Software today has become an assembly of components from a wide range of sources. Many organizations use public package feeds to take advantage of the open ecosystems they offer. Projects that consume packages from multiple public and private feeds may be exposed to supply chain vulnerabilities.
This white paper discusses configurations that can introduce risk in your software supply chain, and how to mitigate these risks.
