Supply Chain Attack¶
Supply Chain Attack is a security attack that uses dependencies to infect a program.
Modern applications are built on top of components which are fetched from central repositories. In the PHP world, composer is the most popular PHP repository.
When those external repositories are infected with malicious component or code, the dependency manager loads them like the rest of the code. Blind trust in the imported code lead to vulnerabilities.
See also PHP Supply Chain Attack on Composer, Supply Chain Security in PHP Projects, Packagist PHP repo supply chain attack: 3 key takeaways and An Update on Composer & Packagist Supply Chain Security.
Related : Supply Chain, Software Bill Of Material (SBOM), Poisoned Pipeline Execution (PPE)
