Supply-Chain Security#
Reference of software supply-chain attack classes and the defensive frameworks (SBOM, SLSA, in-toto, sigstore) that have emerged since SolarWinds (2020). Useful for SDLC hardening, CI/CD pipeline review, and government compliance under EO 14028 + M-22-18.
For container ecosystem see Container Ecosystem. For DevOps platforms see DevOps & CI/CD. For vulnerability databases (consumer of SBOM) see Vulnerability Databases.
Notable incidents#
Incident |
Year |
Notes |
|---|---|---|
SolarWinds SUNBURST |
2020 |
APT29; trojaned Orion build; US Treasury / Commerce / 18+ agencies + ~18k customers downstream. |
Codecov bash-uploader |
2021 |
CI script trojan; AWS / HashiCorp / Twilio downstream. |
Kaseya VSA / REvil |
2021 |
Ransomware via MSP RMM; ~1500 SMBs encrypted. |
NPM ua-parser-js etc. |
2021 |
Maintainer credential takeover. |
NPM colors / faker |
2022 |
Maintainer protest sabotage. |
Log4Shell (CVE-2021- |
|
Apache log4j2; transitive dep nightmare; not strictly supply- chain but exposed dep risk. |
3CX desktop app |
2023 |
KP TraderTraitor; trojaned signed installer. |
MOVEit Transfer |
2023 |
CL0P; mass file-theft via SQLi in widely-deployed software. |
PyPI ctx / phpass |
2022 |
Maintainer takeover. |
Polyfill.io |
2024 |
Domain ownership change → injected JS into 100k+ sites. |
xz-utils CVE-2024-3094 |
2024 |
Multi-year social-engineering (jia0t) → backdoor in liblzma; near-miss before reaching prod (caught by Andres Freund). |
GitHub Actions tj-actions |
2025 |
Tag-replacement supply-chain attack. |
NPM event-stream backdoor |
2018 |
Maintainer-handover → crypto-stealer. |
RubyGems rest-client |
2019 |
Credential-stealer via maintainer takeover. |
NPM ESLint-scope |
2018 |
ESLint maintainer creds → token-stealer. |
PyPI dependency confusion (Birsan) |
2021 |
Internal-package name claim attack. |
Codecov / Klint |
2021 |
CI bypass. |
Apple notarisation |
Various |
Trojaned macOS apps slipping through notarisation. |
Pulse Secure / Ivanti / SonicWall |
Various |
Recurring n-day exploitation of edge appliances. |
Attack classes#
Class |
Notes |
|---|---|
Build-system compromise |
Compromised CI runner (Codecov, SolarWinds Orion). |
Maintainer takeover |
Stolen / phished GitHub / npm token; abandoned package adoption (event-stream, ua-parser-js, ctx). |
Typosquatting |
requets vs requests; fake namespaces. |
Dependency confusion |
Internal-package name → attacker registers same name on public registry (Birsan 2021). |
Domain takeover |
Polyfill.io 2024; expired domain → repurpose CDN traffic. |
Tag mutation |
Mutable Git tags / GitHub Actions refs (tj-actions 2025). |
Build-script trojan |
NPM lifecycle hooks (preinstall, postinstall) execute on dep install. |
Signed-binary trojan |
Stolen code-signing cert → trusted malicious binary (3CX, ASUS Live Update). |
MSP / RMM compromise |
Vendor-side toolset → mass downstream (Kaseya, Mimecast, ConnectWise). |
Mirror / proxy attack |
Compromised package mirror; DNS hijack. |
Telemetry-backdoor |
Telemetry / update channel compromise (CCleaner 2017, M.E.Doc 2017 → NotPetya). |
Edge appliance n-day |
Internet-facing VPN / firewall (Pulse Secure, Ivanti, Citrix, Fortinet) repeatedly exploited as initial-access vector. |
Hardware implant |
Theoretical at scale; SuperMicro story (Bloomberg 2018, contested); export-control concerns. |
Insider |
Code commits with backdoors; xz-utils style. |
Frameworks / standards#
Framework |
Notes |
|---|---|
SLSA v1.0 |
Supply-chain Levels for Software Artifacts; Build levels L0-L4 (provenance, hermetic, two-party review). slsa.dev. |
in-toto |
Layout + attestation framework; underpins SLSA provenance. |
SCITT |
Supply Chain Integrity, Transparency and Trust; IETF. |
SBOM |
Software Bill of Materials; SPDX 2.3 / 3.0 + CycloneDX 1.5/1.6. |
VEX |
Vulnerability Exploitability eXchange; “is this CVE actually exploitable in our build” (CycloneDX VEX, OpenVEX, CSAF VEX). |
