Highlights:

  • Google Cloud and DORA have released the Accelerate State of DevOps study for the past eight years, gathering input from 33,000 experts along the way.
  • Google Cloud discovered in 2021 that safeguarding the software supply chain is crucial for achieving several significant outcomes. This year’s study delved further into software supply chain security, elevating it to the report’s major focus.

Google Cloud and DORA have been releasing the Accelerate State of DevOps study for the past eight years, gathering input from 33,000 experts along the way. The research focuses on determining how particular skills and practices predict the outcomes that we consider fundamental to DevOps: Software delivery performance, operational performance, and organizational success. It also focuses on the causes behind other outcomes, such as burnout and team satisfaction.

Google Cloud discovered in 2021 that safeguarding the software supply chain is crucial for achieving several significant outcomes. This year’s study delved further into software supply chain security, elevating it to the report’s major focus.

High-trust, low-blame cultures with an emphasis on performance were substantially more likely to embrace new security practices than low-trust, high-blame cultures with a focus on authority or regulations, according to the report’s findings.

A second significant result of the paper is that cloud utilization is predictive of organizational effectiveness. Companies whose software was initially developed for and on the cloud tend to have superior organizational performance. Those that utilize several public clouds are 1.4 times more likely than those who do not have above-average organizational performance.

It also uncovered early indications that security scanning successfully identifies susceptible dependencies, resulting in fewer security flaws in production code.

In light of these data, the paper finds that adopting secure application development approaches was also associated with extra advantages.

  • DevOps teams who prioritize implementing these security measures experience less developer fatigue; teams with low-security procedures have 1.4 times the likelihood of experiencing high levels of developer burnout compared to groups with high levels of security.
  • Teams prioritizing creating security processes are far more likely to recommend themselves to others.
  • Supply-chain Levels for Secure Artifacts (SLSA)-related security policies favorably predict both organizational performance and software delivery performance, although this impact cannot ultimately emerge without robust continuous integration capabilities.