An everything-as-code approach to securing the software supply chain

The directive to enhance software supply chain security has been a north star for government technologists over the past couple of years, but a June 2023 Office of Management and Budget (OMB) memo suggests federal agencies still have a long road ahead. To truly secure the most critical asset at the heart of software, the data, software producers must go beyond basic compliance to take responsibility for the security of every element.

This metamorphosis is a driving force behind Leidos’ “Everything as Code,” or EaC, approach to secure software development. In a technology landscape that’s constantly shifting, blocks of code create a sense of order. A block of code is discrete and repeatable, it executes the same way every time. An EaC philosophy allows developers to bring some of that certainty to the entire development lifecycle.

“When you describe everything as code, and you manage it all as code — infrastructure, security, policy, configurations — you are essentially creating a known state of execution that you can maintain,” says Paul Burnette, vice president and director of software at Leidos. “You know when something changes, and you also know when something goes wrong, and how to find where it went wrong.”

To learn more about Leidos' cutting-edge approach to secure software development, from enhanced software bills of materials to automating a secure runtime environment, download this PDF.