Security in the CI-CD Public Version

	A	B	C	D	E	F	G	H	I	J	K	L	M	N	O	P	Q	R	S
1	Respondent ID	End Date	Q1 - Does your organization assess the security of its CI/CD pipeline as an integrated entity as opposed to just the artifacts that the pipeline builds?	Q2a - Q2a - Application Development	Q2b - DevOps and/or Application Management	Q2c - IT Operations and/or Site Reliability Engineering	Q2d - Information Security	Q2e - Quality Assurance	Q2f - Don’t know	Q2g - We do not have a CI/CD pipeline	Q2h - Other (please specify)	Q3a - Static application security testing (SAST)	Q3b - Dynamic application security testing (DAST)	Q3c - Dependencies	Q3d - Containers	Q3e - Container images	Q3f - License compliance	Q3g - None of the above	Q4 - Should the percentage of software component dependencies that are out-of-date (i.e., a newer version has been released) be a performance metric for DevOps teams?

2	11503743284	4/14/2020	No	Application Development	DevOps and/or Application Management		Information Security					Static application security testing (SAST)		Dependencies	Containers				Yes
3	11503746801	4/14/2020	Yes	Application Development	DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security	Quality Assurance						Dependencies	Containers	Container images	License compliance		Yes
4	11503844154	4/14/2020	Yes		DevOps and/or Application Management			Quality Assurance			the team on mars	Static application security testing (SAST)		Dependencies		Container images			Yes
5	11505004729	4/15/2020	Yes	Application Development	DevOps and/or Application Management									Dependencies	Containers				Don't know
6	11505094552	4/15/2020	Yes				Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)		Containers	Container images			Yes
7	11505620996	4/15/2020	Yes	Application Development	DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security	Quality Assurance									License compliance		No
8	11505757490	4/15/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering								Dependencies	Containers	Container images	License compliance		Yes
9	11505790775	4/15/2020	Don’t know		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)					License compliance		Don't know
10	11505946526	4/15/2020	No	Application Development	DevOps and/or Application Management		Information Security					Static application security testing (SAST)		Dependencies		Container images	License compliance		Yes
11	11505963511	4/15/2020	Don’t know						Don’t know									None of the above	No
12	11505967940	4/15/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security						Dynamic application security testing (DAST)			Container images			Yes
13	11505971973	4/15/2020	Yes		DevOps and/or Application Management		Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies		Container images			Yes
14	11506026496	4/15/2020	Don’t know	0.9240506329			Information Security									Container images			Yes
15	11506027670	4/15/2020	No					Quality Assurance										None of the above	Yes
16	11506039817	4/15/2020	Don’t know				Information Security											None of the above	No
17	11506044289	4/15/2020	Yes	Application Development			Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)						Don't know
18	11506049074	4/15/2020	We do not have a CI/CD pipeline						Don’t know								License compliance		Yes
19	11506060424	4/15/2020	No		DevOps and/or Application Management		Information Security											None of the above	No
20	11506064583	4/15/2020	No						Don’t know						Containers				Yes
21	11506110828	4/15/2020	No				Information Security									Container images			Yes
22	11506128769	4/15/2020	Yes			IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)		Containers	Container images			Yes
23	11506131295	4/15/2020	Yes		DevOps and/or Application Management									Dependencies					No
24	11506198769	4/15/2020	Yes	Application Development	DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering						Static application security testing (SAST)							Yes
25	11506257029	4/15/2020	Yes		DevOps and/or Application Management		Information Security					Static application security testing (SAST)							Yes
26	11506281625	4/15/2020	Yes				Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)		Containers	Container images	License compliance		Yes
27	11506298289	4/15/2020	Yes		DevOps and/or Application Management		Information Security					Static application security testing (SAST)		Dependencies		Container images	License compliance		Yes
28	11506444637	4/15/2020	Yes	Application Development								Static application security testing (SAST)		Dependencies			License compliance		Yes
29	11506454875	4/15/2020	No		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering								Dependencies	Containers	Container images			Yes
30	11506517154	4/15/2020	No				Information Security					Static application security testing (SAST)							Yes
31	11506664630	4/15/2020	No	Application Development			Information Security					Static application security testing (SAST)							Yes
32	11507177504	4/15/2020	We do not have a CI/CD pipeline							We do not have a CI/CD pipeline			Dynamic application security testing (DAST)						Yes
33	11507207566	4/15/2020	Yes	Application Development			Information Security	Quality Assurance				Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies		Container images	License compliance		No
34	11507383350	4/15/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)			Containers	Container images			Yes
35	11507704407	4/16/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images			Yes
36	11507789060	4/16/2020	Yes		DevOps and/or Application Management		Information Security					Static application security testing (SAST)		Dependencies		Container images	License compliance		Yes
37	11507810654	4/16/2020	We do not have a CI/CD pipeline							We do not have a CI/CD pipeline		Static application security testing (SAST)							No
