Now in its seventh year, Sonatype’s 2021 State of the Software Supply Chain Report blends a broad set of public and proprietary data to reveal important findings about open source and its increasingly important role in digital innovation. (more available)

For the State of Cloud Security 2021, we surveyed 300 cloud professionals, including cloud engineers, cloud security engineers, DevOps, and cloud architects, to better understand the risks, costs, and challenges they are experiencing managing cloud security at scale. (more available)

Now in its sixth year, Sonatype’s State of the Software Supply Chain Report continues to examine measurable practices of secure open source software development and delivery. (more available)

The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. (more available)

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. (more available)

“Our 6th annual DevSecOps community survey, represents the voice of 5,558 IT professionals and demonstrates that DevOps practices are maturing rapidly, security is being automated earlier in the development lifecycle, and management of software supply chains is a critical differentiator. (more available)

This report offers insight into the DevSecOps Community.

This survey, representing the voice of 2,076 IT professionals, demonstrates that DevSecOps practices continue to mature rapidly and that, once automated, security is difficult to ignore. (more available)

This is the first in a series of books tracking changes and discoveries within the DevSecOps Community. The stories are by people who have been sloshing around in the swamps of software development for years, figuring out how things work, and most importantly, why things didn’t work. (more available)

Sonatype’s 4th annual report on managing open source components to accelerate innovation.

This 2017 report has similarities to previous years, but there are three differences worth noting. First, the analysis in this year’s report extends beyond Java and includes supply chain findings for JavaScript, NuGet, Python, and Docker. (more available)