ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
194edff100e9caa1bb9f3a9bfca0ac93bdb640be
nexus/wiki/sources/ctp-topic-21-supply-chain-security-in-micro-focus.md
weishen 8341ee6cc4 Auto-sync: 2026-04-19 16:02
2026-04-19 16:02:56 +08:00

48 lines
1.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "CTP Topic 21 Supply Chain Security in Micro Focus"
type: source
tags:
- Security
- Supply-Chain
- CTP
- Cloud-Learning
date: 2026-04-14
---
## Source File
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/ctp-topic-21-supply-chain-security-in-micro-focus.md]]
## Summary
- 核心主题Micro Focus 软件供应链安全的新方法
- 问题域:云转型背景下的供应链安全挑战
- 方法/机制:从 99% 研发安全转向全生命周期安全防护,将供应链安全作为 SDL 第五大支柱
- 结论/价值:必须同时确保 CI构建环境、自动化服务器和 CD交付系统的完整性
## Key Claims
- Micro Focus 内部存在 17 种不同的源码管理工具SCM为统一安全基准带来挑战
-SolarWinds 攻击事件是供应链安全的重要警示,黑客通过渗透构建过程注入恶意代码
- 供应链安全应作为软件开发生命周期SDL的第五大支柱
## Key Quotes
> "供应链不仅包含纯粹的代码开发还涵盖了从源码管理SCM、构建组件CI、制品库到最终交付系统CD的所有环节"
## Key Concepts
- [[Supply Chain Security]]:软件供应链安全,保护从开发到交付的全流程
- [[SDL (Security Development Lifecycle)]]:软件安全开发生命周期
- [[CI/CD Security]]:持续集成与持续交付的安全
- [[SolarWinds Hack]]:著名的供应链攻击事件
## Key Entities
- [[Micro Focus]]:企业软件公司,正在进行云转型
- [[Shlomi Ben-Hur]]Micro Focus 产品安全小组,主讲人
## Connections
- [[CTP Overview]] ← context_of ← [[Supply Chain Security]]
- [[Security Development Lifecycle]] ← includes ← [[Supply Chain Security]]
## Contradictions
-
## Notes
- 视频来源NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 21_ Supply Chain Security in Micro Focus.mp4`
- 状态:已完成 Gemini 摘要
Reference in New Issue View Git Blame Copy Permalink