Scalable verifiability for supply chain security
This article discusses approaches for making supply chains verifiable and secure. The primary audience are developers working on build pipelines and dev ops engineers. It is cross-posted from the Light Squares blog. Modern supply chain security needs scalable verifiability Modern software supply chains are complex. Dependency trees of modern software often contain thousands of packages across multiple ecosystems. This makes it challenging for any developer team to fully understand exactly what code is going into their build. ...