We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source
        Avoid vulnerable dependencies
      • Snyk Code
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
    • Platform
      • What is Snyk?
        See Snyk’s developer-first security platform in action
      • Developer Security Platform
        Secure all the components of the modern cloud native application in a single platform
      • Security Intelligence
        Access our comprehensive vulnerability data to help your own security systems
      • License Compliance Management
        Manage open source license usage in your projects
    • Self-paced security education with Snyk Learn
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Self-paced security education with Snyk Learn
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
EcosystemsOpen Source

JVM Ecosystem report 2018 – About your Platform and Application

Andrew Binstock
Simon Maple, Andrew BinstockOctober 17, 2018

Welcome to the largest survey ever of Java developers. The data presented in the following report was taken from more than 10,200 questionnaires. If you were one of those survey-takers, many thanks to you for putting aside the time to share your experience for the benefit of others.

This report is split into four posts:

  1. JVM Ecosystem report 2018 – About your JDK
  2. JVM Ecosystem report 2018 – About your Tools
  3. JVM Ecosystem report 2018 – About your Platform and Application
  4. JVM Ecosystem report 2018 – About your processes and you

We also have a lovely handcrafted pdf report which contains all of this information in one downloadable place.

DOWNLOAD THE JVM ECOSYSTEM 2018 REPORT!

About your platform

 

15. Which cloud platforms do you use?

From our data, we can say that 57% of respondents use a cloud platform of some sort.

If we consider only the set of respondents who do use cloud platforms, we can see Amazon Web Services (AWS) leading the pack with almost two-thirds of the votes. Microsoft Azure and the Google Cloud Platform are next, taking 18% and 20% respectively; and Red Hat OpenShift and Oracle Cloud are making inroads.

Cloud platform popularity, including Amazon AWS, Google Cloud Platofrm, Azure, OpenShift, Oracle Cloud, IBM Cloud, Cloud Foundry, Pivotal Cloud Foundry

16. Which cloud approaches do you use?

Containers lead the way on 43%, while VMs stay in the game pretty at 33%. As a relatively new technology, Serverless/Fass comes in strongly, with almost 1 in 10 respondents adopting this approach. PaaS, which has been around a lot longer, sits on a similar split at 10%. 1 in 3 respondents don’t use any cloud approach at all.

Cloud approaches, including VMs, containers, Serverless, FaaS, PaaS

17. Which continuous deployment or release automation tools do you use?

Almost 1 in 2 respondents don’t use any continuous deployment or release automation tools whatsoever. This might even be higher, as almost 1 in 5 don’t have any idea which tools are used in CD or release automation. It’s somewhat surprising to see bash as popular as Chef and Puppet. Actually, whom are we kidding?–Everyone loves bash! Ansible is the leading CD tool at 16%.

Continuous Deployment CD tools, including Ansible, Bash, Chef and Puppet

About your Application

 

18. Which other (non-JVM) languages does your application use?

In today’s polyglot world, it would be naive to assume that JVM languages are the only languages used in JVM apps. In fact, more than half of JVM applications use front-end JavaScript as well, 1 in 5 use Python, and almost 1 in 4 use Node.js. As you’d expect, many projects use SQL as well.

Alternate languages used in Java applications, including JavaScript, SQL, Node, Python, C, PHP and Go

19. Which Web Frameworks do you use?

Few words can better express the Spring domination in the Java ecosystem than this graph. With 4 in 10 developers using Spring Boot in their applications, it’s interesting to see it has overtaken the Spring MVC framework for the first time. JSF is the closest entrant with a respectable 19% and Struts, despite a constant stream of Remote Code Execution vulnerabilities in the news, is a strong fourth with almost 1 in 10 developers adopting it. More than 1 in 5 developers likely boast about how small their applications are, not needing a web framework at all.

JVM Java Web Frameworks, including Spring Boot, Spring MVC, JSF, GWT, Vaadin and Play

20. Which ORM frameworks do you use?

More than 1 in every 2 developers use Hibernate in their applications. Almost 1 in 4 developers are happy with plain old JDBC, and Spring developers of course have the option of using Spring JDBC template, which is used by 23%. 1 in 5 developers don’t use any ORM framework whatsoever to access their data. (Developers could choose more than one answer, so totals do not equal 100%).

ORM provider popularity, including Hibernate, Plain JDBC, Spring JDBC template Eclipse Link, MyBatis

21. Which database do you use in production?

Once again, Oracle Database takes the top spot with almost 3 in 10 applications using it in production. MySQL and PostgreSQL are strong competitors taking 21% and 20%, respectively. MongoDB is the highest NoSQL database in use, with 5%.

Database popularity, including Oracle Database, MySQL, PostgreSQL, MS SQL, MongoDB, DB2, Cassandra, H2, Redis

22. Which application server do you use in production for your main application?

More than 4 in 10 respondents use Tomcat as their application server of choice. The fast, lightweight, open source, community favorite has led the pack for a long time now, and it doesn’t look like that’s going to change any time soon. JBoss and Wildfly are not too far behind at 15%. In the larger enterprise app server category, WebLogic has a slight lead over WebSphere. The “Other” category contains TomEE and Liberty Profile at 1% each, which lead that group.

Application Server popularity, including Tomcat, JBoss, WildFly, Jetty, WebLogic, WebSphere, Glassfish

23. Do you develop on the same application server you use in production?

Despite the obvious dangers, more than one-third of respondents develop on a different server from the one they use in production–trading the possible cost of failures for the convenience. Surprisingly, those who state they use different application servers (or none) in development, actually have a wide variety of apps and servers in production. We were expecting mostly the larger monolith-suited app servers that could cause developers pain to use locally, but the ratios were comparable.

24. How many open source (direct) dependencies does your main application have?

It would be interesting to know how many people had to check to see how many direct dependencies their application has. I’d bet it was the vast majority of you! You’re lucky I didn’t ask for direct and transitive dependencies too! In fact almost 1 in 4 respondents openly state they don’t know how many dependencies they have. This might be because of the way the application is distributed across a more complex build system. We can see from the results that fewer than 1 in 20 respondents don’t use any open source dependencies whereas the overwhelming 72% do. If we remove those who don’t know, we can see that 95%, or 19 of 20 respondents, use open source dependencies in their applications. This shows how far open source adoption has come as well as the need for us to ensure these third-party libraries provide security, quality and availability we require from our application as a whole.

How many Open Source dependencies do you use?

Platform and Application Summary

  • Over 6 in 10 developers who use cloud platforms deploy on AWS
  • Over 4 in 10 developers use Containers
  • Over 4 in 10 developers use no CD tools whatsoever
  • Almost 6 in 10 developers also have front-end JavaScript in their application
  • Almost 1 in 4 developers also use Node in their application
  • 4 in 10 developers use Spring Boot
  • Over 1 in 2 developers use Hibernate in their applications
  • Almost 3 in 10 developers use Oracle Database in production
  • 4 in 10 developers use Tomcat in production
  • 1 in 4 developers have no idea how many OS dependencies their application brings in
  • 19 in 20 developers use open source dependencies in their application

There’s more to this report! Which section do you want to read next?

  1. JVM Ecosystem report 2018 – About your JDK
  2. JVM Ecosystem report 2018 – About your Tools
  3. JVM Ecosystem report 2018 – About your Platform and Application
  4. JVM Ecosystem report 2018 – About your processes and you

DOWNLOAD THE JVM ECOSYSTEM 2018 REPORT!

Log4Shell resource center

We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.

Browse Resources
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom