The State of Open Source Security Report 2019

This year’s State of Open Source Security report captures data from a survey of hundreds of open source developers and maintainers, data from public application registries, library datasets, GitHub repositories, and Snyk’s comprehensive vulnerability database (pulling in data from hundreds of thousands of projects).

We discovered that the use of open source is accelerating.

In 2018, Java packages doubled and npm added roughly 250,000 new packages.

Key findings include:

  • 88% increase in application library vulnerabilities over two years.

  • The top 10 most popular docker images contain at least 30 vulnerabilities each.

  • Open source maintainers want to be secure, but 70% lack skills.

  • 78% of vulnerabilities are found in indirect dependencies, making remediation complex.

    Want to learn more? Download the report for free!

    Download this Free Content

    Interested in a demo?

    Automatically find and fix vulnerabilities throughout your SDLC workflow