Knowledge Tree
supply chain security
Facts (14)
Sources
bureado/awesome-software-supply-chain-security - GitHub github.com 11 facts
referenceThe Secure Software Factory (SSF) provides resources and examples for supply chain security, including the mlieberman85/supply-chain-examples repository.
referencetektoncd/chains provides supply chain security functionality for Tekton Pipelines.
referenceThe sigstore/model-transparency project provides signing and verification for machine learning model integrity and provenance, extending supply chain security to machine learning artifacts.
referenceThe Checkmarx YouTube channel hosts explanatory videos regarding tactics, techniques, and procedures in the supply chain security domain, including a demonstration of a large-scale campaign that created fake GitHub project clones with fake commits to add malware.
referenceGoogle Best Practices for Java Libraries provides comprehensive guidance for Java supply chain security, though it does not offer automated validation.
referencesns45/forgeseal is a supply chain security command-line interface for JavaScript and TypeScript that generates CycloneDX Software Bill of Materials (SBOMs), signs them using Sigstore keyless signing, produces SLSA v1 provenance attestations, and triages vulnerabilities using OSV.dev.
claimEdgeBit provides real-time supply chain security, enabling security teams to target and coordinate vulnerability remediation.
claimTools such as GitHub Actions, Helm, Terraform, npm, and container registries function as implicit package managers but often lack supply chain security controls like lockfiles, integrity verification, and constraint solving, which leads to transitive dependency vulnerabilities.
referenceBoostsecurityio/bagel is a cross-platform CLI tool that audits developer workstations for supply chain security risks by inventorying development tools, risky configurations, and secret metadata across Git, SSH, npm, cloud credentials, and IDE configurations.
referenceThe 'corner-security' RSS feed, maintained by @bureado, aggregates news and announcements regarding open source security, DevSecOps, AppSec, and supply chain security.
referenceThe FOSDEM 2023 presentation 'Git Checkout Authentication to the Rescue of Supply Chain Security' covers authenticating Git checkouts, reproducible builds, and provenance tracking in GNU Guix.
Application Areas, Security Threats, and Solution Architectures researchgate.net Oct 11, 2020 1 fact
referenceThe paper titled 'A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures' discusses security-critical application areas within supply chains and provides a survey of existing security issues in supply chain logistics.
GEO-LAC: The Future of U.S. Trade Policy and Its Implications for ... americas.georgetown.edu Nov 12, 2025 1 fact
claimAs multilateralism has weakened, governments have increasingly formed 'coalitions of the willing' or plurilateral agreements to address specific issues such as digital trade, investment screening, and supply chain security.
[PDF] Taxonomy of Attacks on Open-Source Software Supply Chains inria.hal.science Jan 29, 2024 1 fact
claimThe authors of the paper 'Taxonomy of Attacks on Open-Source Software Supply Chains' identified and specified research questions by exploring the state-of-the-art of Open-Source Software (OSS) supply chain security.