Software supply chain security improving