Software Supply Chain Security covers how your software is coded, tested, built and provisioned. Whether it is embedded devices, server software, mobile applications or containers – the toolchain and system you use to manage the product from code to running binaries needs to be secure.

Attacks against software supply chains is raising and it is important that no antagonist can inject a vulnerability in your platform that will affect the security of your users.

Any software can introduce vulnerabilities into a supply chain. As a system gets more complex, it’s critical to already have checks and best practices in place to guarantee artifact integrity, that the source code you’re relying on is the code you’re actually using. Without solid foundations and a plan for the system as it grows, it’s difficult to focus your efforts against tomorrow’s next hack, breach or compromise.

SLSA.DEV overview of the supply chain problem

Suggested reading: