Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge.