Show HN: Visualize your software supply chain

There has been a lot of noise about software supply chain attacks over the last few years. These threats are often novel, and have colorful names like dependency confusion, repo-jacking, and commit spoofing.

Unfortunately, there is no common, agreed upon definition for what is in the software supply chain. When asked, most people I talked to would say "Uh, its your open-source libraries, right?" This is a problem, as there is a lot more that goes into building modern applications than just some open-source components. To me, the software supply chain should be all those things that are needed to build a working application. This would include things like the software engineers themselves, and the CI/CD components used. The third-parity APIs and cloud resources that the application uses should also be included. We can't hope to know how to secure the software supply chain if we don't know what's in it, or how broad its scope is.

I decided to build a project that would help the software engineering community create a common definition, and lexicon, for the software supply chain. This GitHub repository is the first version of that project.

I am looking for feedback, input, and hopefully some collaboration to help make this a viable, and lasting project. I hope you enjoy it!