GitLab 2023 DevSecOps Survey Highlights Security Priorities, AI/ML Adoption, and Toolchain Integration Challenges

In March 2023, GitLab surveyed more than 5,000 IT leaders, CISOs, and developers from financial services, automotive, healthcare, telecom, and technology sectors to understand their successes, challenges, and priorities in implementing DevSecOps.

Amid an escalating global threat landscape, security remains the top priority for organizations.

DevSecOps teams increasingly recognize security as a shared responsibility, moving security left in the software development lifecycle so development, security, and operations can collaborate rather than work in silos.

71% of security professionals say a quarter or more of vulnerabilities are caught by developers, up from 53% in 2022.

38% of security professionals report being part of a cross‑functional, security‑focused team, up from 29% in 2022.

85% of security respondents say their budgets are flat or lower than in 2022, underscoring the need for efficiency.

AI/ML is advancing alongside DevSecOps platforms.

Artificial intelligence (AI) and machine learning (ML) have become key components of DevSecOps workflows. Developers using DevSecOps platforms are more likely to automate testing and employ AI/ML.

65% of developers say they are currently using or will use AI/ML in testing within the next three years.

62% of developers using AI/ML apply it to code review, up from 51% in 2022.

53% of developers using AI/ML employ bots for testing, up from 39% in 2022.

Toolchain management remains a persistent obstacle to developer productivity.

Developers and security experts continue to report spending excessive time on toolchain management, reducing the time available for critical tasks such as compliance.

66% of respondents plan to integrate their toolchains this year.

27% of security respondents find it difficult to monitor disparate tools consistently.

26% of security respondents struggle to derive consistent insights across integrated tools.

U.S. public sector reports stable efficiency but complex development toolchains.

Despite pressure to improve digital experiences, respondents from U.S. government entities note software development is slowing or stagnant. Encouragingly, over half are evaluating or purchasing DevSecOps solutions for the next one to three years.

75% of public‑sector respondents say their software deployment speed is the same or slower than in 2022.

44% report using six or more tools for development, with some using more than fifteen.

59% of U.S. government and aerospace/defense respondents want to integrate their toolchains.

Source: GitLab Seventh DevSecOps Report