CW Developer Network

Boost cooks up SmokedMeat, open source framework for CI/CD pipelines protection

Adrian Bridgwater
Adrian Bridgwater

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers exploit pipeline vulnerabilities and move through modern software delivery environments.

NOTE: As all DevOps and DevSecOps practitioners will know and as TechTarget explains here, Red Teaming is the practice of rigorously challenging plans, policies, systems and assumptions with an adversarial approach. A red team might be a contracted external party, an internal group or a combination of internal and external resources that uses strategies and tactics to encourage an outsider perspective.

Boost Labs has been publishing research on CI/CD attack techniques, documenting how attackers move through build pipelines, steal credentials, and pivot into cloud environments. Security teams read the research and put the fixes on the backlog.

Theoretical vulns 

The company says that TeamPCP ended the backlog era of pipeline security. In March 2026, a coordinated attack campaign compromised Trivy, Checkmarx, LiteLLM, and dozens of npm packages using the exact techniques our research had been describing. 

Boost says that security teams knew the risk was real, but nobody could show an engineering leader (or a CISO) what “real” actually looked like in their specific environment. A static scan finding that says “workflow injection possible” does not convey what an attacker can do with that injection in the next 60 seconds. Without that, the fix stays on the backlog.

“We’re now releasing SmokedMeat, an open – source red team framework for CI/CD pipelines. It takes a flagged vulnerability and turns it into a live demonstration: payload deployed, runner compromised, credentials harvested from process memory, AWS access exchanged,  private repositories exposed, blast radius mapped. The full kill chain, running against your own infrastructure, so you can see exactly what an attacker sees,” says Zaid Al Hamami, CEO and founder, Boost Security

Al Hamami further states that ‘workflow injection possible’ doesn’t change behaviour – but seeing your AWS credentials get pulled out of a runner does.

Looking at how the mechanics work in practice, red teamers have been using tools like Metasploit for decades to simulate what attackers do against applications and infrastructure. 

Cooking up SmokedMeat

That category of offensive tooling exists because seeing an attack run against a team’s own systems, before an adversary does, turns theoretical risks into known ones. Attackers already have purpose-built offensive technology for CI/CD pipelines. SmokedMeat is intended to give defenders the same capability.

“Our previous open-source tool, poutine, finds the flaw. SmokedMeat proves what happens next. That combination moves pipeline security from the backlog to the top of the list: instead of theoretical misconfigurations, teams can see and communicate what their cloud environment looks like from the attacker’s side,” said Al Hamami.

Al Hamami: Attackers use metasploit – as do defenders. But if it weren’t for metasploit (or SmokedMeat) – then attackers would use their own tools… and defenders would have none.

This offensive capability closes the gap between detection and action. And the same research foundation powers the Boost platform’s pipeline integrity and supply chain defence, because we don’t build controls for attack patterns we haven’t proven ourselves.

SmokedMeat is available now on GitHub. If you’ve been waiting for a reason to show your team what pipeline security actually costs when it goes wrong, this is it.

CWDN: How does SmokedMeat avoid becoming a weaponised toolkit that attackers use before defenders do?

Al Hamami: Attackers already have such tools; which is evident in the major supply chain attacks that have occurred in the past couple of years. There are many open source security scanners that look for such vulnerabilities already. However, SmokedMeat brings to the table new techniques for post-compromise: ability to pivot from account to account, systematically collect credentials, and more. 

Attackers use metasploit – as do defenders. But if it weren’t for metasploit (or SmokedMeat) – then attackers would use their own tools… and defenders would have none.

CWDN: What stops a SmokedMeat demo from causing real damage to the production infrastructure it’s running against?

Al Hamami: We designed it with this type of safety in mind; so it can expose weaknesses, validate exploitability, steal credentials, and pivot to proprietary source code. We intentionally did not include particularly harmful features such as malware implants or wiping repos. As such, it can be used by defenders to show the risks exposed by the pipeline attack surface, and they can run it without concern for damaging live data.

CWDN: How does SmokedMeat handle pipelines that mix multiple CI systems like GitHub Actions, Jenkins and CircleCI?

Al Hamami: For now – it only handles Github Actions, since this is the most prevalent system (and the one almost used exclusively by open source projects). The same types of flaws exist in other CI/CD systems – and our Poutine OSS CI/CD Scanner does support these systems (it will find flaws in them). However, SmokedMeat as a tool used to exploit such vulnerabilities only support Github for now. In the future, we (or the community) will likely add support for others.

CWDN: After TeamPCP, why did teams still need a live demo — wasn’t that breach in fact the proof enough to act?

Al Hamami: It is always different when a security practitioner goes to their manager and says “with this OSS tool, I was able to steal our entire company IP in 10 minutes. We are exposed !”. Unfortunately, in security, for misunderstood attack surfaces, sometimes you need someone to show you that you are exposed; someone convincing you that you may be exposed because others are, is not enough.