The software supply chain is under growing threat

There was no shortage of software supply chain security attacks this year. High-profile attacks such as the Codecov breach (read our play-by-play here) or more recently the Log4j vulnerability have revealed a gigantic blast radius with thousands of organizations hit.

The European Union Agency for Cybersecurity (ENISA) estimated a fourfold increase in supply chain attacks for this year, proving malicious actors’ growing appetite for this type of cyber attack. Malicious actors now clearly understand the upside is near infinite – it takes one successful execution against a single supplier to create a chain reaction, compromising the whole network of organizations trusting it. It won’t come as a surprise to see software supply chain attacks reach their peak in the next couple of years and before we get there, organizations ought to sharpen their battle-ax.

Rethinking your security strategy

In this report from Gartner, How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks, we hope you will find inspiration and validate your organization’s security strategy for software development and delivery for years to come. It outlines how leaders can best guide their teams to protect the SDLC and mitigate software supply chain security risks by adopting different practices thoroughly described in the report. And in case you were wondering, GitGuardian is mentioned in the representative list of Secrets Scanning tools for Git repositories and CI pipelines!

In this 18-page report from Gartner, you’ll learn about:

  • Hardening the software delivery pipeline;
  • Securing the operating environment for software engineers;
  • Protecting the integrity of internal and external code;
  • Countering the threat of software supply chain attacks.

If you're looking for a lighter read to get your year started, give our guide on hardening the software supply chain in 6 steps a look!


GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.