We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
      • Snyk Cloud
        Build, deploy, and stay secure
    • Solutions
      • Application security
        Build secure, stay secure
      • Software supply chain security
        Mitigate supply chain risk
      • Cloud security
        Build and operate securely
    • Platform
      • What is Snyk?
        Developer-first security in action
      • Developer security platform
        Modern security in a single platform
      • Security intelligence
        Comprehensive vulnerability data
      • License compliance management
        Manage open source usage
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
      • User hub
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Listen to the Cloud Security Podcast, powered by Snyk
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
DevSecOps Insights 2020
DevSecOpsCase Studies

DevSecOps Insights 2020

Liran TalJanuary 28, 2020

We are thrilled to announce and share with you the Snyk 2020 DevSecOps Insights! In this study, we discuss the state of DevSecOps, key activities, focus areas, and takeaways.

This study is based on data presented in the Snyk 2019 State of Open Source Security report and the Puppet 2019 State of DevOps report.

The Snyk report presents the survey results of over five hundred respondents and the Puppet report presents data from 2,949 technical professionals.

Download PDF DevSecOps Insights 2020

If you’re interested in reading the detailed findings of our study, we recommend you download the full version of the report in digital format. Find some more of the key takeaways in the articles below:

  • DevSecOps Insights 2020
  • 86% of security and tech roles agree that security is a shared responsibility
  • 31% don’t track application dependencies and 38% only track direct dependencies
  • 29% of highest security integration orgs endure friction when collaborating
  • 48% see security a major constraint on the ability to deliver software quickly

An introduction to DevSecOps Insights 2020 study

Fast software development iterations call for baked-in security in order to keep up with the rate of building and shipping software. In a typical organization, security staff is vastly out-numbered compared to operations and developers. This significantly complicates the job of keeping up with security tests, reviews, etc, in order to mitigate the increasing application security risk.

Is security slowing down operations and developers? This is one of the major concerns and challenges for integrating security in development teams. Security teams remain accountable for the security of applications and related data, yet cannot introduce disruption to the development teams’ workflows. To overcome these challenges, development and security teams need to adopt new ways of working together, develop new processes and adopt new tooling. DevOps teams do not prioritize for security in a build pipeline or security monitoring, as there are other concerns they are tasked with. So, even for empowered DevOps teams, security is still mainly an afterthought.

Join us on the live webinar event on January 30th 11AM Eastern Time:

To address security concerns while keeping up with the rapid pace of software delivery, we need to adopt processes, culture, and proper tools through automation which sustains fast development iterations. These enable development teams to integrate security tooling within their build pipelines to detect vulnerabilities early on, and fosters healthy collaboration across security and DevOps teams.

In this report we aim to explore the state of DevSecOps adoption and the challenges organizations and teams face. What we aim to gain from this research is better insight into practices and tools that accelerates DevSecOps adoption.

DevSecOps Key takeaways

Following are takeaways and challenges faced in the DevSecOps journey:

CULTURE Security is perceived as an activity that slows down the business and overall software delivery. 33% of respondents, within the highest level of security integration, still feel that security is a major constraint on the ability to deliver software quickly. TOOLING 79% of organizations are positioned at a medium level of DevOps evolution and face challenges in scaling the tooling, culture, and practice to properly support the business.
CULTURE Key security activities, such as threat modelling and security tools integrated in the development pipeline, contribute to a sense of shared responsibility across different functions of the business. Seeing security as a shared responsibility improved by 31% between Level 1 — the lowest level of security integration within an organization — and Level 5, the highest.TOOLING 22 percent of firms at the highest level of security integration are also at an advanced stage of DevOps evolution.
CULTURE Even though there is a high correlation between the maturity of security integration and the sense of shared responsibility, 29% of all organizations, positioned at the highest level of security integration, still feel that security teams and delivery teams encounter a lot of friction when collaborating.TOOLING 65% of respondents confirm that they employ automated security testing tools to audit their code, while a security code review is an activity that 79% of respondents follow.
CULTURE 81% of users feel developers are responsible for open source security and 68% of users feel that developers should own the security responsibility of their container images.TOOLING 37% of users don’t implement any sort of security testing during CI.
TOOLING 57% of respondents test for known security vulnerabilities in their open source dependencies, and 36% of respondents perform static application security testing for their own code.
TOOLING 31% of respondents aren’t tracking any application dependencies in use within their organization, and 37% are only tracking direct dependencies.
Download PDF DevSecOps Insights 2020

Continue reading our DevSecOps Insights 2020 study:

  • DevSecOps Insights 2020
    86% of security and tech roles agree that security is a shared responsibility
    31% don’t track application dependencies and 38% only track direct dependencies
    29% of highest security integration orgs endure friction when collaborating
    48% see security a major constraint on the ability to deliver software quickly

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.

Go to Discord
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • API status
  • Pricing
  • Test with GitHub
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom