Chainguard locks down CI/CD with secure-by-default actions

Chainguard has announced Chainguard Actions, secure-by-default workflows for CI/CD pipelines that allow developers and AI agents to ship quickly without introducing software supply chain risk. Using an agentic approach, Chainguard Actions provides a continuously secured catalog of workflows maintained by the Chainguard Factory, the infrastructure that has become the industry standard for delivering trusted open source artifacts.

Chainguard Actions ingests widely used third-party CI/CD workflows, starting with GitHub Actions, and evaluates them against a security best-practices ruleset, automatically fixes failures, and publishes secured versions that engineering teams can safely integrate into their workflows.

The most privileged and least protected layer in the CI/CD pipeline

CI/CD workflows operate with the highest privileges in modern software delivery, yet they remain among the least protected components in the development stack. As engineering teams increasingly build with AI-assisted coding agents to accelerate releases, code development is outpacing security teams’ ability to manually review that code. Unaddressed vulnerabilities in CI/CD workflows can silently introduce malware, leak credentials, or compromise production systems.

Last year, attackers compromised the widely used tj-actions/changed-files GitHub Action and exposed secrets across more than 23,000 repositories by redirecting version tags to a malicious commit. More recently, an autonomous AI bot known as hackerbot-claw demonstrated how easily these workflows can be exploited.

The bot scanned public repositories continuously for a week to find vulnerable GitHub Actions configurations. It then successfully breached multiple major organizations. Together, these attacks illustrate new ways that attackers can automatically probe and exploit vulnerable workflows at scale, and how they are getting more sophisticated in their approaches.

“CI/CD pipelines power modern software delivery, but the privileged workflows inside them remain one of the least secured layers of the stack,” said Dan Lorenc, CEO of Chainguard. “Chainguard Actions extends our industry-leading secure-by-default approach to the CI/CD layer. Our vision is to enable a software delivery lifecycle that developers and their AI agents can trust end to end.”

Secure-by-default CI/CD workflows

Using agents, Chainguard Actions ingests popular third-party CI/CD workflows, starting with GitHub Actions, and evaluates them against a comprehensive security ruleset that detects unsafe patterns, excessive permissions, and supply chain risks.

Actions that fail the review are automatically remediated and published in a secure catalog, ready for use in production workflows. Whenever upstream Actions change or the Chainguard ruleset evolves, affected workflows are automatically resecured without requiring manual intervention.

With Chainguard Actions, organizations can:

• Protect against attacks on the most privileged open source layer: Every Action is built from source and continuously scanned, preventing tag hijacking, dependency confusion, and pull_request_target abuse before they ever reach CI/CD pipelines.
• Avoid CI/CD incident response cycles: While the rest of the industry responds to compromised Actions elsewhere, engineering teams can remain focused on shipping new releases.
• Establish trust in every automation workflow: Each Action ships with a software bill of materials (SBOM) and provenance attestation, providing verifiable insight into what is running, where it originated, and how it was built.

Solving the trust problem in the CI/CD

Security reviews of CI/CD workflows are typically treated as a point-in-time exercise, but the threat landscape evolves continuously as maintainers are compromised, new exploitation techniques emerge, and automated attackers scan repositories for vulnerable patterns. Chainguard addresses this challenge through the AI-native Chainguard Factory, the infrastructure that already monitors, builds, and continuously updates millions of open source artifacts.

The Chainguard Factory’s same reconciliation model now powers Chainguard Actions, continuously comparing the desired secure state with what exists in upstream automation marketplaces and automatically correcting any drift. Chainguard Actions are built with:

• Rules to prevent exploits, AI to infer attacks: Hard-coded security checks identify known dangerous patterns, while AI agents identify emerging or subtle issues such as overly permissive workflows.
• Auditable CI/CD artifacts: Each security fix appears as an individual Git commit with a complete pull request trail, allowing security teams to understand what changed and why.
• Continuous monitoring as attacks evolve: Whenever Chainguard introduces new security rules, every Action in the catalog is automatically reevaluated and resecured if necessary.

For developers, Chainguard Actions removes the fear associated with strangers accessing the layer through which their organization’s most sensitive information passes. It also reduces the risk of a breach and the commensurate triage if one occurs. Instead, teams can rely on a continuously secured catalog of Actions and focus on shipping software.