Tools such as GitHub Actions, Helm, Terraform, npm, and container registries function as implicit package managers but often lack supply chain security controls like lockfiles, integrity verification, and constraint solving, which leads to transitive dependency vulnerabilities.

Authors

• Person: Not available Organization: GitHub
  bureado/awesome-software-supply-chain-security - GitHub

Sources

• bureado/awesome-software-supply-chain-security - GitHub github.com GitHub via serper

Referenced by nodes (2)

• npm concept
• supply chain security concept