CI/CD security: threat modeling using a MITRE-style threat matrix

Source code management (SCM) and CI/CD pipelines have become the industry standard for automating software delivery. But from the time a code change enters your SCM until it’s deployed, it’s susceptible to changes and reconfigurations that can go so far as to modify the pipeline itself. If you’re not proactively securing your CI/CD system, attackers can use it to grant themselves permissions, access secrets, and ship malicious code.

In this blog series, we’ll first cover possible attack paths using a threat matrix based on the MITRE ATT&CK® framework that is specifically mapped to CI/CD systems. We’ll also provide you with a mental framework, known as a threat model, with the goal of understanding how your system would respond to these different attack pathways and what detection methods you can implement to mitigate them.

In Part 2, we’ll put these ideas into practice by threat modeling GitHub as an SCM tool. We’ll also take a look at historical attacks on GitHub environments and the detection opportunities you can leverage to secure them.

What is CI/CD security?

CI/CD security refers to integrating security tools and best practices into your CI/CD pipeline to better prevent, detect, and respond to attacks that target your pipeline’s trust boundaries. This includes access to secrets, configuration files, artifact delivery, and other sensitive inputs and data.

CI/CD security: threat modeling using a MITRE-style threat matrix | Datadog

Other newsrooms on this story

Related reading

CI/CD security: How to secure your GitHub ecosystem | Datadog

Pipeline security lessons from March supply chain incidents

Harden your pipeline perimeter for the era of AI-assisted coding

Introducing the Datadog Code Security MCP | Datadog

Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions…

DevSecOps for Git: Security Starts at Commit Time