II.
Workflow overview
Reference · liveworkflow:supply-chain-attack-simulation
Supply Chain Attack Simulation overview
Simulates software supply chain attack scenarios -- injecting typosquatted packages in internal registries, testing dependency confusion defenses, validating SLSA provenance verification, testing code-signing bypass detection, evaluating CI pipeline compromise scenarios, and measuring time-to-detection and response effectiveness. Produces a findings report with remediation priorities. Excludes ongoing dependency scanning.
Attributes
displayName
Supply Chain Attack Simulation
workflowKind
security
triggerType
scheduled
typicalCadence
semi-annual
complexity
cross-team
description
Simulates software supply chain attack scenarios -- injecting typosquatted
packages in internal registries, testing dependency confusion defenses,
validating SLSA provenance verification, testing code-signing bypass
detection, evaluating CI pipeline compromise scenarios, and measuring
time-to-detection and response effectiveness. Produces a findings report
with remediation priorities. Excludes ongoing dependency scanning.
Outgoing edges
applies_to_domain2
- domain:cybersecurity·DomainCybersecurity
- domain:security·DomainSecurity
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:platform-engineer·RolePlatform Engineer
- role:staff-engineer·RoleStaff Engineer
performed_by_org_unit3
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:application-security-team·OrgUnitApplication Security Team
- org-unit:platform-team·OrgUnitPlatform Team
requires_skill_area2
- skill-area:supply-chain-security·SkillAreaSoftware Supply Chain Security
- skill-area:dependency-vulnerability-mgmt·SkillAreaDependency Vulnerability Management
triggers_responsibility2
- responsibility:threat-modeling·ResponsibilityThreat modeling
- responsibility:security-review·ResponsibilitySecurity review
Incoming edges
follows_workflow1
- stack-profile:container-registry-scanning·StackProfileContainer Registry & Scanning (Docker, Trivy, Kubernetes, Go, Snyk)