Survey Investigates DevSecOps and Impact of AI
Written by Janet Swift   
Wednesday, 21 June 2023

The results of GitLab's 2023 Global DevSecOps Report show the increasing uptake of DevSecOps methodologies. While AI tools are being rapidly adopted by developers for code checking and testing purposes, their security counterparts are worried that AI might threaten their jobs or introduce hard-to-find errors and make their jobs more difficult.

GitLab collected a total of 5,010 responses to its 2023 survey of DevSecOps professionals across a mix of industries and business sizes worldwide. Of the three components of DevSecOps, Software Development was the most represented (39%), followed by IT Operations (32%) and IT Security (29%): 

GitLab DevSecOps1

Half of the respondents were under 35 years old and while the majority of the respondents were male, almost a quarter were female, which is not as large a gender imbalance as seen in other surveys.

Two-thirds of respondents were from the United States, 14% from India, 3% from the United Kingdom and another 6% from the rest of Europe.

Year-on-year in this survey organisations have increasingly adopted DevOps or DevSecOps methodologies. This year the proportion was 56%, up from 47% in 2022 with multiple methodologies in use:

GitLab DevSecOps2

While fewer than half of respondents are already using a DevOps/DevSecOps platform, an equal proportion are considering evaluating or buying one this year and only 3% have no plans to do so:

GitLab DevSecOps1b

Over the last few years successive GitLab surveys have tracked the progress of the Shift-Left approach, which was introduced to bring software testing into earlier stages of the software development lifecycle. This approach aims to reduce errors later on in the pipelines by moving testing into the early stages of development and creating a faster development process. for more see What Is the Shift-Left Approach in DevOps?

This year it states:

The shift left is getting real

reporting that 74% of security professionals said they have either shifted left or plan to in the next three years.

According to the report:

The shift left is driving a number of benefits across the software development lifecycle — most notably, development, security, and operations teams are coming together instead of working in silos. Increasingly, no single group feels like they’re on their own when it comes to application security. This year, less than a third of
survey respondents (30%) said they are “completely” responsible for application security (down from 48% last year). The majority of respondents (53%) said they are responsible for application security as part of a larger team — up from 44% last year.

The survey also looked into the adoption of AI and ML in software development workflows for security testing and code checks finding that 65% of developers are either already using artificial intelligence and machine learning in testing efforts or will be in the next three years.

This aligns with the results of the recent Stack Overflow Survey which found that 44% of Professional Developers currently use AI tools, with their main use case being writing code, and another 25% planning to use such tools soon, with their main use case being testing code, see Developers Positive About Using AI Tools. 

Among GitHub survey respondents who use AI-based methods,   62% do so to check code, up from 51% last year and, year-on-year the use of bots in the testing process rose from 39% to 53%. 

GitLab DevSecOpsAI

While respondents from Development embrace AI, two-thirds of in Security said they are concerned about the impact of AI/ML capabilities on their job, and 28% of them said they are “very” or
“extremely” concerned.

GitLab DevSecOpsAIb

Of those respondents who expressed concern, three-quarters are worried about the impact on their jobs with 29% are worried that the number of jobs will be reduced, 23% that AI/ML will be more cost-effective and 23% that their skills would become obsolete.  The remaining quarter are worried about the potential for AI/ML to introduce errors that will make their job more difficult.   

To know more, download the full report here.

GitLab 2023

More Information

2023 GitLab Global DevSecOps Report: Security Without Sacrifices

Related Articles

DevSecOps Is Growing, But There's Room for Improvement

Developers Positive About Using AI Tools

What Devs Think About AI

What Is the Shift-Left Approach in DevOps?

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Tetris - Still A Winner After 40 Years

Tetris, the classic and addictive puzzle game where you rotate and position falling blocks, has been played by at least a billion people. It was invented 40 years ago and to mark the occasion the BBC  [ ... ]

Pg_lakehouse Makes PostgreSQL Quack

Pg_Lakehouse from ParadeDB is an extension that turns PostgreSQL into the analytical engine of DuckDB. Why is that useful? How do you use it?

More News

kotlin book



or email your comment to:

Last Updated ( Wednesday, 21 June 2023 )