Skip to content
Latchkey

Supply Chain Attack - CI/CD Glossary Definition

A supply chain attack compromises software by targeting its dependencies, build tools, or distribution channel rather than the application directly, so malicious code reaches many victims at once.

In CI

Defenses include pinning dependencies by hash, generating an SBOM, signing artifacts, and running builds in least-privilege, isolated environments so a poisoned dependency cannot exfiltrate secrets.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →