Taxonomy of attacks on open-source software supply chain based on 94 real-world incidents.
It is based on the recent paper by @piergiorgioLad, @HenrikPlate, @barais and Matias S. Martinez.
Link: [https://sap.github.io/risk-explorer-for-software-supply-chains/]