Supply Chain Defense Simulator

Interactive supply-chain security simulator: spot Sigstore identity gaps, SBOM blind spots, SLSA L2 vs L3 confusion, dependency confusion attacks, GitHub Actions secret leaks, and admission policy scope gaps across 6 production scenarios. Free, no signup.

Interactive supply-chain security lab. Six scenarios cover cosign verify without certificate-identity, syft SBOMs missing Go modules under -ldflags strip, SLSA L2 vs L3 provenance, Python dependency confusion via --extra-index-url, GitHub Actions pull_request_target with secrets exposed to fork checkouts, and Kyverno verifyImages namespace-scope gaps.

What You Practice

Recognizing production failure modes before they become incidents.
Connecting security, reliability, and operational choices to real engineering outcomes.
Building intuition through short interactive scenarios instead of passive reading only.

Related Practice

Kubernetes Security Simulator
Zero Trust Network Builder
API Attack & Defense
Incident Response Simulator
Service Mesh Routing Game
Threat Modeling Challenge

Continue with free courses or read production engineering articles.