{"id":386,"date":"2026-03-17T22:55:49","date_gmt":"2026-03-17T22:55:49","guid":{"rendered":"https:\/\/quantusintel.group\/osint\/blog\/2026\/03\/17\/ghost-in-the-pipeline-ci-cd-as-the-new-perimeter\/"},"modified":"2026-03-17T22:55:49","modified_gmt":"2026-03-17T22:55:49","slug":"ghost-in-the-pipeline-ci-cd-as-the-new-perimeter","status":"publish","type":"post","link":"https:\/\/quantusintel.group\/osint\/blog\/2026\/03\/17\/ghost-in-the-pipeline-ci-cd-as-the-new-perimeter\/","title":{"rendered":"Ghost in the Pipeline: CI\/CD as the New Perimeter"},"content":{"rendered":"<h4><em>Why modern pentesters are ignoring the app and going straight for GitHub Actions, Jenkins, and ArgoCD\u00a0.<\/em><\/h4>\n<figure><img data-opt-id=1445388884  fetchpriority=\"high\" decoding=\"async\" alt=\"\" src=\"https:\/\/cdn-images-1.medium.com\/max\/1000\/1*rbbjAIdCoGq_67jRQzHAxw.jpeg\" \/><\/figure>\n<blockquote><p>The App Is No Longer the\u00a0Target<\/p><\/blockquote>\n<p>Imagine you could spend hours picking the front door lock\u2026 or you could just walk through the unlocked back door that the construction crew left open\u00a0.<\/p>\n<p>That\u2019s basically what\u2019s happening in modern\u00a0hacking.<\/p>\n<p>While developers are busy hardening their apps\u00a0; adding WAFs, patching CVEs, running SAST scans; attackers have quietly shifted their attention somewhere else: <strong>the CI\/CD pipeline<\/strong>.<\/p>\n<p>And honestly? It\u2019s a goldmine.<\/p>\n<blockquote><p>Wait,<\/p><\/blockquote>\n<blockquote><p>What Even Is a CI\/CD Pipeline?<\/p><\/blockquote>\n<p>Quick refresher. CI\/CD stands for <strong>Continuous Integration \/ Continuous Deployment<\/strong>. It\u2019s the automated system that takes your code from a developer\u2019s laptop \u2192 builds it \u2192 tests it \u2192 and ships it straight to production.<\/p>\n<p>Tools like <strong>GitHub Actions<\/strong>, <strong>Jenkins<\/strong>, <strong>GitLab CI<\/strong>, <strong>CircleCI<\/strong>, and <strong>ArgoCD<\/strong> make this magic\u00a0happen.<\/p>\n<figure><img data-opt-id=88761164  fetchpriority=\"high\" decoding=\"async\" alt=\"\" src=\"https:\/\/cdn-images-1.medium.com\/max\/784\/1*QpyeMBd68jMIwQw5SckdZQ.png\" \/><\/figure>\n<p>The problem? These systems need a LOT of trust and permissions to do their job. They need access to your cloud credentials, your secrets, your production environment, your container registry\u2026 basically everything.<\/p>\n<p>They\u2019re like the master key holder of your entire infrastructure\u00a0,and most companies treat them like a forgotten intern.<\/p>\n<h4>How Attackers Actually Exploit This\u00a0?!!!<\/h4>\n<p>Here are the most common (and scary) techniques being used in the\u00a0wild:<\/p>\n<p><strong>1. Secrets Leaking in Pipeline\u00a0Logs<\/strong><\/p>\n<p><strong>This one is embarrassingly common.<\/strong><\/p>\n<p>A developer accidentally prints an env variable during debugging. The log goes to a CI system. The CI system is accessible to anyone with read access to the\u00a0repo.<\/p>\n<blockquote><p>Suddenly, your AWS keys are just\u2026 sitting\u00a0there.<\/p><\/blockquote>\n<p>echo $AWS_SECRET_KEY in a workflow file has caused more breaches than most\u00a0malware.