pipebreach.com

pipebreach

Supply chain security research — packages, pipelines, dependencies.

1 post
1 critical
ecosystems: GitHub Actions · PyPI
Latest
Research areas
Supply Chain

Package poisoning, dependency confusion, typosquatting, and build-time attacks across npm, PyPI, Cargo, and more.

CI/CD Attack Surface

GitHub Actions, Jenkins, CircleCI — runner credential theft, Pwn Request patterns, and pipeline backdoors.

AI Security

Model supply chains, poisoned fine-tuning datasets, inference infrastructure, and prompt injection via packages.

AppSec & DevSecOps

Shift-left security architecture, SAST/DAST integration, secrets management, and developer security tooling.