SBN

A Non-Programmer Introduction to the Software Supply Chain (Electron)

A topic that comes up frequently at Sonatype is something called the “software supply chain.” The term is based on how supply companies send parts to manufacturers who assemble them into things like cars, laptops, and musical instruments. This “chain” is an important focus because the connected links of a quality, speed, and consistency behind those parts means a competitive edge.

My introduction to this topic was close to home: I use multiple messaging programs to chat with friends and family. I noticed that they all had similar component files.

Directory comparisonCaption: Highlighted in blue, similar files and folders between the two installation folders on Windows 10 (Slack and Signal).

This is due to a core that all the programs share called “Electron,” an open source tool set for rapid software development. In fact, most programs that use this framework borrow the same or very similar components with only a small percentage of differences. This is indicative of the wider software industry: they take parts from different places, configure them, and distribute or sell the result as part of a service or a program unto itself.

Popular programs include Microsoft Teams, Skype, CrashPlan, Visual Studio Code, Atom, and many more.

Why use Electron?

By including the Chromium interface (used in the Edge and Google Chrome browsers) and Node.js components, the program leverages an already secure environment of web applications, but run on your local machine. By bringing web tools to the desktop, web developers can now function as application developers. People traditionally attached to web graphics and animation? They can assist with developing user interfaces.

The result are familiar and good-looking applications that are easy to distribute across multiple platforms, including Windows, Mac, Linux, and mobile.

Issues with Electron

The decision to use this framework does (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Luke Mcbride. Read the original post at: https://blog.sonatype.com/non-programmer-introduction-to-the-software-supply-chain