This 2017 report has similarities to previous years, but there are three differences worth noting. First, the analysis in this year’s report extends beyond Java and includes supply chain findings for JavaScript, NuGet, Python, and Docker. Second, this year’s paper includes a stronger emphasis on the emergence of DevOps and reflects on the evolution of modern IT organizations as they seek to transform from waterfall-native to DevOps-native software development. Lastly, this year’s research delves deeper into the rapidly evolving role of regulation, legislation, and litigation with respect to open source governance and software supply chain management.