Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.

8 of 10 chapters available

video summary first chapter summary

Resources

Book forum more

Become a
Reviewer

Help us create great books

Securing the Software Supply Chain you own this product

Protect your application development lifecycle

Michael Lieberman and Brandon Lum

MEAP began August 2023
Publication in Fall 2024 (estimated)

ISBN 9781633438767
200 pages (estimated)

Included with a Manning Online subscription

printed in black & white

Development

read now

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $33.59

you save $14.40 (30%)

Look inside

Secure your entire software supply chain, including the code you write, the libraries you use, and the platforms you run on.

Modern software relies on a collection of original code, libraries, open source tools, plugins, packages, and platforms. Securing the Software Supply Chain teaches you to secure those dependencies to the same rigorous standards as the rest of your systems.

Inside this insightful guide, you’ll learn how to:

Understand your whole software supply chain
Model threats to your software development lifecycle
Implement controls to preempt and protect against attack
Use cutting-edge security tools and scalable processes
Organize and plan improvements
Supply chain tools like Sigstore, in-toto, and Kyverno

It’s easy to be blissfully unaware of the dangerous vulnerabilities lurking in your software systems. This book reveals techniques securing all components of the software delivery lifecycle.

about the book

Securing the Software Supply Chain teaches you everything you need to know to identify and protect the code, data, and infrastructure of your applications. You’ll get a comprehensive breakdown of the kind of threats your software supply chain faces, and how they can be dramatically different from traditional dangers. Learn how to implement a chain of custody throughout your software development lifecycle, with techniques ranging from securing developer workstations to implementing dependency proxies.

Real-world examples from a financial services company illustrate each concept, including key signing ceremonies, establishing trust roots, and generating a Software Bill of Materials (SBOM)—vital documentation for supply chain risk management.

about the reader

For software senior engineers and architects with experience in DevSecOps.

about the authors

Michael Lieberman is CTO and co-founder of Kusari, a cybersecurity startup focused on software supply chain security. Michael has previously worked in the financial industry, architecting cloud migrations with a focus on security. In addition, he is an OpenSSF TAC member; a member of the SLSA steering committee, an emerging supply chain security standard; as well as a CNCF Security TAG lead.

Brandon Lum is a co-chair of the CNCF Security TAG, and as a part of Google’s Open Source Security Team, he works on improving the security of the Open Source ecosystem. Previously at IBM Research, Brandon worked on various security areas, such as container content protection via encryption and image signing, identity, Zero Trust architectures, and kernel attack surface reduction.

eBook

$47.99 $33.59

you save $14.40 (30%)

choose your plan

pro

monthly

annual

$24.99

$249.99
only $20.83 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free product every time you renew
choose twelve free products per year
exclusive 50% discount on all purchases
Securing the Software Supply Chain ebook for free

team

monthly

annual

$49.99

$499.99
only $41.67 per month

five seats for your team
access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free product every time you renew
choose twelve free products per year
exclusive 50% discount on all purchases
Securing the Software Supply Chain ebook for free

more seats?

choose your plan

pro

monthly

annual

$24.99

$249.99
only $20.83 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free product every time you renew
choose twelve free products per year
exclusive 50% discount on all purchases
Securing the Software Supply Chain ebook for free

team

monthly

annual

$49.99

$499.99
only $41.67 per month

five seats for your team
access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free product every time you renew
choose twelve free products per year
exclusive 50% discount on all purchases
Securing the Software Supply Chain ebook for free

more seats?