IntelliJ IDEA dominates the IDE market with 62% adoption among JVM developers
5 de fevereiro de 2020
0 minutos de leituraWelcome to our annual JVM ecosystem report! This report presents the results of the largest annual survey on the JVM ecosystem, showing results from the survey gathering over 2000 responses in the second half of 2019. We would like to thank everyone who participated and offered their insights on Java and JVM-related topics.
This report is split into six posts:
36% of developers switched from Oracle JDK to an alternate OpenJDK distribution, over the last year
64% of developers report that Java 8 remains the most often used release
Kotlin overtakes Scala and Clojure, to become the 2nd most popular language on the JVM
Spring dominates the Java ecosystem with 60% using it for their main applications
IntelliJ IDEA dominates the IDE market with 62% adoption among JVM developers
We also have a lovely handcrafted pdf report which contains all of this information in one downloadable place.
Which is the main Integrated Development Environment (IDE) you are using?
The results we see in the graph below are consistent with other recent surveys — IntelliJ IDEA is the most widely used IDE within the JVM community.According to our survey, 62% of developers use theCommunity and Ultimate versions of IntelliJ IDEA, making it today's dominant IDE among developers on the JVM.
Apache NetBeans remains steady in 3rd place with20% of the market —roughly the same numbers as last year. However, when we look further down the list, it is surprising to see that the VS Code adoptionbarely grew, compared to last year. Despite beingconsidered as one of the favoured IDEs in otherecosystems, it seems that VS Code does not sharethe same popularity among JVM developers.
In fact, even the VI/Vim/Emacs adoption is bigger than that of VS Code. These results bring to the surface a group of developers who, apparently, don't like IDEs. Are these real die-hard coders or do they feel smarter typing everything manually? In either case, we're not judging! :)
The support for a long list of out-of-the-box features, as well as the native support for Kotlin, have contributed to IntelliJ IDEA's rising popularity, With the Eclipse IDE dropping from 38% last year to only 20% this year, the gap between IntelliJ IDEA and Eclipse IDE is getting larger. Taking into account that, prior to 2016 (results kindly used from RebelLabs reports), Eclipse was the most used IDE, it becomes evident that folks over at JetBrains did a good job improving their software to fit the needs of JVM developers.
Which build tool do you use for your main application?
It is possible that teams depend on multiple build systems for different projects. So, for this question, we allowed only one answer, since we wanted to have a look at the one build tool developers use the most for their main application and compare it to the historical data (again, used from previous RebelLabs and Snyk reports) in order to reveal any trends.
Maven is still number one, with two thirds of the share and a slight increase since last year. The runner-up, Gradle, shows the same rate of growth as its competition, Maven. So, is the “war” between build systems over or are we just taking a break?
Using the Maven Snyk plugin, you can scan your application each time you build to ensure you’re not using direct or transitive dependencies containing known vulnerabilities.
Which CI server do you use?
As most Java developers would expect, Jenkins wins the CI server race with a whopping 58%market share. Between Jenkins and the second most selected option, which was “none”, we see a huge gap. Although the amount of people who don't use any CI server is much smaller compared to last year, it is still surprisingly high.But why do people choose to not use CI servers? That's an interesting question to ask developers in future surveys!
The nearest competitors to Jenkins are GitLab with 6% and TeamCity with 5%.
You can test for known vulnerabilities in your application during each CI run, by adding the Snyk plugin for Jenkins. This ensures you don’t mistakenly push code with known vulnerabilities through to production.
Which code repository do you use for your main application?
It is possibly surprising for people to hear that GitLab is the winner of this battle. With 35% in total market share, it has a small advantage over GitHub in second place with 31%. We also notice that the public use of GitLab is lower, mostly because they have been offering private repositories for a long time. On top of that, GitLab offers a lot more than just a repository, including a CI pipeline. However, taking into account the responses to the previous question, this is unlikely to be the reason for using GitLab over GitHub.
You can also add Snyk dependency scanning into your GitHub repository so that every pull request is tested to ensure you don’t include new known vulnerabilities or bad licenses in your open source dependencies.
When do you scan your dependencies for known vulnerabilities?
Scanning your dependencies for known vulnerabilities is the wisest thing to do! It is crucial to know if the code someone else produced is safe to use. Once a vulnerability is discovered, the list of potential victims is extensive, depending on how widely that particular package is used. If a vulnerability is already disclosed, there's a good chance that a fix is already available in a newer version of the package. However, if a developer is still using an older version, unaware of the existing security issue or its fix, they are vulnerable without knowing it.
According to our survey, 30% of the respondents scan their dependencies for known vulnerabilities as part of the CI/CD pipeline. Using these scans asa gatekeeper before production deployment, is a good start.
However, scanning in multiple places during development, for example, on your local machine (16%) or when a PR is published (9%), helps to identify problems earlier.
Discovering issues later in the software development life cycle (SDLC), often means that there's a significant amount of rework to be done in order to fix it.
Having said that, it is surprising to see that only 8% of the respondents monitor their applications during production. Discovering vulnerabilities happens over time, therefore, monitoring a production snapshot on a regular basis is the wise thing to do. Something even scarier to witness is that 28% of the participants do not scan their dependencies for known vulnerabilities. Hopefully, the explanation behind this percentage is that, these developers do not use any dependencies in their current application. Nobody wants to be the next Equifax, right?
There’s more to this report! Which section do you want to read next?
36% of developers switched from Oracle JDK to an alternate OpenJDK distribution, over the last year
64% of developers report that Java 8 remains the most often used release
Kotlin overtakes Scala and Clojure, to become the 2nd most popular language on the JVM
Spring dominates the Java ecosystem with 60% using it for their main applications
IntelliJ IDEA dominates the IDE market with 62% adoption among JVM developers