Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A CI/CD pipeline attack compromises DevOps build and deploy systems to inject backdoors or steal secrets, enabling software supply-chain attacks.
CI/CD Pipeline Attack (DevOps Pipeline Compromise) Definition: A CI/CD pipeline attack compromises DevOps build and deploy systems to inject backdoors or steal secrets, enabling software supply-chain attacks.
A CI/CD pipeline attack, or DevOps pipeline compromise, targets the continuous integration and delivery systems that build, test, and deploy software. By compromising build servers, poisoning dependencies, stealing pipeline credentials, or injecting malicious steps into build configurations, attackers can insert backdoors into legitimate software before it ships to users. Because pipelines have privileged access to source code, secrets, and production environments, a single compromise can yield far-reaching supply-chain impact, as seen in incidents like SolarWinds. OWASP catalogs these risks in its Top 10 CI/CD Security Risks.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →