Skip to content

Services, Wiki-Artikel und Blog-Beiträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen

Software Supply Chain Security: SLSA, Sigstore and Dependencies

Software supply chain security protects the entire software development process from compromise—from source code repositories to build systems and package registries. SLSA (Supply-chain Levels for Software Artifacts) defines security levels for build processes. Sigstore enables transparent code signing. This article explains SolarWinds, XZ Utils, and other supply chain attacks, as well as practical countermeasures.

Summary: An SBOM (Software Bill of Materials) is a machine-readable inventory of all software components, libraries, and dependencies in an application—including open-source packages, versions, and licenses. SBOMs enable the rapid identification of affected systems in the event of new CVEs (e.g., Log4Shell) and are required by regulation under U.S. Executive Order 14028 and the EU Cyber Resilience Act.

Questions about this topic?

Our experts advise you free of charge and without obligation.

Free Consultation

About the Author

Jan Hörnemann
Jan Hörnemann

Chief Operating Officer · Prokurist

E-Mail
PGP A3FD64BB96C888E2

M.Sc. Internet-Sicherheit (if(is), Westfälische Hochschule). COO und Prokurist mit Expertise in Informationssicherheitsberatung und Security Awareness. Nachwuchsprofessor für Cyber Security an der FOM Hochschule, CISO-Referent bei der isits AG und Promovend am Graduierteninstitut NRW.

11 Publikationen
ISO 27001 Lead Auditor (PECB/TÜV) T.I.S.P. (TeleTrusT) ITIL 4 (PeopleCert) BSI IT-Grundschutz-Praktiker (DGI) Ext. ISB (TÜV) BSI CyberRisikoCheck CEH (EC-Council)
Vollständiges Profil ansehen
This article was last edited on 03/29/2026. Responsible: Jan Hörnemann, Chief Operating Officer · Prokurist at AWARE7 GmbH. License: CC BY 4.0 - free use with attribution: "AWARE7 GmbH, https://a7.de"