Automating Security from the Left: Integrating Software Supply Chain Security into your DevOps using SLSA, Vulnerability Checks and Beyond
Open source libraries and frameworks like npm package manager, Log4j and Spring have been a core part of many projects and now are being exposed as potential vulnerabilities causing us all to reevaluate our approach to securing our code. This last year has been an eye opening experience for many as software supply chain security attacks and vulnerabilities have been increasing at an alarming rate. Automation of DevOps components has been a key focus for many companies for years and implemented at some level of maturity successfully.