bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9107796cbe61de68fc28991b643dc4b8da4cd4fa
2nd/10_Wiki/Topics/AI_and_ML/Supply-Chain.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

199 lines
6.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
id: wiki-2026-0508-supply-chain
title: Supply Chain
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [SCM, Supply Chain Management, 공급망]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [supply-chain, logistics, security, sbom, ai-optimization]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: python
framework: ortools
---
# Supply Chain
## 매 한 줄
> **"매 supply chain 의 end-to-end network — raw material부터 end customer까지의 flow"**. 매 2026 supply chain 의 두 축: AI-driven optimization (demand forecast, route, inventory) 와 security (SBOM, supply chain attack defense). 매 SolarWinds·xz-utils 사건 이후 software supply chain 의 first-class 보안 concern.
## 매 핵심
### 매 5 components
- **Plan**: demand forecast, capacity planning, S&OP.
- **Source**: supplier selection, contract, procurement.
- **Make**: production, quality, scheduling.
- **Deliver**: warehousing, transportation, last-mile.
- **Return**: reverse logistics, recycling, RMA.
### 매 AI 적용 영역
- **Demand forecasting**: Transformer-based time series (TimesFM, Chronos), LSTM 의 retire.
- **Route optimization**: OR-Tools VRP + RL hybrid.
- **Inventory**: (s,S) policy + safety stock dynamic adjustment.
- **Anomaly detection**: shipment delay prediction, fraud.
- **Supplier risk**: graph neural network on supplier dependency graph.
### 매 software supply chain security
- **SBOM** (Software Bill of Materials): SPDX, CycloneDX format.
- **Sigstore**: keyless signing, transparency log.
- **SLSA** (Supply-chain Levels for Software Artifacts): level 1-4 framework.
- **Attack surface**: dependency confusion, typosquatting, malicious maintainer.
### 매 응용
1. **E-commerce**: Amazon FBA — AI demand forecast → DC pre-positioning.
2. **Manufacturing**: Toyota JIT 의 AI evolve — predictive lead time.
3. **Software security**: GitHub Dependabot + Sigstore + SLSA Level 3.
## 💻 패턴
### 1. Demand forecast (Chronos)
```python
from chronos import ChronosPipeline
import torch
import pandas as pd
pipe = ChronosPipeline.from_pretrained(
"amazon/chronos-bolt-base", torch_dtype=torch.bfloat16
)
# historical daily sales
ts = pd.read_csv("sales.csv")["units"].values
context = torch.tensor(ts[-365:])
forecast = pipe.predict(context, prediction_length=30, num_samples=100)
median = forecast.median(dim=1).values # 30-day median forecast
p90 = forecast.quantile(0.9, dim=1) # safety stock upper bound
```
### 2. VRP (Vehicle Routing Problem)
```python
from ortools.constraint_solver import pywrapcp, routing_enums_pb2
def solve_vrp(distance_matrix, num_vehicles, depot):
manager = pywrapcp.RoutingIndexManager(
len(distance_matrix), num_vehicles, depot
)
routing = pywrapcp.RoutingModel(manager)
def dist_cb(i, j):
return distance_matrix[manager.IndexToNode(i)][manager.IndexToNode(j)]
transit_idx = routing.RegisterTransitCallback(dist_cb)
routing.SetArcCostEvaluatorOfAllVehicles(transit_idx)
params = pywrapcp.DefaultRoutingSearchParameters()
params.first_solution_strategy = routing_enums_pb2.FirstSolutionStrategy.PATH_CHEAPEST_ARC
return routing.SolveWithParameters(params)
```
### 3. (s,S) inventory policy
```python
import numpy as np
def reorder(stock, s, S, demand_forecast, lead_time_days):
# s = reorder point, S = order-up-to level
expected_demand_during_lead = demand_forecast.mean() * lead_time_days
safety = 1.65 * demand_forecast.std() * np.sqrt(lead_time_days)
s_dynamic = expected_demand_during_lead + safety
if stock <= s_dynamic:
return S - stock
return 0
```
### 4. SBOM generation (CycloneDX)
```bash
# Python project
pip install cyclonedx-bom
cyclonedx-py -o sbom.json --format json
# Node project
npx @cyclonedx/cyclonedx-npm --output-file sbom.json
# Container
syft packages docker:myimage:latest -o cyclonedx-json > sbom.json
```
### 5. Sigstore keyless signing
```bash
# Sign artifact (uses OIDC identity, no long-lived keys)
cosign sign-blob --yes ./release.tar.gz \
--output-signature release.sig \
--output-certificate release.crt
# Verify
cosign verify-blob ./release.tar.gz \
--signature release.sig \
--certificate release.crt \
--certificate-identity user@example.com \
--certificate-oidc-issuer https://github.com/login/oauth
```
### 6. SLSA provenance (GitHub Actions)
```yaml
name: build
on: [push]
permissions:
id-token: write
contents: read
jobs:
build:
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: ${{ needs.hash.outputs.digests }}
```
### 7. Supplier risk GNN
```python
import torch
from torch_geometric.nn import GraphSAGE
# nodes = suppliers, edges = dependency
model = GraphSAGE(in_channels=16, hidden_channels=64,
num_layers=3, out_channels=2) # risk score
# message passing: tier-1 supplier 의 risk → tier-2 propagation
risk_scores = model(node_features, edge_index)
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| Demand forecast (long horizon) | Chronos / TimesFM |
| Route opt (small, hard) | OR-Tools exact |
| Route opt (large, soft) | RL + heuristic |
| SBOM | CycloneDX (broader) or SPDX |
| Signing | Sigstore (keyless, modern) |
**기본값**: Chronos forecast + OR-Tools VRP + CycloneDX SBOM + Sigstore.
## 🔗 Graph
- 부모: [[Operations-Research]]
- 변형: [[SBOM]] · [[SLSA]] · [[Sigstore]]
## 🤖 LLM 활용
**언제**: Demand pattern 의 explain, anomaly 의 root-cause analysis, SBOM 의 vulnerability summary.
**언제 X**: Real-time route decision (latency), exact optimization (LLM 의 hallucinate cost).
## ❌ 안티패턴
- **Forecast 없는 inventory**: 매 lead time × demand 의 rough-cut estimate → stockout 의 cycle.
- **SBOM 의 build 후 generation**: 매 reproducibility 의 lose. Build 시 generate.
- **Long-lived signing keys**: 매 leak 의 catastrophic. Sigstore keyless 의 use.
- **Dependency 의 pin without lock**: 매 supply-chain attack vector. lockfile + hash check.
- **Tier-1 supplier 의 only monitor**: 매 cascade failure 의 ignore. Multi-tier visibility.
## 🧪 검증 / 중복
- Verified (CSCMP definitions, NIST SSDF SP800-218, SLSA spec v1.0).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — supply chain (logistics + software security) full canonical |
Reference in New Issue View Git Blame Copy Permalink