Key Insights

There has been an
astonishing  742% average annual increase in Software Supply Chain attacks over the past 3 years.
3.4 Billion Vulnerable Downloads are Avoidable Each Month.
More Mature
Software Supply Chain Management Equates with More Job Satisfaction.
It’s time for a data-driven reality check.

Effective software supply chain management could be the difference between a few issues and an overwhelming amount of problems. Reducing security risks, improving the bottom line, boosting morale, and championing innovation–it doesn’t matter whether an organization is small or enormous, a more secure software supply chain helps all of these things become reality.

The State of the Software Supply Chain Report exists to help you achieve all of the above. We studied dependency update patterns for thousands of open source projects, analyzed hundreds of survey responses, and got critical of commonly-held beliefs about managing risk over the past year. 

Get the most effective practices and the data to back them up, including: 

  • Nearly 1 trillion more packages have been downloaded compared to last year 
  • 50% of development upgrade tasks can be cut with the right tools
  • Insights on choosing the best dependencies for your projects.
  • Updates on Executive Order (EO) 14028 guidance and its worldwide impact 
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information