"Never trust, always verify" has become the defining mantra of modern network security. But while organizations have spent years implementing zero trust for network access and user authentication, they've largely ignored the concept when it comes to their software supply chain. Every npm install, every Docker pull, every dependency update is an implicit act of trust — and in 2022, that trust was exploited repeatedly.
Applying zero trust principles to the software supply chain isn't a direct translation of network zero trust. The entities, trust boundaries, and verification mechanisms are different. But the core philosophy — eliminate implicit trust and verify everything — is directly applicable and increasingly necessary.
The Trust Problem in Software Supply Chains
Consider what happens when a developer adds a dependency to a project:
- They trust that the package registry is serving the correct package
- They trust that the package maintainer's account hasn't been compromised
- They trust that the package was actually built from the source code they can inspect
- They trust that the package's dependencies are equally trustworthy
- They trust that the build system that produced the package wasn't compromised
Each of these is an assumption, not a verified fact. And each has been violated in real attacks:
- Registry compromise: The Heroku/Travis CI attack accessed npm's private repositories
- Account takeover: ua-parser-js was hijacked through maintainer account compromise
- Source-binary mismatch: Numerous malicious packages contain code not present in their source repositories
- Transitive dependency attacks: event-stream was compromised through a malicious transitive dependency
- Build system compromise: SolarWinds was compromised through its build infrastructure
Zero Trust Principles for Supply Chains
Principle 1: Verify Every Artifact
In a zero trust supply chain, no artifact is trusted based solely on its source. Every package, container image, and binary must be verified through cryptographic means.
What this looks like in practice:
- Verify Sigstore signatures or GPG signatures on all packages
- Check container image signatures with Cosign before deployment
- Validate SLSA provenance attestations to confirm build integrity
- Use hash verification for all downloaded artifacts
The gap today: Most package managers download and install packages without any signature verification. This is the equivalent of accepting anyone who walks through your office door without checking their badge.
Principle 2: Minimize Blast Radius
Zero trust assumes breach and designs for containment. In the supply chain context, this means limiting what any single dependency can do.
What this looks like in practice:
- Use sandboxed build environments that limit network access and filesystem scope
- Run containers with minimal privileges (no root, read-only filesystem)
- Implement network policies that restrict container egress
- Use dependency-scoped permissions in CI/CD (a token that can publish one package, not all)
Principle 3: Continuous Verification
Trust is not a one-time decision. A dependency that was safe yesterday may not be safe today — the maintainer's account could be compromised, a vulnerability could be discovered, or the package could be hijacked.
What this looks like in practice:
- Continuous vulnerability scanning of all dependencies
- Monitoring for maintainer changes on critical dependencies
- Alerting on unexpected dependency updates or new dependencies
- Regular re-evaluation of dependency risk scores
Principle 4: Explicit Trust Policies
Instead of implicitly trusting everything from a registry, define explicit policies about what you trust and why.
What this looks like in practice:
- Maintain an allowlist of approved dependencies
- Require security review for new dependencies
- Define minimum criteria for acceptable dependencies (maintenance status, vulnerability history, license)
- Block dependencies that don't meet your criteria
Principle 5: Assume Compromise
Design your systems and processes as if a dependency is already compromised. This changes how you architect and monitor.
What this looks like in practice:
- Runtime behavioral monitoring for unexpected network connections, file access, or process spawning
- Anomaly detection for build outputs (unexpected binaries, changed file sizes, new network calls)
- Incident response plans specific to supply chain compromise scenarios
- Regular tabletop exercises simulating dependency compromise
The SLSA Framework as Zero Trust for Builds
The Supply Chain Levels for Software Artifacts (SLSA, pronounced "salsa") framework is essentially zero trust applied to build systems. SLSA defines four levels of increasing build integrity:
SLSA Level 1: Documentation of the build process. Not a security control, but a foundation for higher levels.
SLSA Level 2: Build service generates authenticated provenance. You know what build system produced the artifact, but the build system itself isn't hardened.
SLSA Level 3: Hardened build platform with tamper-resistant provenance. The build runs in an isolated environment, and the provenance is generated by the platform (not the user).
SLSA Level 4: Two-person review of all changes and hermetic, reproducible builds. This is the highest level and the hardest to achieve.
Each SLSA level reduces the trust you need to place in different actors. At Level 4, even a compromised developer or build engineer cannot unilaterally insert malicious code into a build artifact.
Implementation Roadmap
Phase 1: Visibility (Prerequisite)
You can't verify what you can't see. Start with:
- Comprehensive SBOM generation for all software
- Dependency inventory across all projects
- Mapping of trust relationships (who maintains what, where are builds running)
Phase 2: Verification Infrastructure
Build the technical capability to verify:
- Deploy Cosign/Sigstore for container image verification
- Implement checksum verification for all downloaded packages
- Set up SLSA provenance generation in CI/CD pipelines
Phase 3: Policy Definition
Define what you'll trust:
- Create dependency allowlists for critical projects
- Define minimum security requirements for dependencies
- Establish review processes for new dependencies and major version updates
Phase 4: Enforcement
Make policies binding:
- Kubernetes admission controllers that reject unsigned images
- CI/CD gates that block builds with unapproved dependencies
- Automated alerts for policy violations
Phase 5: Continuous Improvement
Iterate based on findings:
- Review policy violations to refine rules
- Update trust decisions based on new information
- Expand coverage to more projects and environments
The Cultural Challenge
The hardest part of zero trust supply chain isn't technical — it's cultural. Developers are accustomed to freely choosing dependencies. Requiring review, verification, and policy compliance for every dependency feels like friction.
The key is to automate as much as possible. Automated signature verification, automated policy checks, automated vulnerability scanning — these add security without requiring developers to change their workflow. Reserve human review for genuinely novel decisions (new dependencies, major version updates, policy exceptions).
How Safeguard.sh Helps
Safeguard.sh provides the verification and policy infrastructure needed to implement zero trust for your software supply chain. Our platform verifies artifact signatures and provenance, enforces dependency policies in CI/CD pipelines, continuously monitors for supply chain threats, and provides the visibility foundation that zero trust requires. With Safeguard.sh, moving from implicit trust to verified trust across your entire software portfolio becomes achievable without overwhelming your development teams.