Supply-Chain

• Sealing the Supply Chain: Zero-Trust Build Pipelines That Scale · 2023-10-08

  An engineer’s map for rebuilding the software supply chain around zero-trust principles without stopping delivery.

• Software Supply Chain Security: SBOMs, Sigstore, Reproducible Builds, and Attestation · 2022-04-19

  An in-depth guide to securing the software supply chain: SBOMs, provenance, Sigstore, SLSA, reproducible builds, code signing, and operational best practices.

• Deterministic Monorepo CI Platforms: Engineering Consistency at Scale · 2021-04-23

  A deep guide to building, operating, and evolving reproducible CI/CD systems for large monorepos without sacrificing developer velocity or safety.