In my 2023 ACM talk, to illustrate how supply chain security is more than just build deps graphs, I showed a graph of the servers involved in building and serving Go releases.
Has anyone done something like this but for GitHub Actions? We have examples now of attacks moving between actions.
