Software supply chain incidents have been making headlines recently. The umbrella term supply chain attack covers any instance where an attacker interferes with or hijacks the software manufacturing process. This can happen when code libraries or individual components being used in a software build are tainted, when software update binaries are Trojanized, code-signing certificates are stolen, or even when a server hosting software-as-a-service (SaaS) is compromised.Here we examine six different techniques used in recent real-world, successful software supply chain attacks.”]