Journey to Software Supply Chain Resources
Stage 0 – Complete Anarchy
| Ebook Page | Print Page | Title | URL |
|---|---|---|---|
| 2 | 5 | How to Avoid Becoming the Next SolarWinds | https://www.activestate.com/blog/how-to-avoid-becoming-the-next-solarwinds/ |
| 2 | 5 | Threat Landscape for Supply Chain Attacks | https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks |
| 3 | 4 | 8th Annual State of the Software Supply Chain | https://www.sonatype.com/state-of-the-software-supply-chain/introduction |
| 4 | 7 | Kaseya VSA ransomware attack | https://en.wikipedia.org/wiki/Kaseya_VSA_ransomware_attack |
| 5 | 9 | CircleCI incident report for January 4, 2023 security incident | https://circleci.com/blog/jan-4-2023-incident-report/ |
| 8 | 12 | Survey Report: State of Software Supply Chain Security | https://www.activestate.com/resources/datasheets/software-supply-chain-security-survey-report/ |
Stage 1 – Observable Chaos
| Ebook Page | Print Page | Title | URL |
|---|---|---|---|
| 15 | 24 | Securing the Software Supply Chain – Recommended Practices For Developers | https://www.cisa.gov/sites/default/files/publications/ESF_SECURING_THE_ SOFTWARE_SUPPLY_CHAIN_DEVELOPERS.PDF |
| 20 | 31 | Annual Report on the State of Application Security Read the Report | https://www.veracode.com/state-of-software-security-report |
| 20 | 31 | How to remediate your open source vulnerabilities quicker | https://www.activestate.com/blog/how-to-remediate-your-open-source-vulnerabilities-quicker/ |
| 22 | 35 | Microsoft’s SPDX sbom-tool | https://github.com/microsoft/sbom-tool |
| 22 | 35 | CycloneD | https://docs.gitlab.com/ee/user/application_security/dependency_scanning/ #cyclonedx-software-bill-of-materials |
| 22 | 35 | Anchore SBOM Action | https://github.com/marketplace/actions/anchore-sbom-action |
| 22 | 35 | Data Sheet: Improve Open Source Security With a Bill Of Materials | https://www.activestate.com/resources/datasheets/improve-open-source-security- with-a-bill-of-materials/ |
Stage 2 – Automated Security
Stage 3 – Verifiable Security
| Ebook Page | Print Page | Title | URL |
|---|---|---|---|
| 34 | 57 | C-Suite Security Survey | https://www.cloudbees.com/c/cloudbees-global-security-survey |
| 35 | 59 | How to Avoid Software Supply Chain Fines | https://www.activestate.com/blog/how-to-avoid-software-supply-chain-fines/ |
| 35 | 59 | SBOMS & Attestations: US Government Deadlines for Implementation | https://www.activestate.com/blog/sboms-attestations-us-government-deadlines-for-implementation/ |
| 40 | 67 | CycloneDX Extension: Vulnerability | https://cyclonedx.org/ext/vulnerability/ |
| 40 | 67 | The Software Package Data Exchange® (SPDX®) | https://spdx.dev/ |
| 41 | 69 | Survey Report: State of Software Supply Chain Security | https://www.activestate.com/resources/datasheets/software-supply-chain-security-survey-report/ |
Stage 4 – Anti Entropy
| Ebook Page | Print Page | Title | URL |
|---|---|---|---|
| 45 | 76 | The 2023 Tidelift state of the open source maintainer report | https://www.tidelift.com/open-source-maintainer-survey-2023 |
| 48 | 81 | JUNIPER RESEARCH STUDY REVEALS STAGGERING COST OF VULNERABLE SOFTWARE SUPPLY CHAINS | https://www.juniperresearch.com/press/press-releases/study-reveals-staggering-cost-of-software-supply |
| 50 | 83 | Risk Explorer for Software Supply Chains | https://sap.github.io/risk-explorer-for-software-supply-chains/ |
| 50 | 83 | Software supply chain threats | https://cloud.google.com/software-supply-chain-security/docs/attack-vectors |
| 51 | 85 | How to Prevent Dependency Confusion | https://www.activestate.com/blog/how-to-prevent-dependency-confusion/ |
| 51 | 85 | MalwareArchivist | https://github.com/ActiveState/MalwareArchivist |
| 51 | 85 | Chaos Monkey | https://netflix.github.io/chaosmonkey/ |