Skip to content

🧪 Secure the Software Supply Chain

Continuous Delivery and Secure Supply Chain

Supply chain security is integral to continuous delivery. With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerable dependencies and replace any malware.

Building on the progress from previous exercises, we will apply supply chain security and continuously deliver the product by fulfilling the following objectives.

Objectives

  • Create Integration Checks for the Tetris app using GitHub Actions.
  • Create a Continuous Delivery workflow for the Tetris app using GitHub Actions.
  • Create a new release tag for the Tetris app using GitHub Actions.
  • Create a Compliance using CodeQL, Dependency Review, and Dependabot.