This repository contains links to articles of software supply chain compromises. In the future it also may contain ways to query and export these as references, but that's ongoing work.
| Name | Year | Type of compromise | Link |
|---|---|---|---|
| Webmin Backdoor | 2019 | Build Infrastructure | 1 |
| RubyGem strong_password | 2019 | Publishing Infrastructure | 1, 2 |
| RubyGem bootstrap-sass | 2019 | Publishing Infrastructure | 1, 2, 3 |
| ShadowHammer | 2019 | Multiple steps | 1, 2 |
| PEAR Breach | 2019 | Publishing Infrastructure | 1, 2 |
| Dofoil | 2018 | Publishing Infrastructure | 1 |
| Operation Red | 2018 | Publishing Infrastructure | 1 |
| Gentoo Incident | 2018 | Source Code Compromise | 1 |
| Unnamed Maker | 2018 | Publishing Infrastructure | 1 |
| Colourama | 2018 | TypoSquat | 1, 2 |
| Foxif/CCleaner | 2017 | Publishing Infrastructure | 1 |
| HandBrake | 2017 | Publishing Infrastructure | 1 |
| Kingslayer | 2017 | Publishing Infrastructure | 1 |
| HackTask | 2017 | TypoSquat | 1 |
| NotPetya | 2017 | Multiple steps | 1 |
| Bitcoin Gold | 2017 | Source Code Compromise | 1 |
| ExpensiveWall | 2017 | Backdooring SDK | 1,2 |
| OSX Elmedia player | 2017 | Publishing infrastructure | 1 |
| keydnap | 2016 | Publishing infrastructure | 1,2 |
| Fosshub Breach | 2016 | Publishing infrastructure | 1,2 |
| Linux Mint | 2016 | Publishing infrastructure | 1 |
| Juniper Incident | 2015 | Source Code Compromise | 1 |
| XCodeGhost | 2015 | Fake toolchain | 1 |
| Ceph and Inktank | 2015 | Build, source and publishing infrastructure | 1 |
| Code Spaces | 2014 | Source Code Compromise | 1 |
| Monju Incident | 2014 | Publishing infrastructure | 1 |
| Operation Aurora | 2010 | Watering-hole attack | 1 |
| ProFTPD | 2010 | Source Code Repository | 1 |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent