JVM Ecosystem report 2018 - About your Platform and Application

Written by:
Simon Maple
Simon Maple
Andrew Binstock
Andrew Binstock

October 17, 2018

0 mins read

Welcome to the largest survey ever of Java developers. The data presented in the following report was taken from more than 10,200 questionnaires. If you were one of those survey-takers, many thanks to you for putting aside the time to share your experience for the benefit of others.This report is split into four posts:

  1. JVM Ecosystem report 2018 - About your JDK

  2. JVM Ecosystem report 2018 - About your Tools

  3. JVM Ecosystem report 2018 - About your Platform and Application

  4. JVM Ecosystem report 2018 - About your processes and you

We also have a lovely handcrafted pdf report which contains all of this information in one downloadable place.

DOWNLOAD THE JVM ECOSYSTEM 2018 REPORT!

About your platform

15. Which cloud platforms do you use?

From our data, we can say that 57% of respondents use a cloud platform of some sort.

wordpress-sync/pie-1-1

If we consider only the set of respondents who do use cloud platforms, we can see Amazon Web Services (AWS) leading the pack with almost two-thirds of the votes. Microsoft Azure and the Google Cloud Platform are next, taking 18% and 20% respectively; and Red Hat OpenShift and Oracle Cloud are making inroads.

blog/cloud-platform-amazon-aws-google-azure-openshift-oracle-ibm-cloud-foundry

16. Which cloud approaches do you use?

Containers lead the way on 43%, while VMs stay in the game pretty at 33%. As a relatively new technology, Serverless/Fass comes in strongly, with almost 1 in 10 respondents adopting this approach. PaaS, which has been around a lot longer, sits on a similar split at 10%. 1 in 3 respondents don’t use any cloud approach at all.

blog/cloud-approaches-vms-containers-serverless-faas-paas

17. Which continuous deployment or release automation tools do you use?

Almost 1 in 2 respondents don’t use any continuous deployment or release automation tools whatsoever. This might even be higher, as almost 1 in 5 don’t have any idea which tools are used in CD or release automation. It’s somewhat surprising to see bash as popular as Chef and Puppet. Actually, whom are we kidding?--Everyone loves bash! Ansible is the leading CD tool at 16%.

blog/cd-tools-ansible-bash-chef-puppet

About your Application

18. Which other (non-JVM) languages does your application use?

In today’s polyglot world, it would be naive to assume that JVM languages are the only languages used in JVM apps. In fact, more than half of JVM applications use front-end JavaScript as well, 1 in 5 use Python, and almost 1 in 4 use Node.js. As you’d expect, many projects use SQL as well.

blog/alternate-languages-javascript-sql-node-python-c-php-go

19. Which Web Frameworks do you use?

Few words can better express the Spring domination in the Java ecosystem than this graph. With 4 in 10 developers using Spring Boot in their applications, it’s interesting to see it has overtaken the Spring MVC framework for the first time. JSF is the closest entrant with a respectable 19% and Struts, despite a constant stream of Remote Code Execution vulnerabilities in the news, is a strong fourth with almost 1 in 10 developers adopting it. More than 1 in 5 developers likely boast about how small their applications are, not needing a web framework at all.

blog/jvm-java-web-frameworks-spring-boot-mvc-jsf-gwt-vaadin-play

20. Which ORM frameworks do you use?

More than 1 in every 2 developers use Hibernate in their applications. Almost 1 in 4 developers are happy with plain old JDBC, and Spring developers of course have the option of using Spring JDBC template, which is used by 23%. 1 in 5 developers don’t use any ORM framework whatsoever to access their data. (Developers could choose more than one answer, so totals do not equal 100%).

blog/orm-providers-hibernate-jdbc-spring-template-eclipse-link-mybatis

21. Which database do you use in production?

Once again, Oracle Database takes the top spot with almost 3 in 10 applications using it in production. MySQL and PostgreSQL are strong competitors taking 21% and 20%, respectively. MongoDB is the highest NoSQL database in use, with 5%.

blog/database-popularity-oracle-mysql-postgres-mssql-mongodb-db2-cassandra-h2-redis

22. Which application server do you use in production for your main application?

More than 4 in 10 respondents use Tomcat as their application server of choice. The fast, lightweight, open source, community favorite has led the pack for a long time now, and it doesn’t look like that’s going to change any time soon. JBoss and Wildfly are not too far behind at 15%. In the larger enterprise app server category, WebLogic has a slight lead over WebSphere. The “Other” category contains TomEE and Liberty Profile at 1% each, which lead that group.

blog/application-server-popularity-tomcat-jboss-wildfly-jetty-weblogic-websphere-glassfish

23. Do you develop on the same application server you use in production?

Despite the obvious dangers, more than one-third of respondents develop on a different server from the one they use in production--trading the possible cost of failures for the convenience. Surprisingly, those who state they use different application servers (or none) in development, actually have a wide variety of apps and servers in production. We were expecting mostly the larger monolith-suited app servers that could cause developers pain to use locally, but the ratios were comparable.

wordpress-sync/pie-2-1

24. How many open source (direct) dependencies does your main application have?

It would be interesting to know how many people had to check to see how many direct dependencies their application has. I’d bet it was the vast majority of you! You’re lucky I didn’t ask for direct and transitive dependencies too! In fact almost 1 in 4 respondents openly state they don’t know how many dependencies they have. This might be because of the way the application is distributed across a more complex build system. We can see from the results that fewer than 1 in 20 respondents don’t use any open source dependencies whereas the overwhelming 72% do. If we remove those who don’t know, we can see that 95%, or 19 of 20 respondents, use open source dependencies in their applications. This shows how far open source adoption has come as well as the need for us to ensure these third-party libraries provide security, quality and availability we require from our application as a whole.

blog/open-source-dependencies-number

Platform and Application Summary

  • Over 6 in 10 developers who use cloud platforms deploy on AWS

  • Over 4 in 10 developers use Containers

  • Over 4 in 10 developers use no CD tools whatsoever

  • Almost 6 in 10 developers also have front-end JavaScript in their application

  • Almost 1 in 4 developers also use Node in their application

  • 4 in 10 developers use Spring Boot

  • Over 1 in 2 developers use Hibernate in their applications

  • Almost 3 in 10 developers use Oracle Database in production

  • 4 in 10 developers use Tomcat in production

  • 1 in 4 developers have no idea how many OS dependencies their application brings in

  • 19 in 20 developers use open source dependencies in their application

There's more to this report! Which section do you want to read next?

  1. JVM Ecosystem report 2018 - About your JDK

  2. JVM Ecosystem report 2018 - About your Tools

  3. JVM Ecosystem report 2018 - About your Platform and Application

  4. JVM Ecosystem report 2018 - About your processes and you

DOWNLOAD THE JVM ECOSYSTEM 2018 REPORT!

Posted in:Application Security
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

Developer Security PlatformSnyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeCloud securitySoftware supply chain securityPricingDeployment optionsIntegrationsIDE pluginsWhat is Snyk?Snyk CLI

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersSnyk LearnVulnerability DatabaseSnyk OSS AdvisorCode snippetsVideos

Company

AboutCustomersCareersEventsSnyk ImpactSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal information

Connect

Book a live demoContact usSupportReport a new vuln

Security

JavaScript securityContainer SecurityKubernetes SecurityApplication SecurityOpen Source SecurityCloud SecuritySecure SDLCCloud Native SecuritySecure codingPython Code ExamplesJavaScript Code ExamplesCode CheckerPythonJavaScriptWebsite Scanner

© 2023 Snyk Limited
Registered in England and Wales

logo-devseccon