Key Findings from the 2022 Accelerate State of DevOps Report: Software Delivery, Organizational Performance, and Software Supply Chain Security

In the past eight years, the Accelerate State of DevOps report has surveyed about 33,000 professionals to examine the capabilities and practices that predict core DevOps outcomes.

The report focuses on four key software delivery performance metrics—deployment frequency, lead time for changes, change failure rate, and time to restore service—plus a fifth metric of reliability for operational performance, and organizational performance measured by achievement of business goals.

It also investigates factors such as employee burnout, team recommendation likelihood, and the importance of protecting the software supply chain.

In 2021 the study identified software supply chain protection as critical to achieving major outcomes, and in 2022 it placed software supply chain security at the center of the investigation, using the Supply Chain Levels for Secure Artifacts (SLSA) framework and the NIST Secure Software Development Framework (SSDF) to explore related technical, process, and cultural practices.

The findings show that the strongest predictor of an organization’s application security practice level is culture—specifically a “high‑trust, low‑blame” culture, which outperforms a “low‑trust, high‑blame” culture by 1.6‑times. Early evidence also suggests that pre‑deployment security scanning effectively uncovers vulnerable dependencies.

Teams that prioritize security practices experience lower developer burnout (1.4‑times lower) and are more likely to recommend their teams. SLSA‑related practices positively predict organizational performance and software delivery efficiency, but only when strong continuous integration capabilities are present.

Key drivers of organizational performance include culture and team support, reliability engineering practices, and cloud usage. Organizations that adopt cloud (public, private, hybrid, or multi‑cloud) tend to achieve higher performance, and public‑cloud users are more likely to implement SLSA practices.

The report emphasizes that high software delivery performance benefits organizational outcomes only when operational reliability is also high, and that implementing SLSA controls yields positive effects on delivery performance only with robust CI pipelines.

Site Reliability Engineering (SRE) practices show a non‑linear impact on reliability goals; benefits appear after teams reach a certain SRE maturity level, after which reliability improves and further boosts organizational effectiveness.

Overall, continuous improvement, benchmarking, and experimentation are essential for teams to enhance software development practices, increase organizational performance, and mitigate burnout, while recognizing that what works for one team may not work for another.