| title | Securing your end-to-end supply chain | ||||||
|---|---|---|---|---|---|---|---|
| shortTitle | Overview | ||||||
| allowTitleToDifferFromFilename | true | ||||||
| intro | Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes. | ||||||
| versions |
|
||||||
| redirect_from |
|
||||||
| contentType | tutorials | ||||||
| category |
|
At its core, end-to-end software supply chain security is about making sure the code you distribute hasn't been tampered with. Previously, attackers focused on targeting dependencies you use, for example libraries and frameworks. Attackers have now expanded their focus to include targeting user accounts and build processes, and so those systems must be defended as well.
For information about features in {% data variables.product.prodname_dotcom %} that can help you secure dependencies, see AUTOTITLE.
This series of guides explains how to think about securing your end-to-end supply chain: personal account, code, and build processes. Each guide explains the risk to that area, and introduces the {% data variables.product.github %} features that can help you address that risk.
Everyone's needs are different, so each guide starts with the highest impact change, and continues from there with additional improvements you should consider. You should feel free to skip around and focus on improvements you think will have the biggest benefit. The goal isn't to do everything at once but to continuously improve security in your systems over time.