Read as
Last updated: April 29, 2026
Pipeline attack surface: config injection, pwn-requests, unpinned actions, OIDC trust policies, ephemeral runners, signing.
The CI/CD pipeline is the single system that can build and deploy your production code. Compromise it and you control every release, every commit, every secret your pipelines touch. Attackers know this — supply chain attacks via pipeline have moved from rare to common. This module covers the specific vulnerability classes in pipelines and the hardening that actually works.
Why pipelines are high-value targets
- They hold credentials to production: cloud deploy roles, registry push, prod databases
- They run untrusted input: PR code from anyone, dependencies from open-source registries
- They have build-time network and filesystem access — an attacker who executes in a build runner touches everything
- Compromising a widely-shared pipeline (reusable workflow, shared library) cascades to many downstream repos
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants