The CIS Software Supply Chain Security Guide, developed in collaboration with Aqua Security, offers over 100 foundational security recommendations aimed at safeguarding the software supply chain across various technologies and platforms. The guide is structured around five key categories-source code, build pipelines, dependencies, artifacts, and deployment-providing practical controls and best practices for securing each phase of the software development and deployment lifecycle. It is intended for DevOps professionals, application security administrators, auditors, and others involved in building, deploying, or assessing software through automated DevOps pipelines. Developed through a consensus-driven process involving global experts, the guide aligns with emerging standards such as SLSA and TUF, and serves as both a reference for secure configuration and a foundation for future CIS Benchmarks to ensure consistent, platform-agnostic software supply chain security.
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / SoFa
CIS Software Supply Chain Security Guide
This document focuses on:CI/CD