CodersSecret
Supply Chain Lab

Supply Chain Defense Simulator

Most security incidents now begin in the supply chain — a compromised dependency, an unsigned image, a leaked CI token. Each scenario drops you into a real attack class and asks you to spot the gap before the build promotes to production.

6 scenarios~12 minutesMedium
RUNMedium

How the simulator works

  • Each scenario shows a CI/CD config, an SBOM diff, or a registry artefact with a hidden supply-chain risk.
  • Identify the issue from four plausible options — the wrong answers explain why they look reasonable but miss the real risk.
  • Read the production explanation, follow the link to the relevant lesson, and move to the next scenario.
  • Score yourself across all six rounds — covering signature verification, SBOM gaps, SLSA provenance, dependency confusion, CI runner compromise, and admission policy.