CC-T-1 — Supply-chain attack via compromised dependency
Component: Cross-Cutting. Mitigations: Dependabot, Grype, CodeQL, govulncheck (resolved AV-P-5). Action: None required.
| Property | Value |
|---|---|
| Section | Tampering |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-OPS-04 | Vulnerability Management |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md