Configuration: Compromised Supply Chain¶

Identifier: compromised_supply_chain

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

A compromised supply chain occurs when attackers target trusted external services, libraries, or tools to inject malicious code, potentially giving hackers backdoor access to systems.

How we test: We analyze frontend JavaScript bundles and dependencies to detect if compromised or malicious third-party libraries are being used. We check for known compromised packages, suspicious code patterns, and verify if applications are using vulnerable or tampered dependencies.

Reference:

https://fossa.com/blog/polyfill-supply-chain-attack-details-fixes/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  compromised_supply_chain:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.