According to a new Sonatype analysis, supply chain attacks on open-source public repositories have surged by 650 percent in the last year. This may be related to the growing interest in open-source initiatives, which has increased by 73% in the last year.

Between February 2015 and June 2019, there were 216 supply chain attacks, according to one study. Between July 2019 and May 2020, the number increased by 929. However, in the last year, this number has risen to a stunning 12,000.

  • An increasing number of supply-chain hacks have been traced back to exploits in widely used open-source ecosystems, according to the security firm.
  • PyPI, Maven Central, Nuget, and JavaScript are the most popular open-source projects for download (npmjs). Open-source projects expect to see developers download 2.2 trillion open-source packages this year.
  • According to Sonatype, the top four open-source ecosystems have a total of 37,451,682 different versions of components, up 20% over last year.

Open-source software has recently been linked to supply chain hacks, according to several reports.

Also read,

  • According to a study, software supply chain attacks on open-source components have increased by 430 percent year over year in the last year.
  • According to the security firm Veracode, most software developers neglect to update third-party libraries used in their codebase, putting their codebases at serious risk.

Sanitizing open-source software dependencies is critical for organizations concerned about the security of their supply chains. It’s also a good idea to keep an eye out for any strange behavior in the open-source projects being used in the production environment.