2026 State of the Software Supply Chain Report

Software supply chains have hit machine scale. In 2025, the world did not just build more software. It reused more of it, more often. That scale is bending the ecosystem in predictable ways. Open source registries, now largely serving as the internet’s critical infrastructure, are under sustained strain. Synthetic traffic and redundant downloads inflate the commons, and attackers increasingly treat open source as a delivery channel, not an afterthought.

open source malware packages logged by Sonatype since 2019

Trillion

downloads across Maven Central, PyPI, npm and NuGet

recommended dependency upgrade hallucination rate observed with leading LLM

of open source CVEs were left without CVSS by the NVD

Growth Meets Gravity: Automated builds, ephemeral environments, and larger dependency graphs drive repeat pulling at enormous scale. Registry infrastructure is now critical plumbing, and the cost of operating the commons rises faster than most stakeholders realize.

Synthetic Growth is Not the Same as Innovation: Spam publishing, malware floods, and CI/CD misconfigurations can inflate downloads and releases without adding value. The result is wasted bandwidth, higher operating costs, noisier signals, and a larger attack surface.

Open Source Malware is a Nation-State Business Model: Attackers are exploiting high-trust open source ecosystems. Malware campaigns are increasingly optimized for developer workflows, targeting credentials, CI secrets, and build environments. State-linked activity shows that these tactics are not just opportunistic, they are strategic.

Vulnerability Intelligence is Failing at the Moment it Matters Most: Teams are trying to prioritize risk, but basic vulnerability data is often missing, late, or wrong. That creates triage failure, false confidence, and wasted effort. When the intelligence layer breaks, security programs cannot reliably separate what is urgent from what is noise.

Avoidable Vulnerability Consumption Persists: Even when fixes exist, vulnerable versions continue to be downloaded at scale. Set-and-forget dependencies, transitive sprawl, and upgrade friction keep old risk flowing into new builds. The problem is not awareness. It is workflow inertia and unclear ownership.

AI Accelerates Both Productivity and Security Risk: AI-assisted development is increasing the speed of dependency changes, but it can also introduce errors such as selecting non-existent versions or unsafe packages. Without guardrails and verified sources of truth, AI turns small data quality issues into large-scale operational risk.

Transparency is Now a Mandate: Regulators and buyers are turning transparency into a requirement through SBOMs, attestations, and provenance expectations. Compliance is shifting from evaluating policy documents to build outputs. Organizations that operationalize transparency in CI/CD will move faster and face less friction.

Foreword

For most of my career, open source has run on a simple premise: shared building blocks make everyone faster. That is still true. What is not optional anymore is everything that comes with running that premise at a global, automated scale.

Open source is now the substrate of software delivery, pulled continuously by pipelines and rebuilt across fleets that rarely stop. At machine speed, small inefficiencies and small risks do not stay small. “Just one more build” becomes billions of requests, and then everyone acts surprised when the infrastructure starts to groan.

You’ll see it first in the operational reality of the commons. The same CI/CD patterns that make teams productive can generate massive redundant load when caches are cold, runners are ephemeral, or pipelines are effectively configured to redownload the world. If your build environment forgets what it did last run, the ecosystem still pays the cost.

You see it again in the security reality. Attackers target open source because it is the fastest path to developers, and developers sit closest to credentials, tokens, and build systems. Malware is steady pressure on ecosystems designed for openness. At the same time, public vulnerability intelligence is too often incomplete, late, or wrong, which turns prioritization into guesswork. That's not a tooling problem. It's a signal problem.

And now AI is entering the loop. It can accelerate good engineering, but it can also scale mistakes when it's operating from static training data instead of live reality. When a model doesn't know what versions exist or what is newly risky, it predicts and fills in the blank. That's how you end up with confident “upgrades” to versions that don't exist and recommendations that look plausible right up until they break your build or your policy. AI should not guess. AI-driven velocity will overwhelm any governance model built on “we'll review it later.”

This report is about what happens when trust becomes a scaling problem. The takeaway isn't that open source is unsafe or that teams should slow down. It is that the ecosystem has matured into critical infrastructure, and we need to operate it like one. That means responsible consumption, security controls that match modern development, and transparency that is produced by the build, not assembled after the fact. Regulations and buyers are moving there because the world is demanding evidence, not assurances.

And now AI is entering the loop. It can accelerate good engineering, but it can also scale mistakes when it’s operating from static training data instead of live reality. Guardrails for AI are no longer a nice-to-have.

Brian Fox

Co-founder and CTO, Sonatype

Executive Summary

Foreword