Datadog's DevSecOps 2026 Report Validates What We've Been Building
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
Datadog's State of DevSecOps 2026 report highlights five critical risks: 87% of organizations have exploitable vulnerabilities, dependencies lag 278 days behind latest versions, 50% adopt libraries within a day of release, 71% never pin GitHub Actions to commit hashes, and 80% of 'critical' vulnerability alerts are noise. StepSecurity uses this report to map each finding to its platform capabilities: Harden-Runner for runtime CI/CD monitoring, NPM Package Cooldown and Compromised Updates checks, Orchestrate Security for automated action pinning, Maintained Actions as vetted replacements, and a Threat Center for curated supply chain intelligence. The post also covers Developer MDM for extending protections to developer workstations and AI agent visibility.
Table of contents
Fact 1: 87% of organizations have known exploitable vulnerabilities in deployed servicesFact 2: Dependencies are 278 days behind their latest major versionFact 3: 50% of organizations use libraries within a day of releaseFact 4: GitHub Actions are left vulnerable to supply chain attacksFact 5: Most vulnerabilities should not page a humanWhy This Matters Now More Than EverGet StartedSort: