May be of interest: Synopsys Open Source Security and Risk Analysis (OSSRA) report


 

"Now in its sixth year, the 2021 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more than 1,500 codebases across 17 industries. The report includes recommendations to help developers and consumers understand the software ecosystem they are a part of, as well as the risks accompanying open source development and use.”
https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html