In this Help Net Security podcast, Tomislav Peri..in, Chief Software Architect at ReversingLabs, explains the latest and most destructive supply chain attacks, their techniques and how to build more secure apps. The only defense is to defend software from attacks that modify the build environment at the point and inject themselves at that point. The key tenet is the ability to inspect the fully built release package, because at the very end of this SUNBURST attack you had a compromised release image, and that was really the only way to actually detect this particular type of an attack.
Source: https://www.helpnetsecurity.com/2021/08/05/supply-chain-attacks-techniques/