2

State-of-the-Art Survey of Open-source Software Supply Chain Security