Supply Chain Security

Software supply chain security encompasses the practices, policies, and tools used to protect the integrity of code and components throughout the software development lifecycle — from source code and build systems to package repositories and deployment pipelines. High-profile attacks like SolarWinds (2020) and the XZ Utils backdoor (2024) demonstrated how compromising a single vendor can affect thousands of downstream organizations. SLSA (Supply-chain Levels for Software Artifacts) provides a framework for improving supply chain integrity.

Why it matters for your website

• 1Foundational principle in modern security — harder to retrofit than to build in from the start
• 2Reduces breach impact by limiting what attackers can access if they get in
• 3Required control in ISO 27001, NIST CSF, and most compliance frameworks