CICD-SEC-1: Insufficient Flow Control Mechanisms


Insufficient flow control mechanisms refer to the ability of an attacker that has obtained permissions to a system within the CI/CD process (SCM, CI, Artifact repository, etc.) to single handedly push malicious code or artifacts down the pipeline, due to a lack in mechanisms that enforce additional approval or review.


CI/CD flows are designed for speed. New code can be created on a developer’s machine and get to production within minutes, often with full reliance on automation and minimal human involvement. Seeing that CI/CD processes are essentially the highway to the highly gated and secured production environments, organizations continuously introduce measures and controls aimed at ensuring that no single entity (human or application) can push code or artifacts through the pipeline without being required to undergo a strict set of reviews and approvals.


An attacker with access to the SCM, CI, or systems further down the pipeline, can abuse insufficient flow control mechanisms to deploy malicious artifacts. Once created, the artifacts are shipped through the pipeline - potentially all the way to production - without any approval or review. For example, an adversary may:

  • Push code to a repository branch, which is automatically deployed through the pipeline to production.
  • Push code to a repository branch, and then manually trigger a pipeline that ships the code to production.
  • Directly push code to a utility library, which is used by code running in a production system.
  • Abuse an auto-merge rule in the CI that automatically merges pull requests that meet a predefined set of requirements, thus pushing malicious unreviewed code.
  • Abuse insufficient branch protection rules—for example, excluding specific users or branches to bypass branch protection and push malicious unreviewed code.
  • Upload an artifact to an artifact repository, such as a package or container, in the guise of a legitimate artifact created by the build environment. In such a scenario, a lack of controls or verifications could result in the artifact being picked up by a deploy pipeline and deployed to production.
  • Access production and directly change application code or infrastructure (e.g AWS Lambda function), without any additional approval/verification.


Establish pipeline flow control mechanisms to ensure that no single entity (human / programmatic) is able to ship sensitive code and artifacts through the pipeline without external verification or validation. This can be achieved by implementing the following measures:

  • Configure branch protection rules on branches hosting code which is used in production and other sensitive systems. Where possible, avoid exclusion of user accounts or branches from branch protection rules. Where user accounts are granted permission to push unreviewed code to a repository, ensure those accounts do not have the permission to trigger the deployment pipelines connected to the repository in question.
  • Limit the usage of auto-merge rules and ensure that wherever they are in use - they are applicable to the minimal amount of contexts. Review the code of all auto-merge rules thoroughly to ensure they cannot be bypassed and avoid importing 3rd party code in the auto-merge process.
  • Where applicable, prevent accounts from triggering production build and deployment pipelines without additional approval or review.
  • Prefer allowing artifacts to flow through the pipeline only in the condition that they were created by a pre-approved CI service account. Prevent artifacts that have been uploaded by other accounts from flowing through the pipeline without secondary review and approval.
  • Detect and prevent drifts and inconsistencies between code running in production and its CI/CD origin, and modify any resource that contains a drift.


  1. Backdoor planted in the PHP git repository. The attackers pushed malicious unreviewed code directly to the PHP main branch, ultimately resulting in a formal PHP version being spread to all PHP websites.

  2. Bypassing auto-merge rules in Homebrew, by RyotaK. An auto-merge rule used to merge insignificant changes into the main branch was susceptible to bypass, allowing adversaries to merge malicious code into the project.

  3. Bypassing required reviews using GitHub Actions, by Omer Gil. The flaw allowed leveraging GitHub Actions to bypass the required reviews mechanism and push unreviewed code to a protected branch.


Daniel Krivelevich (Co-Founder & CTO, Cider Security) Twitter LinkedIn
Omer Gil (Director Of Research, Cider Security) Twitter LinkedIn


Cider Security


Project Reviewers
Iftach Ian Amit (Advisory CSO @ Rapid7)
Jonathan Claudius (CISO @ Jump Crypto)
Michael Coates (CEO & Co-Founder @ Altitude Networks, Former CISO @ Twitter)
Jonathan Jaffe (CISO @ Lemonade Insurance)
Adrian Ludwig (Chief Trust Officer @ Atlassian)
Travis McPeak (Head of Product Security @ Databricks)
Ron Peled (Founder & CEO @ ProtectOps, Former CISO @ LivePerson)
Ty Sbano (CISO @ Vercel)
Astha Singhal (Director of Application Security @ Netflix)
Hiroki Suezawa (Security Engineer @ Mercari, inc.)
Tyler Welton (Principal Security Engineer @ Built Technologies, Owner @ Untamed Theory)
Tyler Young (Head of Security at Relativity)
Ory Segal (Senior Director, Product Management @ Palo Alto Networks)
Noa Ginzbursky (DevOps Engineer @ Cider Security)
Asi Greenholts (Security Researcher @ Cider Security)

Get Involved

Get involved in OWASP Top 10 CI/CD Security Risks!

We encourage the community - security experts, devops engineers, programmers, and anyone who’s interested - to join and contribute. Contact the Project Leaders to get involved, we welcome any type of suggestions and comments.


The project is maintained in the Top 10 CI/CD Security Risks GitHub repository.

Feel free to open or solve an issue.

Project Roadmap

  • Initial release: v1.0, September 2022
  • Project promotion, additional reviews: October, 2022
  • Stable release: v1.0, October 2022