GitLab released its 2019 Global Developer Report, suggests there is much room for improvement in a new wave of developer-led security practices
The latest survey from GitLab asked over 4,000 respondents across various industries, roles, and geographic locations to share their thoughts on software development, security, and operations. Much of the survey indicates that security is a work in progress at many companies, with developers and security professionals seeing a need for greater focus on applying security-driven processes throughout the development life cycle.
Accordingly, 69% of all respondents say that developers are expected to write secure code, yet 68% of security professionals feel that less than half of developers are able to spot security vulnerabilities. When developers are not able to see security issues, security teams later in the process must catch issues and request fixes. By contrast, earlier detection of security problems helps save developer time and resources.
The survey, however, notes a growing set of application security methods being used by development teams. Dependency scanning, made popular by an entire ecosystem of new automated code scanning tools, tops the list. All told, the most popular methods are:
- 56% - Dependency scanning
- 42% - Cloud security
- 41% - Container security
- 35% - SAST
- 29% - License compliance
- 22% - DAST
GitLab is likely trying to position itself as a DevSecOps trailblazer, unifying the most crucial development workflows under one platform. A few weeks ago, GitLab announced the latest version of its code repository hosting platform. Security dashboards, auto remediation tools, and security approvals brought serious security workflows to the traditional code repository workflows. Security and code management on the GitLab platform are now deeply intertwined, a strong indication of its enterprise-focused ambitions aimed at streamlining complex software development processes in large engineering teams. While GitHub soared in popularity with its hospitality to the open source world, GitLab is attempting to hijack the intensifying demand for developer-led security on its path toward becoming a more dominant platform.
Want to get more of these in your inbox?
Subscribe for weekly updates from the Software team.