Jetstack Announces Industry-First Software package Source Chain Security Toolkit

Interactive, world wide web-based mostly tutorial offers clarity and way for groups securing software package supply chains

LONDON, May 17, 2022–(Business WIRE)–Jetstack, a Venafi business and chief in cloud native, open up resource and strategic consulting providers, nowadays announced the availability of an uncomplicated-to-use, interactive and extensive toolkit for securing fashionable program provide chains. The visible, website-based mostly source is available to anyone and is developed to aid businesses evaluate and system the important techniques they require to deal with successful computer software source chain security. Software package supply chain protection has grow to be an more and more important difficulty for all organizations. Just after the assault from Solar Winds at the conclude of 2020 that impacted around 1800 organizations, software package provide chain assaults improved around 300 p.c in 2021.

This push release functions multimedia. Watch the comprehensive release in this article:

Jetstack Software program Supply Chain Security Toolkit (Graphic: Business enterprise Wire)

“Most companies now comprehend the urgency and value of enhancing the safety of the program they eat and develop,” reported Matthew Bates, main technology officer for Jetstack. “The difficulty is that it really is incredibly demanding to detect and prioritize the adjustments that will need to be manufactured although also managing the competing priorities of their development and security communities. It really is really hard to determine out how to frequently increase improvement velocity and decrease time to deployment while, at the same time, increase command, visibility and safety. Our toolkit allows progress and security groups speedily determine out exactly where to begin by identifying the difficulty and affect related to distinct security controls.”

The Computer software Provide Chain toolkit consolidates advice and recommendations from many frameworks and whitepapers that just about every offer thorough steerage for software source chain protection which include:

The interactive toolkit presents the guidance from these frameworks damaged down into 4 crucial locations: establish pipelines, source code, provenance and deployment. Recommendations from every single segment include insights on precedence and complexity along with backlinks to the authentic open source toolsets that can assistance with that specific recommendation.

“Software source chain assaults target a whole variety of vulnerabilities at diverse points in the application lifestyle cycle,” said Steve Judd, senior methods architect for Jetstack and the developer of the toolkit. “Fixing these challenges requires likely by way of a entire variety of controls that go perfectly past a software package invoice of products (SBOMs), which is just 1 of the 54 tips. The Application Provide Chain toolkit is a new kind of collaboration with the open resource neighborhood developed to help the marketplace create proactive and preventative solutions that are intent developed for existing and emerging development processes.”

Take a look at to check out the toolkit.

About Jetstack

Jetstack, a Venafi corporation, is a cloud indigenous goods and strategic consulting business doing the job with enterprises making use of Kubernetes and OpenShift. Venafi is the cybersecurity current market leader and innovator of equipment identification administration.

An open up supply pioneer, Jetstack has attained noteworthy field recognition as the creator of cert-manager which is the open supply industry common for cloud indigenous device identity administration. Jetstack’s open up source solutions and remedies defend the software environments and platform infrastructure of world banks, multinational retailing providers and protection companies.

Venafi and Jetstack are pioneers of enterprise equipment id stability, and Jetstack offers business system and security groups the electrical power to establish, scale and protected their cloud indigenous infrastructure for advanced developer automation, workload safety and software innovation.


See supply variation on


Shelley Boose

Kim Myers