README.md

September 2, 2023 ยท View on GitHub

The software supply chain is under increasing threat. New attacks and threats have popped up that we couldn't have imagined even two years ago. Total attacks on the software supply chain are increasing by more than 730% year on year since 2019

Unfortunately, there is no commonly accepted definition of what is in the software supply chain. This is a problem as we can't secure the software supply chain if we don't know what's in it. This project aims to help fix that by giving people a visual and contextual way to understand what specific components are in a particular software supply chain. If you want to tag your own components you can fork this repo and edit it to suit your specific software supply chain profiles. This repository takes advantage of the DevSecOps Playbook for the security control examples.

The Software Supply Chain Stages

PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud
DevelopersIDELanguagesSCM providersBuild solutionsServersEmbedded PCURLSaaS solutionsCDN
QA teamSCVFrameworksPull requestsDeployment platformsOperating systemsPCBhostnameThird party APIsCloud services
DevOps teamLocal testsLibrariesSecrets mgmtReleasesWebserversUSB donglePayment gateways
Package MaintainersGit reposPackage ManagersGit reposFunctional testsApplication serversGPU/CPUIdentity Providers
Page BuildersPackagesSecurity testsWeb enginesAnalytics
Open sourceAPI test frameworksDatabasesProxies
Proprietary CodeUnit tests
PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud

Welcome to the "Visualizing the Software Supply Chain" repository!

You can click on any of the links above and see examples of components sorted by category. You can also see specific examples of technologies and vendors that fall into that category as well. Enjoy!

If you want to see everything on one page, you can select EVERYTHING