Software Supply Chain Security Checklist

7 Rules to Protect Your Supply Chain from Attack

Software supply chains are made up of software components like open source packages and infrastructure as code (IaC) templates, as well as underlying delivery pipelines, such as version control systems (VCS) and continuous integration/continuous delivery (CI/CD) pipelines.

Because software supply chains have direct access to proprietary code and are just a few pivots away from sensitive data, securing them is crucial. Recent software supply chain attacks have highlighted this fact, and Gartner® predicts that “by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains.”1

This checklist covers seven key considerations for identifying, prioritizing and addressing risks faster and preventing supply chain security attacks.

Download the Supply Chain Security Checklist to learn:

• Common security risks at each layer of software supply chains.
• Rules for securing different third-party software components.
• Security best practices for CI/CD pipelines, registries, repositories and more!

1. Manjunath Bhat, Dale Gardner, and Mark Horvath, How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks, Gartner, July 15, 2021.