CI/CD security: How to secure your GitHub ecosystem

In Part 1 of this series, we discussed the CI/CD security boundary, mapped out potential attack vectors with a CI/CD threat matrix, and introduced a simple threat model focused on ideating detection workflows. In this post, we’ll apply these principles to a real-world source code management (SCM) tool example that every developer is familiar with: GitHub.

In addition to threat modeling, we’ll also be taking a closer look at historical attacks on GitHub and GitHub Actions ecosystems. Based on these attacks, we’ll discuss preventative measures to help you secure your environment as well as response workflows.

Threat modeling for GitHub

As we previously discussed, a threat model is a structured representation of all the information surrounding the security of an application or ecosystem. To apply our detection-based threat model to GitHub, we’ll first identify the inputs, identities, and infrastructure that pertain to the SCM and their corresponding risks.

Inputs:

CI/CD security: How to secure your GitHub ecosystem | Datadog

Other newsrooms on this story

Related reading

CI/CD security: threat modeling using a MITRE-style threat matrix | Datadog

Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions…

DevSecOps for Git: Security Starts at Commit Time

Security Labs articles - GitLab Blog

Introducing the Datadog Code Security MCP | Datadog

Pipeline security lessons from March supply chain incidents