Supply Chain Security
March 1, 2025
Securing software dependencies, build pipelines, and third-party integrations against supply chain attacks.
Background
Supply chain attacks (SolarWinds, npm compromises, typosquatting) target trust in build systems and dependencies. This series documents controls aligned with SLSA and NIST SSDF.
Research areas
- SBOM generation and vulnerability correlation
- Signed commits and artifact provenance
- Dependency pinning and renovate automation
- Third-party SaaS risk assessment