Having a handle on the attack surface of an application and its infrastructure is essential towards building security in and defending a workload.
Create an ATTACKS.md file in the root of your code respository so that the attack surface for the application can be considered during design and the other phases of the Secure Software Supply Chain.