CI/CD Threats and Detection
RCCE students will learn CI/CD pipeline security including build environment hardening, artifact integrity verification, secret management in pipelines, deployment authorization controls, and pipeline audit logging. RCCE students will learn to secure continuous integration and continuous deployment pipelines against supply chain attacks, harden build environments and runners, implement secret scanning to prevent credential leakage, verify artifact integrity through code signing and attestation, configure deployment gates and approval workflows, detect unauthorized pipeline modifications, audit pipeline execution logs for suspicious activity, and respond to incidents involving compromised CI/CD infrastructure. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing CI/CD Threats and Detection
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for pipeline security · supply chain defense · threat-informed devsecops
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for core competencies — covering Secure CI/CD pipelines against supply chain, Harden build environments and runners.
- Execute hands-on tasks for operational skills — covering deployment gates and approvals, unauthorized pipeline modifications.
- Execute hands-on tasks for threat mindset — covering Analyze CI/CD attack techniques, Build detection logic for pipeline threats.
- Execute hands-on tasks for analyze ci/cd attack techniques — covering Build detection logic for pipeline threats.
- Execute hands-on tasks for prerequisite knowledge — covering DevSecOps foundations (RCCE Module 6), Basic understanding of CI/CD workflows.
- Explain DevSecOps foundations (RCCE Module 6) fundamentals — covering Basic understanding of CI/CD workflows.
- Explain CI/CD Pipeline Architecture Overview fundamentals
- Execute hands-on tasks for key components — covering Source control (Git, SVN), CI server (Jenkins, GitLab, GitHub Actions).
- Execute hands-on tasks for source control (git, svn) — covering CI server (Jenkins, GitLab, GitHub Actions).
| Module 01 | CI/CD Threats and Detection |
| Module 02 | Pipeline Security · Supply Chain Defense · Threat-Informed DevSecOps |
| Module 03 | Learning Objectives |
| Module 04 | Core Competencies |
| Module 05 | Operational Skills |
| Module 06 | Threat Mindset |
| Module 07 | Analyze CI/CD attack techniques |
| Module 08 | Prerequisite Knowledge |
| Module 09 | DevSecOps foundations (RCCE Module 6) |
| Module 10 | CI/CD Pipeline Architecture Overview |
| Module 11 | Key Components |
| Module 12 | Source control (Git, SVN) |
| Module 13 | Trust Boundaries |
| Module 14 | Developer workstation to SCM |
All hands-on labs run on Rocheston Rose X OS. Students practice ci/cd threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for pipeline security · supply chain defense · threat-informed devsecops
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for core competencies
- Lab 5: Execute hands-on tasks for operational skills
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for CI/CD Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI