Our journey to open source and GitOps heaven has exposed new security challenges as our CI platforms have become exposed to the outside world. The soft underbelly of our development pipeline is also open source and visible as much to willing contributors as it is malicious subversives looking to reveal the keys to the backdoor. In this talk, we’ll look at some known potential exploits to platforms such as GitHub Actions, GitLab CI and Circle CI to show how simple workflow misconfigurations or straight up bad practices can leave our supply chain wide open to attackers.