Posts

Showing posts from March, 2022

Best Practices for Software Supply Chain Security

The Secure Software Factory The Secure Software Factory is an implementation of the CNCF's Secure Software Factory Reference Architecture which is based on the  Software Supply Chain Best Practices White Paper . The software factory creates multiple pipelines configured to build a software artefact. It is composed of individual build stages chained together to retrieve the source code and dependencies, then scan, test, build and deploy the final artefact. The software factory relies heavily upon infrastructure and security-as-code to allow automated instantiation of pipelines, leading to the creation of multiple immutable pipelines. To eliminate the chance of error or misconfiguration there should be no manual configuration in place. This also leads to a system that is capable of performing a high level of automated security testing to validate its configuration and verify its products. Software Supply Chain Best Practices White Paper Securing a software supply chain in five stag...