QUESTION: What security tools do you or your team use?

 

Mature DevOps

 

Immature DevOps

  • 59
    51
  • 44
    31
  • 42
    33
  • 40
    28
  • 34
    23
  • 33
    15
  • 29
    14
  • 25
    13
  • 24
    10
  • 20
    8
  • WAF

    Web Application Firewall

  • OSS

    Open Source Software Governance

  • IDS/IPS

    Intrusion Detection/ Protection System

  • SAST

    Static Analysis Security Testing

  • DLP

    Data Loss Prevention

  • CSA

    Container Security

  • DAST

    Dynamic Analysis Security Testing

  • SCA

    Software Composition Analysis

  • IAST

    Interactive Application Security Testing

  • RASP

    Runtime Application Self Protection

Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information