Supply Chain Security
Supply chain security, in software, is the discipline of securing every stage of how code, dependencies, and build artifacts flow from source to production — including third-party libraries, build tooling, CI/CD pipelines, and distribution channels — against tampering, compromise, or malicious insertion.
11 resources across 2 libraries
Glossary Terms(4)
Supply Chain Security
Supply chain security, in software, is the discipline of securing every stage of how code, dependencies, and build artifacts flow from source to production — i…
SBOM
A Software Bill of Materials (SBOM) is a formal, machine-readable inventory of every component, library, and dependency — along with their versions and relatio…
CNAPP
CNAPP (Cloud-Native Application Protection Platform) is an integrated category of security tooling that consolidates cloud posture management, workload protect…
Confidential Computing
Confidential computing is a security technique that protects data while it is actively being processed in memory by running computations inside a hardware-base…
Interview Questions(7)
What Is Subresource Integrity (SRI)?
Subresource Integrity is a browser security feature where you attach a cryptographic hash of an expected file to a script or stylesheet tag so the browser refu…
What is Docker Image Security Scanning and Why Does It Matter?
Docker image security scanning inspects the layers of a built image against known vulnerability databases (CVEs) to catch outdated packages, exposed secrets, a…
What is the OCI Image Specification, and why does it matter?
The OCI (Open Container Initiative) Image Specification is a vendor-neutral standard that defines the exact format of a container image — its manifest, config,…
What Is Container Image Signing With Cosign?
Cosign is a tool from the Sigstore project that cryptographically signs container images and stores the signature alongside the image in the registry, so a dep…
What Is an SBOM (Software Bill of Materials)?
A Software Bill of Materials (SBOM) is a structured, machine-readable inventory of every component, library, and dependency — including transitive ones — that…
What Is Software Supply Chain Security in DevOps?
Software supply chain security is the practice of securing every stage that produces a running application — source code, dependencies, build systems, CI/CD pi…
What Is the SLSA Framework?
SLSA (Supply-chain Levels for Software Artifacts, pronounced 'salsa') is a security framework, originally developed at Google and now under the OpenSSF, that d…