The same logic applies to the software supply chain, though that layer gets less attention in sovereignty discussions than cloud and storage.
This article applies the same logic as David Eaves in [[The Path to a Sovereign Tech Stack is Via a Commodified Tech Stack]] to the 'software supply chain' here interpreted as: git forges, dependency intelligence layer on top of them, and package registries (like npm etc).