Developer guide to teach you how to maximize the power of the YubiKey to secure your software supply chain. This guide contains examples on how to use the YubiKey to enable account protections, commit signing, and code signing. By the end of this guide you, and your organization will have the tools needed to quickly onboard developers to allow them to focus more time on producing code, and less time configuring their environment.
Explore the docs »
·
Report Bug
·
Request Feature
Table of contents
A software supply chain attack is when malicious code is added into trusted hardware and software. An attack doesn't only refer to the code that is committed by your developers, it can also refer to code from:
- Dependencies/packages
- Code written by external parties for your company
- Web APIs/services called by your codebase
With this in mind you may be asking what can possibly be done to protect your codebase? Yubico’s various products can be leveraged in ways that can help you protect your solutions. In this series we will explore different attack scenarios, and step-by-step instructions on how to mitigate the risk using account protection, commit signing, and code signing techniques.
To begin your journey, click the link below for our full walkthrough on our passkey application.
Link to Yubico's Securing Your Software Supply Chain Guide
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the Apache-2.0 License. See LICENSE
for more information.