Towards Using Source Code Repositories to Identify Software Supply Chain Attacks