Security
Intermediate
What is Supply Chain Attack?
A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.
Supply chain attacks compromise software before it reaches end users by targeting dependencies, build systems, or distribution channels. Examples include typosquatting (malicious packages with similar names on PyPI/npm), compromised maintainer accounts, backdoored updates (SolarWinds attack), and poisoned CI/CD pipelines. Defense measures include pinning dependency versions, using lock files, verifying package signatures, scanning dependencies for known vulnerabilities (npm audit, pip-audit, Snyk), using private package registries, implementing Software Bill of Materials (SBOM), and practicing least-privilege in build systems. The Log4Shell vulnerability demonstrated how a single dependency can impact millions of applications.
Learn More About This Topic
Related reading
โฌ22.90
Related reading
โฌ19.90
Related reading
โฌ11.90