JFrog report exposes India’s software supply chain crisis: 65% lack malicious package detection, 71% have no container security

https://cdn1.expresscomputer.in/wp-content/uploads/2025/11/24153338/EC_04_CyberSecurity_Technology_750.jpg

JFrog recently released its 2026 Software Supply Chain Security State of the Union, a global study examining how organizations are building, securing, and managing software in an increasingly AI-driven economy. The findings reveal that Indian organisations are among the most AI-active in the world, but critical gaps in malicious package detection, container security, and secrets scanning leave them exposed as attackers weaponise AI models, compromise developer tooling through stolen maintainer credentials, and infiltrate open-source ecosystems at unprecedented scale.

Last year was the most dangerous on record for software developers globally, wherein malicious npm packages surged 451% year-over-year to more than 171,000 unique instances. npm overtook Maven as the most-used enterprise ecosystem for the first time, and a wave of npm supply chain attacks, including the self-replicating “Shai-Hulud” worm. For India, where defensive tooling lags significantly, that exposure is especially acute.

“AI is accelerating how software is built, but it is...

Copyright of this story solely belongs to expresscomputer.in. To see the full text click HERE

Read more