https://www.pistack.xyz/tags/supply-chain/Recent content in Supply-Chain on Pi StackHugoen-usTue, 21 Apr 2026 00:00:00 +0000https://www.pistack.xyz/posts/2026-04-21-self-hosted-supply-chain-security-cosign-notation-intoto-2026/Tue, 21 Apr 2026 00:00:00 +0000https://www.pistack.xyz/posts/2026-04-21-self-hosted-supply-chain-security-cosign-notation-intoto-2026/<p>Software supply chain attacks have grown exponentially in recent years. Compromised packages, tampered container images, and unauthorized code modifications threaten every organization that builds and deploys software. Self-hosted supply chain security tools give you full control over artifact signing, verification, and provenance — without trusting third-party SaaS platforms.</p>https://www.pistack.xyz/posts/self-hosted-sbom-dependency-tracking-dependency-track-syft-cyclonedx-guide-2026/Tue, 14 Apr 2026 00:00:00 +0000https://www.pistack.xyz/posts/self-hosted-sbom-dependency-tracking-dependency-track-syft-cyclonedx-guide-2026/<p>Every modern application pulls in hundreds — sometimes thousands — of third-party packages. Each dependency carries its own dependency tree, licenses, and potential vulnerabilities. Without visibility into what ships inside your software, you cannot answer basic questions: <em>Does our container include Log4j? Which packages use the GPL license? When was this component last updated?</em></p>