Introducing Chainguard Actions: CI/CD workflows you can trust
Today, we’re introducing Chainguard Actions: a securely rebuilt catalog of GitHub Actions and similar CI/CD workflows built and continuously maintained in the Chainguard Factory.
CI/CD pipelines are the most privileged systems in modern software delivery. They have access to repository write permissions, deployment credentials, signing keys, and production infrastructure. Yet the workflows running inside those pipelines often come from unaudited third-party sources.
Every time a team adds a CI/CD workflow from a community marketplace to their workflow, they grant that code direct access to sensitive tokens, secrets, and build environments.
As development accelerates and AI agents begin generating code and pull requests autonomously, this layer of the software supply chain is under more pressure than ever.
Chainguard Actions provides a trusted foundation for CI/CD workflows, enabling developers and AI coding agents to ship software quickly without the supply chain risk.
The most privileged layer of open source
Modern development workflows rely heavily on reusable CI/CD automation.
Actions handle dependency installation, artifact publishing, container builds, and deployment orchestration. They are pulled directly from public repositories and executed with elevated privileges in CI environments.
Unlike container images and language dependencies, which benefit from numerous security vendors and compliance mandates, CI/CD workflows have historically lacked meaningful security and compliance controls.
Workflows can contain unsafe shell expressions, token exposure risks, or insecure input handling that create pathways to repository compromise or infrastructure access.
Because these workflows execute inside the delivery pipeline, the blast radius of a compromise can be significant, impacting any release or code that passes through it.
As AI-assisted development accelerates the volume of pull requests and pipeline executions, the blast radius of any CI/CD compromise grows with it. Coding agents generating automation and integration code at scale have no threat model. They won't flag an Action that quietly exfiltrates secrets or backdoors a build artifact. Every execution runs with the same elevated privileges, and none of them are reviewing what they're running.
Chainguard Actions addresses this major vulnerability by delivering secure-by-default workflows that developers can trust.
Hardened CI/CD workflows built in the Chainguard Factory
Chainguard Actions are built using the same AI-powered software factory that produces all of Chainguard’s secure-by-default artifacts, including Containers, Libraries, OS Packages, and Agent Skills.
The process begins by ingesting publicly verifiable third-party CI/CD workflows used across the open source ecosystem, starting with the 20,000 GitHub Actions published in the community marketplace. These workflows are automatically analyzed against known attack patterns and security risks.
Hardening agents review each automation script and apply fixes to eliminate unsafe patterns such as script injection vulnerabilities, insecure environment variable handling, or unsafe command interpolation.
Each improvement is applied transparently, with an auditable record of the changes Chainguard makes to enhance the Action's security.
Once the action reaches its hardened state, it is published as a verified artifact that organizations can consume confidently in their pipelines.
This process creates CI/CD workflows that are continuously evaluated and improved over time. As new exploit techniques are discovered, all Chainguard Actions are re-secured accordingly.
Real-world vulnerabilities in widely used actions
We are already seeing the value of our approach in securing the CI/CD workflows that developers and AI coding agents use today.
For example, the anthropics-claude-code-action, Anthropic’s general-purpose Claude agent for GitHub PRs and issues, contained a high-severity script injection vulnerability.
In the original implementation, a GitHub token generated earlier in the workflow was interpolated directly into a shell command inside a run: block:
Authorization: Bearer ${{ steps.run.outputs.github_token }}
If the step output were ever influenced by attacker-controlled input, this pattern could allow shell injection inside the CI runner environment.
Our hardening agent detected the vulnerability and automatically remediated it.
The fix moved the token into an environment variable and referenced it safely within the shell command:
env:
REVOKE_TOKEN: ${{ steps.run.outputs.github_token }}
The curl command now references the environment variable:
Authorization: Bearer $REVOKE_TOKEN
This change prevents a shell injection by ensuring the token is treated strictly as a value rather than executable shell input.
Like this example, each vulnerability identified during the hardening process is documented in an auditable hardening report that explains the issue and the remediation applied.
Your pipeline’s top actions, secured
Chainguard Actions focuses on the CI/CD workflows developers use most frequently in production pipelines.
Initial coverage includes widely used GitHub Actions that support common build, testing, and deployment workflows.
Examples include Actions used to:
Build and publish container images
Install language runtimes such as Go, Node.js, and Python
Cache dependencies for faster builds
Detect changed files during CI runs
Run code quality and security checks
These Actions represent critical building blocks in thousands of pipelines across the open source ecosystem, and customers can set them up in their GitHub repository in under 30 seconds.
All it takes is navigating to your GitHub repository’s Actions settings page, selecting the bottom option that indicates your repository can use any workflow that matches specific criteria, and entering in chainguard-actions/*.
By securing and maintaining these workflows in the Chainguard Factory, organizations can continue using essential workflows while reducing the risk of third-party manipulation.
Built for developer or AI-written code
AI coding agents are transforming how software is written and deployed. These tools can generate large volumes of code, automatically open pull requests, and trigger CI/CD workflows continuously. The speed of development is increasing, and so too is the risk to your CI/CD pipelines.
In this environment, CI/CD pipelines must remain both fast and trustworthy. Automation scripts cannot become a hidden attack vector that undermines the integrity of the delivery pipeline.
Chainguard Actions provides a foundation for CI/CD automation that developers and AI agents can run safely at scale.
Chainguard Actions is available today in beta. To start protecting your most privileged open source artifact, get on the Chainguard Actions waitlist.
Share this article
Related articles
- product
Introducing Chainguard Repository: A unified experience for secure-by-default open source artifacts
Ross Gordon, Staff Product Marketing Manager, and Angela Zhang, Senior Product Manager
- product
Introducing Chainguard Catalog Starter: Your choice of five free trusted container images from the best catalog
Ed Sawma, VP, Product Marketing, Anushka Iyer, Product Marketing Manager, and Tony Camp, Staff Product Manager
- product
Introducing Chainguard Agent Skills: Because your AI agent shouldn't trust strangers
Sam Katzen, Director, Product Marketing, and Reid Tatoris, VP, Product Management
- product
Introducing Chainguard Commercial Builds: Secure-by-default containers for commercial software
Matt Stead, Product Marketing Manager, and Brad Bock, Director, Product Management
- product
Introducing Chainguard OS Packages: Secure ingredients for custom container builds
Anushka Iyer, Product Marketing Manager, and John Slack, Senior Product Manager
- product
Meet the Guardener: The intelligent migration expert for everyone
Sam Katzen, Director, Product Marketing, and Tony Camp, Staff Product Marketing Manager