Modern software delivery relies on Continuous Integration and Continuous Delivery (CI/CD) pipelines to build, test, and deploy code at scale. These pipelines have become the backbone of DevOps, enabling organizations to ship features faster and more reliably than ever before. But this power comes with a critical trade-off: CI/CD systems have become one of the … Read more
Overview Container image tags are mutable pointers. Unlike a Git commit hash, the tag v1.0.0 is not cryptographically bound to a specific image — it is simply a label that a registry maps to a manifest digest. Anyone with push access to a repository can overwrite that mapping at any time, silently replacing the image … Read more
Overview Dependency confusion is a supply chain attack that exploits how package managers resolve package names when both private (internal) and public registries are configured. When an attacker publishes a malicious package to a public registry using the same name as an internal private package — but with a higher version number — the package … Read more
CI/CD pipelines have become the backbone of modern software delivery. But with that power comes significant risk. The OWASP Top 10 CI/CD Security Risks project catalogues the most critical attack vectors targeting continuous integration and continuous delivery systems. In this guide, we break down each risk with real-world examples, impact assessments, and actionable mitigations you … Read more
Overview Poisoned Pipeline Execution (PPE) ranks as the #2 risk in the OWASP CI/CD Security Top 10. It is a class of attacks where a malicious actor manipulates the build process by injecting code into pipeline definitions or build scripts, typically through a pull request. Once the CI system picks up the change, the attacker’s … Read more
Introduction Understanding how CI/CD pipelines are attacked is only half the picture. Threat modeling and attack taxonomy give us a map of the battlefield, but without concrete defensive patterns and engineering mitigations, that knowledge remains theoretical. This guide bridges the gap between awareness and action. The goal is not to build an impenetrable fortress — … Read more
Introduction Software supply chain attacks have surged in both frequency and sophistication over the past several years. Rather than attacking applications directly, adversaries increasingly target the dependency resolution and artifact distribution layers that underpin modern software development. Two of the most effective techniques in this category are dependency confusion and artifact poisoning. These attacks exploit … Read more
Overview Third-party GitHub Actions are one of the most convenient features of the GitHub ecosystem. With a single uses: directive, you can pull in complex build logic, deploy to cloud providers, or run security scanners. But that convenience comes with a critical trade-off: every third-party action executes code in your CI environment with access to … Read more
Threat modeling is a well-established practice in application security. Teams routinely model threats against APIs, backend services, and production environments. However, CI/CD pipelines are often excluded from formal threat modeling exercises, despite being one of the most critical components of modern software systems. This is a dangerous gap. CI/CD pipelines sit at the intersection of … Read more
For years, application security programs have focused on production environments: hardening servers, patching vulnerabilities, deploying WAFs, and monitoring runtime behavior. That focus made sense when most meaningful compromises happened after deployment, by exploiting weaknesses in running applications. But modern attackers increasingly bypass production defenses. Instead of attacking the application at runtime, they compromise the systems … Read more
