RESEARCH
2025 Artifact Management Report
As software supply chain risks intensify and generative AI becomes a staple in coding workflows, organizations are being pushed to fundamentally rethink how they secure, manage, and scale their artifact infrastructure. At the same time, DevOps teams are increasingly tasked with delivering software faster, and doing so safely in the face of growing regulatory pressures. Our 2025 Artifact Management Report shines a light on how engineers, security professionals, and IT leaders are balancing security, compliance, performance, and cost amid relentless change.
Among the findings discussed in this report:
- Security is a top priority—56% of respondents say artifact management’s biggest benefit is protecting the software supply chain.
- AI introduces both speed and risk—teams see GenAI as a pipeline accelerator, but also a source of dependency issues and unpredictability.
- Scalability is now essential—49% highlight it as critical, though many still face performance and artifact volume challenges.
- Compliance pressure is intensifying—48% of respondents prioritize tools that support auditability, traceability, and regulatory alignment.
Excerpt from the report
While many view the rise of Generative AI (GenAI) as a positive shift, the reality is more complex. Malicious actors are engaging in slopsquatting – creating deceptive, malicious software packages that are easily mistaken for legitimate ones. Developers, often under pressure and relying heavily on AI-assisted tooling, are inadvertently incorporating these packages into production code without proper vetting...
Only 67% of developers who use AI review AI-generated code before deployment. This behavior is dramatically expanding the attack surface of modern software delivery. Artifact management must evolve to include secure, automated checkpoints that identify and verify AI-generated inputs before they reach production.
