<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

2017 State of the Software Supply Chain Report

We live in an application economy where software has shifted from being a driver of nominal efficiency gains to an enabler of new customer experiences and markets.

Innovation is king, speed is critical, and open source is center stage. To compete effectively on a global playing field, companies aren’t just writing software — they’re manufacturing it as fast as they can using an infinite supply of open source component parts, machine automation, and supply chain-like processes.

Screen Shot 2017-07-17 at 8.07.10 AM.png

Today, Sonatype introduces its third annual State of the Software Supply Chain report.  This year’s report blends a broad set of public and proprietary data with expert research and analysis to reveal the following:

  • An insatiable appetite for innovation is fueling the ever expanding supply and demand of open source components
  • Components of varying quality are flowing through development lifecycles and landing in production applications
  • DevOps-native development teams are leveraging trusted software supply chains to improve quality and productivity

This year’s report has similarities to previous years, but there are three differences worth noting. First, the analysis in this year’s report extends beyond Java and includes supply chain findings for JavaScript, NuGet, Python, and Docker. Second, this year’s paper includes a stronger emphasis on the emergence of DevOps and reflects on the evolution of modern IT organizations as they seek to transform from waterfall-native to DevOps-native software development. Lastly, this year’s research delves deeper into the rapidly evolving role of regulation, legislation, and litigation with respect to open source governance and software supply chain management.

Screen Shot 2017-07-17 at 8.07.25 AM.png

We hope you find the information in this year’s report useful and we welcome your feedback.  You can download this year’s report now at www.sonatype.com/ssc2017.

Topics: Docker nexus repository manager Devops devsecops Software Supply Chains