OWASP Top 10 tackles supply chain risk
The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk.
CI/CD Tampering
What is CI/CD tampering?
CI/CD tampering refers to the unauthorized manipulation or exploitation of continuous integration (CI) or continuous delivery/deployment (CD) environments to inject malicious code, exfiltrate sensitive information, or alter build outcomes. It targets automated software pipelines that orchestrate testing, packaging, and release.
Why is CI/CD tampering important?
CI/CD environments often have access to sensitive credentials, source code, and deployment infrastructure. If compromised, they provide attackers with a powerful vector for software supply chain attacks, enabling the insertion of backdoors, lateral movement, or privilege escalation within the development workflow.
How does it work?
Tampering can occur at any stage of the pipeline and typically includes:
- Exploiting vulnerable CI/CD plugins or integrations
- Modifying build scripts or YAML configuration files
- Injecting malicious jobs via authorized or hijacked user access
- Abusing secrets stored in environment variables
- Altering artifact signing or storage steps
Benefits
- Mitigates Supply Chain Risks: Prevents unauthorized or malicious code from being included in shipped products.
- Protects Sensitive Assets: Secures credentials, tokens, and internal infrastructure configurations to safeguard sensitive information.
- Builds Customer Confidence: Demonstrates robust DevSecOps practices and security maturity.
- Enhances Audit Preparedness:Supports traceability and integrity requirements under EO 14028, FedRAMP, and ISO 27001.
CI/CD tampering vs
Topic | Focus Area | Key Differences |
|---|---|---|
Build Pipeline Security | Holistic protection of CI/CD tools | CI/CD tampering is a specific type of threat to that pipeline |
Artifact Poisoning | Tampered output artifacts | CI/CD tampering can lead to artifact poisoning |
Secure Build Environments | Infrastructure hardening | Focuses on securing the infrastructure, not the workflow logic |
Limit attacks using CI/CD tampering mitigations
- Use signed commits and tags to verify source authenticity
- Monitor build logs and alerts for anomalies or new job injections
- Validate that all pipeline changes go through secure version control
- Apply least-privilege principles to runners and agents
- Encrypt and rotate secrets regularly in CI/CD vaults
Use cases
- Insider Threat Mitigation: Detecting and blocking unauthorized pipeline changes made by employees or contractors.
- Advanced Persistent Threat (APT) Defense: Hardening software delivery chains against nation-state or sophisticated adversaries.
- Automated Pipeline Auditing:Validating each stage for expected inputs and outputs to catch hidden logic changes.
Additional considerations
- Include CI/CD systems in your threat model and red team exercises.
- Review third-party CI/CD integrations and plugins regularly for vulnerabilities.
- Consider building tamper-evident logs and attestation metadata (e.g., SLSA, in-toto).
- Enable version pinning to limit exploitation via plugin or dependency updates.
