State of the Software Supply Chain
Sonatype’s industry-defining research on
the rapidly changing landscape of open source
the rapidly changing landscape of open source
Title Title
Sonatype’s industry-defining research on
the rapidly changing landscape of open source
the rapidly changing landscape of open source
Remediation
How do you implement fixes to address identified OSS component risk?
Remediation
How do you implement fixes to address identified OSS component risk?
Lazarus created PyPI package ‘VMConnect’ imitates VMware vSphere connector
In August 2023, Sonatype discovered a malicious Python package, 'VMConnect,' on PyPI, which mimics a legitimate VMware module. This is part of a wider cyber campaign called "PaperPin,” and is widely thought to originate from the Lazarus Group, a North Korean state-affiliated organization. The packages aim to download further malicious payloads from attacker-controlled URLs. The focus on VMware, a widely-used virtualization platform, is particularly concerning, as a successful compromise could have far-reaching implications for enterprise networks and is widely attractive to state affiliated actors.
0%
SecOps Leads surveyed said they used AI for testing and analyzing
0%
SecOps Leads surveyed said they used AI for testing and analyzing
0%
SecOps Leads surveyed said they used AI for testing and analyzing
Figure 4.1. Five stages of software supply chain management maturity
Less Mature
Less Mature
Through the first 7 months of 2023, 512 billion Java components were requested from the Maven Central Repository. This is a significant jump compared to the 821 billion downloads in 2022.
Java continues to grow at a healthy pace, hitting an estimated 25% YoY request growth rate. If previous years are any indication, we may well see a spike towards the end of the year.
Java continues to grow at a healthy pace, hitting an estimated 25% YoY request growth rate. If previous years are any indication, we may well see a spike towards the end of the year.
qwertyuf asdf asdfsdfasd
0%
asdf sdf asdf asdf asdf asdf asdf as
0%
asdf sdf asdf asdf asdf asdf asdf as
Through the first 7 months of 2023, 512 billion Java components were requested from the Maven Central Repository. This is a significant jump compared to the 821 billion downloads in 2022.
Java continues to grow at a healthy pace, hitting an estimated 25% YoY request growth rate. If previous years are any indication, we may well see a spike towards the end of the year.
Java continues to grow at a healthy pace, hitting an estimated 25% YoY request growth rate. If previous years are any indication, we may well see a spike towards the end of the year.
qwertyuf asdf asdfsdfasd
0%
asdf sdf asdf asdf asdf asdf asdf as
Through the first 7 months of 2023, 512 billion Java components were requested from the Maven Central Repository. This is a significant jump compared to the 821 billion downloads in 2022.
Java continues to grow at a healthy pace, hitting an estimated 25% YoY request growth rate. If previous years are any indication, we may well see a spike towards the end of the year.
Java continues to grow at a healthy pace, hitting an estimated 25% YoY request growth rate. If previous years are any indication, we may well see a spike towards the end of the year.
qwertyuf asdf asdfsdfasd
0%
asdf sdf asdf asdf asdf asdf asdf as