In December 2025, a technology firm released the inaugural State of Trusted open source report. The document provides a data-driven analysis of how organizations consume open source software across various project types.

The findings are based on product data and customer usage patterns from the company’s catalog. This catalog includes container image projects, versions, individual images, language libraries, and software builds.

Report Scope and Primary Insights

The analysis offers visibility into the specific components development teams actively use. It details what software artifacts are pulled from repositories, deployed into production environments, and maintained on a daily basis.

A significant portion of the report examines the security landscape surrounding these components. It correlates consumption data with vulnerability information associated with the deployed open source packages.

Context and Industry Relevance

The publication arrives amid growing industry focus on software supply chain security. High-profile incidents involving compromised open source components have heightened scrutiny across the technology sector.

Organizations globally are increasingly mandated to demonstrate greater oversight of their software dependencies. Regulations and compliance frameworks now often require detailed software bills of materials, or SBOMs.

This report’s data contributes empirical evidence to discussions previously based largely on surveys or anecdotal experience. It quantifies real-world usage patterns at scale.

Implications for Development and Security Teams

The insights are relevant for software developers, devops engineers, and security professionals. Understanding common consumption patterns can help prioritize maintenance and security efforts.

Data on which package versions are most widely deployed can inform upgrade strategies and patch management. It highlights the potential impact of vulnerabilities found in heavily used components.

The analysis of what teams “pull versus deploy” may also reveal gaps in software development lifecycle controls. It can show where testing or approval processes filter out certain components before they reach production.

Forward-Looking Analysis and Expected Developments

The release of this report is likely the beginning of an ongoing series of publications. The data provider is expected to continue analyzing and reporting on these consumption trends periodically.

Industry observers anticipate that subsequent reports will track changes over time, measuring the adoption of newer, more secure versions. They may also expand to cover additional programming languages or project types not included in this initial analysis.

The broader expectation within the software industry is for increased transparency and data sharing around open source usage. Similar reports from other platform providers or consortiums may emerge, offering a more comprehensive view of the ecosystem.

Source: Company Report