S2C2F |
Microsoft Secure Supply Chain Consumption Framework; OSS dep ingest hardening. |
SSDF (NIST 800-218) |
Secure Software Development Framework; required for US fed suppliers (M-22-18). |
NIST 800-161r1 |
Cybersecurity Supply Chain Risk Management. |
EO 14028 |
“Improving the Nation’s Cybersecurity”; US Federal SBOM requirements (May 2021). |
M-22-18 / M-23-16 |
OMB memos requiring SSDF attestation from suppliers. |
CISA Self-Attestation |
Form vendors sign for fed-gov sales. |
EU CRA |
Cyber Resilience Act; SBOM + lifecycle security for products with digital elements (effective 2027). |
EU NIS2 |
Member-state implementation; supply-chain in critical-infra. |
PCI-DSS v4.0 |
Software supply-chain controls. |
ISO/IEC 27036 |
IT supply-chain security. |
ISO/IEC 5230 (OpenChain) |
Open-source compliance. |
Sigstore / signing#
Component |
Notes |
|---|---|
Cosign |
Sigstore CLI; sign / verify OCI images + arbitrary blobs. |
Fulcio |
Keyless CA; OIDC-token → ephemeral X.509. |
Rekor |
Transparency log (immutable Merkle tree). |
Gitsign |
Sign Git commits via Sigstore (no GPG key). |
Witness |
in-toto attestation collector. |
Notation |
CNCF; alt to Cosign for OCI signing. |
TUF |
The Update Framework; secure software update root-of-trust. |
Uptane |
TUF profile for automotive. |
GPG / OpenPGP |
Legacy signing; web-of-trust. |
SHA256SUMS + GPG |
Classic Linux distro signature. |
Signify |
OpenBSD Ed25519-based simple signer. |
SBOM tooling#
Tool |
Notes |
|---|---|
Syft |
Anchore; SBOM generator (CycloneDX + SPDX). |
Trivy |
Aqua; SBOM + scan + IaC. |
SBOM-Tool |
Microsoft; SBOM gen. |
sbom-utility |
Govt SPDX/CycloneDX ops. |
CycloneDX CLI |
Reference impl. |
SPDX SBOM Generator |
Linux Foundation. |
Dependency-Track |
OWASP; SBOM repository + CVE matching. |
Tern |
Container SBOM gen. |
ScanCode Toolkit |
OSS license + composition analysis. |
FOSSA |
Commercial SCA + license. |
Snyk SBOM |
Commercial. |
Mend |
Commercial. |
Sonatype Lifecycle |
Commercial. |
Black Duck (Synopsys) |
Commercial. |
Veracode SCA |
Commercial. |
Dependency-update / monitoring#
Tool |
Notes |
|---|---|
Dependabot |
GitHub; native. |
Renovate |
Mend; multi-platform; powerful. |
Snyk Open Source |
Commercial; rebrand of vulnerability + upgrade advice. |
Tidelift |
SLA-backed maintainer support. |
Socket.dev |
Behavior-based JS / Python package risk scoring. |
Phylum |
Behavior-based package risk scoring. |
ChainGuard Images |
Distroless images with continuous CVE refresh. |
RHEL Updates / dnf automatic |
OS auto-updates. |
Renovate self-host |
OSS option. |
GitHub Code Scanning |
CodeQL + Dependabot + secret scanning bundle. |
GitGuardian / Truffle |
H og Secrets in commit history. |
Operator notes#
Pin by digest, not tag, container images, GitHub Actions, NPM dependencies. Mutable references are a top supply-chain CWE.
Two-party review for high-risk packages; SLSA Build L4 mandates it.
Hermetic builds, declare exact inputs; blocks pulling late from the internet at build time.
Vendor SBOM ingest is the missing capability at most orgs; pair with VEX to filter not-exploitable CVEs.
Long-tail OSS funding is the structural risk; xz-utils showed a single-maintainer project as a national-security surface. Consider OSS sustainability sponsorship.
Lifecycle hooks (npm preinstall / postinstall, pip setup.py, RubyGems extconf.rb) execute on install; treat as untrusted code.
Internal package names, always claim them on public registries (PyPI, npm, RubyGems, Maven Central).
Build provenance, Sigstore + GitHub OIDC give cheap per-artifact provenance; turn it on.
Old code-signing cert = stolen cert; revoke + rotate. Apple notarisation + Microsoft EV cert hardening have raised the bar.
Air-gapped repos for sensitive supply chains (govt, defense), mirror with manual signing review.