<\/p>\n<p><strong>2. Poisoning the Workflow\u00a0File<\/strong><\/p>\n<p>In GitHub Actions, workflows live in\u00a0.github\/workflows\/. These are just YAML files in your repo. If an attacker can open a pull request\u200a\u2014\u200aor if your pipeline is triggered by external PRs\u200a\u2014\u200athey can inject malicious steps directly into your build\u00a0process.<\/p>\n<p>This is called a <strong>pipeline injection attack<\/strong>. It\u2019s elegant, low-noise, and devastatingly effective.<\/p>\n<p><strong>3. Compromising a Shared\u00a0Runner<\/strong><\/p>\n<p>Many teams use shared CI runners (especially in GitHub\u2019s free tier). A malicious job can leave behind artifacts, modify cached dependencies, or even persist access if the runner isn\u2019t properly isolated. One dirty build environment can contaminate the next ten\u00a0builds.<\/p>\n<p><strong>4. Dependency Confusion \/ Supply Chain Poisoning<\/strong><\/p>\n<p>Your pipeline pulls packages from npm, PyPI, or internal registries. Attackers publish a package with the same name as your internal one\u200a\u2014\u200aon the public registry. Your pipeline picks up the wrong one. Your production build now contains malware. This is how the <strong>ua-parser-js<\/strong> and <strong>event-stream<\/strong> attacks\u00a0worked.<\/p>\n<p><strong>5. Abusing ArgoCD \/ Kubernetes GitOps<\/strong><\/p>\n<p>ArgoCD syncs your Kubernetes cluster state from a Git repo. If an attacker gets write access to that repo, they can deploy anything they want to production. No exploit needed. Just a git\u00a0push.<\/p>\n<h3>Real-World Examples (Because This Isn\u2019t Theoretical)<\/h3>\n<ul>\n<li><strong>SolarWinds (2020)<\/strong>\u00a0: The most famous supply chain attack ever. Attackers compromised the build pipeline and injected malicious code into signed, legitimate software updates. 18,000 organizations were affected. The NSA was on the\u00a0list.<\/li>\n<li><strong>Codecov Breach (2021)<\/strong>\u00a0: Attackers modified a bash uploader script used inside thousands of CI pipelines to steal environment variables and secrets. Hundreds of companies were silently exfiltrated.<\/li>\n<li><strong>Travis CI (2021)<\/strong>\u00a0: A vulnerability allowed public pull requests to access secret environment variables from forks. Developers had no idea their secrets were exposed for\u00a0months.<\/li>\n<\/ul>\n<p>These aren\u2019t edge cases. This is the new\u00a0normal.<\/p>\n<h3>Tools to Test Your Own Pipeline (Before Someone Else\u00a0Does)<\/h3>\n<p>Here\u2019s where it gets fun. If you\u2019re a pentester or a security engineer, here are open-source tools to audit CI\/CD security:<\/p>\n<p><strong>Recon &amp; Discovery<\/strong><\/p>\n<ul>\n<li><strong>Gitleaks<\/strong>\u00a0: Scans git repos and CI logs for leaked\u00a0secrets.<\/li>\n<li>\u2192 https:\/\/github.com\/gitleaks\/gitleaks<\/li>\n<li><strong>TruffleHog<\/strong>\u00a0: Finds secrets buried deep in git history, S3 buckets, and CI\u00a0output.<\/li>\n<li>\u2192 <a href=\"https:\/\/github.com\/trufflesecurity\/trufflehog\">https:\/\/github.com\/trufflesecurity\/trufflehog<\/a><\/li>\n<\/ul>\n<p><strong>Attack Simulation<\/strong><\/p>\n<ul>\n<li><strong>poutine<\/strong>\u00a0: Analyzes GitHub Actions workflows for known vulnerable patterns (like script injection, dangerous triggers, etc.)<\/li>\n<li>\u2192 <a href=\"https:\/\/github.com\/boostsecurityio\/poutine\">https:\/\/github.com\/boostsecurityio\/poutine<\/a><\/li>\n<li><strong>Semgrep<\/strong>\u00a0: Static analysis that catches insecure workflow patterns before they hit production.