28.Lock Globe

An internal developer portal can help you consolidate and evolve your security strategy.

Software nowadays is rarely written from scratch. According to Forrester, the average software is composed of at least 75% open source code. Additionally, teams rely heavily on third-party code. Thus, the code you put into production comes from different sources and goes through various networks and actors to get there. This is known as the software supply chain.

Software supply chains have gained significant attention after severe attacks over the past few years. In the United States, the federal government has even issued software supply chain guidelines for state contractors.

As the Cloud Native Computing Foundation (CNCF) Security working group states, “Supply chains require more than one linked process, and supply chain security relies on the validation and verification of each process.” Therefore, to adopt security practices in each step of the development life cycle, companies usually adopt a DevSecOps approach.