Insecure code

CI/CD pipelines include an increasing amount of open-source components and third-party integrations. Rapid development without proper security can introduce vulnerabilities and expose the pipeline to critical risks. Improper integration of third parties and lack of code scanning for source code components can introduce vulnerabilities into a CI/CD pipeline.

Failure to adhere properly to code security best practices can increase the attack surface. Common code vulnerabilities include buffer overflows, format string vulnerabilities, and improper error handling.