Supply Chain Owasp London

This presentation at OWASP London challenges the audience to look beyond code dependencies when thinking about software supply chain security. Anant Shrivastava demonstrates that while organizations have invested heavily in SCA tooling and SBoM generation for source code, the actual attack surface extends across browser extensions, IDE marketplaces, CI/CD pipelines, container registries, package manager scripts, dependency caching servers, and AI coding agents. Through historical context, real-world attack case studies, and a structured ATOM defense framework, the talk provides a comprehensive view of the supply chain threat landscape and practical mitigation strategies.

Key Topics Covered

Historical Perspective on Supply Chain Trust:

• Ken Thompson’s 1983 Turing Award lecture demonstrated backdoor implantation in a C compiler binary without source code evidence, based on a 1974 US military MULTICS security evaluation
• ENISA’s cybersecurity foresight report identifies supply chain compromise of software dependencies as a peak-level threat through 2030
• Global government responses: US Executive Order, Japan’s economic security bill, EU NIS2, UK guidelines, India’s CERT-In SBoM guidelines

The Current State of SBoM and SCA:

• SBoM provides an itemized inventory of third-party components with name, version, and license data
• SCA tools identify outdated, insecure, and end-of-life components while generating or consuming SBoMs
• Despite growing adoption, the industry remains focused too narrowly on code-level dependencies

The Developer Workflow as a Supply Chain:

• Traditional chain: Chrome extensions → AI-driven VS Code extensions → GitHub → GitHub Actions → Docker → Kubernetes → EC2/AMI
• Current evolution: autonomous AI agents with full CLI access writing and committing code directly
• Dependabot statistics reveal the scale: ~2.45 million issues closed and ~120,000 new issues created over five months

Non-Code Supply Chain Attack Vectors:

• Pluggable modules, plugins, extensions, theming, and customizations — any software allowing third-party functionality modification
• Developer machines are high-value targets with extensive credentials, admin access, network policy exceptions, and powerful tooling

Browser Extension Attacks:

• Dozens of backdoored Chrome extensions discovered on 2.6 million devices
• Malicious EditThisCookie clone exfiltrating session cookies
• Browser extensions possess broad permissions including clipboard access, all-URL access, tab control, and cookie access

IDE and Marketplace Attacks:

• Malicious VS Code extensions with millions of installs
• Open VSX marketplace CI vulnerability that could have allowed a single attacker to push malicious updates to every extension used by 8 million developers across VS Code forks (Cursor, Windsurf, GitLab Web IDE)
• Homebrew impersonation via Google Ads directing to a near-replica site serving malicious install scripts
• AI IDE rule file injection using hidden whitespace (Cursor, GitHub Copilot)

CI/CD and Infrastructure Attacks:

• NSA/CISA guidance specifically addresses defending CI/CD environments
• Global TeamCity exploitation opened the door to SolarWinds-style nightmare scenarios
• Malicious containers found on Docker Hub; container supply chain threatens the “don’t install, just download containers” paradigm
• Dependency caching server exploitation for persistent malicious package delivery (Go module proxy)

Social Engineering of Package Ecosystems:

• Bait-and-switch: WordPress plugins purchased and backdoored (300,000+ installations)
• Rogue maintainers: node-ipc sabotage (peacenotwar), colors.js/faker.js infinite loop corruption, npm malware civil war
• These attacks exploit trust relationships and the open nature of package ecosystems

The ATOM Framework:

• Awareness: Move unknown risks into known risks through comprehensive inventory
• Trust But Verify: Validate every dependency, tool, and service
• Ongoing Monitoring: Continuous security checks for changes and anomalies
• Measure & Map: Answer concrete questions like “How many machines have Chrome installed?” and “How many plugins exist in GitHub workflows?”

Defensive Tooling and Frameworks:

• Chrome extension auditing: extensionauditor.com; osquery for endpoint visibility
• GitHub security: signed commits, protected branches, forced reviews, legitify, zizmor, OpenSSF SCM Best Practices, Allstar
• Consumer vetting: SafeDep Vet for dependency analysis; Overlay browser extension for package evaluation across npm, PyPI, Go
• Cloud/container security: ScoutSuite, Prowler, kube-hunter, kube-bench, KubiScan, kubeaudit, Trivy, Cosign/Sigstore
• Standards: SLSA for build integrity, OWASP SCVS, NIST SSDF, pbom.dev attack reference

Actionable Takeaways

1. Extend supply chain security beyond SCA and SBoM for code dependencies — audit browser extensions, IDE plugins, CI/CD workflows, container images, and package manager scripts with equal rigor.
2. Apply the ATOM framework systematically: inventory all supply chain touchpoints (Awareness), validate each one (Trust But Verify), establish continuous monitoring (Ongoing Monitoring), and build queryable visibility across the organization (Measure & Map).
3. Deploy endpoint visibility tools like osquery to audit browser extensions and IDE plugins across your developer fleet, focusing on high-risk permissions (clipboard, cookies, all-URLs).
4. Secure GitHub and CI/CD pipelines with signed commits, protected branches, mandatory reviews, and workflow auditing via zizmor and legitify.
5. Vet open-source dependencies before adoption using SafeDep Vet and the Overlay browser extension, and monitor for ownership changes and license shifts in existing dependencies.
6. Implement container provenance verification with Cosign/Sigstore and runtime security scanning with Trivy to address the container image supply chain.
7. Establish organizational policies to address Shadow IT risk from non-engineering staff independently building and deploying applications using AI IDEs on personal cloud accounts.