Software Supply Chain

Back: Supply Chain Security

The chain of dependencies, build tools, and distribution channels that comprise modern software. Supply chain attacks target vulnerabilities in dependencies, build systems, and package registries. Protection requires scanning, pinning, signing, and comprehensive visibility into what your software contains.

Concepts

Dependency Vulnerabilities
Dependency Pinning
SLSA Framework
SBOM
Artifact Signing
Typosquatting
Dependency Confusion

supply-chain-security dependencies

Software Engineering KB

Explorer

Software Supply Chain

Software Supply Chain

Concepts

Graph View

Table of Contents

Backlinks