Modal Title
Cloud Native Ecosystem / DevOps Tools / Security

Jetstack Helps Turn Security Policies into Actions

Jetstack, a cloud native security company, has released its Jetstack software supply chain toolkit -- a comprehensive, web-based interactive program for securing software supply chains.
May 24th, 2022 11:00am by
Featued image for: Jetstack Helps Turn Security Policies into Actions
Featured image by Good Ideas from Pixabay.

VALENCIA, Spain — Unless you’ve been hiding out under a rock, you know securing the software supply chain has become security’s job number one. From SolarWinds, Codecov, and Kaseya, to name but a few, the last few years were bad ones for software supply chain security. As a result, there have been many documents and frameworks laying out the best practices for securing the supply chain.

There was only one little problem: How do you take all these policy suggestions and turn them into a plan for concrete action. The cloud native security company Jetstack has an answer: The Jetstack software supply chain toolkit.

Recommendations-Based

This web-based interactive program takes the recommendations from the following seminal software supply chain security documents:

And turns them into actionable suggestions.

Specifically, it breaks these down into four key areas: Build pipelines, source code, provenance, and deployment. It then takes these recommendations and adds insights on priority and complexity along with links to the original open source toolsets that can help with that specific recommendation.

Does that sound too simple for you? That this is something you could do yourself? Well, yes you could? But when are you going to do it? Are you security-savvy enough to do it right? Are you sure?

A Range of Controls

As Steve Judd, Jetstack’s senior solutions architect and the toolkit developer said, “Solving these challenges requires going through a whole range of controls that go well beyond a software bill of materials (SBOMs), which is just one of the 54 recommendations.” Jetstack is doing the cloud native community a world of good by offering this service.

As Jetstack CTO and founder, Matt Barker told me at KubeCon Europe, “It lets you take these recommendations and make them actionable. It also prioritizes them by which ones should take the higher priority with the lowest effort to fix.”

“With this,” Barker continued, “you can get started on securing your supply chain. You can get on the ladder. It takes a huge effort to really secure your software supply chain but with this, you can do something today.”

He’s right. You can. And the sooner you get started on it, the better. Just ask Solarwinds if you doubt this.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Kaseya.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.