The software supply chain is under increasing threat. New attacks and threats have popped up that we couldn't have imagined even two years ago. Total attacks on the software supply chain are increasing by more than 730% year on year since 2019

Unfortunately, there is no commonly accepted definition of what is in the software supply chain. This is a problem as we can't secure the software supply chain if we don't know what's in it. This project aims to help fix that by giving people a visual and contextual way to understand what specific components are in a particular software supply chain. If you want to tag your own components you can fork this repo and edit it to suit your specific software supply chain profiles. This repository takes advantage of the DevSecOps Playbook for the security control examples.

The Software Supply Chain Stages

People	Local Reqs	Source Code	Integration	Deployment	Runtime	Hardware	DNS	Services	Cloud
Developers	IDE	Languages	SCM providers	Build solutions	Servers	Embedded PC	URL	SaaS solutions	CDN
QA team	SCV	Frameworks	Pull requests	Deployment platforms	Operating systems	PCB	hostname	Third party APIs	Cloud services
DevOps team	Local tests	Libraries	Secrets mgmt	Releases	Webservers	USB dongle		Payment gateways
Package Maintainers	Git repos	Package Managers	Git repos	Functional tests	Application servers	GPU/CPU		Identity Providers
	Page Builders	Packages		Security tests	Web engines			Analytics
		Open source		API test frameworks	Databases			Proxies
		Proprietary Code		Unit tests
People	Local Reqs	Source Code	Integration	Deployment	Runtime	Hardware	DNS	Services	Cloud

Welcome to the "Visualizing the Software Supply Chain" repository!

You can click on any of the links above and see examples of components sorted by category. You can also see specific examples of technologies and vendors that fall into that category as well. Enjoy!

If you want to see everything on one page, you can select EVERYTHING