Over the past year, breaches like SolarWinds and Kaseya have made it impossible to ignore the threat of software supply chain attacks. Whether it’s infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories or targeting existing vulnerabilities in open source components, attackers are exploiting blind spots in supply chain controls to compromise organizations and their customers. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA).
In this session, WhiteSource Director of Product Rhys Arkins and guest Sandy Carielli, principal analyst, Forrester, discuss why SCA is crucial to achieving supply chain security and why the increased threat of malicious packages has meant a shift from the traditional “scan and report” SCA approach to a “prevent and defend” supply chain security strategy. Forrester’s perspective will be presented, and different types of threats and their effects will be reviewed.