Dimensional Data

Our 2022 Global DevSecOps Survey is out now! Learn the latest in DevOps insights from over 5,000 DevOps professionals. In our 2021 Survey, 4300 people told us about their successes and their challenges, but in some ways the biggest takeaway were the signs of a burgeoning DevSecOps maturity model. Somehow, when Covid and DevOps collided, big things started to happen particularly around DevSecOps. Yes, Virginia, there is a DevSecOps More teams are doing DevSecOps than ever before – and doing it well. Fully 72% of security professionals rated their organizations’ security efforts as “strong” or “good,” a significant increase from 59% the year before. This shows us that investments in security and the cultural shifts from DevOps to DevSecOps are paying off. That’s right, we’re shifting left Over 70% of security pros said their teams have shifted left and moved security earlier into the development lifecycle. So who’s in charge? That’s still an open question in this new DevSecOps maturity model. Almost 31% of security pros told us they were the ones in charge, but 28% said everyone that was responsible, almost identical to last year’s survey. And when it came to finding bugs, 77% of security pros admitted to being the exterminators in their org (not devs) after code is merged in a test environment. So how is it shifting left? While there are some conflicting responses (Devs! Security! Devs! Security!) – the truth is probably somewhere in the testing. The SAST and the furious In this new DevSecOps maturity model there is simply more testing (and that’s never a bad thing). Today, 53% of developers run SAST scans (a 13% increase from last year) and 44% run DAST scans (a 17% increase from last year). Better yet, over 50% of security pros report their devs scan containers, run dependency scans, and do license compliance checks. That’s all excellent news! So all testing issues are solved, right? Well, not exactly. Security testing remains a sticking point. While security pros agreed that their teams are shifting left, testing still happens too late in the process (over 42%), and it’s still was a struggle to fix vulnerabilities. While security is finding most of the bugs, almost 37% of them said it was tough to track the status of the bug fixes, and 33% said it was hard to prioritize the remediations. Finally, 32% said just finding someone to fix the problems was a headache too. In spite of everything thrown at them over the last year, DevOps teams are innovating and collaborating on problems like never before, and this year’s DevSecOps survey results are showing just how far we’ve come. Still, there are opportunities for growth and security challenges left to solve. Our 2022 GitLab DevSecOps Survey has the latest insights from over 5,000 DevOps professionals. Download the report and learn about the practices and processes that are shaping the way we deliver software. You can also compare it with previous year surveys Share on Facebook Share on Twitter Share on LinkedIn Share on Hacker News

Hello World! My name is Pj Metz and I’m the education evangelist at GitLab. My day job involves working with universities across the globe to help faculty and students learn to use GitLab for educational or research purposes. Currently, my code experience is limited to C# and JavaScript, with some HTML and CSS in there for good measure. However, one of the most popular languages in the education community is Python, so I decided to jump in and teach myself Python to better connect with my community members. I’ll be learning on Codecademy, an online interactive learning platform that offers a variety of languages and career path curriculums, both free and paid. It’s where I started learning to code back in 2020 so I’m already comfortable with it’s format and curriculum style. Every few weeks you’ll see what I’ve learned and how I’ve applied that new knowledge. I’ll discuss the basics of writing in Python and show off some of what I’ve done. I’m still relatively new to writing code in general, so expect to see this through the eyes of a beginner — not just a Python beginner, but coding in general. I might even make a mistake in my descriptions/explanations. Let’s jump in! 🐍 First lessons The first few lessons involved writing a “hello world” and changing the value of a premade variable. I moved on to writing my own variables and experimenting with several different types, including ints, strings, and floats. I learned that you can change a variable after defining it, similar to many languages, and that you can even change the type; the most recently defined type will be the one used at run time. Concatenation works similarly to other languages: using a plus sign to combine variables. I did some reading ahead and learned about f-strings as an easy method of concatenating strings. I’m used to doing something similar in JavaScript for my Twitter bots, so this felt important to know. I also learned how to do some control flow through if, elif, and else. The logic remains the same, but conventions are a bit different. I’m used to writing an if statement like this in JavScript. if(partyRock === ‘in the house tonight’) { everybody = ‘have a good time’ console.log(`Party rock ${partyRock} everybody just ${everybody}`) } else { everybody = ‘sad party rock noises’ console.log(everybody) } In Python, there are no curly braces. Rather, a colon and indent takes care of that work. if partyRock == ‘in the house tonight’: everybody = ‘have a good time’ print(f”Party Rock is {partyRock} everybody just {everybody}”) else: everybody = ‘sad party rock noises’ print(everybody) Initial thoughts I like the readability of Python. It’s a little less cluttered, but I remember being very excited about curly braces when I first learned them. Using them for functions and methods and the like always made me feel like a “real programmer” when I was first starting. That being said, Python syntax is coming along naturally for me. Something that’s different for me is the way Python has you initialize variables. C# is a statically typed language, meaning that part of defining a variable is saying what type of variable it is (int, string, float, etc.). Python does not require you to define the type, it will simply know at […]

The last few years have seen an explosion in artificial intelligence, machine learning, and other types of projects. Companies like Hugging Face and applications like DALL-E 2 have brought to the mainstream what the power of AI/ML can bring to the next generation of computing and software. As every company has become a software company over the last few decades, the ability to innovate and leverage the ever-growing amount of data that organizations have access to have become where enterprises turn to compete. However, a lot of AI/ML projects get stalled from several challenges that may seem familiar to software professionals who have been around since the early days of DevOps.  Adoption and optimization of artificial intelligence and machine learning have been hampered by a lack of repeatability for experiments, a disparity of tools and information silos, and a lack of team collaboration. A new model for data modeling One of the first ways to look at this problem is to make sure that the mental model is in place to allow the team to reason about both the strategic vision for AI/ML at your organization. And once that has been established, also think about the tactical “jobs to be done” to lay the foundation for that work. Strategically, there are many teams that have to come together for a successful AI/ML program. First, the data has to both be acquired and transformed into a usable set of clean data. Often referred to as “DataOps” this involves the typical “ETL” or extract, load, transform processes data has to go through to be useful for teams. From there, you have to productionize the data workloads through MLOps – the experimentation, training, testing, and deployment of meaningful models based on the extracted and transformed data. And once those two steps are complete, you can finally understand how to make production use cases for your data. You can use AI Assisted features to focus on improving user experiences, for financial forecasting, or for general trends and analysis of various parts of your business. Given the complexity of this value chain, the various teams and skills involved, and the current mishmash of tooling, there is a lot that teams can learn from the history of DevOps as they tackle these problems. DevOps and AI/ML Much like the various stages of obtaining and applying AI/ML for business uses, software development consists of many varied steps with different teams and skills sets to achieve the business goals outlined. That is why years ago, folks came up with this concept of “DevOps”– combining teams and having them work together in a cycle of continuous improvement towards the same goals – to combat silos and inefficiencies. Data science teams are using specialized tools that don’t integrate with the existing software development lifecycle tools they already use. This causes teams to work in silos, creating handoff friction and resulting in finger-pointing and lack of predictability. Businesses and software teams often fail to take advantage of data, and it takes months for models to get into production by which time they may be out of date or behind competitors.  Security and data ethics are frequently treated as an afterthought. This creates risk for organizations and slows innovation. Learning from the past If the past decades of “DevOps” evolution have taught […]