Get the Report

Key Report Findings

1 in 8

open source downloads have known risk


malicious packages discovered — 2X all previous years combined


of vulnerable downloaded releases had a fixed version available

In this year's report, we dissect the intricacies of open source adoption and consumption, and validate a frustrating truth—development practices remain rife with inconsistency. When choices are made poorly, this inconsistency translates into increased risks, discontent among developers, and, perhaps most significantly, a loss of both time and money. Dive in to learn more about:

  • Ongoing growth of the software supply chain, as well as persistent security concerns

  • The advantages of using well-maintained open source packages

  • Open source consumption and trends in upgrade urgency of components

  • Peer insights into the use of SBOMs + mature software supply chain management

  • The rise of open source and software supply chain regulations

  • What role AI and ML play in assisting developers, and the challenges that AI practitioners face in developing AI products

We also look at what it really means to have SBOMs and a Software Composition Analysis (SCA) program, and ultimately shed light on the path to a more efficient, cost-effective, and secure development. Enjoy!