A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.
@henrikplate @serenaponta it would be nice if you could review the PR and agree on the assignment to the right attack vectors