Enhancing Software Supply Chain Security Through STRIDE-Based Threat Modelling of CI/CD Pipelines

TL;DR

This paper presents a structured threat modeling approach using STRIDE to identify and mitigate security risks in CI/CD pipelines, integrating standards and security controls to improve software supply chain security.

Contribution

It introduces a comprehensive threat modeling framework for CI/CD pipelines using STRIDE, mapping threats to security standards and proposing an automated security toolchain.

Findings

Identified key vulnerabilities in CI/CD stages

Mapped threats to NIST, OWASP, SLSA standards

Proposed an automated security enforcement strategy

Abstract

With the increasing adoption of Continuous Integration and Continuous Deployment pipelines, securing software supply chains has become a critical challenge for modern DevOps teams. This study addresses these challenges by applying a structured threat modeling approach to identify and mitigate risks throughout the CI/CD lifecycle. By modeling a representative pipeline architecture incorporating tools such as GitHub, Jenkins, Docker, and Kubernetes and applying the STRIDE framework, we systematically analyze vulnerabilities at each stage, from source code management to deployment. Threats are documented and mapped to comprehensive security controls drawn from standards like NIST SP 800-218, OWASP Top 10 CI/CD risks, and the SLSA framework. Controls are further evaluated against SLSA maturity levels to assess improvements in trust and provenance. To operationalize these findings, the study outlines a practical security toolchain integration strategy grounded in Security as Code and Shift Left-Shield Right principles, enabling automated, enforceable security across the pipeline. This approach provides a pragmatic roadmap for enhancing CI/CD pipeline security against evolving software supply chain threats.