Skip to content
/ secure-software-supply-chain-guide Public

Guide to help developers and admins bootstrap their development environment with high assurance protection using the YubiKey and YubiHSM2

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

YubicoLabs/secure-software-supply-chain-guide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

.github

.github

 
 

docs

docs

 
 

scripts

scripts

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Contributors Forks Stargazers Issues Apache-2.0


Logo

Securing Your Software Supply Chain With Yubico

Developer guide to teach you how to maximize the power of the YubiKey to secure your software supply chain. This guide contains examples on how to use the YubiKey to enable account protections, commit signing, and code signing. By the end of this guide you, and your organization will have the tools needed to quickly onboard developers to allow them to focus more time on producing code, and less time configuring their environment.
Explore the docs »

· Report Bug · Request Feature

Table of contents
  1. About The project
  2. Getting started
  3. Contributing
  4. License
  5. Contact

About The Project

A software supply chain attack is when malicious code is added into trusted hardware and software. An attack doesn't only refer to the code that is committed by your developers, it can also refer to code from:

  • Dependencies/packages
  • Code written by external parties for your company
  • Web APIs/services called by your codebase

With this in mind you may be asking what can possibly be done to protect your codebase? Yubico’s various products can be leveraged in ways that can help you protect your solutions. In this series we will explore different attack scenarios, and step-by-step instructions on how to mitigate the risk using account protection, commit signing, and code signing techniques.

(back to top)

Getting Started

To begin your journey, click the link below for our full walkthrough on our passkey application.

Link to Yubico's Securing Your Software Supply Chain Guide

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

(back to top)

License

Distributed under the Apache-2.0 License. See LICENSE for more information.

(back to top)

Contact

Yubico Developer Program

Report an issue

(back to top)

About

Guide to help developers and admins bootstrap their development environment with high assurance protection using the YubiKey and YubiHSM2

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Version 1.0.0 Latest
Dec 14, 2023

Packages

No packages published

Contributors 2

  •  
  •  

Languages