Supply Chain Attack
highsupply-chain-attack
Malicious code introduced through compromised dependencies or build processes
TamperingElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1195 | Supply Chain Compromise | Initial Access |
Common Weakness Enumeration
Mitigating controls
ctrl-supply-1- Scan container images for vulnerabilities
ctrl-supply-2- Use signed and verified images only
ctrl-supply-3- Implement software bill of materials (SBOM)
ctrl-supply-4- Use private container registries
ctrl-supply-5- Pin dependency versions and verify checksums