A Crash Course in Software Supply Chain Security

Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers. Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported.…

Securing Software Repositories with the OpenSSF

Here at Chainguard, we believe that everyone benefits from better security in open-source software. That’s why we’re so excited that the OpenSSF has just created a new “Securing Software Repositories” working group, which aims to bring maintainers of software repositories and package managers together to share and develop…