This was raised under projects because I realised that some of my auto-updating software stopped having new versions published in 2020 and that kind of exposure made me nervous when I noticed it 2 years later.
Specifically Caddy is running as a reverse proxy in Docker. The arbisoft image stopped being supported. AbandonedĀ Image CurrentĀ Image
But there's still a problem in managing this Supply Chain.
When should I update my software?
How can I be notified when it's out of date?
What is my risk profile on my workstations and servers?
How old are my backups?
Is there a documented restore process?
With some kind of overview, I could better understand my overall risk profile and this would improve my confidence.