The 5th annual DevSecOps community survey for 2018 from Sonatype reveals heightened interest in DevSecOps practices after the recent surge of high profile breaches as well as highlights security integration statistics among teams with mature DevSecOps workflows.

In this blog post, we’ll discuss some of the important findings from the survey of 2,076 IT professionals as well as introduce the Container Analyzer Service, a new Tripwire solution which directly ties into your DevOps pipeline.

Of organizations surveyed, 33% suffered verified breaches stemming from vulnerabilities in open source components or web applications within the last 12 months, a 121% increase since the survey began in 2014. These and other high profile breaches led 73% of respondents to affirm an increased interest in DevSecOps practices including increased investment and implementation.

So where is this increased investment going?

When respondents with mature DevOps practices were questioned about where in their DevOps cycle automated application security testing is performed, those answering “throughout the process” grew by a massive 35 percent. There was also an increase in automated security investment of 15% over 2017.  Answers for the design, development, test, pre-release, and production phases also grew between 12 and 30 percent year over year.

Another driver for increasing automated security in the software development lifecycle amongst many organizations was the drive to be compliant with the “secure by design” requirement of the European Union General Data Protection Regulation (GDPR), with 59% noting they are building more security automation into the pipeline.

These statistics show an increased awareness of the need for continuous security in the DevOps pipeline, and those with mature practices are rapidly adopting automated security in multiple DevOps phases. They are 338% more likely to integrate automated security than organizations with no DevOps.

One notable statistic is that 56% of (Read more...)