Sonatype’s industry-defining research on the rapidly changing landscape of open source, software development and software supply chain security.
open source downloads have known risk
malicious packages discovered — 2X all previous years combined
of vulnerable downloaded releases had a fixed version available
In this year's report, we dissect the intricacies of open source adoption and consumption, and validate a frustrating truth—development practices remain rife with inconsistency. When choices are made poorly, this inconsistency translates into increased risks, discontent among developers, and, perhaps most significantly, a loss of both time and money. Dive in to learn more about:
Ongoing growth of the software supply chain, as well as persistent security concerns
The advantages of using well-maintained open source packages
Open source consumption and trends in upgrade urgency of components
Peer insights into the use of SBOMs + mature software supply chain management
The rise of open source and software supply chain regulations
What role AI and ML play in assisting developers, and the challenges that AI practitioners face in developing AI products
We also look at what it really means to have SBOMs and a Software Composition Analysis (SCA) program, and ultimately shed light on the path to a more efficient, cost-effective, and secure development. Enjoy!