Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / SoFa

OWASP Top 10 CI/CD Security Risks

This document focuses on:

This community-led framework identifies the most critical security risks inherent in Continuous Integration and Continuous Deployment (CI/CD) ecosystems, which have become prime targets for supply chain attacks. It provides a structured hierarchy of vulnerabilities, ranging from Insufficient Flow Control Mechanisms (allowing single-actor code pushes) to Poisoned Pipeline Execution (PPE) and Dependency Chain Abuse. From a cybersecurity perspective, the document is essential for DevSecOps and Software Supply Chain Security, as it addresses high-impact topics such as Inadequate Identity and Access Management (IAM), Credential Hygiene (preventing secret leaks in build logs), and Artifact Integrity Validation. By offering specific recommendations for hardening build servers and version control systems, the guide helps organizations defend against sophisticated threats like those seen in the SolarWinds and Codecov breaches, ensuring that automated delivery pipelines do not become a “backdoor” into production environments.


Publication's URL

https://owasp.org/www-project-top-10-ci-cd-security-risks/

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *