DevOps practices help improve the quality of open source components

The use of open source components can help speed up the software development process, but it comes with a risk if poor quality code leads to vulnerable applications being released.

The latest State of the Software Supply Chain Report from DevOps tools specialist Sonatype reveals that organizations which actively manage the quality of open source components flowing into production applications realize a 28 percent improvement in developer productivity, a 30 percent reduction in overall development costs, and a 48 percent increase in application quality.

“Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts,” says Wayne Jackson, CEO of Sonatype. “However, many still rely on manual and time consuming governance and security practices instead of embracing DevOps-native automation. Our research continues to show that development teams managing trusted software supply chains are dramatically improving quality and productivity.”

Among the report’s other findings is that year-on-year downloads of Java components have grown 68 percent (52 billion in 2016), JavaScript downloads grew 262 percent (59 billion in 2016), and demand for Docker components is expected to grow 100 percent (12 billion downloads). Faced with a near infinite supply of open source components, high-functioning DevOps organizations are turning to machine automation to govern the quality of open source components flowing through their software supply chains.

It also reveals that open source component suppliers are slow to fix vulnerabilities. Only 15.8 percent of OSS projects actively fix vulnerabilities, and even then the mean time to remediation is 233 days. This puts the onus on DevOps organizations to actively govern which OSS projects they work with, and which components they ultimately…

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *