Rapid growth in third-party dependencies (including open-source libraries, packages and container images, etc.) has significantly changed the modern software development process. Most applications nowadays are built on a combination of in-house and external code. Public open-source repositories offer a place for developers to use, host and share software libraries, packages, container images, and other works with many useful and well-developed features. Although the use of third-party dependencies does improve the development efficiency and quality, the security risks of malicious code and vulnerability has created a backdoor for potential supply chain attacks and other malicious acts.
For details, please visit the below link: