Software Supply Chain Security Support

Supply Chain Security in the context of software means: You not only should care about your own sources but also for the security of all inbound sources!

Since the Solarwinds hack in 2020, the term gained relevance. Due to poisoned components, a widely used software became insecure, allowing hackers entry into several US agencies. This comprises the security of your development systems and build chains but also the integrity and flawlessness of the components you are using.

The Open Security Foundation, an initiative under the umbrella of the Linux Security Foundation is a massively funded initiative, that is tackling this topic. The group hosts several initiatives to improve knowledge and awareness for the security of software supply chains. TrustSource has adopted all the best practises, includes many of their tools and provides the benefits to its users:. One of it  is the Open SSF Scorecard: A key indicator as a result of about 18 tests seek proof for the application of known best practises.

TrustSource makes heavy use of Scorecards to provide its users with