Resources Blog 2017 State of the Software Supply Chain Report

2017 State of the Software Supply Chain Report

We live in an application economy where software has shifted from being a driver of nominal efficiency gains to an enabler of new customer experiences and markets.

Innovation is king, speed is critical, and open source is center stage. To compete effectively on a global playing field, companies aren’t just writing software — they’re manufacturing it as fast as they can using an infinite supply of open source component parts, machine automation, and supply chain-like processes.

Screen Shot 2017-07-17 at 8.07.10 AM.png

Today, Sonatype introduces its third annual State of the Software Supply Chain report.  This year’s report blends a broad set of public and proprietary data with expert research and analysis to reveal the following:

  • An insatiable appetite for innovation is fueling the ever expanding supply and demand of open source components
  • Components of varying quality are flowing through development lifecycles and landing in production applications
  • DevOps-native development teams are leveraging trusted software supply chains to improve quality and productivity

This year’s report has similarities to previous years, but there are three differences worth noting. First, the analysis in this year’s report extends beyond Java and includes supply chain findings for JavaScript, NuGet, Python, and Docker. Second, this year’s paper includes a stronger emphasis on the emergence of DevOps and reflects on the evolution of modern IT organizations as they seek to transform from waterfall-native to DevOps-native software development. Lastly, this year’s research delves deeper into the rapidly evolving role of regulation, legislation, and litigation with respect to open source governance and software supply chain management.

Screen Shot 2017-07-17 at 8.07.25 AM.png

We hope you find the information in this year’s report useful and we welcome your feedback.  You can download this year’s report now at

Picture of Wayne Jackson

Written by Wayne Jackson

Wayne is the CEO of Sonatype, a role he has held since 2010. Prior to Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7 billion. Before Sourcefire, Wayne co-founded Riverbed Technologies, a wireless infrastructure company, and served as its CEO until the sale of the company for more than $1 billion in March of 2000.