40. When software dependencies become a risk
Defend against poisoned packages, stolen signing keys, dependency confusion, malicious maintainers, and compromised build systems. You will use SBOMs, provenance, code signing, pinning, and dependency review to reduce supply-chain risk.