Attackers are increasingly targeting SDLC infrastructure rather than finished applications, treating CI/CD pipelines, build runners, and IDEs as high-value entry points. Three real-world incidents illustrate the escalating threat: the Ultralytics AI library hijack via a GitHub Actions 'Pwn Request', the Shai-Hulud 2.0 campaign that compromised 25,000+ developer stations and harvested CI/CD secrets, and the downstream Trust Wallet breach where $7M was stolen using credentials exfiltrated in earlier SDLC compromises. To address this gap, the open-source SDLC Infrastructure Threat Framework (SITF) maps 75+ attack techniques across five pillars (Endpoint/IDE, VCS, CI/CD, Registry, Production), connecting techniques to enabling risks and defensive controls so teams can interrupt attacks earlier in the chain.
Sort: