Supply-chain threat model

The trust handoffs from commit to deploy, and how they break.

Advanced30 min · lesson 1 of 15

Supply-chain security is worth a whole course because it is where a single compromise scales to thousands of victims. To defend the chain you first have to see it as an attacker does: a series of trust handoffs from a developer’s commit to a running workload, each of which can be subverted to ship malicious code that inherits legitimate trust.

The chain and its attack surface

The path from source to production has many links: the developer and their credentials, the source repository, the dependencies pulled in, the build system, the artifacts produced, the registry that stores them, and the deploy gate that admits them. An attacker does not need your production database if they can inject code at the build step — it will be signed, distributed, and trusted automatically. SolarWinds injected a backdoor during build; Codecov altered a widely-used script; the 2025 tj-actions compromise turned a popular CI action into a secret-exfiltration tool across countless repos. The lesson is consistent: the pipeline is production, and every link is a target.

the links an attacker can subvert
developer ── source repo ── dependencies ── build ── artifact ── registry ── deploy
│ │ │ │ │ │ │
stolen unreviewed malicious/ build unsigned mutable no verify
creds push confused dep injection artifact tag at admission
#
# Compromise ANY link and malicious code can inherit downstream trust.
# Defense: make every handoff verifiable — signed, attested, and checked.

From "trust by default" to "verify everything"

The traditional model trusts an artifact because it came from the expected place and carries the expected name — exactly the assumptions these attacks exploit. The modern model treats every artifact as untrusted until it presents verifiable evidence: a signature bound to a known identity, provenance describing how it was built, and an SBOM listing what is inside — all checked at a gate before use. The rest of this course builds that evidence (SLSA, in-toto, Sigstore, SBOMs) and enforces it (admission policy, pipeline hardening).

The supply chain as trust handoffs
source
developer + creds
phishing, token theft
repository
unreviewed/malicious commits
build
dependencies
confusion, typosquat, malicious update
build system
injection (SolarWinds)
distribute + deploy
artifact + registry
tamper, mutable tags
deploy gate
no verification = blind trust
Every handoff is a target. The goal of the course: make each one produce and require verifiable evidence.
The pipeline is production
CI/CD systems hold powerful credentials and can push code to everything downstream, yet are often less hardened than the apps they build. Treat the build system, its runners, and its third-party actions with production-grade rigor — a compromised pipeline is a compromised fleet.