A Crash Course in Software Supply Chain Security
Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers.
Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported. All told, it's a pretty daunting task to sit down and try to understand the field. That's why Chainguard has put together a Software Supply Chain Reading List! This list covers some of the best explanations, analysis, proposals, and data sets in the space. A list like this can never be exhaustive, so we'd love your feedback—did we miss any of your favorites?
We hope you find it useful!
Share this article
Related articles
- security
Luck isn't a security control: What happened with mini Shai-Hulud and what you need to do
David Henry, Staff Product Marketing Manager
- security
Cyber resiliency in practice: Lessons from recent supply chain attacks
Mike Behrmann, Director, Cyber Resiliency
- security
Chainguard artifacts safe from npm supply chain attack targeting SAP developer dependencies with 2.25M+ monthly downloads
Quincy Castro, CISO
- security
CMMC Phase 2, explained: Requirements, deadlines, and who’s affected
Philip Brooks, Senior Enterprise Solutions Engineer
- security
Mythos pulls zero-days forward. Here's what you need to know now.
Patrick Smyth, Principal Developer Relations Engineer
- security
Chainguard customers safe from elementary-data compromise
Quincy Castro, CISO