Software Supply Chain Security
Practices for securing dependencies, build systems, provenance, code signing, package registries, and deployment pipelines.
Core metadata
- ID: software_supply_chain_security
- Era: Modern
- First known date: 1983 (decade)
- Region: Global / multiple regions
- Review status: structurally_validated
- Maturity: N/A
Prerequisites
- Continuous Integration (continuous_integration)
- Open Source Software (open_source_software)
- Zero Trust Security (zero_trust_security)
Dependents
Fields
- None.
Node sources
- Software Supply Chain Security Guidance (NIST, 2021, official_agency) • Supports: node
Locator: NIST guidance page for Executive Order 14028 Section 4 software supply chain security standards, tools, best practices, and guidelines. - Secure Software Development Framework (NIST Computer Security Resource Center, 2022, official_agency) • Supports: node
Locator: SSDF project page: NIST SP 800-218 defines SSDF Version 1.1 for mitigating software vulnerability and supply-chain risk.
Prerequisite edge evidence
Edge/source evidence summary:
- Prerequisite edges: 3
- Average edge confidence: 69%
- Prerequisite sources: 1
- expert_inference: 3
| Prerequisite | Type | Confidence | Evidence level | Note | Sources |
|---|---|---|---|---|---|
| Continuous Integration (continuous_integration) | enabling | 68% | expert_inference | Continuous Integration provides a capability that enables this technology without being the only possible path. | No sources recorded. |
| Open Source Software (open_source_software) | commercial_or_scaling_dependency | 72% | expert_inference | Open Source Software supports manufacturing, deployment, commercialization, or operational scaling. | No sources recorded. |
| Zero Trust Security (zero_trust_security) | enabling | 68% | expert_inference | Zero Trust Security provides a capability that enables this technology without being the only possible path. |
|
This page is generated from canonical era JSON and is indexable by URL.