Supply Chain Attack Defense

Compromised dependencies caused major breaches. Defend against them.

Dependency scanning

Daily scans of dependencies for new CVEs.

Auto-PRs for security updates.

Provenance

Sign artifacts. Verify at deploy.

SLSA framework.

Trusted sources

Pin to specific versions; verify hashes.

No 'latest' in production.