Jetstack Consult​

Software Supply Chain Security

Every artifact in your software supply chain matters. Use our Assessment Toolkit to gauge the maturity of yours today.

View Toolkit​
Book Assessment​

Why did we build the software supply chain toolkit?

High-profile outages like Log4j and SolarWinds have shown us that the security of your software supply chain has never been more important. But it can be a challenge to identify and prioritize the changes your organization needs to make while still managing competing priorities for your developer and security teams.

Use our online Assessment Toolkit to gain insight and advice on your current build pipeline.

See where vulnerabilities exist and discover what you need to resolve them. The tool also consolidates recommendations and guidance from several existing frameworks and whitepapers—including SLSA and the CNCF—and it is presented in a form that offers clarity in an increasingly complex problem space.

The Assessment Toolkit is broken down into four key areas, grading potential action points based on priority and complexity.

  • Pipeline 02 White

    Build Pipelines​

    Secure automated processes and tooling used to build and package software components.​

  • Code 03 White

    Source Code

    Ensure authenticity and integrity of the software code used within your applications.​

  • Change Process 01 White

    Provenance​

    Publish the steps taken to build your software components.​

  • Crypto Agility 01 White

    Deployment​

    Enable consumers to verify your software’s integrity before deployment and use.

Version 1.0

The software supply chain toolkit

An interactive guide on how to secure your third-party software

Working with Venafi Jetstack Consult

While the items listed above provide a great place to start when considering your software supply chain security, this 52-point radar is by no means exhaustive. The world of software supply chains is constantly evolving, and we understand if you’re feeling overwhelmed.

Our Field Engineers and Solution Architects are the brains behind those action points, and they also created the hugely popular cert-manager project. They’d be more than happy to help your organization tailor the recommendations described above to better secure your third-party software.

Related Resources

FleetOps with Anthos Config Controller - Clusters, Config and Meshes - cover graphic
Cloud Native

FleetOps with Anthos Config Controller - Clusters, Config and Meshes

8 minute read
Cloud
FleetOps with Anthos Config Controller - Addons and Apps - cover graphic
Cloud Native

FleetOps with Anthos Config Controller - Addons and Apps

8 minute read
Cloud
Open Source Is Being Weaponized. How Can You Mitigate the Risks? - cover graphic
Cloud Native

Open Source Is Being Weaponized. How Can You Mitigate the Risks?

4 minute read
Cloud
What is PKI? The Ultimate Guide to Public Key Infrastructure - cover graphic
Public Key Infrastructure

What is PKI? The Ultimate Guide to Public Key Infrastructure

Threat IntelligencePKI

Contact Venafi

Questions about software supply chain security? Reach out to our expert team.

Talk to an Expert