CI/CD 管道是安全关键的 — 它们可以访问源代码、凭证和生产部署。被攻击的管道可能是灾难性的(供应链攻击)。保护管道涉及保护机密、管道本身、依赖项和生成的工件。
为什么管道安全至关重要
text
Pipelines are a HIGH-VALUE TARGET — they have powerful access:
→ SOURCE CODE, deployment CREDENTIALS, production ACCESS, secrets
→ a compromised pipeline can inject malicious code into your software (SUPPLY CHAIN
ATTACK — affecting all your users) or steal credentials/deploy malicious versions
→ Real, serious attacks (SolarWinds, etc.) targeted build/CI systems.
保护管道
text
✓ SECRETS — secure secrets store/manager; never hardcoded; short-lived creds (OIDC);
least privilege for pipeline credentials
✓ ACCESS CONTROL — restrict who can modify pipelines/approve deploys; protect main;
require reviews for pipeline changes (pipeline config IS code to protect)
✓ ISOLATE — ephemeral, isolated build environments (don't reuse dirty runners);
limit what the pipeline can access (least privilege)
✓ Protect SELF-HOSTED RUNNERS (a common attack vector); keep tooling patched