pentest-cicdlisted

CI/CD red team methodology — GitHub Actions, GitLab CI, Jenkins pipeline security analysis, secret leak, workflow injection advisory. Triggers on CI/CD pentest, GitHub Actions security, GitLab CI, Jenkins, pipeline injection, workflow injection, secret leak, OIDC abuse, runner takeover, supply chain.
fatihkan/badi · ★ 5 · AI & Automation · score 76

Install: claude install-skill fatihkan/badi

# pentest-cicd CI/CD pipeline attack surface advisory. Assumes repository access within an authorized engagement. ## Triggers - "CI/CD pentest" - "GitHub Actions vulnerability" - "GitLab CI test" - "Jenkins security" - "workflow injection" - "OIDC token abuse" - "supply chain pentest" ## Attack Surface Map | Component | Common Vulnerability | |---------|----------------| | Source repo | Secret leak (env, .pem, .key) | | Workflow file | Injection via PR title, comment, branch name | | Runner | Self-hosted runner takeover | | Secret store | Environment variable leak in logs | | OIDC trust | Privilege leak to the cloud provider | | Action marketplace | Compromised 3rd party action | | Artifact | Exfiltrate or tamper with the build artifact | | Cache | Cache poisoning (the next build picks it up) | ## GitHub Actions Specific ### Common Injection Pattern ```yaml # UNSAFE — ${{ code }} inside PR title -> shell injection - run: echo "Processing PR: ${{ github.event.pull_request.title }}" # Attack: PR title = `";rm -rf $HOME ;echo "` # Resulting command: echo "Processing PR: ";rm -rf $HOME ;echo "" # SAFE - run: echo "Processing PR: $TITLE" env: TITLE: ${{ github.event.pull_request.title }} ``` ### `pull_request_target` Vulnerability ```yaml # UNSAFE — secrets reachable via a fork PR on: pull_request_target jobs: test: steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} # runs fork code - run: