Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation. Its goal is to identify, analyze and mitigate the risks inherent in working with other organizations as part of a supply chain. Supply chain security involves both physical security relating to products and cybersecurity for software and services.

As part of this project, I've been working with the tools such as: syft, grype.

Syft - a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.

Grype - a vulnerability scanner for container images and filesystems.

Also, I introduced an automated way to update dependencies. The process works as follows:

check for vulnerabilities

updating vulnerable dependencies

creating a pull-request in BitBucket with the fixes

notify slack-channel in order to make sure the PR gets approved and released