Trusted Open Source Report - Insights on Vulnerabilities
Significant risk — action recommended within 24-48 hours
Basically, this report shows how teams use open-source software and the security risks involved.
The latest Trusted Open Source report reveals significant insights into container image usage and vulnerabilities. It highlights how AI is transforming software development and security. Understanding these trends is crucial for teams to mitigate risks effectively.
What Happened
In April 2026, the first-ever State of Trusted Open Source report was released, showcasing insights from over 2,200 container image projects. The report highlights how software development is rapidly evolving, particularly with the integration of AI in the development lifecycle. This shift is reshaping both the tools teams use and the vulnerabilities they face.
Who's Affected
The findings impact a wide range of organizations utilizing open-source software, especially those deploying container images in production environments. With Python and PostgreSQL leading in usage, teams across various sectors must be aware of the vulnerabilities associated with these technologies.
What Data Was Exposed
The report revealed a staggering 33,931 total vulnerability instances and 377 unique CVEs identified between December 2025 and February 2026. It noted that 96% of vulnerabilities occurred outside the top 20 most popular projects, indicating that many risks lurk in less visible dependencies.
Key Insights
- AI-Driven Development: The report observed a 73% increase in PostgreSQL usage, reflecting its growing role in AI workloads. Python remains the most popular image, used by 72.1% of customers.
- Standardization: More than half of the top 25 images used in production are language ecosystems, showing a trend towards standardized platforms.
- Chainguard Base: This image has become a foundational tool for developers, with 36.3% of customers customizing it for their specific needs.
- Vulnerability Discovery: The report highlighted a 145% increase in unique vulnerabilities, driven by faster development cycles and AI-assisted techniques for vulnerability analysis.
What You Should Do
Organizations should prioritize understanding their open-source dependencies and the associated risks. Here are some recommended actions:
- Regularly Audit Dependencies: Ensure that all container images are up-to-date and vulnerabilities are addressed promptly.
- Embrace AI Tools: Use AI-driven tools to enhance vulnerability discovery and remediation processes.
- Focus on Long-Tail Risks: Recognize that many vulnerabilities exist outside of popular images and take steps to secure these lesser-known components.
By staying informed and proactive, teams can better navigate the evolving landscape of open-source software and mitigate potential security risks effectively.
🔒 Pro insight: The rise of AI in development is accelerating both innovation and vulnerability discovery, necessitating robust security practices across all software layers.