<\/li>\n<li>\u2192 <a href=\"https:\/\/github.com\/returntocorp\/semgrep\">https:\/\/github.com\/returntocorp\/semgrep<\/a><\/li>\n<\/ul>\n<p><strong>Defense &amp; Hardening<\/strong><\/p>\n<ul>\n<li><strong>Legitify<\/strong>\u00a0: Scans your GitHub\/GitLab org settings for misconfigurations (public runners, weak branch protections, etc.)<\/li>\n<li>\u2192 <a href=\"https:\/\/github.com\/Legit-Labs\/legitify\">https:\/\/github.com\/Legit-Labs\/legitify<\/a><\/li>\n<li><strong>Scorecard (by OpenSSF)<\/strong>\u00a0: Evaluates the security posture of any open-source project, including its CI\/CD\u00a0hygiene.<\/li>\n<li>\u2192 <a href=\"https:\/\/github.com\/ossf\/scorecard\">https:\/\/github.com\/ossf\/scorecard<\/a><\/li>\n<\/ul>\n<h3>A Quick Pentester\u2019s Checklist<\/h3>\n<p>When you\u2019re assessing a CI\/CD environment, hit these\u00a0first:<\/p>\n<ul>\n<li>Are secrets hardcoded or printed in\u00a0logs?<\/li>\n<li>Do workflow files accept untrusted input (like PR titles or branch\u00a0names)?<\/li>\n<li>Are self-hosted runners shared between projects?<\/li>\n<li>Does the pipeline have more permissions than it needs? (least privilege)<\/li>\n<li>Are third-party GitHub Actions pinned to a commit hash\u200a\u2014\u200aor just a floating tag like\u00a0@v1?<\/li>\n<li>Is there branch protection on the repo that triggers deployments?<\/li>\n<li>Who has write access to the GitOps\u00a0repo?<\/li>\n<\/ul>\n<figure><img data-opt-id=1737857893  decoding=\"async\" alt=\"\" src=\"https:\/\/cdn-images-1.medium.com\/max\/941\/1*KRfaB2sFkvD9c21-C6z9Kg.png\" \/><\/figure>\n<p>If you can answer \u201cno\u201d to most of these\u00a0; C<strong>ongrats<\/strong>, you\u2019re in better shape than 80% of companies out\u00a0there.<\/p>\n<h3>How to Actually Fix\u00a0This<\/h3>\n<p>A few high-impact, practical fixes:<\/p>\n<ol>\n<li><strong>Pin your Actions to full commit SHAs<\/strong>, not tags. Tags can be moved. SHAs\u00a0can\u2019t.<\/li>\n<\/ol>\n<p>uses: actions\/checkout@v3 \u2192\u00a0bad<\/p>\n<p>uses: actions\/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 \u2192\u00a0good<\/p>\n<ol>\n<li><strong>Use short-lived credentials<\/strong>. Avoid long-lived AWS keys in secrets. Use OIDC to get temporary tokens\u00a0per-run.<\/li>\n<li><strong>Limit permissions per job<\/strong>. GitHub Actions supports permissions: at the job level. Use it aggressively.<\/li>\n<li><strong>Separate build from deploy<\/strong>. Your test runner doesn\u2019t need production cloud access. Your deploy job doesn\u2019t need to run unit\u00a0tests.<\/li>\n<li><strong>Audit your third-party Actions<\/strong>. That random setup-something@v2 action you added 18 months ago? Check if the repo still exists and who maintains it.<\/li>\n<\/ol>\n<blockquote><p>CI\/CD pipelines are now the most privileged, most trusted, and most overlooked part of any modern tech stack. They have keys to everything\u200a\u2014\u200aand most of them are running in environments that haven\u2019t been reviewed by security in\u00a0years.<\/p><\/blockquote>\n<p>Attackers figured this out. The question is whether defenders will catch\u00a0up.<\/p>\n<p>The perimeter didn\u2019t disappear. It just moved to a YAML\u00a0file.