Sonatype: 1 in 15 open source app components has at least one security vulnerability

Software supply chain automation company Sonatype is hanging out the flags to celebrate the fact that it has experienced a 300 percent growth in the use of its Nexus Repository over the past three years.

The reason for the growth? The firm thinks it is down to growing concern about security vulnerabilities in open source components and containers.

“There is increasing evidence that more organizations are taking software supply chain automation and component security seriously,” said Wayne Jackson, CEO of Sonatype. “Specifically, DevOps-native organisations are embracing tools such as Nexus Repository and Nexus Firewall to automatically block bad components from entering into their mission-critical applications.”

State of the nation

According to the firm’s own State of the Software Supply Chain Report, 1 in 15 open source components used in production applications has at least one known security vulnerability.

The company now claims that organisations that rely on the Nexus Repository to house open source software components and containerized applications have gained new visibility into the quality of components flowing through their software supply chains.

In 2016 alone, Nexus Repository saw a 40 percent increase in the use of its Repository Health Check feature.  Today, 23,000 organisations utilise Repository Health Check every day to automatically analyse security, licensing, and architectural risks across 58 million components living inside local Nexus Repository Managers.