DOP 111: What Are Software Supply Chain Attacks?

#111: Ever since Alex Birsan published his Dependency Confusion article in February 2021, the concept of the software supply chain has come to the forefront. The supply chain should not be a new concept to people, but many seemed to have been caught off guard. Today we talk about Alex's article along with a new project that allows you to manage your supply chain security in Tekton.   https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://security.googleblog.com/2021/06/verifiable-supply-chain-metadata-for.html https://cloud.google.com/blog/products/identity-security/how-were-helping-reshape-software-supply-chain-ecosystem-securely https://portswigger.net/daily-swig/software-supply-chain-attacks-everything-you-need-to-know https://www.cisa.gov/publication/software-supply-chain-attacks https://www.whitesourcesoftware.com/resources/blog/software-supply-chain-attacks/ https://deps.dev/   YouTube channel: https://youtube.com/devopsparadox/   Books and Courses: Catalog, Patterns, And Blueprints https://www.devopstoolkitseries.com/posts/catalog/   Kubernetes Chaos Engineering With Chaos Toolkit And Istio https://www.devopstoolkitseries.com/posts/chaos/   Canary Deployments To Kubernetes Using Istio and Friends https://www.devopstoolkitseries.com/posts/canary/   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/