In this world, speed is critical, open source is everywhere, and security concerns are sometimes relegated to the back seat — which is why we’re once again examining the state of the open source software supply chain. Like previous reports, the 2018 State of the Software Supply Chain Report blends a broad set of public and proprietary data with expert research and analysis.

Key findings from the report include:

  • Read how high performing DevOps teams are using automation to reduce the risk of breaches.
  • Discover new forms of attack on OSS components that are accelerating the need for DevSecOps practices.
  • Learn how enterprises are automating OSS governance to prevent themselves from becoming the next Equifax.


2018 State of the Software Supply Chain