Configuration: Compromised Supply Chain¶

Identifier: compromised_supply_chain

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

A compromised supply chain happens when an attacker targets trusted external services, libraries, or tools to sneak in malicious code.

Developers rely on these components to build their applications, so if even one of them is tampered with, it can give a hacker a backdoor into your system.

The danger lies in the fact that vulnerabilities in these components may remain unnoticed, letting unauthorized access or data theft go undetected until it's too late. A common pitfall is assuming that third-party tools are inherently safe, rather than actively monitoring for suspicious updates or vulnerabilities.

Reference:

https://fossa.com/blog/polyfill-supply-chain-attack-details-fixes/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  compromised_supply_chain:
    assets_allowed:
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.