38	11507918315	4/16/2020	Yes	Application Development		IT Operations and/or Site Reliability Engineering	Information Security											None of the above	Yes
39	11508059706	4/16/2020	Yes	Application Development			Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)		Containers	Container images	License compliance		Yes
40	11508106467	4/16/2020	Yes			IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)						Yes
41	11508211371	4/16/2020	Yes		DevOps and/or Application Management							Static application security testing (SAST)		Dependencies					No
42	11508254916	4/16/2020	We do not have a CI/CD pipeline						Don’t know						Containers				Don't know
43	11508296925	4/16/2020	Don’t know	Application Development								Static application security testing (SAST)							Don't know
44	11508464550	4/16/2020	Yes	Application Development	DevOps and/or Application Management									Dependencies	Containers	Container images			Yes
45	11508562191	4/16/2020	No								Delivery Platform Engineering							None of the above	Yes
46	11508817393	4/16/2020	Don’t know		DevOps and/or Application Management							Static application security testing (SAST)		Dependencies					No
47	11509439564	4/16/2020	No			IT Operations and/or Site Reliability Engineering							Dynamic application security testing (DAST)						Yes
48	11510046306	4/16/2020	No				Information Security									Container images			Yes
49	11510494357	4/16/2020	Yes	Application Development	DevOps and/or Application Management							Static application security testing (SAST)		Dependencies					Yes
50	11510727926	4/16/2020	Yes		DevOps and/or Application Management		Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images			Yes
51	11512942141	4/17/2020	Yes				Information Security							Dependencies					No
52	11513288916	4/17/2020	Yes	Application Development			Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)			Container images			Yes
53	11513502414	4/17/2020	No		DevOps and/or Application Management		Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)						Yes
54	11515807359	4/18/2020	No		DevOps and/or Application Management		Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images	License compliance		No
55	11519515593	4/20/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering							Dynamic application security testing (DAST)			Container images			Yes
56	11520418912	4/20/2020	Yes	Application Development			Information Security					Static application security testing (SAST)		Dependencies		Container images	License compliance		Yes
57	11520733768	4/20/2020	Yes				Information Security							Dependencies					Yes
58	11524111455	4/21/2020	Yes	Application Development	DevOps and/or Application Management													None of the above	Yes
59	11524751295	4/21/2020	No	Application Development								Static application security testing (SAST)		Dependencies	Containers	Container images	License compliance		Yes
60	11532210034	4/23/2020	No			IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images			Yes
61	11534886595	4/24/2020	Yes	Application Development	DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images			Yes
62	11534933343	4/24/2020	Yes			IT Operations and/or Site Reliability Engineering							Dynamic application security testing (DAST)						Don't know
63	11535244528	4/24/2020	No	Application Development		IT Operations and/or Site Reliability Engineering												None of the above	Yes
64	11536141624	4/24/2020	No							We do not have a CI/CD pipeline								None of the above	Yes
65	11536658195	4/24/2020	No		DevOps and/or Application Management							Static application security testing (SAST)	Dynamic application security testing (DAST)						Yes
66	11537185044	4/25/2020	Yes				Information Security								Containers	Container images			Yes
67	11539568951	4/26/2020	Yes	Application Development	DevOps and/or Application Management		Information Security	Quality Assurance				Static application security testing (SAST)	Dynamic application security testing (DAST)						Yes
68	11540124107	4/26/2020	Yes								We don't have a scan-related tool.							None of the above	No
69	11541782950	4/27/2020	No				Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images	License compliance		Yes
70	11548862300	4/29/2020	No							We do not have a CI/CD pipeline			Dynamic application security testing (DAST)						Yes
71	11549141199	4/29/2020	Yes	Application Development	DevOps and/or Application Management							Static application security testing (SAST)					License compliance		Don't know
72	11555951338	4/30/2020	No	Application Development	DevOps and/or Application Management							Static application security testing (SAST)		Dependencies					Yes
73	11557937072	5/1/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)	Dependencies	Containers	Container images	License compliance		Yes
74	11557979526	5/1/2020	Yes	Application Development	DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering									Containers	Container images	License compliance		Yes
75	11558054167	5/1/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)						Yes
76	11567074927	5/5/2020	Yes	Application Development	DevOps and/or Application Management		Information Security							Dependencies	Containers	Container images			No
77	11567858484	5/5/2020	No	Application Development	DevOps and/or Application Management		Information Security					Static application security testing (SAST)	Dynamic application security testing (DAST)		Containers	Container images	License compliance		Yes
78	11568520929	5/5/2020	Yes		DevOps and/or Application Management	IT Operations and/or Site Reliability Engineering	Information Security								Containers	Container images	License compliance		No
79	11569071353	5/5/2020	No			IT Operations and/or Site Reliability Engineering						Static application security testing (SAST)				Container images			Yes
80	11569337413	5/5/2020	No		DevOps and/or Application Management										Containers	Container images	License compliance		Yes
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100