A Crash Course in Software Supply Chain Security
Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers.
Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported. All told, it's a pretty daunting task to sit down and try to understand the field. That's why Chainguard has put together a Software Supply Chain Reading List! This list covers some of the best explanations, analysis, proposals, and data sets in the space. A list like this can never be exhaustive, so we'd love your feedback—did we miss any of your favorites?
We hope you find it useful!
Share this article
Related articles
- security
Your riskiest supplier isn't a vendor. It's a registry.
Cameron Martin, Manager, Solutions Engineering - APJ
- security
Malicious axios versions published to npm: Chainguard customers protected
Quincy Castro, CISO
- security
How to protect your organization from the telnyx PyPI compromise
Ross Gordon, Staff Product Marketing Manager, and Bria Giordano, Director, Product Management
- security
You were one pip install away from the litellm breach. Chainguard customers weren’t.
Ross Gordon, Staff Product Marketing Manager, and Bria Giordano, Director, Product Management
- security
Secure-by-default: Chainguard customers unaffected by the Trivy supply chain attack
Reid Tatoris, VP of Product
- security
Going deep: Upstream distros and hidden CVEs
Chainguard Research