Compromise of developer's access, API keys, etc. in order to create a supply chain attack.