Software Supply Chain Security Report

(2026) - Examines the evolving landscape of software supply chain security, highlighting how attackers increasingly exploit open-source ecosystems and CI/CD workflows to achieve persistence. Research reveals a 73% increase in malicious open-source packages during 2025, with npm accounting for nearly 90% of all detections while PyPI experienced a 43% reduction in malware following the implementation of mandatory security controls.