{ "id": "67aaae9c-c03b-4433-a8a8-36c2dba72bb1", "created_at": "2026-04-06T01:32:29.137656Z", "updated_at": "2026-04-10T03:20:16.648657Z", "deleted_at": null, "sha1_hash": "abf5714c498a56cfc17a0e19ec50e678986ec0ac", "title": "Top 10 CI/CD Security Risks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 41992, "plain_text": "Top 10 CI/CD Security Risks\r\nBy Authors\r\nArchived: 2026-04-06 00:47:07 UTC\r\nCI/CD environments, processes, and systems are the beating heart of any modern software organization. They\r\ndeliver code from an engineer’s workstation to production. Combined with the rise of the DevOps discipline and\r\nmicroservice architectures, CI/CD systems and processes have reshaped the engineering ecosystem:\r\nThe technical stack is more diverse.\r\nAdoption of new languages and frameworks is increasingly quicker.\r\nThere is an increased use of automation and Infrastructure as Code (IaC) practices.\r\n3rd parties (dependencies and services) have become a major part of any CI/CD ecosystem, with the\r\nintegration of a new service typically requiring no more than adding 1-2 lines of code.\r\nThese characteristics allow faster, more flexible and diverse software delivery. However, they have also reshaped\r\nthe attack surface with a multitude of new avenues and opportunities for attackers.\r\nAdversaries of all levels of sophistication are shifting their attention to CI/CD, realizing CI/CD services provide\r\nan efficient path to reaching an organization’s crown jewels. The industry is witnessing a significant rise in the\r\namount, frequency and magnitude of incidents and attack vectors focusing on abusing flaws in the CI/CD\r\necosystem, including – \r\nThe compromise of the SolarWinds build system\r\nThe Codecov breach\r\nThe PHP breach\r\nThe Dependency Confusion flaw\r\nThe compromises of the ua-parser-js, coa and rc NPM packages\r\nWhile attackers have adapted their techniques to the new realities of CI/CD, most defenders are still early on in\r\ntheir efforts to find the right ways to detect, understand, and manage the risks associated with these environments. \r\nThis document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of\r\nextensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and\r\nsecurity flaws.\r\nNumerous industry experts across multiple verticals and disciplines came together to collaborate on this document\r\nto ensure its relevance to today’s threat landscape, risk surface, and the challenges that defenders face in dealing\r\nwith these risks.\r\nThe list was compiled on the basis of extensive research and analysis based on the following sources:\r\nAnalysis of the architecture, design and security posture of hundreds of CI/CD environments across\r\nmultiple verticals and industries.\r\nhttps://web.archive.org/web/20220316130828/https://www.cidersecurity.io/top-10-cicd-security-risks/\r\nPage 1 of 2\n\nProfound discussions with industry experts.\r\nPublications detailing incidents and security flaws within the CI/CD security domain.\r\nSource: https://web.archive.org/web/20220316130828/https://www.cidersecurity.io/top-10-cicd-security-risks/\r\nhttps://web.archive.org/web/20220316130828/https://www.cidersecurity.io/top-10-cicd-security-risks/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://web.archive.org/web/20220316130828/https://www.cidersecurity.io/top-10-cicd-security-risks/" ], "report_names": [ "top-10-cicd-security-risks" ], "threat_actors": [], "ts_created_at": 1775439149, "ts_updated_at": 1775791216, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/abf5714c498a56cfc17a0e19ec50e678986ec0ac.pdf", "text": "https://archive.orkl.eu/abf5714c498a56cfc17a0e19ec50e678986ec0ac.txt", "img": "https://archive.orkl.eu/abf5714c498a56cfc17a0e19ec50e678986ec0ac.jpg" } }