This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.8 of Cloud Threats and Attack Vectors
Risks in container image supply chains, dependency confusion, CI/CD pipeline compromise, and third-party SaaS integration.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
CISA Software Supply Chain Security Guidance
CISA comprehensive guidance on securing software supply chains.
NIST SP 800-204D: Securing Cloud-Native Applications
NIST draft guidance on supply chain security for cloud-native microservices.
GitHub Actions Security Hardening
GitHub official guidance on securing CI/CD workflows using OIDC and minimal permissions.
Sigstore: Code Signing for the Cloud Supply Chain
Open-source tooling (cosign, rekor, fulcio) for signing container images and binaries.
Quadrant 4 · Self-Assessment
Cloud Threats, Attacks and Privacy
CSA Top 10, SSRF/IMDS, IMDSv2, EDoS, man-in-the-cloud, STRIDE, MITRE ATT&CK for Cloud, and data residency.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.