Modern embedded devices face the challenge of complex software supply chains. Cost pressure and short time-to-market force vendors to rely extensively on open-source and third-party software. The security of the embedded devices depends on the security of each third-party component, and hence, third-party vendors need to be trusted blindly. This problem led to high-impact supply-chain attacks, e.g., log4j or the SolarWinds hack, causing tremendous financial losses, data breaches, and fines. The SANCTUARY Zero-Trust Platform is a software solution that proactively encapsulates third-party components to confine security breaches, effectively disarming the cyberattacker. Combined with SANCTUARY’s secure per-component identities, the blind trust in third-party software is replaced by explicit trust relations. Without the need to trust each component, the SANCTUARY Zero-Trust Platform solves the software supply chain problem for embedded systems directly on the device.