Start by treating code provenance as an access problem, not only a quality problem. Require signed commits, restrict merge permissions, verify dependency sources, and tie developer actions to managed devices and short-lived credentials. The goal is to ensure every code change can be attributed, validated, and revoked if the trust chain breaks.
Why This Matters for Security Teams
GitHub-based development pipelines are a supply chain problem because they concentrate trust in commit signatures, branch protection, dependency sources, CI runners, and release automation. If any one of those layers is weak, an attacker can slip malicious code or stolen credentials into the build path and inherit downstream access. Current guidance from the NIST Cybersecurity Framework 2.0 still points teams toward asset visibility, access control, and recovery discipline, but software delivery adds a faster and more volatile trust boundary.
That volatility is not theoretical. NHIMG’s Reviewdog GitHub Action supply chain attack and Shai Hulud npm malware campaign show how build-time trust can be abused to harvest secrets and pivot across repositories. In parallel, the OWASP Non-Human Identity Top 10 reinforces that machine credentials are often the real prize, not the source code itself. In practice, many security teams discover pipeline exposure only after an attacker has already used a compromised runner or package dependency to move faster than review and revoke cycles can react.
How It Works in Practice
Reducing supply chain risk means turning the pipeline into a controlled identity system. Start with signed commits and protected branches, then add repository rules that block unsigned merges, unreviewed workflow changes, and direct pushes to release branches. Tie every privileged action to a managed device, a verified developer identity, and short-lived credentials so that access can be revoked quickly when trust changes.
From there, harden the build path itself. Treat CI/CD runners as high-value workloads, not disposable infrastructure. Use workload identity for automation, short-lived tokens for package publish and deploy steps, and separate credentials for human developers, bots, and release tooling. Where feasible, use NIST Cybersecurity Framework 2.0 outcomes to map the controls into identify, protect, detect, and respond workflows, then align the implementation to the OWASP Non-Human Identity Top 10 so service accounts, tokens, and automation identities are inventoried and governed like any other privileged entity.
- Require signed commits and signed release artifacts.
- Restrict merge rights to the smallest practical set of maintainers.
- Pin dependencies and verify package provenance before build time.
- Issue JIT credentials for CI jobs and revoke them on completion.
- Monitor runner behaviour for unexpected outbound connections or secret access.
NHIMG research on the CI/CD pipeline exploitation case study shows why this matters: if the runner is compromised, the attacker often inherits whatever secrets the pipeline can see. These controls tend to break down in organisations that reuse long-lived secrets across self-hosted runners, because revocation becomes slower than attacker movement.
Common Variations and Edge Cases
Tighter provenance controls often increase delivery friction, requiring organisations to balance release speed against assurance. That tradeoff is especially visible in monorepos, open-source contributor models, and rapid hotfix workflows, where heavy-handed approval chains can become operational bottlenecks. Best practice is evolving here, and there is no universal standard for how much human approval is enough for every release path.
One common edge case is the use of self-hosted runners for performance or data-residency reasons. Those environments often need stronger isolation, stricter egress controls, and separate credentials per pipeline stage because the runner has access to broader network zones and more secrets than a hosted ephemeral worker. Another edge case is dependency automation: package-updater bots should be treated as autonomous identities with narrow scopes, not as trusted extensions of the engineering team.
Security teams should also assume that non-code channels matter. Secrets and approvals are often discussed in Slack, Jira, or Confluence, then copied into automation without review. NHIMG’s Guide to the Secret Sprawl Challenge is a useful reminder that repository controls alone do not cover the full path of credential exposure. For teams modernising governance, the key is to combine provenance checks, ephemeral access, and runtime monitoring rather than relying on any single control to stop every supply chain path.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Focuses on rotating and limiting non-human credentials used by pipelines. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access is central to protecting GitHub pipeline permissions. |
| NIST AI RMF | Supports governance of autonomous automation and its security impacts. |
Inventory pipeline identities, shorten token life, and revoke secrets automatically after each build or deploy.
Related resources from NHI Mgmt Group
- How should security teams reduce the risk of secret theft from npm supply chain attacks?
- How should security teams reduce risk from shared secrets in identity systems?
- How should teams reduce the risk from exposed NHI secrets?
- How should security teams reduce risk from compromised GitHub Actions workflows?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 29, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
