Supply Chain Security & 3rd-Party Code Packages

[jameszwiers]

We should be defining best practice around how we review and validate the origin of 3rd-party code that we make use of.

We need to consider areas ranging from:

• Which types of repo's we might consider sourcing from
• File signature verification
• Code reviews

Likely other matters that need to be considered as well, and we should definitely ask Cyber for input as well.