Next-generation cloud technology. For those who move.

valuecloud_newlogo_fullblack_final_transparent

Next-generation cloud technology.

>> Hazzle-free runtime environments for event-centric business systems <<

Let’s talk about the
Integrity of your Software
Artifact Supply Chain.

Software supply chains can expose a number of vulnerabilities to outside attackers. As systems get more complex, it’s essential to think about best practices that protect artifact integrity, throughout your environments.

Let’s talk about the Integrity of your Software Artifact Supply Chain.

Software supply chains can expose a number of vulnerabilities to outside attackers. As systems get more complex, it’s essential to think about best practices that protect artifact integrity, throughout your environments.

What do we talk about?

Attacks on the Software Supply Chain are on the rise.

The good news is that there are typically a bunch of things you can do, even within tight budgets (both time- and money-wise).

We have put a number of best practices into our SASC-I framework (SASC-I stands for the Software Artifact Supply Chain’s Integrity) to help DevOps and MLOps teams that strive for securing and protecting their supply chains.

Please note: We are not selling any tools or licenses (neither our own, nor any 3rd party ones). SASCI is completely tool agnostic, and purely based on best practices. You only pay for our knowledge and implementation support.

What do we talk about?

Attacks on the Software Supply Chain are on the rise.

The good news is that there are typically a bunch of things you can do, even within tight budgets (both time- and money-wise).

We have put a number of best practices into our SASC-I framework (SASC-I stands for the Software Artifact Supply Chain’s Integrity) to help DevOps and MLOps teams that strive for securing and protecting their supply chains.

Please note: We are not selling any tools or licenses (neither our own, nor any 3rd party ones). SASCI is completely tool agnostic, and purely based on best practices. You only pay for our knowledge and implementation support.

The SASC-I framework: a structured and standardized approach

SASC-I is designed to deliver tangible outcomes to your immediate benefit, fast.

Step #1

Typically done through an initial workshop format with a standardized agenda.

Step #2

Following the workshops, our experts evaluate your tools and practices with your teams.

Step #3

Based on our findings, we provide recommendations that are fast and easy to achieve.

Step #4

We support your teams in implementing best practices, in a fast and smooth way.

The SASC-I framework has two main disciplines & focus areas

SASC-I-Sec: Integrity regarding Security

SASC-I-Sec leverages the SLSA framework and adds additional considerations and additional best practices.

SASC-I-Com: Integrity regarding Compliance

We know you are able to deploy from a technical viewpoint. But are you also allowed to deploy?

DevOps toolchains

MLOps toolchains

The five dimensions of the SASC-I framework

3 Dimensions on Security (SASC-I-Sec), with each dimension having 4 maturity levels

Build

Make sure software is built from the correct sources and dependencies, without being unintentionally modified.

Source

All source code should reflect the intent of the software producer, that code and change history stay available for investigation.

Dependencies

Once the earlier security checks have been put into place, applying checks recursively to any dependencies in the system can then be followed up.

2 Dimensions on Compliance (SASC-I-Com), with each dimension having 3 maturity levels

Continuous Documentation

The backbone for decoupled, highly distributed and scalable business applications of any domain.

Dynamic Decisioning

Seamlessly connect legacy systems to any modern, hybrid environments.

Please reach out to us for an initial conversation about SASC-I

Why does ValueCloud talk about SASC-I?

As part of building and operating our own products, we are confronted with software artifact supply chain integrity every day. We have bundled this knowledge to make it accessible, in order to improve practices across the industry.

Supply Chain Integrity is not a secret magic

A lot can be achieved in five simple dimensions

Working with your existing tools and toolchains

GitLab

GitHub

Jenkins

Google Cloud Build

AWS CodeBuild

Azure Pipelines

Argo CD

flux-icon-color

Flux

This list is just an overview. We’re familiar with other tooling as well.

Let’s get started with Software Artifact Supply Chain Integrity

Book a workshop

Book a 4 hour exploration workshop that serves as the foundation for our cooperation.

Talk to an expert

Talk to a senior-level ValueCloud expert to inform you about SASC-I framework and its scope.

General contact ValueCloud

Talk to the ValueCloud Sales department if you want a quote for your personalized environment.

ValueCloud GmbH

Europaallee 10

67657 Kaiserslautern

Germany

P: +49-631-3435-8150

F: +49-631-3435-8159

E: [email protected]

W: https://valuecloud.io

Amtsgericht Kaiserslautern

HRB 33907

Geschäftsführer: Dr.-Ing. Christian Gilcher

USt.-ID: DE316714572

(c) ValueCloud GmbH 2022, all rights reserved.