Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term CI/CD Pipeline Attack (DevOps Pipeline Compromise)

Training Camp • Cybersecurity Glossary

What is CI/CD Pipeline Attack (DevOps Pipeline Compromise)?

A CI/CD pipeline attack compromises DevOps build and deploy systems to inject backdoors or steal secrets, enabling software supply-chain attacks.

Glossary > Application & API Security > CI/CD Pipeline Attack (DevOps Pipeline Compromise)

Understanding CI/CD Pipeline Attack (DevOps Pipeline Compromise)

A CI/CD pipeline attack, or DevOps pipeline compromise, targets the continuous integration and delivery systems that build, test, and deploy software. By compromising build servers, poisoning dependencies, stealing pipeline credentials, or injecting malicious steps into build configurations, attackers can insert backdoors into legitimate software before it ships to users. Because pipelines have privileged access to source code, secrets, and production environments, a single compromise can yield far-reaching supply-chain impact, as seen in incidents like SolarWinds. OWASP catalogs these risks in its Top 10 CI/CD Security Risks.

Learn More About CI/CD Pipeline Attack (DevOps Pipeline Compromise):

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →