Security teams should isolate build trust from secret access, pin dependencies to immutable references, and treat every pipeline credential as a governed non-human identity. The goal is to stop a malicious dependency from reaching tokens, publishing rights, or cloud permissions even if the build runner executes untrusted code.
Why This Matters for Security Teams
Supply chain compromise becomes an NHI exposure when untrusted code, compromised dependencies, or poisoned build steps can reach secrets, service tokens, or publishing credentials. The risk is not limited to package tampering; it includes the moment a pipeline identity is allowed to mint access, call cloud APIs, or write to registries. OWASP’s OWASP Non-Human Identity Top 10 frames this as an identity governance problem, not just a software integrity problem.
NHIMG’s 52 NHI Breaches Analysis shows how often identity misuse, weak rotation, and over-privilege turn routine incidents into broad compromise. That pattern matters in CI/CD because pipeline credentials are often long-lived, shared across jobs, and more privileged than the build itself requires. Once a malicious dependency executes, the blast radius can extend far beyond the build runner.
Security teams also need to account for the speed of modern attacker tradecraft. The Anthropic report on AI-orchestrated cyber espionage makes clear that autonomous tooling can accelerate discovery, chaining, and exfiltration once a foothold exists. In practice, many security teams encounter secret exposure only after a build log, artifact, or package publish has already leaked access, rather than through intentional control validation.
How It Works in Practice
The practical control set starts by separating build trust from secret access. A pipeline should not inherit broad credentials by default, and a compromised dependency should not be able to reach publishing rights unless a narrowly scoped, time-bound authorization is granted at runtime. That is why current guidance increasingly treats pipeline credentials as governed NHI assets, not convenience tokens.
Three implementation patterns matter most. First, pin dependencies to immutable references so the build consumes exactly what was reviewed. Second, issue just-in-time credentials with short TTLs, bound to the specific task and revoked automatically when the task ends. Third, use workload identity so the pipeline proves what it is with cryptographic identity instead of relying on reusable static secrets. In practice, that means OIDC-style federated tokens or SPIFFE/SPIRE-style workload identity can reduce secret sprawl, while policy-as-code decides whether the job may access a registry, signer, or cloud service at request time.
- Scope secrets to a single job, repo, branch, or environment, not the entire runner fleet.
- Separate read-only build steps from release and deploy steps.
- Place signing keys, cloud credentials, and package publishing tokens behind stronger approval and conditional access.
- Log every secret access and every token exchange so anomalous pipeline behavior can be investigated quickly.
NHIMG’s The State of Non-Human Identity Security highlights the visibility gap that often makes this control set ineffective when teams cannot see all third-party and OAuth-connected identities. For implementation guidance, the OWASP Non-Human Identity Top 10 and the Anthropic report both reinforce the need to assume that execution environments can be manipulated after the first trusted step. These controls tend to break down when shared runners, legacy release jobs, or monolithic service accounts require broad standing access because the identity boundary becomes too coarse to contain lateral movement.
Common Variations and Edge Cases
Tighter pipeline controls often increase delivery overhead, requiring organisations to balance release speed against blast-radius reduction. That tradeoff is real, especially where teams maintain many repositories, mixed-language builds, or legacy automation that still depends on static tokens.
Best practice is evolving for high-churn environments such as ephemeral preview builds, multi-tenant runners, and vendor-managed CI. In those cases, the safest pattern is often to treat the runner itself as untrusted and push all privileged actions behind separate, narrowly scoped identities. There is no universal standard for this yet, but the direction of travel is clear: runtime authorization should be narrower than build execution.
Two edge cases deserve special attention. First, dependency allowlists are not enough if the package manager can be tricked into executing post-install scripts or native build hooks. Second, secret scanning helps, but it does not stop a compromised pipeline from requesting fresh access tokens at runtime. NHIMG’s Top 10 NHI Issues and the Reviewdog GitHub Action supply chain attack illustrate how quickly a trusted automation path can become a secret harvesting path when identity and build trust are not separated.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers secret rotation and exposure risk in compromised automation paths. |
| OWASP Agentic AI Top 10 | Autonomous tooling can chain actions and expand supply chain blast radius. | |
| NIST AI RMF | AI risk governance helps manage unpredictable automation and tool use. |
Eliminate standing pipeline secrets and rotate every credential used by build systems.