Apiiro SSCS is a software supply chain security solution integrated within Apiiro's Application Security Posture Management (ASPM) platform. The product provides visibility and risk detection across repositories, CI/CD pipelines, and open source packages. The solution builds comprehensive inventories of SCM repositories and CI/CD pipelines, including shadow pipelines. It surfaces information such as contributors, permissions, activity, dependencies, and connected plugins. The platform maintains an extended software bill of materials (XBOM) that tracks how components and their associated risks change over time. Apiiro SSCS detects supply chain risks including weak branch protection rules, risky repository permissions, abnormal developer behavior, pipeline misconfigurations, and dependency vulnerabilities. The platform identifies toxic combinations of disparate risks to help security teams prioritize findings. The solution includes native open source package vulnerability detection and can integrate with existing Software Composition Analysis (SCA) tools to consolidate findings. Risk assessment, prioritization, and remediation are managed through a unified interface. The platform operates through SCM integrations and can be extended with connections to existing SCA tools. It provides governance capabilities for managing supply chain security policies and configurations.