Supply Chain Security

Produce and consume open source software that you can trust.

Quansight provides expert advice and know-how in all areas of packaging and runtime provisioning, including the increasingly important aspects of supply chain security. Whether you are interested in enhancing the security of existing open source ecosystems and tools or developing new tooling and packages, we have the expertise, skills, processes, and tools to help you secure your supply chain.

Our Supply Chain Security Services

We have a proven track record of helping our clients assess, evaluate and improve their pipelines to adhere to best practices in supply chain security. When done well, achieving a robust, secure, reproducible runtime does not have to be restrictive or burdensome.

Whatever you need to secure your supply chain, we can help with:

  • Security audit and assessments:
    • Audit the provisioning pipelines of your runtime contexts.
    • Review your software publication pipelines: overprovisioned permissions, secret management, authentication approaches.
    • Create and provide SBOMs for the software elements in use.
    • Enumerate all the dependencies involved in your runtime environment, and their provenance.
    • Scan for vulnerabilities in your dependency tree.

  • Vulnerability remediation and secure development practices:
    • Implement best practices for supply chain security, from package management to build and distribution.
    • Introduce reproducible and secure workflows using lockfiles adapted to your needs.
    • Redesigning and refactoring code to address security vulnerabilities.
    • Creating and maintaining airgapped environments, private repositories, and commercial provider integrations.

  • Compliance: Working towards conformance with standards and regulations like the US Executive Order 14028 and the EU’s Cyber Resilience Act.

 

  • Training: Best practices workshops around supply chain security for your teams and processes.

Custom Solutions

Not seeing your exact need? Quansight can partner with you to design a customized supply chain security strategy tailored to your organization’s challenges and ecosystem.

Get in Touch

Ready to take the next step in your open source journey? We’d love to hear from you.