26. Software supply chain security
Package servers reproducibly, pin dependencies, sign or verify release artifacts, and generate software bills of materials. Reduce risks from compromised packages, install scripts, server updates, and unreviewed third-party code.