As organizations shift-left, the Continuous Integration and Continuous Deployment (CI/CD) pipeline has evolved from a convenience to a critical infrastructure component. However, this centralization of power makes pipelines an attractive target. A single compromise in a GitHub Action or a Jenkins file can grant an attacker complete control over your production environment.
1 Hardcoded Secrets in Repository
The most common flaw remains the accidental inclusion of API keys, database credentials, or SSH keys within source code. Even if a commit is deleted, the secret remains in the git history.
2 Overly Permissive Runner Permissions
Many CI/CD runners (like GitHub Actions or GitLab Runners) are granted excessively broad permissions, such as full administrative access to AWS or production databases, simply to simplify deployment scripts.
Impact: If a job is compromised via a malicious dependency, the attacker inherits those broad privileges.
3 Dependency Confusion
Attackers publish malicious packages to public registries (like npm or PyPI) with the same names as your internal, private packages. If your pipeline is misconfigured, it may pull the malicious public version instead of your internal one.
4 Insufficient Audit Logging
Pipeline activities are often poorly logged. When a security incident occurs, teams find it impossible to trace who triggered a manual build, which environment variables were changed, or what scripts were executed during the run.
5 Unsigned Automated Artifacts
If your build system produces a container image or a binary, but doesn't sign it cryptographically, there is no way for the production environment to verify that the code running was actually produced by your trusted pipeline.
