Anchore 2022 Software Supply Chain Security Report

Insights into software supply chain security practices by leaders at large enterprises
Anchore 2022 Software Supply Chain Report

The Anchore 2022 Software Supply Chain Security Report is based on survey responses from 428 IT, security, and DevOps leaders at large enterprises. Download the full report to learn more.

You can share any text, chart, or data in the report as long as you provide attribution to Anchore 2022 Software Supply Chain Security Report per the Creative Commons Attribution 4.0 license.


62% of Organizations Surveyed Have Been Impacted by Software Supply Chain Attacks

<img src="" alt="" />

Widespread attacks including exploits of the recent Log4Shell vulnerability have mobilized organizations to understand and reduce software supply chain security risk by adopting best practices. In the last 12 months, more than 70 percent of survey respondents in the technology sectors were impacted by a software supply chain attack, with 50 percent of software companies reporting the attacks as having a significant impact or moderate impact. More than half of companies in non-technology industries were affected.


Enterprises Are Focused on Securing the Software Supply Chain

pie chart showing organizations focusing on securing the software supply chain

<img src="" alt="" />

Given the recent high-profile software supply chain attacks, it’s not surprising that more than half of respondents (54 percent) report that securing their software supply chains is a top or significant focus, while an additional 29 percent say that it is somewhat of a focus.


Tech and Retail Industries Are Most Mature Container Users

<img src="" alt="" />

Unsurprisingly, technology-focused industries such as internet and software companies have the highest levels of container maturity. However, even traditional industries such as retail, financial services, manufacturing, and healthcare show significant percentages of respondents at intermediate levels of container adoption.


Enterprises Use Five Different Container Platforms

Bar chart showing a breakdown of top container platforms used

<img src="" alt="" />

Respondents used a median of 5 container platforms. ”Standalone” Kubernetes based on the open source package is used most often by 75 percent of respondents. These environments may be run on-premises, through a hosting provider, or on a cloud provider’s infrastructure. The second most used container platform is Azure Kubernetes Service (AKS) with 53 percent, and Red Hat OpenShift is third with 50 percent. The top container platforms are heavily used in both production and development environments.


Top Three Security Priorities for Container Users

Bar chart showing top security challenges

<img src="" alt="" />

Developers incorporate a significant amount of open source software (OSS) in the containerized applications they build. As a result, the security of OSS containers is the top priority for 45 percent of respondents. In second place (44 percent) is understanding the security of code that organizations write themselves, with managing the security of third-party containers coming in third (41 percent).


Mature Organizations Understand the Value of SBOMs

<img src="" alt="" />

The software bill-of-materials (SBOM) is a critical part of President Biden’s Executive Order because it is the foundation for many security and compliance best practices. The container maturity of an organization has a direct correlation with its plans to adopt SBOMs. Organizations across all levels of container maturity plan to increase their SBOM use, with 82 percent of advanced users citing plans to increase their use of SBOMs.

Download the full report

Access dozens of charts highlighting the latest enterprise trends in securing the software supply chain.