9004

Problems of information security. Computer systems

Проблемы информационной безопасности. Компьютерные системы

2071-8217

10.48612/jisp/at5b-46tf-zet9

Detection of potentially malicious activity in CI/CD pipelines based on analysis of runner behavior

Обнаружение потенциально вредоносной активности в конвейерах CI/CD на основе анализа поведения сборщика

0009-0002-7321-7430

Bugaev

Vyacheslav

bugaev.va@edu.spbstu.ru

0009-0002-7321-7430

Zhukovskii

Evgeniy

bugaev.va@edu.spbstu.ru

0009-0008-4593-4444

Lyrchikov

Alexander

lyrchikov.aa@gmail.com

Peter the Great St. Petersburg Polytechnic University

25 03 2025

1 69 82

The article addresses the problem of detecting potentially malicious activity in CI/CD pipelines during the build process through the analysis of runner behavior. The limitations of existing pipeline security tools related to threat detection during build execution are identified, as well as promising approaches to detecting malicious activity. A way for detecting potentially malicious activity in pipelines using the eBPF technology for collecting and analyzing runner behavior has been proposed. The accuracy of the detection is evaluated using a dataset that contains implementations of malicious scenarios related to build process compromise. The results obtained can be used to implement protection tools for CI systems and contribute to research in CI/CD pipelines security.

CI/CD pipelines DevSecOps malicious activity anomaly detection eBPF behavioral analysis syscalls