JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today released the results of its JFrog Software Artifact State of the Union report, which exposes the packages and binaries most in use by enterprise developers today to deliver software from design to production. Key findings indicate an intense and growing interest in emerging memory-safe programming languages for securing the software supply chain; a rise in designing for the edge; plus exponential artifact size and container usage hinting at development of applications such as cryptocurrency, metaverse, and blockchain.
“Developers are the transformers of our time – taking innovative approaches to the many ways software can be utilized to propel businesses and society to the next frontier,” said Stephen Chin, VP of Developer Relations for JFrog. “Our report doesn’t aim to parrot stated developer preferences. Rather, it spotlights the programming languages and package ecosystems in which technology and business leaders should invest from an application, talent, and security standpoint, to ensure their companies can compete and scale in 2023 and beyond.”
Key Findings
The universal support provided by the JFrog Platform provides a unique and reliable snapshot of the packages and binaries being used by developers to create software consumed by end users today. Drawing from a wide sample of 7K+ companies – of varying sizes and cross-industry – JFrog’s Software Package State of the Union report indicates the following enterprise software trends:
- Preparing for IoT and the Edge: Rust (Cargo), C and C++ – the primary languages used when designing software to run on edge and IoT devices – grew exponentially between January 2020 and October 2022, along with Conan – the decentralized package manager for C/C++ – which grew 5.2X over the same period.
- Containers are King: Use of Docker plus OCI containers and Helm Charts has dramatically increased over the last two years, indicating more organizations are taking a cloud-native approach and designing larger, more sophisticated artifacts for use by applications such as the Metaverse, Blockchain, or cryptocurrency.
- The Old Guard Stands Strong: Over 90 percent of organizations are maintaining a Maven repo, which is most used for indexing software artifacts composed of Java, JavaScript, Python, and C and C++.
- Increasing focus on Memory Safety for Securing the Software Supply Chain: Modern languages, such as Apple Swift, Go, and Rust (Cargo) are designed with built-in safety mechanisms to make the developer aware of any potential issues when coding so they can avoid future detrimental software supply chain attacks. To that end, use of Rust (and its package manager, Cargo) grew 98X since April 2021.
- Terraform: The infrastructure-as-code (IaC) standard: Terraform repositories showed the highest growth trajectory of any package type since May 2022, indicating companies see the benefit of moving IaC files to a full-featured, binary-based, secure management solution.
- Growing Variety and Size of Software Artifacts: Companies typically support an average of seven package types and manage more than 100,000 artifacts, with the size of those artifacts steadily increasing alongside the widespread use of containerization technologies like Docker and Kubernetes.