# Chainguard Supply Chain Security 101 Sitemap

- [Application security assessments: A practical guide](https://www.chainguard.dev/supply-chain-security-101/application-security-assessments-a-practical-guide)
- [Security automation: Stop chasing vulnerabilities and start preventing them](https://www.chainguard.dev/supply-chain-security-101/security-automation-stop-chasing-vulnerabilities-and-start-preventing-them)
- [What is a secure software development lifecycle (SDLC)?](https://www.chainguard.dev/supply-chain-security-101/what-is-a-secure-software-development-lifecycle-sdlc)
- [A guide to modern vulnerability scanning](https://www.chainguard.dev/supply-chain-security-101/what-is-vulnerability-scanning-and-how-does-it-work)
- [What is Software Composition Analysis (SCA)?](https://www.chainguard.dev/supply-chain-security-101/what-is-software-composition-analysis-sca)
- [Partner Puzzle’s Perspective on Chainguard Containers and Libraries](https://www.chainguard.dev/supply-chain-security-101/partner-puzzles-perspective-on-chainguard-containers-and-libraries-a-secure)
- [Software supply chain security: Threat vectors & solutions](https://www.chainguard.dev/supply-chain-security-101/software-supply-chain-security-threat-vectors-and-solutions)
- [The npm registry can’t protect you: The new JavaScript supply chain attacks](https://www.chainguard.dev/supply-chain-security-101/the-npm-registry-cant-protect-you-the-new-javascript-supply-chain-attacks)
- [Streamlining the vulnerability management lifecycle](https://www.chainguard.dev/supply-chain-security-101/streamlining-the-vulnerability-management-lifecycle)
- [5 real CVE examples, and how to prevent them](https://www.chainguard.dev/supply-chain-security-101/5-real-cve-examples-and-how-to-prevent-them)
- [Best Java Docker image: Comparison Guide 2026](https://www.chainguard.dev/supply-chain-security-101/best-java-docker-image-comparison-guide-2026)
- [Best Python Docker image: Top options compared](https://www.chainguard.dev/supply-chain-security-101/best-python-docker-image-top-options-compared)
- [Attack surfaces explained: Types, examples, and reduction](https://www.chainguard.dev/supply-chain-security-101/attack-surfaces-explained-types-examples-and-reduction)
- [How to lower FedRAMP certification costs](https://www.chainguard.dev/supply-chain-security-101/how-to-lower-fedramp-certification-costs)
- [Attack surface reduction: Practical strategies to minimize risk](https://www.chainguard.dev/supply-chain-security-101/attack-surface-reduction-practical-strategies-to-minimize-risk)
- [Choosing the best Node.js Docker image](https://www.chainguard.dev/supply-chain-security-101/choosing-the-best-node-js-docker-image)
- [Vulnerability management for the modern engineering team](https://www.chainguard.dev/supply-chain-security-101/vulnerability-management-for-the-modern-engineering-team)
- [FedRAMP High: Requirements and readiness](https://www.chainguard.dev/supply-chain-security-101/fedramp-high-requirements-and-readiness)
- [FedRAMP compliance checklist: Steps, requirements, and documentation essentials](https://www.chainguard.dev/supply-chain-security-101/fedramp-compliance-checklist-steps-requirements-and-documentation-essentials)
- [FedRAMP compliance: How cloud providers earn federal trust](https://www.chainguard.dev/supply-chain-security-101/fedramp-compliance-how-cloud-providers-earn-federal-trust)
- [Zero-day vulnerabilities: What they are and how to protect your org](https://www.chainguard.dev/supply-chain-security-101/zero-day-vulnerabilities-what-they-are-and-how-to-protect-your-org)
- [Container security best practices (without the toil)](https://www.chainguard.dev/supply-chain-security-101/container-security-best-practices-without-the-toil)
- [Container security: Frameworks, risks, and fundamentals](https://www.chainguard.dev/supply-chain-security-101/container-security-frameworks-risks-and-fundamentals)
- [Best 6 Wiz alternatives](https://www.chainguard.dev/supply-chain-security-101/best-6-wiz-alternatives)
- [The complete guide to Kubernetes security tools](https://www.chainguard.dev/supply-chain-security-101/the-complete-guide-to-kubernetes-security-tools)
- [Buyer's guide: Software supply chain security tools](https://www.chainguard.dev/supply-chain-security-101/buyers-guide-software-supply-chain-security-tools)
- [DevSecOps tools: Breaking down the tooling landscape](https://www.chainguard.dev/supply-chain-security-101/devsecops-tools-breaking-down-the-tooling-landscape)
- [FIPS 140-2 vs 140-3: What's the difference?](https://www.chainguard.dev/supply-chain-security-101/fips-140-2-vs-140-3-whats-the-difference)
- [Bitnami Helm charts alternative: Migrate to Chainguard iamguarded](https://www.chainguard.dev/supply-chain-security-101/a-practical-guide-to-migrating-helm-charts-from-bitnami)
- [Top 7 Docker security risks and best practices](https://www.chainguard.dev/supply-chain-security-101/top-7-docker-security-risks-and-best-practices)
- [What is code signing?](https://www.chainguard.dev/supply-chain-security-101/what-is-code-signing)
- [Container security tools: A buyer’s guide](https://www.chainguard.dev/supply-chain-security-101/container-security-tools-a-buyers-guide)
- [Container hardening: Securing your software supply chain](https://www.chainguard.dev/supply-chain-security-101/container-hardening-securing-your-software-supply-chain)
- [FIPS 140-3: Everything you need to know](https://www.chainguard.dev/supply-chain-security-101/fips-140-3-everything-you-need-to-know)
- [FIPS 140-2 explained: The engineer’s guide to compliance](https://www.chainguard.dev/supply-chain-security-101/fips-140-2-explained-the-engineers-guide-to-compliance)
- [What is FIPS?](https://www.chainguard.dev/supply-chain-security-101/what-is-fips)
- [How to prevent software supply chain attacks](https://www.chainguard.dev/supply-chain-security-101/how-to-prevent-software-supply-chain-attacks)
- [Understanding software supply chain security](https://www.chainguard.dev/supply-chain-security-101/understanding-software-supply-chain-security)
- [Docker images vs containers: Key differences](https://www.chainguard.dev/supply-chain-security-101/docker-images-vs-containers-key-differences)
- [NIST cybersecurity framework: Core functions and best practices](https://www.chainguard.dev/supply-chain-security-101/nist-cybersecurity-framework-core-functions-and-best-practices)
- [What is a Docker image?](https://www.chainguard.dev/supply-chain-security-101/what-is-a-docker-image)
- [What is NIS2?](https://www.chainguard.dev/supply-chain-security-101/what-is-nis2)