Securing the Software Supply Chain: Q&A on Pipeline Attacks and Defenses

In 2025, cyber adversaries have pivoted from traditional software supply chain attacks—like dependency poisoning—to directly compromising the infrastructure that powers the software delivery lifecycle. Build servers, CI/CD runners, and developer workstations are high-value targets because they execute code automatically with elevated privileges. Once breached, malicious activity masquerades as routine build and release actions. This Q&A explores how these attacks unfold, why they’re so dangerous, and what organizations can do to defend against them.

What Makes CI/CD Infrastructure a Prime Target?

CI/CD systems are designed to automate trusted actions—compiling code, pulling dependencies, deploying artifacts—often with broad permissions. This inherent trust is exactly what attackers exploit. A compromised build server behaves just like a legitimate one: it runs scripts, moves files, and communicates with internal networks. Because these activities mirror normal operational workflows, security tools rarely flag them. In 2024, attackers exploited a self-hosted TeamCity server for over a year by creating a benign-looking build configuration that executed with SYSTEM privileges. The malicious code was indistinguishable from routine CI/CD tasks, allowing the attacker to establish persistence and deploy backdoors without detection.

Securing the Software Supply Chain: Q&A on Pipeline Attacks and Defenses — Source: www.sentinelone.com

How Do Attackers Subvert Trusted Build Runners?

Instead of injecting external malware, adversaries often turn automation against the organization. They manipulate existing workflows—for example, by stealing service account tokens from GitLab or GitHub. In one case, a stolen token allowed an attacker to create projects that triggered build jobs, which then downloaded malicious packages from compromised repositories. Because the build runner is a trusted component, the pipeline executes the attacker’s instructions as if they were legitimate updates. This technique, dubbed “shift-left subversion,” poisons development dependencies before code reaches production. The result: every subsequent build inherits the malicious payload, spreading it across environments.

What Are Common Indicators of a Pipeline Compromise?

Detecting a pipeline attack is challenging because malicious actions mimic expected behavior. However, subtle signs include: unexpected changes to build configurations, new projects created with strange names, or a sudden increase in build frequency from a single runner. Also watch for unauthorized token usage—for instance, a GitLab token accessing repositories it normally wouldn’t. Another red flag is packages downloaded from sources outside the approved registry, as seen in attacks where adversaries swapped legitimate PyPI packages with trojanized versions. Finally, monitor for builds that execute out-of-band commands, such as a build script making network connections to unknown IPs.

Why Is Traditional Security Insufficient Against Pipeline Attacks?

Traditional defenses—like perimeter firewalls and endpoint detection—focus on keeping bad things out. But pipeline attacks originate from within the trusted zone. A compromised CI/CD runner already has access to internal networks and production systems. Antivirus and EDR agents often ignore automation traffic because it appears to be legitimate software delivery. Moreover, once a backdoor is embedded in a build artifact, it bypasses runtime detection by being part of the normal software stack. As one report notes, “malicious behavior in CI/CD environments looks exactly like expected behavior,” making signature-based detection nearly useless. Defenders must shift to behavior-based monitoring and strict access controls.

What Steps Can Organizations Take to Defend Their Pipelines?

To harden CI/CD infrastructure, start with least privilege: limit runner permissions to only what’s necessary, avoid using root or SYSTEM accounts, and rotate tokens frequently. Implement immutable build environments that are destroyed after each job, so any compromise is ephemeral. Use signed commits and repository integrity checks to prevent unauthorized code injection. Also, enable audit logging for all pipeline actions and periodically review logs for anomalies. For advanced protection, deploy runtime security tools that monitor build processes for unexpected network calls or file modifications. Finally, educate developers to treat tokens and API keys as secrets—never store them in code or CI variables.

How Does Pipeline Subversion Relate to Software Supply Chain Security?

Pipeline subversion is a critical branch of software supply chain attacks. While the supply chain traditionally focuses on dependencies and package managers, compromising the pipeline targets the mechanism that builds and delivers those dependencies. Once attackers control the pipeline, they can inject vulnerabilities into any artifact, bypassing upstream source control. This is more dangerous than poisoning a single package because it affects all downstream consumers of that build server. For instance, if a CI runner for a widely-used library is compromised, every project that uses that library may receive tainted updates. Defending the pipeline is thus a prerequisite for securing the entire supply chain.

Tags: