Jetstack Consult

Software Supply Chain Security

Every artifact in your software supply chain matters. Use our Assessment Toolkit to gauge the maturity of yours today.

Why did we build the software supply chain toolkit?

High-profile outages like Log4j and SolarWinds have shown us that the security of your software supply chain has never been more important. But it can be a challenge to identify and prioritize the changes your organization needs to make while still managing competing priorities for your developer and security teams.

Use our online Assessment Toolkit to gain insight and advice on your current build pipeline.

See where vulnerabilities exist and discover what you need to resolve them. The tool also consolidates recommendations and guidance from several existing frameworks and whitepapers—including SLSA and the CNCF—and it is presented in a form that offers clarity in an increasingly complex problem space.

The Assessment Toolkit is broken down into four key areas, grading potential action points based on priority and complexity.

Build Pipelines
Secure automated processes and tooling used to build and package software components.
Source Code
Ensure authenticity and integrity of the software code used within your applications.
Provenance
Publish the steps taken to build your software components.
Deployment
Enable consumers to verify your software’s integrity before deployment and use.

Version 1.0

The software supply chain toolkit

An interactive guide on how to secure your third-party software

Working with Venafi Jetstack Consult

While the items listed above provide a great place to start when considering your software supply chain security, this 52-point radar is by no means exhaustive. The world of software supply chains is constantly evolving, and we understand if you’re feeling overwhelmed.

Our Field Engineers and Solution Architects are the brains behind those action points, and they also created the hugely popular cert-manager project. They’d be more than happy to help your organization tailor the recommendations described above to better secure your third-party software.

Related Resources

Cloud Native

FleetOps with Anthos Config Controller - Clusters, Config and Meshes

8 minute read

Cloud

Cloud Native

FleetOps with Anthos Config Controller - Addons and Apps

8 minute read

Cloud

Cloud Native

Open Source Is Being Weaponized. How Can You Mitigate the Risks?

4 minute read

Cloud

Public Key Infrastructure

What is PKI? The Ultimate Guide to Public Key Infrastructure

Threat IntelligencePKI

Contact Venafi

Questions about software supply chain security? Reach out to our expert team.

Talk to an Expert

Software Supply Chain Security

Every artifact in your software supply chain matters. Use our Assessment Toolkit to gauge the maturity of yours today.

Why did we build the software supply chain toolkit?

Use our online Assessment Toolkit to gain insight and advice on your current build pipeline.

Build Pipelines

Source Code

Provenance

Deployment

The software supply chain toolkit

Working with Venafi Jetstack Consult

Related Resources

FleetOps with Anthos Config Controller - Clusters, Config and Meshes

FleetOps with Anthos Config Controller - Addons and Apps

Open Source Is Being Weaponized. How Can You Mitigate the Risks?

What is PKI? The Ultimate Guide to Public Key Infrastructure

Questions about software supply chain security? Reach out to our expert team.

Products

Solution Offerings

Solutions by Industry

Consulting

Resources

Ecosystem

Open Source

Company

Software Supply Chain Security

Every artifact in your software supply chain matters. Use our Assessment Toolkit to gauge the maturity of yours today.

Why did we build the software supply chain toolkit?

Use our online Assessment Toolkit to gain insight and advice on your current build pipeline.

Build Pipelines​

Source Code

Provenance​

Deployment​

The software supply chain toolkit

Working with Venafi Jetstack Consult

Related Resources

FleetOps with Anthos Config Controller - Clusters, Config and Meshes

FleetOps with Anthos Config Controller - Addons and Apps

Open Source Is Being Weaponized. How Can You Mitigate the Risks?

What is PKI? The Ultimate Guide to Public Key Infrastructure

Questions about software supply chain security? Reach out to our expert team.

Products

Solution Offerings

Solutions by Industry

Consulting

Resources

Ecosystem

Open Source

Company

Build Pipelines

Provenance

Deployment