Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free TrialCI/CD tampering refers to the unauthorized manipulation or exploitation of continuous integration (CI) or continuous delivery/deployment (CD) environments to inject malicious code, exfiltrate sensitive information, or alter build outcomes. It targets automated software pipelines that orchestrate testing, packaging, and release.
CI/CD environments often have access to sensitive credentials, source code, and deployment infrastructure. If compromised, they provide attackers with a powerful vector for software supply chain attacks, enabling the insertion of backdoors, lateral movement, or privilege escalation within the development workflow.
Tampering can occur at any stage of the pipeline and typically includes:
Topic | Focus Area | Key Differences |
|---|---|---|
Build Pipeline Security | Holistic protection of CI/CD tools | CI/CD tampering is a specific type of threat to that pipeline |
Artifact Poisoning | Tampered output artifacts | CI/CD tampering can lead to artifact poisoning |
Secure Build Environments | Infrastructure hardening | Focuses on securing the infrastructure, not the workflow logic |

The Life and Times of Cybersecurity Professionals study highlights a trend that has accelerated as cyber has become more complex.

The Magic Quadrant™ for Software Supply Chain Security is a 45-minute read. Here's what we feel security leaders need to pull from it.

With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.