Skip to content

Supply Chain Security

Medium — good to knowSecurity

ELI5 — The Vibe Check

Supply Chain Security protects the entire path from code to production — dependencies, build systems, registries, everything. SolarWinds was hacked through their build pipeline. Log4Shell was a dependency vulnerability. Your code is only as secure as the weakest link in your supply chain.

Real Talk

Software supply chain security encompasses securing all components in the software delivery pipeline: source code, dependencies, build systems, artifact registries, and deployment infrastructure. Practices include SBOM generation, dependency scanning, build provenance (SLSA), image signing, and reproducible builds.

When You'll Hear This

"Supply chain security means auditing not just our code, but every dependency and build tool." / "The SolarWinds attack proved that supply chain security is a matter of national security."

Related Terms

SBOM

An SBOM is a complete ingredient list for your software — every library, every dependency, every version. Like food nutrition labels but for code.

intermediateSecurity

SCA

SCA checks if the libraries you're using have known vulnerabilities. You didn't write the bug, but you imported it. That lodash version from 2019?

intermediateSecurity

Sigstore

Sigstore makes signing software as easy as logging in with your Google account. No managing PGP keys, no key rotation headaches.

advancedSecurity

SLSA

SLSA (pronounced 'salsa') is a framework with levels (1-4) that measure how secure your software supply chain is. Level 1: you have some build process.

advancedSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.