Text size: A A A

eBook: State of the Software Supply Chain

Sponsored by Sonatype

Likely the most serious development this year is an approaching collision of two critical issues in the industry: the continued growth of open source security concerns along with a dramatic legislative response by governments worldwide.

This edition of the State of the Software Supply Chain Report reflects the symbiotic nature of good practices and good outcomes and the counter—poor practices and poor outcomes.

The inspiration for the report was and continues to be to provoke developer level software supply chain practices that improve how we can and should work to create positive outcomes and fulfilling work experiences.

We continue to draw from public and proprietary data sources to illustrate a host of issues with effective supply chain management. We’ll look at:

  • Ongoing growth of the software supply chain, as well as persistent security concerns
  • Insights on choosing the best dependencies for your projects
  • Developer behavior and recommendations
  • A look at enlightened supply chain management and perception versus reality for maturity
  • Current and upcoming regulation status on an International level

This report is a look into data-backed methodologies in the open source ecosystem and the impact on the software supply chain. Enjoy the read and buckle up!



 

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, infrastructure as code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.