Engram: the one security platform for modern software supply chain risks

In the light of recent increase in the number of cybersecurity incidents affecting organizations of different kinds and sizes, security of software supply chain is becoming mission critical. At the core, supply chain security is a multi-disciplinary paradigm that includes security of code and infrastructure, provenance collection and auditability, cryptographic identity and verification, transparency and more. There are a number of emerging frameworks, standards, tools being developed and implemented in practice to bring security and compliance assurance through application lifecycle. Although, in certain aspects, this approach has been of a corrective-kind to accommodate traditional practices. For instance, to bring visibility into the microservice application builds, solutions are being developed to introspect docker build process. In engram , we present a novel approach to be applied at different stages during application lifecycle to modernize the overall security and compliance posture.