Safeguard
Software Supply Chain Security

What is a Software Supply Chain Attack

A software supply chain attack compromises trusted dependencies or build systems to spread malicious code downstream — here's how it works, and how to stop it.

James
Principal Security Architect
7 min read

In March 2024, a Microsoft engineer named Andres Freund noticed SSH logins on a Debian system running 500 milliseconds slower than normal. That anomaly led to the discovery of CVE-2024-3094, a backdoor deliberately planted inside the XZ Utils compression library — a dependency baked into nearly every Linux distribution on Earth. The attacker had spent two years building trust as a co-maintainer before slipping in the malicious code. Had it shipped in a stable release instead of a testing branch, it could have handed remote code execution to anyone controlling the right SSH key across millions of servers. This is what a software supply chain attack looks like: not a smash-and-grab against one company, but a single compromised dependency, build system, or update mechanism used to reach every organization downstream. Understanding how these attacks work — and how to detect them before they reach production — is now a core requirement for any security team shipping software.

What is a software supply chain attack?

A software supply chain attack is when an adversary compromises a trusted third-party component — a library, build tool, CI/CD pipeline, or update mechanism — to inject malicious code that gets distributed to every downstream user of that component. Unlike a direct attack on a single target, a supply chain attack exploits the trust relationship between a vendor and its customers, or between an open-source maintainer and the developers who depend on their package. The 2020 SolarWinds Orion breach is the canonical example: attackers compromised the build server for a network monitoring tool used by roughly 18,000 organizations, including U.S. federal agencies, and inserted the SUNBURST backdoor into signed, legitimate software updates. Because the malicious code arrived through an official, digitally signed channel, it bypassed the antivirus and network defenses that would normally flag unauthorized software.

How do attackers actually compromise a software supply chain?

Attackers compromise software supply chains through four main vectors: credential theft, build-system infiltration, dependency confusion, and maintainer takeover. In the 2021 Codecov breach, attackers used a flaw in a Docker image creation process to extract a hardcoded credential from Codecov's Bash Uploader script, which was then used to exfiltrate environment variables — including secrets and tokens — from hundreds of customer CI pipelines for two months before detection. Dependency confusion attacks work differently: in 2021, security researcher Alex Birsan demonstrated that uploading malicious packages to public registries (PyPI, npm, RubyGems) with the same names as internal company packages caused build systems at Apple, Microsoft, and Tesla to automatically pull the public — malicious — version instead of the internal one, because most package managers default to the highest version number regardless of source. Maintainer takeover is slower but just as effective: the event-stream npm package, downloaded roughly 2 million times a week, was handed over by its original maintainer to an unknown contributor in 2018 who added a dependency that stole Bitcoin wallet credentials from a specific downstream application.

What are the most damaging software supply chain attacks on record?

The most damaging software supply chain attacks combine massive distribution scale with long dwell time before detection. The 3CX incident in March 2023 compromised a VoIP desktop application used by an estimated 600,000 companies, when North Korea-linked actors (tracked as Labyrinth Chollima) trojanized the installer itself — making it a rare case of one supply chain attack (a compromised X_Trader software package) cascading into a second one (the 3CX build environment). The polyfill.io attack in June 2024 hit over 100,000 websites that embedded a single JavaScript CDN link; after a Chinese company acquired the domain, it began serving malware redirecting mobile users to gambling and phishing sites, all through a script tag site owners had trusted for years. And the ua-parser-js npm package compromise in October 2021 took over an account with no two-factor authentication protection and pushed a cryptomining and password-stealing payload to a library with roughly 7 million weekly downloads before it was pulled within hours.

Why are software supply chain attacks becoming more common?

Software supply chain attacks are increasing because modern applications are assembled, not written — a typical enterprise codebase now pulls in hundreds or thousands of open-source dependencies, and each one is a potential entry point outside the organization's direct control. Sonatype's 2023 State of the Software Supply Chain report recorded a 200%+ year-over-year increase in malicious open-source packages targeting npm and PyPI registries, and the U.S. National Vulnerability Database logged over 28,900 CVEs in 2023 alone, meaning security teams cannot manually vet every transitive dependency by hand. Attackers have also noticed the asymmetry: compromising one maintainer account or one build server can yield access to thousands of downstream victims simultaneously, which is a far better return on effort than attacking hardened enterprise perimeters directly. The rise of AI-assisted code generation and typosquatting-as-a-service tooling has lowered the cost of publishing convincing malicious packages even further, with Checkmarx and other researchers documenting automated campaigns publishing hundreds of near-identical malicious packages within days.

How do you detect a software supply chain attack before it does damage?

You detect a software supply chain attack by monitoring for behavioral anomalies in dependencies and build pipelines rather than relying solely on known-vulnerability scanning, since most supply chain compromises introduce net-new malicious code that has no CVE yet. Effective detection combines a Software Bill of Materials (SBOM) — a machine-readable inventory of every component and version in an application — with continuous monitoring for unexpected outbound network calls, unsigned or newly-rotated build artifacts, and package version jumps that don't correspond to a public changelog. Reachability analysis is critical here: a vulnerable or suspicious package sitting in node_modules but never called by application code (as was true for a large share of the Log4Shell, CVE-2021-44228, exposure in December 2021) carries far less urgent risk than one on an actively invoked code path, so teams that triage by reachability instead of by presence alone cut through the noise that causes alert fatigue. Registry-level signals matter too — packages published by brand-new maintainer accounts, sudden ownership transfers, or install scripts that phone home during npm install are consistent precursors across the Codecov, event-stream, and ua-parser-js incidents.

How can organizations defend against software supply chain attacks?

Organizations defend against software supply chain attacks by combining SBOM-driven visibility, reachability-based prioritization, pinned and verified dependencies, and hardened CI/CD pipelines. Pinning dependencies to specific, hash-verified versions rather than floating version ranges prevents the exact mechanism that let dependency-confusion and maintainer-takeover attacks auto-propagate into builds; requiring signed commits and multi-factor authentication for anyone with publish rights closes the account-takeover vector seen in ua-parser-js and event-stream. On the build side, isolating CI/CD secrets so a single compromised script (as in the Codecov Bash Uploader case) cannot exfiltrate credentials for every connected pipeline limits blast radius, and executive orders like the U.S. EO 14028 now require federal software vendors to produce SBOMs precisely so downstream buyers can verify what's actually inside a build. Finally, treating remediation as a continuous, automated process — rather than a quarterly audit — matters most, because the gap between vulnerability disclosure and exploitation is shrinking: CISA's 2023 data shows attackers weaponizing newly disclosed vulnerabilities in as little as 5 days on average.

How Safeguard Helps

Safeguard is built specifically to close the gap between "we have a dependency inventory" and "we know which parts of it can actually hurt us." Our platform generates and ingests SBOMs across your entire codebase and container images, then runs reachability analysis to determine which vulnerable or suspicious packages sit on a path an attacker could actually reach — filtering out the noise that buries security teams in unreachable-code alerts. Griffin AI, Safeguard's detection engine, correlates registry signals, behavioral anomalies, and dependency graph changes to flag supply chain compromise patterns like those seen in the Codecov and ua-parser-js incidents before they reach production. When a fix is available, Safeguard opens auto-fix pull requests that pin the corrected, verified version directly into your codebase, so remediation happens in minutes instead of the industry-average multi-day exploitation window. Together, these capabilities give teams competing against Snyk, Wiz, and Aqua in this space a defense model built around what's actually exploitable — not just what's technically present.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.