SLSA: Defining Supply chain threats
Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive and costly in today’s environment.
Threat: Submit bad code to the source repository
Bad actors in your codebase.
Linux hypocrite commits: Researcher attempted to intentionally introduce vulnerabilities into the Linux kernel via patches on the mailing list.