Platform / Secure CI/CD
FR EN

Platform

Secure CI/CD

Secure CI/CD: protect the build and deployment chain of AI applications and models.

Plane
Platform
Flow steps
3
Frameworks
NIST 800-53 · OWASP LLM03

Technology

Why use it

Ensure what is built and deployed is exactly what was reviewed, tested and approved.

Why it matters to security

The pipeline is a prime target: compromising it lets attackers inject malicious code or a model into production.

Implementations hardened GitHub ActionsSLSAartifact signing (Sigstore)SAST/DAST scanners

An insecure pipeline ships attacks as fast as fixes.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Automated security tests (SAST, dependencies).
    NIST 800-53 SA-11
    Vulnerabilities are caught before deployment.
  • Change control and code review.
    NIST 800-53 CM-3
    No change reaches production without review.
  • Secrets out of the pipeline (vault).
    NIST 800-53 IA-5
    No plaintext secrets in CI files.

Enterprise

Enterprise standard
  • Artifact signing and verification.
    NIST 800-53 SI-7 · SR-4
    Only signed, traced artifacts are deployable.
  • Least-privilege pipeline runners.
    NIST 800-53 AC-6
    A compromised runner has limited power.
  • Documented secure development process.
    NIST 800-53 SA-15
    Security is built into the lifecycle, not bolted on.

Advanced

High-assurance / regulated
  • Verifiable build provenance (SLSA).
    NIST 800-53 SR-4OWASP LLM03:2025
    Prove the full chain from source to deployed artifact.
  • Repo-to-production drift detection.
    NIST 800-53 CM-6 · SI-4
    Any gap between expected and actual state is spotted.
  • Model security tests in the pipeline.
    NIST AI 600-1 MS-2.7-008
    The model is tested on every release, not just the code.

Architecture notes

  • Sign everything you deploy.details ▸
    Without signing, you can’t prove an artifact is legitimate.
    Adopt artifact signing and provenance (SLSA) to block chained injections.

References

NIST SP 800-53 Rev5
SA-11 (Developer Testing), SA-15 (Dev Process), CM-3/CM-6, SR-4 (Provenance), SI-7, IA-5, AC-6.
OWASP LLM03:2025
Supply Chain — the pipeline is a critical link.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone