Supply chain attacks

Software applications often rely on dependencies for core functionality, while CI/CD publishes source code and binaries to various public repositories. This supply chain includes many parties, including organisations, individuals, resources, technologies, and activities involved in creating and selling the software product. Supply chain attacks target weak parties within the supply chain to breach others connected to the chain.

Related attack trees

• Poison open source supply chains