March 2022
Intermediate to advanced
40 pages
54m
English
Content preview from The Rise of Continuous Packaging
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Introduction
Software supply chain security is the subject of ever-increasing focus, and rightly so. Attacks on the supply chain have grown in number, and they are becoming an important way that threat actors can breach organizations and gain access to valuable, sensitive data. As software teams become more aware of security threats and internalize good habits to counter them, malicious actors have become smarter and begun to use legitimate software distribution and update mechanisms as their way in. More and more, software supply chain attacks take advantage of the trust that companies and users place in vendors, and the trust that developers invest in the code that they use from well-known public repositories and registries.
Modern cloud native software development depends more and more on libraries, packages, and other code provided by third parties. The CI/CD pipeline, which increases the effectiveness and speed of software development pipelines, introduces complexity into the software supply chain, from dependencies through the eventual deployment of a cloud native application into a customer’s infrastructure, whether on premises or in the cloud. With this complexity comes risk, as the many moving parts of the software supply chain offer a variety of targets for threat actors. By compromising packages and other dependencies, it’s possible to gain entry into the software development pipeline itself, inserting backdoors and other malicious code for use when the application ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.