Falcão, Eduardo de LucenaKoga, Henrique Hideaki2025-01-232025-01-232025-01-20KOGA, Henrique Hideaki. Um estudo sobre a aplicação de ferramentas para a proteção de cadeias de suprimento de software. 2025. 48 f. Trabalho de Conclusão de Curso (Graduação em Engenharia de Computação) – Departamento de Engenharia de Computação e Automação, Universidade Federal do Rio Grande do Norte, Natal, 2025.https://repositorio.ufrn.br/handle/123456789/61711This work presents a study on the application of tools for the protection of software supply chains, culminating in the development of a continuous integration (CI) pipeline. Using tools such as Trivy, Syft, Snyk, and Cosign, the developed pipeline enables the automatic generation and analysis of the Software Bill of Materials (SBOM), as well as the identification of vulnerabilities in artifacts and the application of digital signatures to ensure artifact integrity. The approach involved the study of basic security concepts, experimentation with tools, and iterative pipeline implementation. The research resulted in an effective solution for mitigating vulnerabilities and contributing to artifact traceability and security, thus adhering to the principles of Supply Chain Levels for Software Artifacts (SLSA). It is concluded that the proposed approach significantly contributes to the protection of the software supply chain, offering a secure and reliable process for the construction and deployment of systems.Attribution 3.0 Brazilhttp://creativecommons.org/licenses/by/3.0/br/Cadeia de suprimentos de softwareSoftware supply chainPipeline de CISBOMVulnerabilidadesCI pipelineVulnerabilitiesbachelorThesisCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::METODOLOGIA E TECNICAS DA COMPUTACAO::ENGENHARIA DE SOFTWARECNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::METODOLOGIA E TECNICAS DA COMPUTACAO::LINGUAGENS DE PROGRAMACAOCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO::ARQUITETURA DE SISTEMAS DE COMPUTACAO