Cloud native security provider, Aqua Security, and the Center for Internet Security (CIS) released the first-ever formal guidelines for software supply chain security. The new CIS Software Supply Chain Security Guide [registration required] provides enterprises with over 100 foundational recommendations for securing the software supply chain against threat actors.
The new guidelines can break down the software supply chain into five key areas: source code, build pipelines, dependencies, artifacts and deployment. By codifying guidelines for each category, Aqua Security and CIS aim to establish industry-wide best practices and recommendations for mitigating open-source software risks, and to support new standards including supply-chain levels for software artifacts (SLSA) and the update framework (TUF).
