Only 1 in 3 enterprises fully automate software security: CleanStart

CleanStart, a platform that helps build secure and safe software, has recently conducted a study that highlights significant gaps in enterprise software supply chain security. The study reveals that most organizations have yet to adopt the level of automation required to secure modern CI/CD pipelines. Based on aggregated telemetry across thousands of pipeline executions, the findings show that while development velocity has increased dramatically in recent years, security practices have not kept pace.

According to the study, only about one-third of the CI/CD environments observed have implemented fully automated, policy-based validation for container images. Despite clear performance advantages such as nearly 60 percent fewer manual review cycles and patch-to-deploy timelines that are more than twice as fast in automated pipelines, the majority of organizations continue to rely on partial automation or manual approvals. This limited adoption creates a widening gap between the speed at which ...