A compromise pattern where an attacker alters source inputs, dependencies, or build steps so the software delivery process produces malicious artefacts that appear legitimate. The weakness is not only in the code, but in the trust placed on the pipeline and the identities that can modify it.
Expanded Definition
Build pipeline poisoning is a supply chain compromise in which an attacker manipulates source code, build scripts, dependencies, or runner configuration so the pipeline emits a trusted-looking artefact that already contains malicious behavior. In NHI security, the key issue is not only code integrity but identity integrity: the service accounts, tokens, and automation credentials that can alter builds must be treated as high-value NHIs. Guidance varies across vendors on whether the term should cover only direct tampering in CI/CD or also poisoned dependencies and compromised build plugins, so precise scoping matters.
This term sits close to software supply chain attack, but it is narrower when the malicious payload is introduced by influencing the build process itself rather than the application repository alone. The operational control focus is on provenance, least privilege, isolated runners, signed artefacts, and strict separation between code review and release authority, as reflected in NIST Cybersecurity Framework 2.0 and NHI governance practices discussed in Ultimate Guide to NHIs. The most common misapplication is treating any compromised repository as pipeline poisoning, which occurs when the build system itself was not altered and the malicious change arrived only in source control.
Examples and Use Cases
Implementing protections against build pipeline poisoning rigorously often introduces friction in developer throughput, requiring organisations to weigh release speed against stronger verification and tighter access boundaries.
- A compromised CI token is used to modify a build step so the final binary installs a backdoor even though the source review passed.
- A malicious package update is pulled into an automated build, echoing patterns seen in the CI/CD pipeline exploitation case study, where trusted automation amplified the blast radius.
- A build runner with excessive privileges is altered so it exfiltrates secrets during packaging, similar to lessons highlighted in the Reviewdog GitHub Action supply chain attack.
- An attacker poisons a dependency lockfile or internal mirror so reproducible builds now resolve to a trojaned component.
- A release pipeline is redirected to sign an artefact produced from tampered inputs, making downstream consumers trust the malicious package.
These scenarios align with broader supply chain guidance in NIST Cybersecurity Framework 2.0, but the NHI-specific lesson is that automation identities must be constrained as tightly as human release approvers.
Why It Matters in NHI Security
Build pipeline poisoning turns ordinary automation into an attacker-controlled delivery channel. When service accounts, ephemeral tokens, or signing credentials have broad permissions, a single compromise can produce artefacts that look legitimate to downstream scanners, release managers, and customers. NHI Management Group data shows that 96% of organisations store secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools, which makes pipeline compromise especially dangerous because the build environment often becomes both the target and the exfiltration path. The risk is amplified by secret sprawl, overprivileged automation, and poor visibility into which NHIs can change release logic.
Practitioners should connect pipeline hardening to NHI lifecycle controls, secret rotation, provenance verification, and short-lived credentials, as covered in Guide to the Secret Sprawl Challenge and the Shai Hulud npm malware campaign. Organisations typically encounter the consequence only after a clean-looking release has already propagated to production, at which point build pipeline poisoning becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret exposure and misuse inside CI/CD and other NHI-operated automation. |
| NIST CSF 2.0 | PR.AC-3 | Addresses remote and system access restrictions for privileged automation and build services. |
| NIST Zero Trust (SP 800-207) | SC-2 | Zero Trust requires each build action to be verified rather than implicitly trusted. |
Limit build-system access to approved identities and enforce strong authentication for pipeline changes.