Secure the Software Supply Chain
Secure the Software Supply Chain¶
Integrate SAST and dependency scanning into CI¶
Tasks:¶
- Add GitHub Advanced Security tools
- Enable dependency scanners
- Review scan reports
- Set auto-remediation reminders
Create a Software Bill of Materials (SBOM)¶
Tasks:¶
- Add SBOM tooling
- Store SBOM in artifact storage
- Validate dependencies
- Link SBOM to release notes