--- id: wiki-2026-0508-공급망-공격-supply-chain-attack title: 공급망 공격 (Supply Chain Attack) category: 10_Wiki/Topics status: verified canonical_id: self aliases: [Supply Chain Attack, SCA, 의존성 공격, dependency confusion] duplicate_of: none source_trust_level: A confidence_score: 0.92 verification_status: applied tags: [security, supply-chain, devsecops, sbom] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: python framework: sigstore --- # 공급망 공격 (Supply Chain Attack) ## 매 한 줄 > **"매 빌드 파이프라인의 매 한 곳이 매 약점이다"**. 공격자는 직접 target 을 뚫는 대신 매 dependency, 매 build agent, 매 registry 를 오염시켜 매 downstream 수천 개 product 에 한 번에 침투. SolarWinds(2020) → xz-utils(2024) → npm event-stream / ua-parser-js / Polyfill.io 사슬을 거치며 매 SBOM·sigstore·SLSA L3+ 가 매 2026 표준이 되었다. ## 매 핵심 ### 매 공격 표면 - **Source**: 매 maintainer 계정 탈취, malicious commit (xz-utils Jia Tan). - **Build**: 매 CI runner 침투 (CodeCov bash uploader, GitHub Actions token 유출). - **Package**: 매 typosquatting (`reqeusts`), 매 dependency confusion (private name 을 public registry 에 선점). - **Distribution**: 매 mirror / CDN 변조 (Polyfill.io 2024). - **Update channel**: 매 auto-update 서버 hijack (SolarWinds Orion). ### 매 1차 방어 - **SBOM** (CycloneDX / SPDX) — 매 component 추적, EU CRA 2026 mandate. - **Sigstore cosign** — 매 keyless signing, transparency log (Rekor). - **SLSA L3+** — 매 hermetic, isolated, provenance-attested build. - **Pinning + lockfile** — 매 hash-pin (`pip --require-hashes`, `npm ci`). ### 매 응용 1. Open-source 의존성 audit pipeline. 2. 내부 enterprise artifact registry hardening. 3. ML model supply chain (huggingface, model card 위조 방어). ## 💻 패턴 ### sigstore cosign 으로 컨테이너 image sign + verify ```bash # Sign (keyless OIDC) cosign sign --yes ghcr.io/org/app@sha256:abc123 # Verify in admission controller cosign verify ghcr.io/org/app@sha256:abc123 \ --certificate-identity-regexp '^https://github\.com/org/' \ --certificate-oidc-issuer https://token.actions.githubusercontent.com ``` ### SBOM 생성 + 취약점 scan (syft + grype) ```bash syft packages dir:. -o cyclonedx-json > sbom.json grype sbom:sbom.json --fail-on high ``` ### Dependency confusion 방어 (npm scoped + .npmrc) ```ini # .npmrc — 매 internal scope 만 private registry 사용 @acme:registry=https://npm.acme.internal //npm.acme.internal/:_authToken=${NPM_TOKEN} registry=https://registry.npmjs.org/ ``` ### Python hash-pinned install ```bash pip-compile --generate-hashes requirements.in pip install --require-hashes -r requirements.txt ``` ### GitHub Actions OIDC + 최소 권한 ```yaml permissions: contents: read id-token: write # OIDC 만, GITHUB_TOKEN 권한 격리 jobs: build: steps: - uses: actions/checkout@v4 with: { persist-credentials: false } - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::123:role/ci-deploy aws-region: us-east-1 ``` ### SLSA provenance (in-toto attestation) ```python import json, hashlib from in_toto_attestation.v1 import statement_pb2 as s stmt = s.Statement( type="https://in-toto.io/Statement/v1", subject=[s.ResourceDescriptor(name="app", digest={"sha256": hashlib.sha256(open("app","rb").read()).hexdigest()})], predicate_type="https://slsa.dev/provenance/v1", predicate={"buildDefinition": {"buildType": "github-actions-v1"}}, ) ``` ### Maintainer takeover 탐지 (commit signature drift) ```python def detect_anomaly(commits): # 매 갑자기 unsigned commit, 매 새로운 GPG key, 매 timezone 급변 keys = {c.gpg_key for c in commits if c.gpg_key} if len(keys) > 3 or any(c.gpg_key is None for c in commits[-10:]): alert("Maintainer key drift") ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | OSS 의존성 多 | SBOM + grype CI gate | | 내부 private package | scoped registry + dependency confusion 차단 | | Container 배포 | cosign keyless + admission verify | | 규제 산업 (gov, finance) | SLSA L3+ hermetic build, reproducible | | ML model 배포 | model signing + dataset provenance | **기본값**: SBOM(syft) + cosign keyless + lockfile hash-pin + OIDC short-lived credential. ## 🔗 Graph - 부모: [[보안 아키텍처]] · [[DevSecOps]] - 변형: [[Dependency Confusion]] · [[Typosquatting]] · [[Maintainer Takeover]] - 응용: [[SBOM]] · [[Sigstore]] · [[SLSA]] - Adjacent: [[Container Image Signing]] · [[Zero Trust]] ## 🤖 LLM 활용 **언제**: SBOM 차이 분석, CVE → affected component mapping, supply chain risk 자동 triage. **언제 X**: 매 cryptographic signature 검증 자체는 매 deterministic tool (cosign) 의 사용 — LLM 추론 X. ## ❌ 안티패턴 - **Latest tag 사용**: `image:latest` — 매 mutable, 매 unverifiable. Pin digest. - **Curl | bash**: 매 unsigned script 실행 — checksum 최소. - **Long-lived CI token**: PAT 영구 보관 → OIDC short-lived 로 교체. - **단일 maintainer OSS 채택 without audit**: bus factor 1 = supply chain risk. ## 🧪 검증 / 중복 - Verified (CISA 2025 SCRM guidance, SLSA v1.0 spec, NIST SSDF). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — full content (SBOM, sigstore, SLSA, dependency confusion patterns) |