The National Institute of Standards and Technology has opened for public comment a new draft report outlining strategies for integrating software supply chain security in DevSecOps continuous integration/continuous delivery pipelines.
The draft NIST Special Publication 800-204D aims to ensure that security measures are embedded in the agile software development life cycle to ensure the overall security of the software supply chain, the agency said Wednesday.
The NIST framework provides actionable steps to integrate the various SSC security building blocks into DevSecOps CI/CD pipelines to prepare organizations to deploy cyber-hardened cloud-native applications.
According to NIST, due diligence practices must be followed during the SDLC to prevent malicious threat actors from exploiting attack vectors and ensure that cloud-based software applications are free of defects.
Comments are due Oct. 13.
