Skip to main content
Application Security Standards
Typosquatting//Dependency confusion//Package impersonation//Build pipeline compromise//Credential theft//Poisoned software updates//Repo hijacking//Malicious container images//Embedded secrets//Over-permissioned IaC//Typosquatting//Dependency confusion//Package impersonation//Build pipeline compromise//Credential theft//Poisoned software updates//Repo hijacking//Malicious container images//Embedded secrets//Over-permissioned IaC//

Field guide · 14 pages · free download

ONE bad
DEPENDENCY
owns everything
downstream.

Very little software is built from scratch anymore. Every package, container, and pipeline you trust is also a way in. This guide shows you exactly how supply chain attacks work, and the controls that shut them down.

06
Risk classes
07
Program pillars
25
Controls
14
Pages