Jetstack Announces Industry-First Software Supply Chain Security Toolkit

Jean J. Sanders

Interactive, internet-centered guidebook provides clarity and path for teams securing software package supply chains

LONDON, May possibly 17, 2022–(Enterprise WIRE)–Jetstack, a Venafi corporation and leader in cloud indigenous, open up source and strategic consulting expert services, these days announced the availability of an quick-to-use, interactive and thorough toolkit for securing modern software supply chains. The visual, web-based mostly useful resource is out there to absolutely everyone and is designed to assistance businesses consider and program the important steps they require to tackle powerful software program offer chain stability. Software source chain stability has become an ever more significant situation for all organizations. Right after the assault against Solar Winds at the conclude of 2020 that afflicted above 1800 corporations, software source chain assaults increased around 300 percent in 2021.

This push release characteristics multimedia. Look at the comprehensive launch here:

Jetstack Application Offer Chain Safety Toolkit (Graphic: Business enterprise Wire)

“Most corporations now understand the urgency and importance of increasing the security of the software program they consume and generate,” reported Matthew Bates, main technologies officer for Jetstack. “The trouble is that it truly is pretty demanding to identify and prioritize the adjustments that want to be made even though also handling the competing priorities of their improvement and stability communities. It is really very challenging to determine out how to frequently enhance growth velocity and lessen time to deployment even though, at the exact time, boost handle, visibility and security. Our toolkit allows progress and security teams immediately determine out in which to start off by pinpointing the issue and effects related to particular stability controls.”

The Software Offer Chain toolkit consolidates advice and recommendations from multiple frameworks and whitepapers that just about every provide complete steering for software provide chain stability including:

The interactive toolkit presents the steerage from these frameworks damaged down into 4 crucial locations: make pipelines, source code, provenance and deployment. Recommendations from just about every area consist of insights on precedence and complexity along with back links to the original open resource toolsets that can assist with that unique suggestion.

“Software package source chain attacks target a total variety of vulnerabilities at various factors in the software program lifetime cycle,” stated Steve Judd, senior answers architect for Jetstack and the developer of the toolkit. “Fixing these troubles involves likely by way of a complete range of controls that go perfectly beyond a computer software bill of supplies (SBOMs), which is just a person of the 54 suggestions. The Computer software Provide Chain toolkit is a new form of collaboration with the open resource community designed to support the sector build proactive and preventative options that are function crafted for current and emerging growth procedures.”

Take a look at package-source-chain/ to check out the toolkit.

About Jetstack

Jetstack, a Venafi business, is a cloud indigenous products and strategic consulting business functioning with enterprises employing Kubernetes and OpenShift. Venafi is the cybersecurity industry leader and innovator of device id administration.

An open supply pioneer, Jetstack has attained notable sector recognition as the creator of cert-manager which is the open source marketplace regular for cloud native device identity management. Jetstack’s open supply merchandise and options guard the software environments and platform infrastructure of worldwide banking companies, multinational retailing firms and protection organizations.

Venafi and Jetstack are pioneers of business equipment id protection, and Jetstack gives business system and protection teams the energy to develop, scale and secure their cloud indigenous infrastructure for superior developer automation, workload stability and software innovation.


Perspective source variation on


Shelley Boose
[email protected]

Kim Myers
[email protected]

Next Post

Oxeye application testing platform scans for custom code and open source vulnerabilities

Software security screening startup Oxeye Ltd. now announced the basic availability of its Cloud Indigenous Software Security Testing platform. Debuted at KubeCon 2022, the platform identifies tailor made code and open-resource vulnerabilities and application secrets and techniques to expose the important, exploitable protection difficulties as an integral component the software package advancement […]

You May Like