Supply-Chain Security#

Reference of software supply-chain attack classes and the defensive frameworks (SBOM, SLSA, in-toto, sigstore) that have emerged since SolarWinds (2020). Useful for SDLC hardening, CI/CD pipeline review, and government compliance under EO 14028 + M-22-18.

For container ecosystem see Container Ecosystem. For DevOps platforms see DevOps & CI/CD. For vulnerability databases (consumer of SBOM) see Vulnerability Databases.

Notable incidents#

Incident

Year

Notes

SolarWinds SUNBURST

2020

APT29; trojaned Orion build; US Treasury / Commerce / 18+ agencies + ~18k customers downstream.

Codecov bash-uploader

2021

CI script trojan; AWS / HashiCorp / Twilio downstream.

Kaseya VSA / REvil

2021

Ransomware via MSP RMM; ~1500 SMBs encrypted.

NPM ua-parser-js etc.

2021

Maintainer credential takeover.

NPM colors / faker

2022

Maintainer protest sabotage.

Log4Shell (CVE-2021-

  1. 2021

Apache log4j2; transitive dep nightmare; not strictly supply- chain but exposed dep risk.

3CX desktop app

2023

KP TraderTraitor; trojaned signed installer.

MOVEit Transfer

2023

CL0P; mass file-theft via SQLi in widely-deployed software.

PyPI ctx / phpass

2022

Maintainer takeover.

Polyfill.io

2024

Domain ownership change → injected JS into 100k+ sites.

xz-utils CVE-2024-3094

2024

Multi-year social-engineering (jia0t) → backdoor in liblzma; near-miss before reaching prod (caught by Andres Freund).

GitHub Actions tj-actions

2025

Tag-replacement supply-chain attack.

NPM event-stream backdoor

2018

Maintainer-handover → crypto-stealer.

RubyGems rest-client

2019

Credential-stealer via maintainer takeover.

NPM ESLint-scope

2018

ESLint maintainer creds → token-stealer.

PyPI dependency confusion (Birsan)

2021

Internal-package name claim attack.

Codecov / Klint

2021

CI bypass.

Apple notarisation

Various

Trojaned macOS apps slipping through notarisation.

Pulse Secure / Ivanti / SonicWall

Various

Recurring n-day exploitation of edge appliances.

Attack classes#

Class

Notes

Build-system compromise

Compromised CI runner (Codecov, SolarWinds Orion).

Maintainer takeover

Stolen / phished GitHub / npm token; abandoned package adoption (event-stream, ua-parser-js, ctx).

Typosquatting

requets vs requests; fake namespaces.

Dependency confusion

Internal-package name → attacker registers same name on public registry (Birsan 2021).

Domain takeover

Polyfill.io 2024; expired domain → repurpose CDN traffic.

Tag mutation

Mutable Git tags / GitHub Actions refs (tj-actions 2025).

Build-script trojan

NPM lifecycle hooks (preinstall, postinstall) execute on dep install.

Signed-binary trojan

Stolen code-signing cert → trusted malicious binary (3CX, ASUS Live Update).

MSP / RMM compromise

Vendor-side toolset → mass downstream (Kaseya, Mimecast, ConnectWise).

Mirror / proxy attack

Compromised package mirror; DNS hijack.

Telemetry-backdoor

Telemetry / update channel compromise (CCleaner 2017, M.E.Doc 2017 → NotPetya).

Edge appliance n-day

Internet-facing VPN / firewall (Pulse Secure, Ivanti, Citrix, Fortinet) repeatedly exploited as initial-access vector.

Hardware implant

Theoretical at scale; SuperMicro story (Bloomberg 2018, contested); export-control concerns.

Insider

Code commits with backdoors; xz-utils style.

Frameworks / standards#

Framework

Notes

SLSA v1.0

Supply-chain Levels for Software Artifacts; Build levels L0-L4 (provenance, hermetic, two-party review). slsa.dev.

in-toto

Layout + attestation framework; underpins SLSA provenance.

SCITT

Supply Chain Integrity, Transparency and Trust; IETF.

SBOM

Software Bill of Materials; SPDX 2.3 / 3.0 + CycloneDX 1.5/1.6.

VEX

Vulnerability Exploitability eXchange; “is this CVE actually exploitable in our build” (CycloneDX VEX, OpenVEX, CSAF VEX).

