Advancedsecurity
The Poisoned Pipeline
Your CI/CD pipeline started producing builds with a cryptominer embedded in the Docker image. The build logs look clean. A dependency in your package-lock.json was compromised via a typosquatting attack — `lodashs` instead of `lodash` was added in a PR three days ago. You need to contain the breach and secure the supply chain.
INCOMING INCIDENT
$ incident --describe the-poisoned-pipeline
Your CI/CD pipeline started producing builds with a cryptominer embedded in the Docker image. The build logs look clean. A dependency in your package-lock.json was compromised via a typosquatting attack — `lodashs` instead of `lodash` was added in a PR three days ago. You need to contain the breach and secure the supply chain.
5
Decision Points
60s
Per Step
500
Max Score
300
Passing Score