Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / SoFa

CIS Software Supply Chain Security Guide

This document focuses on:

The CIS Software Supply Chain Security Guide, developed in collaboration with Aqua Security, offers over 100 foundational security recommendations aimed at safeguarding the software supply chain across various technologies and platforms. The guide is structured around five key categories-source code, build pipelines, dependencies, artifacts, and deployment-providing practical controls and best practices for securing each phase of the software development and deployment lifecycle. It is intended for DevOps professionals, application security administrators, auditors, and others involved in building, deploying, or assessing software through automated DevOps pipelines. Developed through a consensus-driven process involving global experts, the guide aligns with emerging standards such as SLSA and TUF, and serves as both a reference for secure configuration and a foundation for future CIS Benchmarks to ensure consistent, platform-agnostic software supply chain security.


Publication's URL

https://www.cisecurity.org/insights/white-papers/cis-software-supply-chain-security-guide

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *