Think about it like this
A developer writes code → pushes it to GitHub →
and then automatically:
The code is tested
Security checks run
The application is built
It is deployed to production
All without a human pressing a button.
In short --> CI/CD.
Why it matters for security
CI/CD pipelines have:
Access to source code
Access to secrets and API keys
Access to cloud environments
Permission to deploy changes
So they are very powerful
And that’s exactly why they are attractive to attackers.
So where is the problem?
Developers write code on their own machine. But the most sensitive actions happen inside the pipeline.
That pipeline:
pulls tools from outside
runs code automatically
has access to important systems
And in many cases, it runs things that are considered “trusted”.
What can go wrong?
If one of those trusted tools is compromised,
the pipeline will still run it.
Everything looks normal.
No alert.
No obvious attack.
But behind the scenes:
credentials can be exposed
tokens can be stolen
systems can be accessed
A real example from last week
A popular security scanning tool used inside CI/CD pipelines was compromised.
Organizations didn’t get hacked directly.
They just ran their pipeline as usual.
But the tool had been modified, and it exposed credentials and secrets during execution.
If you want to learn more read the full article:
https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html
How does your organization treat CI/CD pipelines today?