Threats & Attacks - Secure Pipelines

CI/CD Threat Modeling: Identifying Trust Boundaries and Attack Paths

January 26, 2026January 20, 2026 by Said OULMAKHZOUNE

Threat modeling is a well-established practice in application security. Teams routinely model threats against APIs, backend services, and production environments. However, CI/CD pipelines are often excluded from formal threat modeling exercises, despite being one of the most critical components of modern software systems. This is a dangerous gap. CI/CD pipelines sit at the intersection of … Read more

Why CI/CD Pipelines Are the New Primary Attack Surface

January 26, 2026January 19, 2026 by Said OULMAKHZOUNE

For years, application security programs have focused on production environments: hardening servers, patching vulnerabilities, deploying WAFs, and monitoring runtime behavior. That focus made sense when most meaningful compromises happened after deployment, by exploiting weaknesses in running applications. But modern attackers increasingly bypass production defenses. Instead of attacking the application at runtime, they compromise the systems … Read more