Sonatype has announced the release of its third report State of the Software Supply Chain; highlighting risks within open source software components and the benefits of actively managing software supply chain hygiene.

The DevOps-native tools provider investigated over 17,000 applications, revealing that teams that utilise automated governance tools reduced defective components by 63%; organisations actively managing the quality of open source components flowing into production applications noticed a 28% improvement in developer activity; application quality increased by 48% and overall development costs reduced by 30%.

‘Java component downloads grew by 68%’

The report also showed that throughout the years, Java component downloads grew by 68%, with the demand for Docker components expected to grow by 100%; high-functioning DevOps organisations are utilising machine automation to govern the quality of open source components flowing through software chains and only 15.8% of OSS projects actively fix.

Wayne Jackson, CEO at Sonatype, said: “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts.

‘Regulatory landscape is rapidly changing’

“However, many still rely on manual and time consuming governance and security practices instead of embracing DevOps-native automation. Our research continues to show that development teams managing trusted software supply chains are dramatically improving quality and productivity.”

The report concludes that thousands of hours have been wasted on reworking and bug fixes; regulatory landscape is rapidly changing, with empirical evidence that hygiene is beginning to improve; although ratios have declined throughout the years.

It also appears that organisations failing to manage software supply chains are introducing vulnerable applications into production, facing increased liability because of gross negligence.

Written by Leah Alger