Back to Catalog
Owasp Security
top10_2025
A03:2025 - Software Supply Chain Failures
Risks within the software development and deployment pipeline beyond just vulnerable components.
Intent & Description
'
🎯 Intent
Secure the entire software supply chain from development through deployment.
📋 Context
Modern applications depend on numerous third-party libraries, build tools, CI/CD pipelines, and container images. Any compromised link in this chain can introduce vulnerabilities.
💡 Solution
Verify component integrity with checksums and signatures. Use SBOMs. Monitor for vulnerabilities in dependencies. Secure CI/CD pipelines. Implement dependency pinning and vulnerability scanning.'
Real-world Use Case
Use when managing third-party dependencies, build pipelines, and deployment infrastructure.
📌 TL;DR
Secure your entire supply chain. Verify dependencies, sign artifacts, scan for vulnerabilities, and protect CI/CD pipelines.
Advantages
- Protects against compromised dependencies
- Provides visibility into software composition
- Enables rapid vulnerability response
- Supports regulatory compliance
Disadvantages
- Large dependency trees are difficult to manage
- May slow down development workflows
- Requires ongoing monitoring and updates