Secure Software Supply Chain Guide

Protection for all stages of the development lifecycle

What happens when the call is coming from inside the house? Organizations that develop applications are increasingly being targeted in software supply chain attacks.

A software supply chain attack is when malicious code is added into software that was meant to be trusted. An attack doesn’t only refer to the code that is committed by your developers, it can also refer to code from:

  • Dependencies/packages

  • Code written by parties external to your company

  • Web services called by your codebase

With this in mind you may be asking what can be done to protect your codebase? Yubico’s various products can be leveraged in ways that can help protect software through the development lifecycle. In this series we will explore different attack scenarios, and step-by-step instructions on how to mitigate the risk using YubiKeys and the YubiHSM2.

Click the link below if you’re ready to begin!