This paper presents a comprehensive analysis of security threats in Continuous Integration and Continuous Deployment (CI/CD) pipelines, which are widely used in open-source software on platforms like GitHub. The researchers collected data from over 320,000 CI/CD-configured GitHub repositories, revealing that these pipelines are susceptible to malicious code and severe vulnerabilities. The paper highlights the potential for attackers to exploit these vulnerabilities and suggests ways to mitigate these threats, including securing CI/CD configurations and scripts, and improving infrastructure.
Publication date: 1 Feb 2024
Project Page: https://ieeexplore.ieee.org/abstract/document/9654490
Paper: https://arxiv.org/pdf/2401.17606