Open-source CI/CD abuse detector guards against stolen credential attacks
CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure DevOps.
The project targets a common attack chain in software supply chain compromises. Stolen developer credentials are used to push modifications to workflow files, which then harvest secrets stored in the CI environment. The detector aims to catch these modifications during code review, before the altered workflow executes.
How the analysis works
The workflow runs in six stages. Changed files in a pull request are first matched against path patterns for CI/CD, build, release, and packaging configurations. Files that match are diffed individually, with each diff capped at 10,000 characters to reduce bypass attempts that hide malicious changes inside large benign additions.
A prescreen step applies regex and metadata rules to attach context labels to each diff. The diff and labels are then sent to Claude through the Claude Code command line interface, which analyzes the content against a threat model focused on credential harvesting. Verdicts conform to a defined JSON schema.
Output options include a GitHub step summary, repository issues, Slack notifications via webhook, and Elasticsearch verdict shipping when severity meets the configured threshold. An optional fail gate can block a pull request when severity exceeds a separate threshold. Default behavior alerts only.
Setup requirements
Teams adopting the detector copy three files into their repository: a workflow YAML file, a prompt markdown file, and a JSON schema for the verdict format. Authentication requires either an Anthropic API key or, for enterprise deployments, a Foundry endpoint URL and API key pair stored as repository secrets.
Several environment variables tune behavior:
- CI_CD_ABUSE_ALERT_THRESHOLD sets the minimum severity for alerts and defaults to high.
- CI_CD_ABUSE_FAIL_ON_SEVERITY controls the blocking threshold and is empty by default, which keeps the detector in alert-only mode.
- CI_CD_ABUSE_INCLUDE_PUSHES enables analysis of direct pushes to main and master branches and defaults to true.
Pre-processing in the templates relies on bash, jq, and grep. The Claude Code CLI, installed via Node, is the sole analysis dependency added to the CI environment. Python appears only in maintainer tooling for validation and the single-file build script, with no Python on the runtime path of the published workflows.
Status and scope
The repository is a prototype and reference implementation tied to Elastic Security Labs research titled “Detecting CI/CD pipeline abuse with LLM-augmented analysis.” Elastic describes the project as a prototype that sits outside its official product catalog, with limited support entitlements and no fixed roadmap.
Teams interested in the underlying methodology can consult the linked Elastic Security Labs article and the architecture, threat model, and scoring notes documents in the repository. Vulnerability reports follow Elastic’s disclosure process documented in SECURITY.md.
CI/CD Abuse Detector is available for free on GitHub.
Must read:
- 25 open-source cybersecurity tools that don’t care about your budget
- GitHub CISO on security strategy and collaborating with the open-source community
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!