GitLab has released their 2023 Global DevSecOps AI report, with a key finding being that AI and ML use is evolving from a "nice-to-have" to a "must-have".
The report shows that 23% of organizations are already using AI in software development, and of those, 60% are using it daily. Furthermore, 65% of respondents said they are using AI and ML for testing now, or would be within the next three years.
83% of respondents said that it's essential to implement AI in software development to avoid falling behind. However, some 67% of security respondents were worried about the impact of AI/ML, for reasons such as AI/ML being more cost-effective than humans and making them obsolete, reducing the number of available jobs and potentially introducing errors that will make their jobs harder.
Whilst there is much focus on AI for helping to write code, this only represents a quarter of the time developers spend working. As the rest of the time is spent on other tasks, this suggests an opportunity for AI use to spread beyond writing code. 62% of respondents are using AI for checking code outside of the formal testing process, whilst 53% are using bots to test code. Both these numbers represent an year-on-year increase of over 10%.
Outside of AI and ML, other aspects of the report show that the use of DevOps and DevSecOps methodologies is rising - up from 47% to 56% since 2022. Furthermore, the study shows that DevSecOps is being de-silo'ed - with only 30% of respondents saying that they are completely responsible for security - down from 48% a year ago. 38% of security professionals believe they are part of a cross-functional team working on security, this was at 29% a year ago. There is however still some confusion between developers and security professionals on who should take the lead in addressing security concerns.
Momentum for shifting security checks left continues, with 74% of respondents now testing earlier in their SDLCs or planning to in the next three years, and there has been a significant increase in vulnerabilities being identified by developers whilst writing rather than later in the process. Organizations' top investment priority continues to be Cloud Computing, but with security, governance and compliance now the second-biggest concern.
Toolchain complexity continues to be an issue, with almost two-thirds of respondents wanting to simplify the tooling that they use, as roughly half of respondents have toolchains of six or more tools. Concerns raised were that this makes it harder to have an overall view of compliance and monitoring, and to draw insights across the toolchain.
Turning to motivation, the report highlights that improving developer productivity, release speed and business agility are the key reasons to scale DevSecOps practices. However, only 15% of respondents have seen a budget increase for DevSecOps over the last year. DevSecOps platforms continue to gain traction, with 72% of respondents using one or will be in the next year, with the main reasons being to increase efficiency, security and automation.
GitLab's Global State of DevSecOps AI report is downloadable from their website.