March 2022
Intermediate to advanced
40 pages
54m
English
Content preview from The Rise of Continuous Packaging
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 2. Software Supply Chain Challenges
The software supply chain encompasses all components and processes needed to deliver the end product: a deployed application. These components and processes include your code, third-party dependencies, scripts, tests, environment variables, IDEs, plug-ins, source code repositories, CI/CD tools, and of course package repositories. Like any other supply chain, the software development pipeline consumes raw materials, applying processes and techniques to turn them into end products. Every point in the supply chain can be vulnerable to flaws, mistakes, or threats. Often, the majority of an application comprises open source or proprietary libraries or packages that are themselves the output from another supply chain. All of these interconnected pipelines are potentially vulnerable. Microservices, which are built and packaged separately, each have their own dependencies. As a result, the number of raw materials a modern software supply chain uses from different sources can be vast. The complexity that comes from this interdependency opens up possibilities for numerous effective attack vectors.
Protecting a software development pipeline must begin with knowing the origin and provenance of the raw materials—especially the libraries and packages that come from elsewhere. The next section discusses a few types of risks that the modern software supply chain must anticipate and manage.
Risks Due to Complexity
The supply chain is concerned with ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.