https://future.com/securing-the-software-supply-chain/
Open Source is a great way to quickly develop applications and services for IT departments. The software supply chain refers to the process of writing and building software, including all of the open source that goes into it.
Open source isn’t without risks. The risks around using software you don’t know is not hard to identify. You are trusting it functions as you need and hope.
But trust goes further than that. You are trusting that every line of code and every step of that software’s build process is secure.
That may not be the right move anymore.
The link above is an article that goes into some of the threats and solutions. It isn’t detailed, but will get you started.