There are many metrics to track the adoption of open source components, such as GitHub stars and downloads, but they don't give a complete picture of how they're used in production codebases. .
Census of Free and Open Source Software III: Application Library leverages over 12 million data points from software composition analysis (SCA) and application security tools such as Black Duck, FOSSA, Snyk, and Sonatype deployed in over 10,000 deployments. Based on. companies.
This wide-ranging report highlights the shift toward memory-safe programming that has seen rapid adoption of Rust. It also points out the continued reliance on Python 2 and the lack of standardization of component names due to security concerns. This can increase the risk of dependency confusion and malicious package injection.
This report was produced by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF) and Harvard University, and follows two previous articles in 2015 and 2020, respectively. The latest one is now available for download.