Omnibus builds self-contained packages and bundles dependencies, making supply-chain controls essential.
¶ Dependency and Source Controls
- Pin upstream source versions and checksums.
- Mirror critical dependencies internally when possible.
- Validate provenance for third-party source artifacts.
¶ Build and Release Security
- Use isolated, reproducible build environments.
- Sign packages and installer metadata.
- Restrict publish permissions to release automation identities.