Sign inContact usTry it out
Sign inContact usTry it out

A Crash Course in Software Supply Chain Security

Zachary Newman
  •  
May 13, 2022
The Case for Farm-to-Table Package Signing

Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers.

Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported. All told, it's a pretty daunting task to sit down and try to understand the field. That's why Chainguard has put together a Software Supply Chain Reading List! This list covers some of the best explanations, analysis, proposals, and data sets in the space. A list like this can never be exhaustive, so we'd love your feedback—did we miss any of your favorites?

We hope you find it useful!

The Case for Farm-to-Table Package Signing

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

More articles

Fully bootstrapping Java from source in Wolfi

Ariadne Conill, Principal Software Engineer and Josh Wolf, Senior Software Engineer
  •  
June 2, 2023

Introducing "Speranza": Enhancing Software Signing with Privacy and Usability

Zachary Newman, Principal Research Scientist
  •  
May 30, 2023

Fortify, Comply and Conquer FedRAMP with Chainguard Images

Dan Lorenc
  •  
May 25, 2023

Don’t break the chain – secure your supply chain today!

Contact us
Please direct security disclosures or questions about our bug bounty program to security@chainguard.dev
Copyright 2022
BlogCareersLegalTerms

Sign up for our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Chainguard uses cookies to improve your experience and analyze traffic. By using our website, you agree to our privacy policy and our cookie policy.

Accept
Unchained
Products
Chainguard Images
Reduce your attack surface with minimal, distroless images.
Chainguard Enforce
Manage, monitor and enforce end-to-end policies.
Chainguard Services
Infrastructure, configuration, and compliance assessment.
Developer
Resources
Company
Contact
Back
Docs
Open source
Back
Unchained blog
Customer stories
Education
Back
About
Careers
Back
About
Newsroom
Careers
Security

A Crash Course in Software Supply Chain Security

Zachary Newman
May 13, 2022
copied

Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers.

Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported. All told, it's a pretty daunting task to sit down and try to understand the field. That's why Chainguard has put together a Software Supply Chain Reading List! This list covers some of the best explanations, analysis, proposals, and data sets in the space. A list like this can never be exhaustive, so we'd love your feedback—did we miss any of your favorites?

We hope you find it useful!

Related articles
Security
How to Explain the CISA Software Attestation Requirements to Your Board
May 5, 2023
Security
What the fork: Imposter Commits in GitHub Actions and CI/CD
March 8, 2023
Security
Understanding The Promise of VEX
January 18, 2023
Products

Chainguard Images

Chainguard Enforce

Chainguard Services

Developer

Open source

Docs

Resources

Unchained blog

Customer stories

Security

Education

Company

About

Careers

Legal

Contact

Follow

Twitter

GitHub

LinkedIn

TikTok

© 2023 Chainguard, Inc.

Contact