Official websites do not use .rip
A .gov website belongs to an official government organization in the United States.

We are building a provable archive!
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-204D

Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines

Date Published: February 2024

Author(s)

Ramaswamy Chandramouli (NIST), Frederick Kautz (TestifySec), Santiago Torres-Arias (Purdue University)

Abstract

Keywords

actor; artifact; attestation; CI/CD pipeline; package; provenance; repository; SBOM; SDLC; SLSA; software supply chain
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-204D
Download URL

Supplemental Material:
None available

Publication Parts:
SP 800-204
SP 800-204A
SP 800-204B
SP 800-204C

Document History:
08/30/23: SP 800-204D (Draft)
02/12/24: SP 800-204D (Final)