SERVICES.md

September 2, 2023 ยท View on GitHub

The Software Supply Chain Stages

PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud
DevelopersIDELanguagesSCM providersBuild solutionsServersEmbedded PCURLSaaS solutionsCDN
QA teamSCVFrameworksPull requestsDeployment platformsOperating systemsPCBhostnameThird party APIsCloud services
DevOps teamLocal testsLibrariesSecrets mgmtReleasesWebserversUSB donglePayment gateways
Package MaintainersGit reposPackage ManagersGit reposFunctional testsApplication serversGPU/CPUIdentity Providers
Page BuildersPackagesSecurity testsWeb enginesAnalytics
Open sourceAPI test frameworksDatabasesProxies
Proprietary CodeUnit tests
PeopleLocal ReqsSource CodeIntegrationDeploymentRuntimeHardwareDNSServicesCloud

Services

This refers to the process of identifying and describing the external services that a application relies on in order to function properly. These third-party services can include anything from authentication and authorization services to payment processing and analytics tools.

What's in scope?

  • third party SaaS solutions
  • third party APIs or data
  • payment processors/gateways
  • identity providers
  • analytics & tracking

Examples

Payment gateways & processors

SaaS solutions examples

Analytics & tracking examples

Who owns it?

  • CloudOps team
  • Marketing team

How do I secure it?

  • Centralized audit logs
  • Vendor key management
  • Content security policy
  • Just in time access control