Software supply chain control
As a solution provider, it is your responsibility to know, track, and maintain records of each component that goes into your solution. If your solution falls under any sort of government or industry compliance regulations, this requirement may have dire consequences if not maintained.
This is a situation where again, I recommend leveraging an enterprise Linux distribution. Their software sources are secure, from source code to compilation to packaging and, ultimately, its delivery to you. They maintain great records. They have to! These vendors can provide your team with what we call a Software Bill of Materials (SBOM). This is a complete listing of the components and their versions. Additionally, it is an attestation that they use secure, tested, and validated software.
There are several commercial solutions available on the market. Companies like Aqua, Synopsys®, and Red Hat® (just to name a few) create some excellent comprehensive solutions...
