What's inside the report

The annual “Open Source Security and Risk Analysis” (OSSRA) report, now in its tenth edition, examines vulnerabilities and license conflicts found in over 950 codebases across 16 industries. The report offers recommendations to help security, legal, risk, and development teams better understand open source security and the license risk landscape, especially in the context of securing the software supply chain. The OSSRA highlights the need for organizations to have complete visibility into their code, proactively manage open source risk, and adopt strong security and compliance practices.

Download the “2025 Open Source Security and Risk Analysis” report to learn