SD Times provides news, insights, and analysis on software development trends, technologies, and tools. Developers can stay updated on the latest industry news, product releases, and software development methodologies. Additionally, SD Times covers topics such as DevOps, agile practices, and software testing, offering resources for software developers, architects, and IT professionals.

SD Times

Attackers are increasingly targeting SDLC infrastructure rather than finished applications, treating CI/CD pipelines, build runners, and IDEs as high-value entry points. Three real-world incidents illustrate the escalating threat: the Ultralytics AI library hijack via a GitHub Actions 'Pwn Request', the Shai-Hulud 2.0 campaign that compromised 25,000+ developer stations and harvested CI/CD secrets, and the downstream Trust Wallet breach where $7M was stolen using credentials exfiltrated in earlier SDLC compromises. To address this gap, the open-source SDLC Infrastructure Threat Framework (SITF) maps 75+ attack techniques across five pillars (Endpoint/IDE, VCS, CI/CD, Registry, Production), connecting techniques to enabling risks and defensive controls so teams can interrupt attacks earlier in the chain.

Securing the Code Factory: Why SDLC Infrastructure Has Become a Core Cloud Risk