Software Supply Chain Security
A software attestation is an authenticated statement (metadata) about a software artifact or collection of software artifacts. Software attestations are a generalization of raw artifact/code signing.
It’s the verifiable information about software artifacts describing where, when and how something was produced. Proverence is a one specificial case of Attenstation.
SBOM is a detailed list of components and dependencies that make up a software application. It is a special case of Proverence.
The software supply chain emphasizes sourcing, integrating, and delivering components securely. The primary goal of software supply chain security is to ensure the security and reliability of software components, especially as they traverse through different stages from development to deployment.
Securing the software supply chain involves addressing threats at various stages of the Software Development Lifecycle (SDLC) and throughout the CI/CD pipeline. Understanding and mitigating potential attack points is crucial for maintaining a robust security posture. This page provides a good overview of the threats in different stages of the supply chain.
:max_bytes(150000):strip_icc()/20230725-SEA-Marinades-hero-fba7a18123b946f6be7316ca995abc82.jpg)
:max_bytes(150000):strip_icc()/20221205-AshelyRodriguez-CoffeeBlooms-hero-5874dc05ddc44fa9aa590ca8cdb4b8fc.JPG)