Which primary focus area concerns the reliance on open-source software within repositories?

Supply chain security focuses on the components your software relies on, including open-source libraries and frameworks in your repository. When a project uses OSS, you inherit risks from those components—vulnerabilities, outdated versions, licensing concerns, and potential tampering in the supply chain. The goal is to have visibility into every dependency, verify provenance, and enforce controls like lockfiles, software bill of materials (SBOMs), and secure artifact handling so you can trust what you publish. The other areas don’t specifically address managing the open-source pieces that come from outside your own code: code is about your own writing, environments about where and how it runs, and shift-left is a practice for integrating security earlier in the process.