The report includes insights gathered from large enterprises with at least 1,000 employees.
The report shows that containers are becoming a preferred delivery model, with 65% of respondents reporting a significant number of applications running in containers. While technology-focused industries lead the way in container adoption, traditional industries, such as healthcare and financial services, also report significant container use.
Containers make it easy to package software during development, but they commonly bring in multiple open source (OSS) or third-party dependencies as applications move through the DevOps pipeline, creating new software supply chain risks. In the survey, 38 percent of advanced container users indicated that they see containerized applications as more risky than traditional applications. As a result, technical leaders ranked open source security and gaining a full understanding of the software bill-of-materials as top challenges.
“This report highlights that 60% of respondents have made securing the software supply chain a top initiative for 2022,” said Dan Nurmi, CTO and Co-Founder of Anchore. “This is critical as software supply chain attacks rise in frequency and intent. It’s an important reminder that now is the time for IT leaders, security executives and members of the C-suite to empower their teams to implement new practices and tools that secure the software supply chain.”
Highlights from the report include:
84% of respondents plan to increase container use and 29% will increase container use significantly
While many orgs are scanning containers, most report challenges in identifying vulnerabilities (86%), too many false positives (77%), and getting developers to spend time remediating issues (77%)
Top initiatives are increasing container use (63%) and improving supply chain security (60%)
The full report with data findings and associated graphs is available here.
About the Anchore 2021 Software Supply Chain Security ReportThis report compiles the responses of 425 IT, Security, and DevOps leaders to identify the latest trends on how large organizations are adapting to these new security challenges of the software supply chain. As enterprises increasingly move to cloud-native software, this report includes a special focus on the platforms, tools and processes used to secure the growing volume of software containers.
About AnchoreAnchore accelerates the development of secure and compliant cloud-native applications with solutions that enable software supply chain security, from vulnerability scans to generating a software bill of material. Anchore’s container security solutions seamlessly embed into the DevOps toolchain with continuous security and compliance checks early in the software development process. From sourcing to CI/CD pipelines to production, Anchore’s solutions protect the software supply chain and prevent container security risks from reaching production. Using Anchore as part of the DevSecOps toolchain creates a reliable way to detect issues earlier, save developers time and lower the cost to fix vulnerabilities. Built with an open source foundation, Anchore solutions provide transparency into source code and the benefit of peer reviews.
Anchore customers include large enterprises and government agencies that require secure and compliant cloud-native applications. To learn more about Anchore’s solutions, visit www.Anchore.com.
Note to editors:
Data graphs available for publication
Executives available for commentary
Media contact:Brandie Gerrish
[email protected]
SOURCE Anchor