Software compliance bottlenecks hit over half of firms: report
Singapore’s open-source package approvals are the slowest across APAC.
Over half (54%) of organisations in Singapore need a week or more to produce compliance proof for each application, despite most (95%) claiming to track application ownership.
The finding points to a gap between software security governance and enforcement, according to JFrog’s 2026 Software Supply Chain Security State of the Union report.
The report showed that 67% of respondents in Singapore use network proxy enforcement, the highest amongst the eight surveyed markets.
The city-state also recorded the highest level of scrutiny for artificial intelligence (AI)-suggested fixes, with 71% saying they carefully review AI-generated recommendations.
However, the survey flagged gaps in enforcement tools and approval processes. About 59% of developers wait a week or more for new open-source package approvals, the slowest rate in the Asia Pacific.
Meanwhile, 18% of organisations have policies against unauthorised AI tools but no mechanism to detect violations, the highest “policy-only” rate in the region.
Only 25% have adopted secrets detection tools, which identify exposed credentials such as passwords, API keys, and access tokens in code.
Manual reviews are also struggling to keep pace with AI-driven development, with 60% of DevSecOps stakeholders in Singapore citing governance and policy enforcement as their top time burden.
In addition, 41% identified reviewing and hardening AI-generated code as a significant drain on resources.
JFrog also flagged rising global supply chain risks, including a 451% increase in malicious npm packages and 495 weaponised AI models on public registries.
The Singapore findings were based on 174 local respondents, forming part of a global survey of 1,508 full-time security, DevOps, and IT professionals across eight countries