A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.
As discussed in the related issue, we add the new attack vector related to AI package hallucination. I've added description and associated reference.
@henrikplate @serenaponta