Securing the Software Supply Chain: How Attackers Exploit CI/CD Pipelines

In 2025, the software supply chain remains a prime target for cyber adversaries, but the focus has shifted from simply poisoning dependencies to compromising the very infrastructure that builds and delivers software. CI/CD runners, build servers, and developer tools are now at the heart of sophisticated attacks. This Q&A explores how attackers subvert these trusted systems, why they are so effective, and what defenders can do to mitigate the risk.

Why Are CI/CD Systems Such a High-Value Target for Attackers?

Build servers and CI/CD runners are designed to execute code automatically, often with elevated privileges. They compile source code, pull in dependencies, move artifacts, and deploy software—all activities that closely mimic the behavior of an attacker trying to establish persistence or distribute malware. Because these systems sit inside an organization’s trusted delivery path, any malicious activity executed through them appears legitimate. Attackers can abuse this trust to deploy backdoors, exfiltrate data, or inject malicious code without raising alarm. The automation that makes CI/CD efficient also makes it a perfect attack surface: malicious actions blend seamlessly into routine build and release workflows, making detection extremely difficult.

Securing the Software Supply Chain: How Attackers Exploit CI/CD Pipelines — Source: www.sentinelone.com

What Are "Shift-Left" Attack Tactics in CI/CD Environments?

Traditionally, attackers focused on breaching the perimeter and pushing malware inward. Now, they adopt shift-left tactics—meaning they target the earliest stages of the software development lifecycle. Instead of trying to infect a production server directly, they compromise build runners, poison development dependencies, or subvert automation tools before code ever reaches production. This approach allows attacks to scale faster and bypass traditional security controls because the malicious activity originates from systems that organizations inherently trust. For example, an attacker might compromise a GitLab service account token and use it to create projects containing malicious CI jobs. These jobs then execute within the legitimate pipeline, delivering malware through a channel that is rarely scrutinized.

Can You Provide a Real-World Example of a CI/CD Subversion Attack?

One notable case involved the exploitation of a vulnerable self-hosted TeamCity server. Attackers gained access to the server and remained undetected for over a year. Once inside, they created a seemingly harmless build configuration that was executed by a trusted build agent running with SYSTEM privileges. This build job deployed a backdoor into internal environments. Because the malicious code was delivered through a legitimate CI/CD task, it was indistinguishable from normal operational activity: no suspicious binary, no obvious malware delivery mechanism, and the deployment path blended seamlessly into routine release workflows. This case highlights a core challenge defenders face: in CI/CD environments, malicious behavior often looks exactly like expected behavior.

How Do Attackers Turn Automation Against an Organization?

Pipeline compromise doesn’t always require direct malware execution on the build server. Attackers often manipulate automation workflows to make the organization’s own tools carry out the intrusion. For instance, by compromising a service account token for a tool like GitLab or GitHub Actions, an attacker can impersonate a legitimate user and modify pipeline definitions. They might inject a step that downloads an additional package from a malicious repository, or alter a test script to exfiltrate credentials. Since these actions are performed by the automation tool itself, they are authorized and trusted. This technique is effective because it leverages existing permissions and processes, making the attack harder to detect. The 2025 Annual Threat Report documented exactly this pattern, where attackers used stolen tokens to create projects with hidden malicious jobs that executed under the pipeline’s identity.

Why Is Detecting Malicious Activity in CI/CD So Difficult?

The fundamental problem is that in a CI/CD pipeline, malicious behavior often mirrors legitimate behavior. Build servers are expected to download files, execute commands, and deploy artifacts. An attacker who compromises the pipeline can abuse these features without creating any anomalies that would trigger traditional security alerts. For example, a backdoor can be delivered as a new library dependency that is automatically pulled during the build process—exactly what a normal build would do. There is no external binary, no suspicious process, and no unusual network connection. Security tools that rely on signature-based detection or perimeter monitoring often miss these attacks because the activity originates from a trusted source. Defenders must instead focus on behavioral analytics, pipeline integrity checks, and strict access controls to spot subtle deviations.

What Steps Can Organizations Take to Defend Against CI/CD Subversion?

Organizations should adopt a multi-layered defense strategy for their CI/CD infrastructure. First, implement least-privilege access for service accounts and build agents—never run pipelines with SYSTEM or root privileges unless absolutely necessary. Second, use immutable build environments that are ephemeral and reset after each job to prevent persistence. Third, enable audit logging for all pipeline actions and monitor for unusual changes to build configurations or access token usage. Fourth, scan all dependencies and artifacts for known vulnerabilities before they enter the pipeline. Fifth, consider using signed commits and code review for pipeline definition files to prevent unauthorized modifications. Finally, conduct regular red team exercises that specifically target CI/CD infrastructure to test defenses. By treating the pipeline as a critical asset, organizations can reduce the risk of these stealthy attacks.

Tags: