Collaborating with NCCoE to Strengthen Software Supply Chain and DevOps Security

At Scribe Security, we believe the future of cybersecurity hinges on securing software supply chains from the inside out. That’s why we’re proud to collaborate with the National Cybersecurity Center of Excellence (NCCoE) on its Software Supply Chain and DevOps Security Practices project.

This initiative convenes public and private sector technology contributors to explore how secure-by-design DevSecOps practices can help organizations proactively address rising software supply chain threats. The project aligns with frameworks such as SSDF, C-SCRM, and SLSA, and is built around real-world, proof-of-concept scenarios that demonstrate how to apply practical solutions at scale.

What Scribe Is Contributing

As part of this collaboration, Scribe brings its deep expertise in attestation-based software supply chain security and continuous assurance—designed for fast-paced, complex development environments.

Our platform helps organizations:

• Prevent tampering through cryptographic signing and provenance tracking
• Automate the creation and verification of SBOMs and attestations
• Enforce compliance and security guardrails via policy-as-code
• Maintain real-time visibility across the SDLC—without slowing development

“We’re contributing to this effort because the risk is real and growing significantly,” said Rubi Arbel, CEO of Scribe Security. “By bringing our technology and insights to the table, we hope to help shape scalable, effective solutions for securing modern software pipelines.”

Why It Matters

Supply chain attacks are accelerating. Regulatory mandates are increasing. CISOs need more than visibility—they need demonstrable software integrity and continuous compliance.

Scribe Security’s collaboration with the NCCoE reinforces our commitment to helping organizations meet these challenges head-on.

🔗 Learn more about the NCCoE project
🔗 See how Scribe can help your team

Related posts

Practical Steps Towards Protecting Your MLOps Pipeline

Imagine the next board meeting. You, a security leader in your organization, will present your standard deck with risks, mitigations, and incidents. Then, one of the board members will ask: How are you preparing to protect the new AI technologies and the MLOps pipelines that the company is already using?  Here is your answer. AI […]

Defending Against Recent Software Supply Chain Attacks: Lessons and Strategies

In recent years, software supply chain attacks have emerged as a significant cybersecurity threat, targeting the complex networks of relationships between organizations and their suppliers. This article delves into notable recent supply chain attacks, examining how they occurred and discussing strategies for prevention and mitigation. From breaches that compromise sensitive data to attacks that exploit […]

From Application Security to Software Supply Chain Security: A Fresh Approach Is Needed

The traditional approach to securing software products focuses on eliminating vulnerabilities in custom code and safeguarding applications against known risks in third-party dependencies. However, this method is inadequate and fails to address the full scope of threats posed by the software supply chain. Neglecting to secure every aspect of this chain, from production to distribution […]