Безопасность цепочки поставок (Supply Chain Security)
Защита целостности товаров, услуг и информации в цепочке поставок, включая физическую логистику и разработку ПО.
Безопасность цепочки поставок фокусируется на снижении рисков, связанных с взаимосвязями между участниками производства и доставки. Это включает защиту физической логистики от краж и подделок, а также безопасность программного обеспечения (управление зависимостями, SBOM, подписание кода). Цель — установить доверие и прозрачность.
graph LR
Center["Безопасность цепочки поставок (Supply Chain Security)"]:::main
Rel_supply_chain_attacks["supply-chain-attacks"]:::related -.-> Center
click Rel_supply_chain_attacks "/terms/supply-chain-attacks"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Простыми словами
Generated ELI5 content
🤓 Expert Deep Dive
Generated expert content
❓ Частые вопросы
What is the primary objective of supply chain security?
The primary objective is to enhance the security of the supply chain or value chain by protecting the integrity, availability, and confidentiality of goods, services, and information throughout its lifecycle, including transport and logistics.
How does supply chain security apply to software?
In software, supply chain security involves securing the components, libraries, tools, and processes used to develop, build, and publish software artifacts. This includes managing dependencies, ensuring code integrity, and protecting the development and deployment pipelines.
What are common risks in supply chain security?
Common risks include lack of visibility into dependencies, compromised credentials, insecure third-party integrations, vulnerabilities in components, and physical or digital tampering during transit or within development processes.