GitLab 4th Annual Global DevSecOps Survey Shows Developers Gaining More Control Over Infrastructure and Security

The fourth annual Global DevSecOps survey by GitLab, covering 3,700 software professionals, indicates a clear shift in responsibilities: nearly 70% of operations experts say developers can configure their own environments, and 35% of respondents report developers define or create the infrastructure their applications run on, with 14% also monitoring and responding to infrastructure events.

In security, over 25% of developers claim full responsibility, while 33% of security team members say they own security; 29% believe security is a shared responsibility across all roles.

DevOps maturity is growing, with 25% of organizations practicing DevOps for three‑to‑five years and 37% for one‑to‑three years. About 60% of respondents now deploy code multiple times per day, a 15% increase over the previous year. CI/CD platforms are used by 38% of respondents, with GitLab chosen by 59%, GitHub by 23%, and BitBucket by 11%; for builds, 60% use GitLab and 38% use Jenkins. Test automation is part of 29% of implementations, while 16% have adopted DevSecOps.

Microservices adoption is notable: roughly 40% of respondents use microservices partially, 26% fully, and 38% also employ Kubernetes.

Despite progress, challenges remain: 42% say testing occurs too late in the lifecycle, 47% view testing as the biggest DevOps bottleneck, and only 12% have fully automated testing. Security challenges persist, with 36% struggling to understand, handle, and fix discovered vulnerabilities, and 31% finding vulnerability prioritization difficult. Developers often receive vulnerability lists without context, learning of issues only after code merges.

The survey underscores that while organizations are delivering code faster and seeing ROI from DevOps investments, the ongoing challenge is delivering the right secure code at the right time.