Consumption of open source components is growing on a massive scale, according to the third annual State of the Software Supply Chain Report, published by US-based software supply chain automation specialist Sonatype.
For the first time, the report - which blends a broad set of public and proprietary data with expert research and analysis - extends beyond Java data to include supply chain findings from the JavaScript, NuGet, Python, and Docker ecosystems.
It's estimated that today, between 80% to 90% of every modern application comprises open source components. Most open source components and containers are freely downloaded and consumed from public warehouses like the Central Repository, NuGet Gallery, npmjs.org, rubygems.org, Docker Hub and others.
Sonatype reckons that consumption of open source is now so vast that most organisations can't identify how many components are entering into the software supply chain, where they are flowing through the development lifecycle, or where they might exist in deployed applications.
Sonatype's research revealed that there are more than two million Java unique components in the Central Repository andalmost three million unique JavaScript packages in npmjs.org. Developers requested 52 billion Java components from the Central Repository in 2016, up from 17 billion in 2014 and 31 billion in 2015. In addition, developers requested 59 billion components from the npmjs.org repository in 2016 compared to 22 billion in 2015 - representing growth of 262% year-on-year.
Demand for Docker components is also growing exponentially. There are currently more than 900 000 containerised applications housed in Docker Hub - up from 460 000 in 2016.
Docker recently forecast that demand for its components would grow by 100% in 2017 with IT professionals expected to pull 12 billion containers from the Docker Hub compared to six billion in 2016, one billion in 2015 and a mere one million just a year before that.
There are more than 870 000 unique Python components housed in PyPI repository and in February 2017, the PyPI repository reported fulfilling 4,4 billion download requests. And with over 900 000 .NET components in the NuGet Gallery, the number of components downloaded from there rose to 3,4 billion, up from 756 million a year before - a year-on-year increase of 347%.
This growth rate is not giving any indication of letting up.
Sonatype's analysis of multiple development ecosystems tracked at modulecounts.com reveals that 1 096 new open source projects (suppliers) are introduced every day. In addition, 10 000 new component versions that offer new features, improved performance, bug fixes and security patches are released daily.
The company attributes open source's exponential growth to the need by companies to innovate faster than ever before in order to remain competitive in today's economy.
Share