Skip to main content

What is software supply-chain security?

FAQ resource for your migration project.

FAQ resource for What is software supply-chain security?.

Answer

Software supply-chain security protects the integrity of everything that goes into building and delivering software: source code, third-party dependencies, build pipelines, container images, and deployment infrastructure. It guards against attacks like dependency confusion, compromised packages, and tampered build artifacts that inject malicious code before it reaches production. Common practices include SBOMs, dependency pinning, artifact signing, provenance attestation (such as SLSA), and securing CI/CD systems.