What We Do
Software Supply Chain
If you insist on a tracking number when shipping valuables, shouldn't you insist on the same when shipping important code?
A software supply chain is all the tools and processes that affect all the inputs, how people write and develop code, through CI/CD pipelines up to and including how it is run in production.
In modern environments, there are many complex components to any system. Unfortunately, many companies have built up manual processes, often resulting from good decisions and intentions and years of experience. This leads to multiple, human-driven manual checkpoints or actions throughout their software supply chain process. Processes such as legal review of open-source software packages, change control boards, separation of duties between humans authoring and deploying code.
Manual processes such as these add human response times that increase the work-in-progress queue. As a result, momentum slows down and results in weekly, monthly or even quarterly deployment cycles. Even worse, humans are not ideal at repetitive, manual tasks and any humans required later in the supply chain introduce risk of mistakes.
That’s why we build supply chains that push complexity to software and allow humans to bring their focus and passion to solving business problems. This supply chain lets all stakeholders understand their software, their requirements, where it is located, who touched it, and how it is running. This is achieved through automation, integration, cryptography and robust data gathering. The supply chain spans the entire value chain from business vision to product features through running software.
By creating observability across the entire value chain we give technical teams the understanding of how software is operating and the ability for executives to understand how this ties directly back to their core business objectives and results.
Furthermore, a well-built supply chain allows engineers to "shift left." Software and automation on the right provides guidance to humans who are able to make better decisions quicker on the left. This has a profound impact on how companies and engineers approach their job. It also still requires humans on the right, such as SREs, the guardians of reliability and ensuring the systems are working properly.
Think of a factory where hundreds of humans are doing the manufacturing upgrading to a fully automated factory where humans are monitoring the factory and fixing the robots if they malfunction. You go from hundreds of low skilled, moderately paid workers to a dozen highly skilled, high paid workers.
- Automated source code analysis (security, vulnerabilities, license compliance, etc.)
- Automated build & testing
- Automated security scanning & signing
- Automated change notes & risk assessment
- Automated deployment, including binary authentication