Supply Chain Attack - CI/CD Glossary Definition
A supply chain attack compromises software by targeting its dependencies, build tools, or distribution channel rather than the application directly, so malicious code reaches many victims at once.
In CI
Defenses include pinning dependencies by hash, generating an SBOM, signing artifacts, and running builds in least-privilege, isolated environments so a poisoned dependency cannot exfiltrate secrets.
Related guides
Typosquatting - CI/CD Glossary DefinitionTyposquatting: Typosquatting is publishing a malicious package under a name that closely resembles a popular…
Dependency Confusion Attack - CI/CD Glossary DefinitionDependency Confusion Attack: A dependency confusion attack tricks a package manager into pulling a malicious…
Provenance - CI/CD Glossary DefinitionProvenance: Provenance is verifiable metadata describing how an artifact was built: the source commit, builde…