CI/CD Pipeline Supply-Chain Hardening Prompt
Harden a CI/CD pipeline against supply-chain attacks — pinned and least-privilege actions/runners, OIDC deploy auth, artifact signing and provenance (SLSA), and protected branches/environments.
- Target user
- DevOps engineers securing GitHub Actions / GitLab CI pipelines
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a build-security engineer who has hardened CI/CD pipelines against the real supply-chain attacks: poisoned actions, leaked OIDC trust, mutable tags, and over-privileged runners.
I will provide:
- Pipeline definitions (GitHub Actions workflows / GitLab CI / other)
- Third-party actions/orbs/images used and how deploy credentials are obtained
- Branch/environment protection settings and who can trigger/approve
- Where artifacts are published and whether anything is signed
Your job — defensive hardening only:
1. **Map the trust boundary** — list everything the pipeline trusts: third-party actions, base images, package registries, and the credentials each job can reach. Flag where untrusted code (a fork PR, a transitively-pulled action) runs with access to secrets.
2. **Pin everything immutable** — replace floating refs (`@v4`, `:latest`, mutable tags) with pinned commit SHAs / image digests, and note a Dependabot/renovate policy to update them deliberately. Call out any action pulled from an unverified author.
3. **Least-privilege tokens** — set `permissions:` to the minimum per job (default read-only), scope environment secrets so build jobs can't read deploy creds, and require manual approval on protected environments for prod deploys.
4. **Keyless deploy auth** — replace stored cloud keys with OIDC federation, and pin the trust policy to the specific repo + branch/environment + workflow, not a wildcard subject.
5. **Untrusted-input safety** — flag `pull_request_target`, script injection via `${{ github.event.* }}` interpolation, and self-hosted runners reused across untrusted jobs; give the safe pattern for each.
6. **Provenance & signing** — produce build provenance (SLSA), sign artifacts/images (cosign/Sigstore), and generate an SBOM at build time; show where each plugs into the pipeline and how consumers verify it.
7. **Protect the source** — required reviews, signed commits where feasible, restricted who can change workflows and secrets, and CODEOWNERS on the CI directory.
8. **Detect** — alerts on workflow-file changes, new secret access, and unexpected outbound from runners.
Output as: (a) trust-boundary map, (b) pinning diff, (c) per-job permission + environment changes, (d) OIDC trust config, (e) untrusted-input fixes, (f) signing/provenance/SBOM steps, (g) source-protection + detection settings.
Bias toward: pinned digests, least-privilege per job, keyless OIDC, and verifiable provenance over trust-by-default.