Supply Chain Attack Simulation

workflow:supply-chain-attack-simulation

Workflowworkflows/workflows/workflows-security-research-deep.yaml·Open in Graph →

overview json graph

Attributes

displayName

Supply Chain Attack Simulation

workflowKind

security

triggerType

scheduled

typicalCadence

semi-annual

complexity

cross-team

description

Simulates software supply chain attack scenarios -- injecting typosquatted packages in internal registries, testing dependency confusion defenses, validating SLSA provenance verification, testing code-signing bypass detection, evaluating CI pipeline compromise scenarios, and measuring time-to-detection and response effectiveness. Produces a findings report with remediation priorities. Excludes ongoing dependency scanning.

Outgoing edges (12)

applies_to_domain2

domain:cybersecurity·DomainCybersecurity
domain:security·DomainSecurity

involves_role3

role:security-reviewer·RoleSecurity Reviewer
role:platform-engineer·RolePlatform Engineer
role:staff-engineer·RoleStaff Engineer

performed_by_org_unit3

org-unit:security-team·OrgUnitSecurity Team
org-unit:application-security-team·OrgUnitApplication Security Team
org-unit:platform-team·OrgUnitPlatform Team

requires_skill_area2

skill-area:supply-chain-security·SkillAreaSoftware Supply Chain Security
skill-area:dependency-vulnerability-mgmt·SkillAreaDependency Vulnerability Management

triggers_responsibility2

responsibility:threat-modeling·ResponsibilityThreat modeling
responsibility:security-review·ResponsibilitySecurity review

Incoming edges (0)

None.