Evidence Stores for Supply Chain Security

Supply chain security is currently Top 3 on OWASP 2025 Top 10 list. There is growing acknowledgement in the industry that supply chain security becomes is increasingly important and growing number of cyber attacks now involve supply chain compromises as at least one of the vectors. With that the question how to protect one's supply chain becomes highly visible. 2020 Mindset Still Present A lot of tooling is still stuck in the pre-Log4Shell times, when you would point a scanner to source code repository and take results every 6 months, or if you're prudent, every 3 months. But what such results actually represent? How do they correlate to the actual product version that you or your clients are currently running. If there is a customer still running a version released 12 months ago, would it be of any help to them to know that the most recent scan over most recent state over the source code repository came out clean? Tooling Evolution Modern times require modern tools. Tools like ReARM t