A Crash Course in Software Supply Chain Security
Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers.
Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported. All told, it's a pretty daunting task to sit down and try to understand the field. That's why Chainguard has put together a Software Supply Chain Reading List! This list covers some of the best explanations, analysis, proposals, and data sets in the space. A list like this can never be exhaustive, so we'd love your feedback—did we miss any of your favorites?
We hope you find it useful!
Share this article
Related articles
- Security
Get up to Speed on FedRAMP 20x
Aaditya Jain, Senior Product Marketing Manager
- Security
Three Ways to Make Your SDLC Secure-by-Default
Sam Katzen, Staff Product Marketing Manager
- Security
Simplify Continuous Compliance: How to Stay Audit-Ready and Ship Software Faster
Matt Stead, Marketing
- Security
Meeting the Zero-CVE Mandate: How Chainguard Helps Businesses Ship Secure Software That Customers Trust
Sam Katzen, Staff Product Marketing Manager
- Security
Mitigating Malware in the npm Ecosystem with Chainguard Libraries
Derek Garcia, Research Assistant, Charlie Robbins, Principal Software Engineer, and Manfred Moser, Senior Principal Developer Relations Engineer
- Security
This Shit is Hard: Applying "Zero Trust" to Open Source Software
Natalie Somersall, Principal Field Engineer, Public Sector