<\/p>\n<h3>Further Reading &amp; Resources<\/h3>\n<ul>\n<li><strong>CISA + NSA: Defending CI\/CD Environments<\/strong><\/li>\n<\/ul>\n<p>(official guidance) \u2192 <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/defending-continuous-integration-continuous-delivery-cicd-environments\">https:\/\/www.cisa.gov\/resources-tools\/resources\/defending-continuous-integration-continuous-delivery-cicd-environments<\/a><\/p>\n<ul>\n<li><strong>OWASP Top 10 CI\/CD Security\u00a0Risks<\/strong><\/li>\n<\/ul>\n<p><a href=\"https:\/\/owasp.org\/www-project-top-10-ci-cd-security-risks\/\">https:\/\/owasp.org\/www-project-top-10-ci-cd-security-risks\/<\/a><\/p>\n<ul>\n<li><strong>NCC Group: 10 real-world CI\/CD attack techniques<\/strong><\/li>\n<\/ul>\n<p><a href=\"https:\/\/research.nccgroup.com\/2022\/01\/13\/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines\/\">https:\/\/research.nccgroup.com\/2022\/01\/13\/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines\/<\/a><\/p>\n<ul>\n<li><strong>book: \u201cSoftware Supply Chain Security\u201d by Cassie\u00a0Crossley<\/strong><\/li>\n<\/ul>\n<p>A solid foundational read if you want to go deep on this\u00a0topic.<\/p>\n<p><em>If your security team is still only scanning the app and calling it a day\u00a0; it might be time for a pipeline audit. The ghost is already in your pipeline.<\/em><\/p>\n<p><em>The question is whether it\u2019s yours or someone\u00a0else\u2019s.<\/em><\/p>\n<p><img data-opt-id=574357117  decoding=\"async\" src=\"https:\/\/medium.com\/_\/stat?event=post.clientViewed&amp;referrerSource=full_rss&amp;postId=d9d8248cac08\" width=\"1\" height=\"1\" alt=\"\" \/><\/p>\n<hr \/>\n<p><a href=\"https:\/\/osintteam.blog\/ghost-in-the-pipeline-ci-cd-as-the-new-perimeter-d9d8248cac08\">Ghost in the Pipeline: CI\/CD as the New Perimeter<\/a> was originally published in <a href=\"https:\/\/osintteam.blog\/\">OSINT Team<\/a> on Medium, where people are continuing the conversation by highlighting and responding to this story.<\/p>","protected":false},"excerpt":{"rendered":"<p>Why modern pentesters are ignoring the app and going straight for GitHub Actions, Jenkins, and ArgoCD\u00a0. The App Is No Longer the\u00a0Target Imagine you could spend hours picking the front door lock\u2026 or you could just walk through the unlocked back door that the construction crew left open\u00a0. That\u2019s basically what\u2019s happening in modern\u00a0hacking. While &#8230; <a title=\"Ghost in the Pipeline: CI\/CD as the New Perimeter\" class=\"read-more\" href=\"https:\/\/quantusintel.group\/osint\/blog\/2026\/03\/17\/ghost-in-the-pipeline-ci-cd-as-the-new-perimeter\/\" aria-label=\"Read more about Ghost in the Pipeline: CI\/CD as the New Perimeter\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":387,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-386","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/posts\/386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/comments?post=386"}],"version-history":[{"count":0,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/posts\/386\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/media\/387"}],"wp:attachment":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/media?parent=386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/categories?post=386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/tags?post=386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}