Software supply-chain attack

Source code repository — attacker pushes malicious code (typically via compromised maintainer credentials, sometimes via PR review bypass).

Dependency — attacker compromises an upstream library (typosquat, dependency confusion, account takeover of a maintainer who publishes to npm/PyPI/RubyGems).

Build tool — attacker compromises a compiler, build helper, or CI runner image. SolarWinds (2020) was a build-system attack: Orion's build server inserted SUNBURST into legitimate Orion releases.

Package registry — attacker pushes malicious versions of legitimate packages, or impersonates packages via typosquat names.

CI/CD pipeline — attacker abuses GitHub Actions workflow misconfigurations (pull_request_target, self-hosted runners on public repos) to inject code into release builds.

Distribution channel — attacker compromises a binary distribution (Linux distro repository, app store) to replace legitimate binaries.

A single compromised package can run code on millions of consumer machines. event-stream (Nov 2018) was a single npm package compromise that ran code on every project depending on it — millions of indirect dependencies got the malicious code.

Detection lag is huge. SolarWinds was discovered in Dec 2020; the compromise had been in production releases since Sept 2019 — 15 months of undetected presence on customer networks.

Modern software is deeply transitive. A small Node.js project might have 20 direct dependencies and 2,000 transitive ones via dependency trees. Securing the direct deps doesn't help if a transitive dep is compromised.

Typosquatting — register a package with a name close to a popular package (e.g. `lodahs` instead of `lodash`). Developers typo, install the wrong package, run the malicious postinstall script.

Dependency confusion — when a company has an internal package registry alongside the public one, attacker publishes a same-named package to public registry with a higher version. CI/CD pulls the public (malicious) version instead of the internal one. Disclosed by Alex Birsan in 2021, hit major companies.

Maintainer account takeover — phish or credential-stuff a popular package maintainer. Push a malicious version. This is how event-stream got compromised — the original maintainer handed over the package to a new contributor who turned out to be malicious.

Compromised build infrastructure — gain access to the build server, modify the build output before signing/publishing. SolarWinds. Hard to detect because the source code on the repo looks normal.

GitHub Actions misconfiguration — combine pull_request_target with checking out fork code, exfiltrate base-repo secrets. Several real incidents.

Pin dependencies to commit SHAs, not tags or floating versions. Tags get retagged. SHAs are content-addressed.

Lockfiles + verified hashes — package-lock.json with `integrity` SHA-512 hashes catches tampered packages at install time. Same for go.sum, Cargo.lock, pip --require-hashes.

Restrict permissions — least-privilege CI tokens, narrow GitHub App permissions, sandboxed runners.

Audit-log everything — supply-chain compromises often have a long undetected window because nobody's looking. Centralised audit logs at the registry / CI / IaC layer matter as much as runtime audit logs.

Scan CI/CD configurations — most CI/CD-side supply-chain attacks are enabled by misconfig. LGTM Security and similar tools detect the patterns at PR time.

Software Bill of Materials (SBOM) — generate an SBOM for every release. When a vulnerability surfaces in a dependency, the SBOM tells you which releases were affected and can be searched/queried.

MITRE ATT&CK — added 'Supply Chain Compromise' as T1195 in 2020. Defines sub-techniques for compromise-software-dependencies, compromise-software-supply-chain, and compromise-hardware-supply-chain.

SLSA (Supply-chain Levels for Software Artifacts) — Google's framework with levels 1-4 representing increasing supply-chain protection. SLSA Level 3 includes hermetic builds + provenance.

NIST SSDF (Secure Software Development Framework) — pillar PS (Protect Software) and PW (Produce Well-secured Software) cover supply-chain practices.

Executive Order 14028 (US, 2021) — required US federal software suppliers to attest to supply-chain practices. Spawned a wave of SBOM-related tooling.

OSSF Scorecard — open-source security health scorecard. Includes checks for SBOM, Pinned-Dependencies, and dependency-update tools.