A very important component in achieving end-to-end security of the software supply chain, is the ability to mitigate cyber risks posed by outsourced subcontractors. In addition, it is crucial to enable a continuous and secure subcontractor software delivery process.
The outsourced subcontractor develops the software, and exports the software artifact, which then goes through the organization’s risk management gate, with the purpose of:
- Preventing tampering with digital assets
- Allowing access to trusted developers only
- Using only reputable open-source
Scribe’s platform serves as your organization’s Acceptance Gate
Scribe serves as your organization’s risk management gate to:
- Continuously collect and sign evidence from subcontractors
- Authenticate and authorize developers
- Verify evidence integrity
- Apply acceptance policy
For organizations using SaaS architecture, Scribe is used as acceptance gate and controls the policy
Modular evidence is collected based on the use case;
integration points into the SDLC are optional.
Evidence is cryptographically signed.
Scribe verifies signatures, analyzes evidence, and applies acceptance policy.
For organizations using on-prem architecture, Scribe is used as a local agent and exports subcontractor’s version evidence as Acceptance Gate
Modular evidence is collected, signed and stored locally, based on the use case.
Scribe exports evidence along with delivery of software artifacts.
Scribe serves as a local agent and exports subcontractor’s version evidence as Acceptance Gate.