The software supply chain is under increasing threat. New attacks and threats have popped up that we couldn't have imagined even two years ago. Total attacks on the software supply chain are increasing by more than 730% year on year since 2019
Unfortunately, there is no commonly accepted definition of what is in the software supply chain. This is a problem as we can't secure the software supply chain if we don't know what's in it. This project aims to help fix that by giving people a visual and contextual way to understand what specific components are in a particular software supply chain. If you want to tag your own components you can fork this repo and edit it to suit your specific software supply chain profiles. This repository takes advantage of the DevSecOps Playbook for the security control examples.
| People | Local Reqs | Source Code | Integration | Deployment | Runtime | Hardware | DNS | Services | Cloud |
|---|---|---|---|---|---|---|---|---|---|
| Developers | IDE | Languages | SCM providers | Build solutions | Servers | Embedded PC | URL | SaaS solutions | CDN |
| QA team | SCV | Frameworks | Pull requests | Deployment platforms | Operating systems | PCB | hostname | Third party APIs | Cloud services |
| DevOps team | Local tests | Libraries | Secrets mgmt | Releases | Webservers | USB dongle | Payment gateways | ||
| Package Maintainers | Git repos | Package Managers | Git repos | Functional tests | Application servers | GPU/CPU | Identity Providers | ||
| Page Builders | Packages | Security tests | Web engines | Analytics | |||||
| Open source | API test frameworks | Databases | Proxies | ||||||
| Proprietary Code | Unit tests | ||||||||
| People | Local Reqs | Source Code | Integration | Deployment | Runtime | Hardware | DNS | Services | Cloud |
You can click on any of the links above and see examples of components sorted by category. You can also see specific examples of technologies and vendors that fall into that category as well. Enjoy!
If you want to see everything on one page, you can select EVERYTHING