Summary
Computational infrastructures have become a foundational enabler of scientific discovery across a range of critical domains, including seismic imaging, air quality monitoring, epidemiology, drug discovery, and nuclear engineering. As a result, ensuring the security of these infrastructures is paramount. Scientific computing ecosystems rely heavily on open-source software to develop, port, deploy, schedule, and manage computational codes. However, the open-source model inherently exposes projects to software supply chain threats. Real-world incidents have shown that adversaries can exploit this