Once again this year, I was fortunate to be a contributor to Puppet’s State of DevOps Report. Working on this report is always enlightening, and I’ve used this research over the last 8 years to learn about the state of the industry, what works in practice, and where organizations are stalling out and having issues.


Thefull report is now available要阅读,但我想召唤一些发现和模式,因为我们建立了问题并进行了数据分析。

First off, the progress of real teams shows that security and DevOps are not two entirely separate goals. In fact, the evolution of security posture mapped very cleanly onto the DevOps evolution model first created in the 2018 State of DevOps Report. Based on the security milestones extracted from the thousands of responses to build that model, it became clear that DevOps done right includes security, and that the reverse is true as well: by improving security posture in a meaningful way, teams can’t help but be more collaborative.


These practices can’t be achieved overnight, however. While valuable, they take time to solidify and require trust between security experts and delivery teams. Teams often get started with integrating security into their SDLC practices withtesting, and CircleCI can help with that. Tests in service of security can be things like static analysis, dependency checking and management, OWASP vulnerability management, and regression suites. You can perform all of those types of tests with yourCircleci工作流程, and we even haveorbs成为一种催化剂,它将您的遗传驱逐到持续的安全实践中。

One more key theme I observed was that being in the中间of an evolution with security is difficult. When you’re spending as little time and effort as possible on security, it feels pretty easy. When you’re really good at it and it’s fully integrated, it’s sophisticated, but smooth. In the middle stages, where you’ve identified improvements to make, found gaps, but haven’t yet created solutions or reworked process to accommodate security practices, there may be a lot of friction and even a feeling that things are getting worse. It’s a classic Dunning-Kruger effect, and it shows up with security evolution as well.


  1. 认识到完美的进展。这通常是有很大影响的简单事情。
  2. 一旦处理了那些,就会介绍安全和交付团队的协作工作。
  3. 最终,安全性应包括在软件通过系统的方式中包含。


I hope you enjoy the2019 State of DevOps report充满安全的善良,我们的朋友在傀儡,Splunk和我们所有人都在Circleci陪伴着你。

2019年 -  Devops-Report-emponsor-Infographic.png