S2C2F

Microsoft Secure Supply Chain Consumption Framework; OSS dep ingest hardening.

SSDF (NIST 800-218)

Secure Software Development Framework; required for US fed suppliers (M-22-18).

NIST 800-161r1

Cybersecurity Supply Chain Risk Management.

EO 14028

“Improving the Nation’s Cybersecurity”; US Federal SBOM requirements (May 2021).

M-22-18 / M-23-16

OMB memos requiring SSDF attestation from suppliers.

CISA Self-Attestation

Form vendors sign for fed-gov sales.

EU CRA

Cyber Resilience Act; SBOM + lifecycle security for products with digital elements (effective 2027).

EU NIS2

Member-state implementation; supply-chain in critical-infra.

PCI-DSS v4.0

Software supply-chain controls.

ISO/IEC 27036

IT supply-chain security.

ISO/IEC 5230 (OpenChain)

Open-source compliance.

Sigstore / signing#

Component

Notes

Cosign

Sigstore CLI; sign / verify OCI images + arbitrary blobs.

Fulcio

Keyless CA; OIDC-token → ephemeral X.509.

Rekor

Transparency log (immutable Merkle tree).

Gitsign

Sign Git commits via Sigstore (no GPG key).

Witness

in-toto attestation collector.

Notation

CNCF; alt to Cosign for OCI signing.

TUF

The Update Framework; secure software update root-of-trust.

Uptane

TUF profile for automotive.

GPG / OpenPGP

Legacy signing; web-of-trust.

SHA256SUMS + GPG

Classic Linux distro signature.

Signify

OpenBSD Ed25519-based simple signer.

SBOM tooling#

Tool

Notes

Syft

Anchore; SBOM generator (CycloneDX + SPDX).

Trivy

Aqua; SBOM + scan + IaC.

SBOM-Tool

Microsoft; SBOM gen.

sbom-utility

Govt SPDX/CycloneDX ops.

CycloneDX CLI

Reference impl.

SPDX SBOM Generator

Linux Foundation.

Dependency-Track

OWASP; SBOM repository + CVE matching.

Tern

Container SBOM gen.

ScanCode Toolkit

OSS license + composition analysis.

FOSSA

Commercial SCA + license.

Snyk SBOM

Commercial.

Mend

Commercial.

Sonatype Lifecycle

Commercial.

Black Duck (Synopsys)

Commercial.

Veracode SCA

Commercial.

Dependency-update / monitoring#

Tool

Notes

Dependabot

GitHub; native.

Renovate

Mend; multi-platform; powerful.

Snyk Open Source

Commercial; rebrand of vulnerability + upgrade advice.

Tidelift

SLA-backed maintainer support.

Socket.dev

Behavior-based JS / Python package risk scoring.

Phylum

Behavior-based package risk scoring.

ChainGuard Images

Distroless images with continuous CVE refresh.

RHEL Updates / dnf automatic

OS auto-updates.

Renovate self-host

OSS option.

GitHub Code Scanning

CodeQL + Dependabot + secret scanning bundle.

GitGuardian / Truffle

H og Secrets in commit history.

Operator notes#

  • Pin by digest, not tag, container images, GitHub Actions, NPM dependencies. Mutable references are a top supply-chain CWE.

  • Two-party review for high-risk packages; SLSA Build L4 mandates it.

  • Hermetic builds, declare exact inputs; blocks pulling late from the internet at build time.

  • Vendor SBOM ingest is the missing capability at most orgs; pair with VEX to filter not-exploitable CVEs.

  • Long-tail OSS funding is the structural risk; xz-utils showed a single-maintainer project as a national-security surface. Consider OSS sustainability sponsorship.

  • Lifecycle hooks (npm preinstall / postinstall, pip setup.py, RubyGems extconf.rb) execute on install; treat as untrusted code.

  • Internal package names, always claim them on public registries (PyPI, npm, RubyGems, Maven Central).

  • Build provenance, Sigstore + GitHub OIDC give cheap per-artifact provenance; turn it on.

  • Old code-signing cert = stolen cert; revoke + rotate. Apple notarisation + Microsoft EV cert hardening have raised the bar.

  • Air-gapped repos for sensitive supply chains (govt, defense), mirror with manual signing review.

References#