Useful Links
Computer Science
Cybersecurity
Software Supply Chain Security
1. Introduction to Software Supply Chain Security
2. Threat Landscape and Attack Vectors
3. Securing the Development Environment
4. Securing Source Code
5. Managing Dependencies and Third-Party Components
6. Securing the Build and CI/CD Pipeline
7. Securing Software Artifacts
8. Software Bill of Materials
9. Frameworks, Standards, and Governance
10. Incident Response and Recovery
Securing Software Artifacts
Artifact Management
Using Secure Artifact Repositories
Repository Access Controls
Authentication Mechanisms
Authorization Policies
Network Access Controls
Repository Auditing and Monitoring
Access Logging
Download Tracking
Anomaly Detection
Repository Hardening
Access Control and Permissions for Artifacts
Role-Based Access to Artifacts
User Roles
Team Permissions
Project-Based Access
Artifact Expiry and Retention Policies
Lifecycle Management
Automated Cleanup
Compliance Requirements
Vulnerability Scanning of Stored Artifacts
Automated Scanning Tools
Continuous Scanning
Scan Scheduling
Result Processing
Remediation of Vulnerable Artifacts
Quarantine Procedures
Notification Systems
Update Workflows
Artifact Integrity
Checksum Generation
Hash Verification
Tamper Detection
Digital Signatures and Attestations
Code Signing for Binaries and Installers
Signing Process
Certificate Selection
Signing Procedures
Timestamp Services
Key Management for Signing
Key Generation
Key Storage
Key Rotation
Certificate Management
Generating and Verifying Authenticity
Signature Verification Workflows
Automated Verification
Manual Verification
Chain of Trust Validation
Automated Verification in CI/CD
Pipeline Integration
Verification Gates
Failure Handling
In-toto Attestations
Attestation Generation
Step Attestations
Link Metadata
Supply Chain Layout
Attestation Verification
Policy Verification
Chain Validation
Compliance Checking
SLSA Provenance
Provenance Generation
Provenance Verification
Metadata Standards
Container Image Security
Base Image Selection and Hardening
Trusted Base Images
Official Images
Minimal Images
Security-Focused Distributions
Removing Unnecessary Packages
Package Minimization
Attack Surface Reduction
Dependency Cleanup
Scanning Images for Vulnerabilities
Automated Image Scanning Tools
Registry Integration
CI/CD Integration
Continuous Monitoring
Remediation of Vulnerabilities
Patch Management
Image Rebuilding
Update Procedures
Image Signing and Verification
Signing Image Manifests
Notary Integration
Cosign Implementation
Key Management
Enforcing Signature Verification in Deployment
Admission Controllers
Policy Enforcement
Runtime Verification
Minimizing Image Contents
Distroless Images
Language-Specific Images
Runtime Optimization
Security Benefits
Reducing Attack Surface
Multi-Stage Builds
Layer Optimization
Unnecessary File Removal
Runtime Security
Container Runtime Security
Image Immutability
Runtime Monitoring
Previous
6. Securing the Build and CI/CD Pipeline
Go to top
Next
8. Software Bill of Materials