A recent survey of more than 400 professional developers worldwide explored their experiences with platform engineering tools across three critical domains: workflow automation, application delivery, and security and compliance management.
The technologies featured were selected by the Cloud Native Computing Foundation and its End User Community based on relevance and importance to the cloud-native landscape. The report rates tools on usefulness, defined as how well a technology meets project requirements, and maturity, which relates to its stability and reliability. Based on these ratings, usage, and recommendation likelihood, the technologies are categorized into three groups: Adopt, Trial, and Assess. ‘Adopt’ technologies are considered reliable for most use cases, ‘Trial’ tools are worth exploring for specific needs, and ‘Assess’ technologies require careful evaluation before deployment.
This research provides a crucial barometer for identifying which platform engineering tools are gaining momentum among professional developers and helps identify emerging patterns in technology adoption.
Technology Radar Highlights
The report highlights several key technologies positioned for adoption by cloud-native teams. In application delivery, Helm, Backstage, and kro are placed in the ‘adopt’ position on the technology radar. For workflow automation, a larger group of five technologies made the ‘adopt’ list: GitHub Actions, Armada, Buildpacks, Jenkins, and ArgoCD. Finally, the security and compliance management radar identifies Keycloak, Open Policy Agent (OPA), and cert-manager as ‘adopt’ technologies.Workflow Automation: Maturity and Philosophical Recommendations
The workflow automation category reveals a nuanced picture of reliability and developer sentiment. Armada received the highest maturity ratings, with 96% of familiar developers providing a 4- or 5-star rating. However, both GitHub Actions and the veteran tool Jenkins saw a higher proportion of 5-star ratings (45% and 47%, respectively). While Armada is viewed as a highly reliable and stable technology, GitHub Actions and Jenkins—which possess a substantially larger user base with higher tenure—are exceeding expectations for a greater proportion of their users. This near-universal high rating for Armada may suggest self-selection for users whose needs perfectly align with its features, yet it solidly secures its position as an ‘adopt’ technology.
In terms of recommendations, GitHub Actions is the clear leader, with 91% of developers recommending it, and more than half (53%) being ‘highly likely’ to recommend it, reflecting a highly satisfied developer audience driven by strong usefulness and maturity scores. Conversely, Jenkins illustrates a counteracting force: older tools may be seen as less interesting. Despite high maturity ratings and wide usage, its usefulness score was less impressive, which suggests developers may focus on its weaknesses or gaps compared to newer alternatives. This preference for newer tools is also reflected in the high recommendation score for Crossplane, which performs strongly on maturity but lower on usefulness. This indicates that developers are supporting the aspirational development philosophy of using Kubernetes APIs to handle everything, recommending the approach rather than just the current capabilities of the tool.Application Delivery and Supply-Chain Security Maturity
In application delivery, Helm maintains a firm leading position in maturity ratings (94% 4- or 5-star ratings, 49% 5-star). Notably, Helm is also the most widely adopted technology among application delivery tools (34%), confirming that its maturity is recognized across a broad developer audience. The relatively new tool, kro, secured the second-highest maturity rating. Its strong performance, composed primarily of 4-star reviews (56%), suggests developers view it as reliable and stable—likely due to its connection to the Kubernetes project—but are reserving 5-star ratings until it has more time to establish itself. kro also has the highest proportion of likely recommendations from those familiar with it, at 91%. This high level of recommendation seems to further reflect a user base that has a lot of hope and excitement about its future.
For security and compliance management, cert-manager leads on maturity with 87% of familiar developers giving a 4- or 5-star rating. This success points to its effective implementation approach as a critical yet invisible infrastructure component once configured. However, tools essential for supply-chain integrity show a broader hesitancy. in-toto ranks last in maturity (55% 4- or 5-stars) but receives no negative ratings, instead having a large proportion of 3-star ratings (45%). This suggests a ‘cautious neutrality’ possibly stemming from the deep pipeline integration required, leading developers to feel they lack sufficient hands-on experience to fully assess its stability. Sigstore, which provides infrastructure for tools like in-toto, also received a similarly low maturity rating. Combined, this indicates that the tooling in this critical security area may still be waiting to prove itself at scale in developers’ operations.
The report noted that Bank-Vaults is the technology that receives the highest proportion of recommendations in this category from those familiar with it, with 98% being either likely or highly likely to recommend it. BankVaults’ high recommendation rate likely reflects its captive audience among HashiCorp Vault users, for whom it is an almost automatic recommendation, given how significantly it simplifies an otherwise complex integration. Keycloak also sees a very high rate of recommendation, 95%, among those familiar with it. Keycloak has the largest number of users among the respondent developers and is a more established tool, particularly for enterprise solutions, for handling identity and access management both beyond and within Kubernetes environments. Given the wide adoption and utility across environments, developers are seeing many reasons to recommend it to others.
Platform Ownership and the AI Workflow Challenge
The survey also provided insights into organizational structures for internal platforms. The most common approach reported was having multiple teams collaboratively handle platform capabilities (41%). When it comes to managing the emerging challenge of AI workflows, most organizations are using a hybrid platform approach (35%).
However, the delegation of platform responsibilities creates stark differences in AI adoption strategy. For organizations where multiple teams handle the platform, a hybrid approach becomes significantly more common (46%), potentially because a single unified platform ownership is lacking. In contrast, developers working at organizations with a platform team that builds internal custom platforms are the only group most likely to have extended their current platform to support AI workflows (28% over 25% hybrid). These teams, with full control over their internal platform, are best positioned to integrate AI capabilities directly. They are also the least likely to develop a separate dedicated AI platform (11%), suggesting that fragmentation is incongruent with the ideal of a custom, unified system. Organizations that primarily curate third-party tools or allow individual team choice show a near-identical and split distribution across dedicated, hybrid, and vendor platforms. This suggests both groups are driven by specific developer requests for capabilities, rather than a broad philosophy of platform consolidation.
The survey was developed by SlashData, an AI analyst firm with 20 years of experience tracking software technology trends, with assistance from the Continuous Delivery Foundation.
