65. Software supply chain security
Protect builds and dependencies with lockfiles, provenance, signing, software bills of materials, vulnerability scanning, and trusted release workflows. This chapter addresses the modern risk that an application is only as safe as its toolchain.