DevOps Tools are the Weak Link for Software Supply Chain Security: Here’s a Fix

Puppet, Chef, Ansible, and others are great for developers but pose serious risk


Few security issues can be as insidious and deeply-rooted as supply chain compromises. One simple exploit can have a cascading effect throughout the broad software base, which makes thwarting such events top priority.

This is even more important now as more organizations have deployed popular tooling including Puppet, Chef, Ansible, and other developer solution that themselves can present dangers to internal software bases. At the core of protection are internal secrets and secrets managements tools that can lock away resources including databases, services, and servers. Yet another danger can lurk, however. Without robust secrets management approaches, all the locks in the world can’t keep software supply chain attacks at bay. The goal is to have strong secrets management that can separate secrets from those DevOps tools and show full visibility for audits and keep secrets rotated and active.

Join The Register as we talk about how Conjur Cloud or anun can seal your software against software supply chain incidents and allow your devops ad management teams to rest easy.