supply-chain-forensics
Investigates software supply chain compromise across three vectors: dependency integrity (packages and libraries), build pipeline tampering (CI/CD systems and build scripts), and SBOM-based composition analysis. Maps findings to SLSA (Supply-chain Levels for Software Artifacts) and MITRE ATT&CK techniques for supply chain attacks.
Triggers
Alternate expressions and non-obvious activations (primary phrases are matched automatically from the skill description):
- "SBOM" → Software Bill of Materials analysis
- "build pipeline audit" → supply chain security review
- "dependency confusion" → supply chain attack vector
Purpose
Supply chain attacks compromise software before it reaches users — through malicious packages, tampered build scripts, or poisoned CI/CD pipelines. These attacks are difficult to detect because the delivered artifact may appear legitimate. This skill applies systematic verification of components and build processes to identify tampering.
Behavior
When triggered, this skill:
-
Identify project type and package ecosystem:
- Detect ecosystems from lock files and manifests:
package-lock.json, yarn.lock, Cargo.lock, Pipfile.lock, go.sum, Gemfile.lock, pom.xml, build.gradle
- Record all detected ecosystems for targeted analysis
- Identify package manager in use: npm, pip, cargo, go mod, gem, maven, gradle
-
SBOM generation and analysis:
- Generate SBOM if not present:
- npm/Node:
npx @cyclonedx/cyclonedx-npm --output-file sbom.json
- Python:
cyclonedx-bom -r -o sbom.json
- Go:
cyclonedx-gomod mod -json -o sbom.json
- If SBOM already exists, validate schema compliance (CycloneDX or SPDX)
- Count total components, direct vs transitive dependencies
- Flag: components with no version pinning, components with no identified license, components with known CVEs (cross-reference against OSV.dev if network available)
-
Dependency integrity verification:
-
Typosquatting and dependency confusion detection:
- Check for packages with names similar to popular packages (Levenshtein distance <= 2)
- Check for internal package names that also exist on public registries (dependency confusion vector)
- Flag packages with very high version numbers (confusion attack often uses high semver to win resolution)
- Flag packages published by single-user accounts with no prior history
-
Build script analysis:
-
CI/CD pipeline tampering indicators:
- Compare current workflow files against git history:
git log --oneline -- .github/workflows/
- Identify workflow changes made by accounts other than core maintainers
- Check for workflow files added in dependency branches or PRs from forks with write access
- Review secrets usage: identify workflows that access secrets but are triggerable by external contributors
- Flag
pull_request_target triggers with checkout of untrusted code — common privilege escalation vector
-
Build reproducibility check:
- Identify artifacts for which the build is declared reproducible
- For npm packages: use
reprotest or manual rebuild and hash comparison
- Check for embedded timestamps, random salts, or non-deterministic ordering in build output
- Compare artifact hash against published hash in package registry
- Record: reproducibility claim, verification result, variance source if not reproducible
-
SLSA level assessment:
- Level 1: Build process is scripted (automated, not manual)
- Level 2: Build service generates provenance; source is version-controlled
- Level 3: Build runs in an isolated environment; provenance is signed
- Level 4: Reproducible builds; two-party review for all changes
- Report achieved SLSA level and gaps to next level
-
Write findings document:
- Save to
.aiwg/forensics/findings/supply-chain-forensics.md
- Sections: SBOM summary, integrity failures, typosquatting risks, build script anomalies, pipeline tampering indicators, SLSA assessment, remediation recommendations
Usage Examples
Example 1 — Full supply chain audit
supply chain forensics
Runs against the current working directory.
Example 2 — SBOM analysis only
sbom analysis ./sbom.json
Example 3 — Dependency audit for specific ecosystem
dependency audit --ecosystem npm
Example 4 — CI/CD pipeline investigation
build pipeline investigation .github/workflows/
Output Locations
- Findings:
.aiwg/forensics/findings/supply-chain-forensics.md
- Generated SBOM:
.aiwg/forensics/evidence/sbom.json
- Integrity report:
.aiwg/forensics/evidence/dependency-integrity.txt
Configuration
yaml
1supply_chain_forensics:
2 sbom_format: cyclonedx
3 sbom_version: "1.5"
4 typosquatting_distance: 2
5 check_osv: true
6 check_reproducibility: true
7 slsa_assessment: true
8 pinned_action_check: true
9 high_risk_patterns:
10 - "curl.*|.*sh"
11 - "wget.*sh"
12 - "base64.*-d.*|.*sh"
13 - "eval.*\\$\\("
14 - "pull_request_target"
References
- @$AIWG_ROOT/agentic/code/addons/aiwg-utils/rules/research-before-decision.md — Identify package ecosystems and build pipeline from lock files before starting analysis
- @$AIWG_ROOT/agentic/code/frameworks/forensics-complete/rules/evidence-integrity.md — Do not run build scripts during investigation; analyze artifacts read-only to avoid triggering payloads
- @$AIWG_ROOT/agentic/code/addons/aiwg-utils/rules/human-authorization.md — Report integrity failures and tampering indicators; await human decision before blocking or removing dependencies
- @$AIWG_ROOT/agentic/code/frameworks/forensics-complete/rules/red-flag-escalation.md — Escalate immediately when dependency hash mismatches or CI/CD script injection is confirmed
- @$AIWG_ROOT/agentic/code/frameworks/sdlc-complete/rules/token-security.md — Supply chain audit checks for secrets in build pipelines; this rule defines what constitutes a violation
