Poisoned Pipeline Execution (PPE) occurs when untrusted code is injected into a CI/CD pipeline and executed with the privileges of the pipeline environment. This often happens when pull requests, external contributions, or compromised dependencies are built and executed without proper isolation. If these jobs inherit repository or organisation secrets, attackers can exploit PPE to exfiltrate sensitive data, alter build outputs, or gain persistence in downstream environments.

Examples include:

• Running untrusted pull request code in a workflow with access to repository secrets (e.g., GitHub Actions `workflow_run` misconfiguration).
• Allowing unreviewed or malicious dependencies to execute build hooks or install scripts during the build process.
• Executing jobs from forks or external sources without restricting permission scopes.

Remediation

• Never run untrusted code (e.g., from pull requests, forks, or dependencies) in the same pipeline context that has access to secrets or privileged credentials.
• Use separate, unprivileged workflows for building or testing untrusted contributions; do not expose secrets or deployment credentials to these runs.
• Enforce strict permission scoping for CI/CD tokens and repository secrets (e.g., GitHub Actions `permissions:` block, GitLab job tokens with minimal scopes).
• Disable automatic execution of build scripts or dependency installation hooks where possible.
• Require mandatory review/approval before merging or executing workflows triggered by external contributors.
• Monitor pipeline logs and artefacts for signs of malicious code execution or secret exfiltration.