Where every claim in SecProve
comes from.
A dense reading catalog. Every claim is footnoted. Sort by source, filter by pillar, type, or recency. Built for analysts who want to see what we are standing on.
Open-source project for signing, verifying, and protecting software supply chains. Keyless signing for artifacts.
Test your knowledge · A13The two defining supply chain incidents of recent years. CISA's postmortem reports are primary sources for scenario-based questions about detection, response, and prevention.
Test your knowledge · A13Practices for identifying, assessing, and mitigating cyber supply chain risks. Covers acquisition, development, and operations.
Test your knowledge · A13Cybersecurity Supply Chain Risk Management. Integrates C-SCRM into the RMF. Covers acquisition, supplier assessment, and ongoing monitoring.
Test your knowledge · A13Automated security health checks for open source projects. Checks branch protection, dependency pinning, fuzzing, SAST. Good for practical supply chain assessment questions.
Test your knowledge · A13Annual analysis of open source usage and vulnerability data. Key stats on open source in commercial codebases (typically 70-80%+). Grounds supply chain and AppSec questions in real data.
Test your knowledge · A4Ready to test what you've learned?
Our questions are built directly from these resources. Take a quiz and see how your knowledge stacks up.