Likely the most serious development this year is an approaching collision of two critical issues in the industry: the continued growth of open source security concerns along with a dramatic legislative response by governments worldwide.

This edition of the State of the Software Supply Chain Report reflects the symbiotic nature of good practices and good outcomes and the counter—poor practices and poor outcomes.

The inspiration for the report was and continues to be to provoke developer level software supply chain practices that improve how we can and should work to create positive outcomes and fulfilling work experiences.

We continue to draw from public and proprietary data sources to illustrate a host of issues with effective supply chain management. We’ll look at:

Ongoing growth of the software supply chain, as well as persistent security concerns

Insights on choosing the best dependencies for your projects

Developer behavior and recommendations

A look at enlightened supply chain management and perception versus reality for maturity

Current and upcoming regulation status on an International level

This report is a look into data-backed methodologies in the open source ecosystem and the impact on the software supply chain. Enjoy the read and buckle up!