CI/CD Pipeline - STRIDE Threat Model | PrimeThreat
Examples CI/CD Pipeline

CI/CD Pipeline Security

DevSecOps pipeline from code commit to production deployment. Supply chain security is critical as a single compromised build can affect thousands of deployments.

Pipeline Architecture

Modern CI/CD pipeline with supply chain security controls. Each stage represents a potential attack vector for supply chain compromise.

Developersemi trustedIDELocal GitSecretsSource ControltrustedGitHubBranchesWebhooksBuildtrustedCI RunnerPipelineTestsRegistryhighly trustedContainerArtifactsDeploytrustedCD PipelineKubernetesCloud

Supply Chain is the New Attack Surface

SolarWinds, Codecov, and Log4Shell showed that compromising build pipelines can have devastating downstream effects. A single malicious commit or poisoned dependency can propagate to thousands of production systems. The Registry is the crown jewel - whoever controls the artifacts controls what runs in production.

Developer Environment

IDE, local secrets, git client. First point of compromise.

Source Control

GitHub/GitLab with branch protection and webhooks.

Build System

CI runners executing untrusted code. High risk zone.

Artifact Registry

Container images and packages. Trust anchor.

Deployment

CD pipeline to Kubernetes. Production gateway.

Previous
IoT Gateway
Next
Kubernetes